Policy commitment
Why policies are not enough for HREDD
Most organisations operating in complex supply chains now have a human rights policy. A growing number also have an environmental due diligence statement. These documents matter - they signal intent, set expectations for suppliers, and meet a growing list of disclosure requirements.
But a policy is a commitment on paper. Human rights and environmental due diligence (HREDD), as set out in the UN Guiding Principles on Business and Human Rights and reflected in regulation such as the EU's CSDDD, is a process. The gap between the two is where most organisations run into difficulty - with regulators, with civil society, and with their own leadership teams asking what the policy actually means in practice.
A policy statement is a starting point, not evidence of practice
Regulators and buyers are no longer asking whether a policy exists. They are asking how risks were identified, what was done about them, and what changed as a result. A policy answers the first question. It says nothing about the other two.
This shift matters because due diligence is judged on process and outcome, not intent. An organisation can have a strong, well-written policy and still be unable to demonstrate that it knows where its highest risks sit, or that it has taken proportionate action in response.
What the due diligence cycle actually requires
The UN Guiding Principles, and the OECD Due Diligence Guidance that builds on them, describe due diligence as an ongoing cycle rather than a one-off exercise. It starts with identifying where human rights and environmental risks are most likely to arise across operations and supply chains, then moves to preventing and mitigating those risks through changes to practice, contracts, and supplier engagement.
From there, organisations need to track whether their response is actually working, using evidence rather than assumption, communicate what has been found and done in a way that can withstand scrutiny, and provide or enable remedy where harm has occurred.
A policy commitment sits above all of this. It sets the direction. On its own, it does not produce any of these activities - and it is these activities, not the policy, that regulators, buyers, and civil society now look for.
Where commitments tend to break down
In practice, the gap between policy and process tends to show up in a few recurring places. Risk assessments exist but are not updated often enough to reflect changing operations or supplier relationships. Action plans are agreed after an audit but are not tracked through to completion. Evidence of action is scattered across departments, formats, and systems, making it hard to produce a coherent account when one is requested.
None of these gaps are unusual, and none of them mean the underlying commitment is not genuine. They are usually a sign that the policy was put in place before the supporting structure was - which is the normal order of things. The risk is leaving it there.
Turning commitment into a working system
Closing the gap does not require starting from zero. Most organisations already generate the information a credible due diligence process needs - through audits, grievance channels, supplier data, and field reporting. What is usually missing is the structure that connects this information to the policy commitment: a clear view of where risk sits, a record of what has been done in response, and a way of showing that the response is making a difference over time.
That structure is what turns a policy from a statement of intent into something that can be defended, reported on, and improved. It is also where Strategine focuses its work - helping organisations build the connective layer between commitment and evidence, using the information they already have.
Next step
Ready to close the gap between policy and practice?
We help organisations turn due diligence commitments into a working system, using the evidence they already have.