New Norwegian Mandatory Human Rights Due Diligence Law Creates Obligations for U.S.-based Multinationals Doing Business in Norway
On June 10, the Norwegian Parliament adopted the Transparency Act. Among other things, this innocuously named legislation will require many U.S.-based multinationals doing business in Norway to (1) regularly conduct human rights due diligence, (2) publish an annual human rights statement and (3) respond to third party requests for information regarding adverse human rights impacts. The Norwegian government recently announced the Act will take effect on July 1, 2022.
In this Alert, prepared in conjunction with attorneys at leading Norwegian law firm Thommessen, we provide an overview of the Act.
The Lead-up to the Act
In June 2018, the Norwegian government established an Ethics Information Committee in response to petition resolutions by the Parliament in 2016 and 2017. The Committee was tasked with assessing whether Norwegian businesses should be required to disclose information on responsible business conduct and supply chain management. The ten-member committee had representation from academia, business, government, trade unions, employers’ organizations and NGOs.
In August 2019, the Committee’s mandate was expanded to include preparing draft legislation. In November 2019, the Committee recommended the adoption of mandatory human rights due diligence legislation and it published a proposed draft. That legislation, which differs from the Act adopted, is described in Ropes & Gray’s earlier Alert here.
In 2019 and 2020, Norway’s National Contact Point for Responsible Business Conduct established pursuant to the OECD Guidelines for Multinational Enterprises conducted a survey of 600 Norwegian business leaders, in which the NCP asked about human rights due diligence practices. Based on the survey responses, the Norwegian NCP concluded that voluntary measures had not resulted in sufficient compliance with the OECD Guidelines. The OECD Guidelines are recommendations addressed by governments to multinational enterprises that provide non-binding principles and standards for responsible business conduct. Among other things, the OECD Guidelines call on business enterprises to carry out ongoing human rights due diligence to address adverse human rights impacts the enterprise may cause or contribute to through its own activities or which may be directly linked to its operations, products or services by its business relationships.
The Act applies to (1) large enterprises domiciled in Norway that provide goods and services and (2) foreign large enterprises that provide goods and services that are taxable in Norway.
“Large enterprises” are defined in the Act as enterprises that are covered by Section 1-5 of the Norwegian Accounting Act, or that meet at least two of the following criteria on the date of their financial statements:
- At least an average of 50 full-time employees during the fiscal year;
- A balance sheet total of at least NOK 35 million at fiscal year end (approximately US $4 million); and
- Sales revenue of at least NOK 70 million (approximately US $8 million).
The foregoing criteria are measured on a consolidated basis. If an enterprise meets the jurisdictional nexus requirement of the Act, its subsidiaries are taken into account for determining whether the enterprise is a large enterprise.
Under Section 1-5 of the Norwegian Accounting Act, large enterprises include:
- public limited companies;
- reporting entities, the shares, units, primary capital certificates or bonds of which are listed on a securities exchange, authorized marketplace or corresponding regulated market outside Norway; or
- other reporting entities if stipulated in regulations laid down by the Ministry of Finance.
Note that the compliance thresholds are significantly lower than under other current mandatory human rights due diligence legislation (i.e., the French Duty of Vigilance Law and the German Due Diligence in the Supply Chain Act). Therefore, many U.S. businesses with relatively minor operations in Norway will need to comply with the Act, even if they are not required to comply with mandatory human rights due diligence legislation in other European countries where they have more significant operations.
As earlier noted, the Act takes effect on July 1, 2022, and the first public report must be published by June 30, 2023. Reporting is discussed in further detail below.
The law is intended to promote respect for fundamental human rights and decent working conditions in connection with the production of goods and the provision of services.
“Fundamental human rights” is an expansive concept under the Act. These are defined as internationally recognized human rights, including those under the United Nations Convention on Economic, Social and Cultural Rights, the United Nations Convention on Civil and Political Rights and the International Labour Organization’s core conventions. “Decent working conditions” are those that safeguard fundamental human rights and health, safety and the environment in the workplace, while providing a living wage.
Under the Act, due diligence is required to be carried out in accordance with the OECD Guidelines. This is described in the Act as including the following:
- Embedding accountability in the enterprise’s policies and guidelines;
Mapping and assessing actual and potential adverse impacts on fundamental human rights and decent working conditions that the enterprise has caused or contributed to, or that are directly related to its activities, products or services through suppliers or business partners;
The “supply chain” of a large enterprise includes the chain of suppliers and subcontractors who supply or manufacture goods, services or other input factors that are part of the enterprise’s delivery of services or production of goods from the raw material stage to the finished product.
A “business partner” is an individual who delivers goods or services directly to the enterprise but is not part of the supply chain.
- Implementing appropriate measures to stop, prevent or limit potential adverse impacts based on the enterprise’s mapping and risk assessment;
- Tracking any implemented measures and their results;
- Communicating with affected stakeholders how adverse impacts are addressed; and
- Cooperating with remediation efforts.
The due diligence assessment must be carried out regularly. Consistent with the OECD Guidelines, due diligence must be proportionate to the size and nature of the subject enterprise, the context within which its business takes place and the severity and probability of adverse impacts on fundamental human rights and decent working conditions.
The Act will require subject large enterprises to publish a statement at least annually regarding the results of their due diligence. The annual statement must be published by June 30, irrespective of the enterprise’s fiscal year. In addition, a statement must be published upon a significant change in the enterprise’s risk assessment.
The statement must include at least the following information:
- A general description of the large enterprise’s business, area of operation and guidelines and procedures for addressing actual and potential adverse impacts on fundamental human rights and decent working conditions;
- The adverse impacts and significant risks of adverse impacts discovered through due diligence;
- Measures the enterprise implemented or plans to implement to prevent or limit the adverse impacts; and
- The results or expected results of the enterprise’s implemented measures.
The statement must be signed in accordance with Section 3-5 of the Norwegian Accounting Act. This means that (1) for reporting entities that have an executive board, the statement must be signed by all board members and (2) for reporting entities that have a general manager, the statement must be signed by the general manager. If a reporting entity has neither an executive board nor a general manager, the statement must be signed by the partners or members of the reporting entity.
The statement must be publicly available on the enterprise’s website.
In contrast to the new German Supply Chain Act, which expressly requires a due diligence statement to be in German, the Act is silent on whether the annual due diligence statement must be in Norwegian.
Third-Party Information Rights
The Act is intended to ensure public access to information on how subject enterprises address adverse impacts on fundamental human rights and decent working conditions.
Upon written request, a subject large enterprise must provide a requesting third party with information about how it addresses actual and potential adverse impacts that have been identified through the due diligence assessment.
The enterprise must provide the requested information within a reasonable time period, generally not more than three weeks after it receives the information request. However, if the information request is considered burdensome, the enterprise has longer – two months – to respond to the request. If a request is considered burdensome, the enterprise must still within three weeks notify the requesting party of the reason for the extension.
A large enterprise may deny an information request in certain instances. A request for information generally may be denied if:
- The request does not contain sufficient information to identify what information is sought;
- The request is patently unreasonable;
- The request is for personal information; or
- The request is for information about facilities, procedures or other operational or business matters that are of competitive importance and therefore sensitive.
The right to information regarding actual adverse impacts on fundamental human rights with which the enterprise is familiar, applies irrespective of the foregoing limitations.
Further, there is an exemption for information graded according to the Norwegian Security Act or protected under the Norwegian Copyright Act.
If the enterprise rejects an information request, it must provide justification for the rejection in writing to the requesting party within three weeks of receiving the request.
Enforcement of the Act
The Norwegian Consumer Authority is responsible for overseeing and enforcing the Act. If there is a violation of the Act, the Consumer Authority may issue an order requiring compliance or it may enjoin the violation, as applicable.
The Consumer Authority also has the power to impose fines, especially if a large enterprise is repeatedly non-compliant. The amount of the potential fines are not specified in the Act.
At least initially, the principal impact of the Act is likely to be reputational, as has been the case with legislation in other jurisdictions requiring human rights disclosures.
Further Regulation and Guidance
The Act expressly authorizes the Ministry of Children and Family Affairs to issue regulations regarding the due diligence, reporting and third-party information rights under the Act. The Ministry also may issue regulations further fleshing out what are considered fundamental human rights and decent working conditions for purposes of the Act.
In addition, the Norwegian Consumer Authority may publish general information, advice and guidelines in support of compliance with the Act.
The Norwegian Consumer Authority is currently in the process of establishing the department that would provide guidance. Guidance is therefore not expected prior to the effective date of the Act.
Now that the effective date of the Act has been set, U.S.-based multinationals doing business in Norway should take the following initial compliance steps, as applicable:
- Determine whether your company or any of its subsidiaries will be subject to the Act.
If subject to the Act, assess your existing human rights (and working conditions) due diligence compliance program against the requirements of the Act. To the extent there are gaps, establish an action plan to address those deficiencies.
Most U.S.-based multinationals have moved to a common enterprise-wide approach to managing human rights and related compliance, or are in the process of doing so. To the extent aspects of the current human rights compliance program require enhancement to meet the requirements of the Act, consideration will need to be given whether to roll the enhancements out across the enterprise, or only at the operations subject to the Act.
- Determine who will have responsibility for required reporting under the Act and establish an internal process to ensure the annual reporting deadline is met. With the continuing proliferation of human rights reporting requirements, many multinationals have begun to centralize their human rights reporting function to ensure global consistency in disclosure.
About Ropes & Gray’s Practice
Ropes & Gray has a leading ESG, CSR, and business and human rights compliance practice. We offer clients a comprehensive approach in these subject areas through a global team with members in the United States, Europe, and Asia. In addition, senior members of the practice have advised on these matters for more than 30 years, enabling us to provide a long-term perspective that few firms can match.
For further information on the practice, click here.
About Thommessen’s Practice
Thommessen is a leading Norwegian law firm, assisting businesses with transactions, complex projects and contentious matters in all areas of commercial law. The firm’s robust professional legal expertise is combined with in-depth industry knowledge, and the lawyers stay abreast of trends and developments on an ongoing basis in order to provide advice, which facilitates long-term value creation.
Thommessen has over time developed extensive compliance expertise and experience, and currently advises a broad range of Norwegian and international businesses on addressing compliance challenges in relation to, amongst other things, human rights, anti-corruption, anti-money laundering and terror financing issues. Thommessen has a dedicated team who is ready to advise clients in matters relating to the Transparency Act and related issues.