Åpenhetsloven: The new act of fundamental human rights. Are you compliant?

The Norwegian Transparency Act or Åpenhetsloven, came into effect in July 2022. If you are an enterprise operating within Norway or elsewhere in Europe, this article helps you know what this act means for your company and how it affects your business operations.

Norway has been a pioneer in corporate social responsibility (CSR) for many years. In June 2021, the Norwegian Parliament passed the Transparency Act, which will force companies to disclose adverse human rights impacts and support eliminating them.

If you're a company based in Norway or the EU, this article is for you.

Here are some things to know about the new law:

What is the Åpenhetsloven or the New Norwegian Transparency Act

In June 2021, the Norwegian Parliament passed the Åpenhetsloven. This act is based on the UN's sustainability goals and aims to promote companies to respect fundamental human rights – including decent working conditions. It also aims to ensure that all companies disclose information about how they handle adverse consequences on fundamental human rights.

Both chambers of parliament adopted the Åpenhetsloven with an overwhelming majority. It will enter into force on 1 July 2022, and the act intends to create more transparency in supply chains and apply to both Norwegian and foreign companies operating in Norway. In addition, on 23 February 2022, the European Commission adopted a proposal for a Directive on corporate sustainability due diligence, which aims to ensure that companies across the EU apply consistent and high-quality environmental and social standards. Many Member States in the EU have already introduced national rules on due diligence and some companies have taken measures at their own initiative.

Definitions

Fundamental Human Rights are rights to which all humans are entitled, regardless of race, nationality, gender or religion. These rights are enshrined in the two International Covenants on Civil and Political Rights and on Economic, Social and Cultural Rights (1966), and they also form part of the ILO's core conventions on fundamental principles and rights at work.
 A decent working environment provides the fundamental human rights listed above, safeguards health, safety, and the environment, and provides a living wage. 
The supply chain refers to any party in the chain of suppliers and sub-contractors that supplies or produces goods, services, or other input factors for an enterprise from the raw material stage through the manufacturing process and into the end product.
Any person or entity that supplies goods or services directly to the company but that is not part of the supply chain can be considered a business partner.

What Does the Åpenhetsloven Mean for Enterprises

All enterprises should be prepared for this change in legislation so that they can continue doing business as usual without any disruptions or challenges. Enterprises should ensure that their business processes are aligned with this new law and make necessary changes if required by introducing new policies, procedures, and training programs for employees at all levels of management.

Scope of the Åpenhetsloven

The Åpenhetsloven applies to larger enterprises that are resident in Norway and that offer goods and services in or outside Norway. The act also applies to larger foreign enterprises that offer goods and services in Norway, and that are liable to tax to Norway pursuant to internal Norwegian legislation.

Under this law, larger enterprises are companies that comply with Section 1-5 of the Accounting Act and/or have more than one of the following three conditions on their balance sheets at the time of financial statement:

sales revenues: NOK 70 million,
balance sheet total: NOK 35 million,
average number of employees in the financial year: 50 full-time equivalents.

If a parent company and its subsidiaries together meet the requirements set out in the law, they are considered an "enterprise of a larger size."

Highlights of the Åpenhetsloven

‍

The Duty to Carry Out Due Diligence

Due diligence is an assessment of the potential impacts an enterprise may have on human rights and the environment. It can be conducted by a company itself, or an external party such as a consultant or advisory service.

Companies are required to carry out due diligence on their operations and supply chains, in accordance with the OECD Guidelines for Multinational Enterprises. To comply with these guidelines, companies will need to conduct due diligence regularly in proportion to their size, context of operations, and severity and probability of adverse impacts.

Tip: Use our template for åpenhetsloven (in Norwegian) to get started.

The Duty to Account for Due Diligence

Companies will be required to publish an annual account of the due diligence performed as part of their commitment to conducting responsible business practices.  

In this year's report, companies should describe the guidelines and procedures they followed while conducting due diligence. It should also entail actual adverse impacts discovered during due diligence and the measures implemented to cease or mitigate those impacts. Additionally, companies should also summarize the results or expected results from their mitigation efforts.

Right to Information

The right to information is an important part of the Transparency Act. Under this act, any individual or organization has the right to request information on how a company addresses actual and potential adverse impacts, both in general or to a specific product/service. A company needs to share this information with anyone who requests it.

The OECD Due Diligence Process

The OECD Guidelines are intended to help enterprises conduct their activities ethically and responsibly. The OECD Guidelines for Multinational Enterprises allow MNEs to adapt their due diligence systems and processes to their own circumstances. MNEs should use these Guidelines to develop and strengthen their own tailored due diligence systems and then seek out additional resources for further in-depth learning as needed.

The OECD Guidelines for Multinational Enterprises recommend conducting due diligence on a continuous basis, which means that you should be continually reviewing your business practices to ensure they comply with the requirements of your industry and country.

The guidelines consider that due diligence should be commensurate with risks and appropriate to a specific enterprise's circumstances and context. They recommend that companies should:

‍

1. Embed responsible business conduct into their policies and management

Companies should make commitments to the principles and standards in the OECD Guidelines for Multinational Enterprises, as well as a plan for carrying out due diligence on their operations, suppliers, and other business relationships. You can do so by:

Implementing a combination of policies, including those that articulate your enterprise's commitments to the principles and standards contained in the OECD Guidelines.
Seeking to embed your enterprise's policies on risk-based capital issues into its oversight bodies; embed such policies into management systems so that they are implemented as part of regular business processes.
Considering responsible business conduct's expectations and policies while engaging with your suppliers or other business relationships.

2. Identify and Assess Adverse Impacts 

Companies should identify risks (potentially or real) that exist in their operations, supply chains, and business relationships. You can do so by:

Carrying out a broad scoping exercise to find risks in your business, including those in your supply chain. This should help you prioritize the most important areas for further assessment.
Begin by assessing the most significant areas of risk, then gradually expand your analysis to include other operations, suppliers, and other business relationships.
Assessing your company's involvement in the adverse impacts identified to decide appropriate responses. Assessing whether your company: caused (or would cause) the adverse impact; contributed (or would contribute) to the adverse impact; or whether the adverse impact is (or would be) directly linked to its operations, products, or services by a business relationship.
Based on the information you gathered about actual and potential adverse impacts if it's not possible to deal with all potential and actual adverse impacts immediately, prioritize the most significant risks and impacts for action based on severity and likelihood. Once the most significant impacts are identified and dealt with, move on to address less significant impacts.

3. Cease, Prevent, and Mitigate Adverse Impacts 

It means implementing measures to cease or prevent the adverse impacts discovered in your company's operations, supply chains, and business relations; stopping activities that may cause these negative impacts; and developing and implementing plans to reduce the risks of these impacts in the future.

You can do so by:

Assigning seniors responsible for activities that cause or contribute to ceasing and preventing the incidence of adverse impacts in the future.
Addressing complex actions or those that may be difficult to stop due to operational, contractual, or legal constraints. And creating a roadmap for them by including in-house legal counsel and impacted or potentially impacted stakeholders and rightsholders.
Updating your enterprise's policies to include guidance on the adverse impacts of future activities and ensure the policies are implemented.
 Providing training and development that is relevant to the workers and management.
 In the case of cumulative impacts, where more than one entity contributes to the adverse effects on the environment and where appropriate, seek to engage with other involved entities to cease the impacts and prevent them from recurring or prevent risks from materializing.
Where your enterprise contributes to adverse impacts or risks caused by another entity, take necessary steps to cease or prevent the contribution, and build and use leverage to mitigate any remaining impacts to the greatest extent possible.
Using leverage to the extent possible to address adverse impacts or risks. If you do not have sufficient leverage, build additional leverage with the business relationship through outreach from senior management or incentives. To the extent possible, work with other actors to build and use collective leverage through consortiums or industry associations or engagement with governments.
Supporting relevant suppliers and other business relationships in the prevention or mitigation of adverse impacts or risks, e.g., by providing training, upgrading facilities, or strengthening management systems.
Considering disengagement from a supplier or other business relationship only after all other options have been explored and failed; when the impact is irremediable; and when there is no reasonable prospect of change. 
Encouraging relevant authorities in the country where the impact is occurring to investigate and prosecute those responsible for violations.

4. Track Implementation and Results 

The most important thing to remember when implementing due diligence is that it's not just about identifying impacts and taking action to prevent them. You also have to track the effectiveness of your efforts and use the lessons learned from tracking to improve your processes in the future. You can do so by:

Periodically reviewing internal commitments, activities, and goals to ensure that they are being carried out in accordance with established policies. For example, by conducting periodic internal or third-party audits of outcomes achieved and communicating results at relevant levels within the enterprise.
Carrying out periodic assessments of business relationships to verify that risk mitigation strategies are being pursued and that adverse impacts have been prevented or mitigated.
When your enterprise has or may cause human rights impacts, consult and engage with potentially impacted rightsholders, including workers, workers' representatives, and trade unions.
 Identifying any adverse impacts or risks that may have been overlooked in the past due diligence processes and include them in future efforts.
Including feedback from your enterprise's due diligence in future processes and outcomes.

5. Communicate How Impacts are Addressed

To communicate information about due diligence policies, processes, and activities conducted to identify and address actual or potential adverse impacts and their findings and outcomes.

Steps you can take to achieve this: 

Publicly reporting the due diligence processes, with due regard for commercial confidentiality and other competitive or security concerns. Embedding responsible business conduct into policies and management systems to identify areas of significant risks, adverse impacts or risks identified, prioritized, and assessed, as well as the prioritization criteria, actions taken to prevent or mitigate those risks and their outcomes.
Make up-to-date information on due diligence processes publicly available, balancing concerns regarding commercial confidentiality and other competitive or security concerns. These reports should also include the responsible business conduct policies and the measures taken to embed them, your enterprise's identified areas of significant risks, the significant adverse impacts or risks identified and assessed (as well as the prioritization criteria), actions taken to prevent or mitigate those risks, including where possible estimated timelines and benchmarks for improvement and their outcomes, measures to track implementation and results and whether or not remediation is needed.
The above information should be published in a way that is easily accessible and appropriate, e.g., on your website, at your premises, and in local languages.
 When human rights impacts are caused or contributed to by your enterprise, be prepared to communicate with impacted or potentially impacted rightsholders in a timely, culturally sensitive, and accessible manner.

6. Provide for or Cooperate In Remediation When Appropriate

When your enterprise discovers that it has caused or contributed to actual adverse impacts, it should address such impacts by providing for or cooperating in their remediation.

You can take the following practical steps to achieve this: 

Seek to return the affected person or persons to their previous state as much as possible and enable remediation that's proportional to the significance and scale of the negative impact.
 Comply with the law and seek out international guidelines on remediation where available, and where such standards or guidelines are not available, consider a remedy that would be consistent with that provided in similar cases.
When addressing human rights impacts, consult and engage with impacted rightsholders and their representatives to determine a remedy.
After complaints are made, try to find out how satisfied those who complained are with the process and the outcome.
If a stakeholder or rightsholder has a complaint about a legitimate impact, help them raise it by referring them to a legitimate remediation mechanism. If there's disagreement about whether you caused an adverse impact or how to remedy it, this may be helpful in resolving the dispute.

How a Solution Like Ignite Can Help Your Organization Implement the Åpenhetsloven

In today's ever-changing business landscape, it's important to stay on top of the things that matter most. And when it comes to sourcing and supplier management, we know how hard it is to keep track of all the details that matter. With a system like Ignite, your procurement team can work together with suppliers to get a 360-degree view of all your data points.

You've probably heard the term "supplier 360" before. But what does it mean at Ignite?

Supplier 360 is a system that gathers all of the data points about a supplier under a single roof, allowing you to make better decisions about who you work with and how. That's how Ignite makes it easier for your procurement team to manage suppliers and maintain a constant flow of information between you and them.

With Ignite, you have access to all the information about your suppliers in one place—Ignite lets you gather evaluation, documentation, certifications, and relevant information directly from the suppliers within the solution. You can also use Ignite's reporting tools to monitor those suppliers' performance against their commitments.

‍

Get an overview of your full supplier base - A single source of truth about who your suppliers are and what they do to get the best deals possible.
Normalize suppliers - Remove duplicates and get a clean supplier baseline to avoid unnecessary work and discover previously hidden savings/cost avoidance opportunities. 
Know your suppliers - Map out suppliers, discover gaps in your knowledge and categorize suppliers to create structures and overviews to understand them better. Connect to other sources to enrich your information about suppliers (spending, risks, etc.)
Prioritize suppliers - To make supplier selection easier, create lists of suppliers where you need more information or want to assess supply options.
Interact with suppliers - Get in touch with suppliers to obtain relevant documentation that may be missing from your records.
Assess suppliers - Send out assessments to priority suppliers, depending on your needs.

Make no mistake, Åpenhetsloven is a step forward in the continually evolving world of procurement. The fact that you can actually work with your supplier data in Ignite has the potential to transform your business for the better. 

There's something to be said for the value that intimate knowledge of your suppliers can bring, and Ignite allows you to get that information in such an elegant manner. In the end, it's up to you whether this level of access is worth paying for—but it's hard to deny that a deeper understanding of your suppliers can be transformative.

Want to see how your company can get started with the Åpenhetsloven in 1 day with Ignite's Supplier System and framework? Click this link: The Åpenhetsloven Doesn't Get Easier Than This

‍