How can investors work with data providers to manage human rights risks?

In 2025, the need for investor data to effectively manage human rights risks – three years after the PRI published a paper on this subject – is stronger than ever. Investors continue to require decision-useful data that aligns with international standards, regulatory requirements and market incentives. This data helps them analyse the impacts on people and related financial risks and opportunities, and covers : (i) workers in the company’s own workforce and in the value chain, (ii) affected communities, including in the value chain, and (iii) people impacted using the company’s products or services.

Data providers play an integral part in this process: in 2025, half of PRI signatories reported using data providers or benchmarks to identify negative impacts on people.¹ Our recommendation is that investors assess whether the data is decision-useful, as well as the alignment of data providers’ human rights offerings with international standards, and set clear expectations with their providers.

OECD finds little consensus on human rights risks data

There is little agreement across ESG rating products on how to measure business performance on human rights-related issues and their alignment with international standards. That’s the conclusion of a study conducted by the OECD, mapping and analysing over 2,000 datapoints from eight prominent ESG rating products.

The analysis first highlighted the vast discrepancy in terms of the number of metrics to measure human rights performance. On average, ESG products include around 10 human rights metrics, but the range varies widely – from zero to more than 30. This disparity stems from differing definitions of what ‘human rights’ encompass (e.g. forced labour, community impacts, supply chains) and how granularly they are measured.

Despite these divergences, two common patterns emerge. First, ESG ratings overwhelmingly rely on qualitative, input-based datapoints. Roughly 80% of human rights metrics assess company policies, processes, or commitments, rather than actual outcomes or impacts. While such information provides a useful snapshot of corporate efforts, overreliance on this data risks encouraging ‘form-over-substance’ compliance — i.e. rewarding disclosure over meaningful action to prevent and remediate. These qualitative inputs can also favour large firms that have the capacity to formalise and report policies and process, while penalising SMEs with fewer resources. Moreover, only 7% of metrics relate to value chain risk management, suggesting significant blind spots in how ESG ratings capture impacts beyond direct operations, where most human rights risks actually occur.

Second, the remaining metrics are controversy-based, relying on reported incidents or norm breaches to gauge company performance. While these ‘controversy screening’ or ‘norm-breach’ tools can alert investors to acute reputational or legal risks, they do not measure whether companies have robust due diligence systems in place or are making demonstrable progress. The OECD cautions that human rights due diligence is not about operating in a risk-free environment but about continuously identifying, preventing, and mitigating risks – and transparently tracking outcomes.

The OECD study underscores an urgent need for greater coherence and transparency in terms of how ESG rating products assess corporate human rights performance.

The Investor Initiative on Human Rights Data

Signatories are taking action. The Investor Initiative on Human Rights Data (II-HRD) was set up by the Church Commissioners for England, Aviva Investors and Scottish Widows to improve access to – and the use of – better and broader human rights data. The group of 24 investors with more than USD$9 trillion in assets under management has been engaging with ESG data providers for over two years, trying to get under the hood of methodologies and pushing for more disaggregated data at the datapoint level. The initiative does not mandate specific methodologies, but it has used indicators from the WBA Corporate Human Rights Benchmark as the basis for analysing any gaps.

In 2025, the initiative has been focusing on how data providers are assessing companies against international human rights norms. Investors use norms breach data in multiple ways, including informing engagement and voting, building funds and excluding companies, and reporting against sustainable finance frameworks. Unfortunately, the wide variance in ESG provider outputs and methodologies, makes it difficult for investors to know which products to use and to understand how those outputs are generated.

To address this, the II-HRD has published a guidance document that sets out 21 research principles to support ESG data providers assess companies for non-compliance with, or breaches of, international human rights norms, such as the OECD Guidelines, the UN Guiding Principles or the UN Global Compact Principles.

II-HRD members will use the guidance to inform engagements with data providers, but the guidance has wider use cases, including helping members to review human rights-related controversies and norms-breach products i.e. products that assess companies in relation to norms-breach allegations. Some investors use norms-breach data to exclude investment in sustainable funds (e.g. Article 8) as there are Principal Adverse Indicators connected to breaches and implementation of international norms. Therefore, the guidance may support investors when choosing which companies to include or exclude in funds.

The initiative has re-opened membership: any investors who wish to engage with data providers through the II-HRD are encouraged to reach out to dan.neale@churchofengland.org before 10 December.

Further resources

At the PRI, we have recently launched Pathways, our flagship educational tool that helps signatories to navigate their responsible investment journey. Signatories can delve into relevant resources and guidance to strengthen their organisational approach to managing human rights and social risks.

The PRI blog aims to contribute to the debate around topical responsible investment issues. It should not be construed as advice, nor relied upon. The blog is written by PRI staff members and occasionally guest contributors. Blog authors write in their individual capacity – posts do not necessarily represent a PRI view. The inclusion of examples or case studies does not constitute an endorsement by PRI Association or PRI signatories.