Human rights and corporate responsibility
1) Introduction and framework
Corporate responsibility in the field of human rights (Human Rights) is based on three blocks:1. State duty to protect rights;
2. Business responsibility to respect rights;
3. Access to remedies.
For the company, this means: systematically identify risks, prevent violations, provide complaint channels and compensation for harm, and publicly report on progress. The approach applies to all functions - from marketing and hiring to product development and payment infrastructure.
2) Policies and principles (what to fix in writing)
Statement of respect for human rights (bord approved) related to the Code of Ethics.
Non-discrimination and equal opportunities (equal pay, accessibility, reasonable working conditions).
Freedom of association and collective bargaining; respect for the role of trade unions/representatives.
Prohibition of child and forced labour; policies against modern forms of slavery.
Privacy and data protection (transparency, minimization, security).
Responsible advertising and iGaming ethics (do not target vulnerable groups, integrity of offers).
Freedom of expression and content moderation (proportional measures, understandable appeals).
Responsible AI (non-discrimination, explainability of models, human supervision).
Protection of informants and prohibition of repression.
3) HRIA: Human Rights Impact Assessment
1. Stakeholder mapping: employees, contractors, players/customers, affiliates, game/payment providers, local communities.
2. Identification of "significant" risks: where the probability/severity of consequences are maximum.
3. Geographies assessment (conflict zones, weak institutions, high corruption risks).
4. Prioritization and plan of measures (avoid-prevent-mitigate-remedy).
5. Revaluation annually and with major changes (new markets, M&A, new product categories).
4) Matrix of significant risks (example for iGaming/fintech)
5) Human Rights Due Diligence - Operational Cycle
Step 1. Policies and roles: approved human rights policies; function owner (Head of Human Rights/ESG) and cross-functional committee.
Step 2. Identification: HRIA, process/supply chain map, data map.
Step 3. Assessment and prioritization: severity/probability methodology + group vulnerability.
Step 4. Embedding in processes: procurement, marketing, product, AI, security, recruiting.
Step 5. Monitoring and indicators: KPI dashboard, internal audits, independent audits.
Step 6. Messages and correction: complaint channels, case analysis, compensation for harm.
Step 7. Reporting and improvement: annual report, CAPA, risk matrix update.
6) Supply Chain and Supplier Code
Mandatory provisions: prohibition of forced and child labor; salary not lower than the subsistence minimum of the region; reasonable hours; freedom of association; safe conditions.
Audits: self-assessment + independent audits by risk countries/categories.
Contractual instruments: right to audit, corrective actions, termination in case of gross violations.
Tracing: list of sub-contractors (tier-2), contact points for complaints in their native language.
Remediation: a plan for eliminating violations involving victims.
7) Privacy and digital rights
Transparency: understandable policies, "dictionary" of data categories and goals.
DPIA/PIA: Risk Assessment for Rights and Freedoms in New Features, Profiling and AI.
Minimizing and limiting goals: only necessary data and retention periods.
Default security: encryption, access control, auditing, leak notification plan.
Rights of subjects: access, correction, removal, objection to profiling - with clear SLAs.
8) Responsible AI and anti-discrimination algorithms
Responsible AI policy: prohibition of implicit discrimination; explainability of decisions, especially for limits, scoring, bonuses.
Fairness and drift tests: regular bias checks, monitoring metrics (false positive/negative) by segment.
Human-in-the-loop: the possibility of escalation to a person and user appeals.
Limiting sensitive attributes: exception or correct proxy processing, if possible.
9) Responsible play and marketing (specific to iGaming)
Age barriers, self-exclusion, deposit/time limits, "cooling."
Prohibition of targeting vulnerable groups (debt, dependence, minors).
Honest advertising: without promises of easy earnings, transparent bonus conditions.
Player data: separate behavioral analytics from personal data, use aggregation/pseudonymization.
10) Grievance Mechanisms
Availability: anonymous and named channels 24/7, multilingual, online/offline.
Predictability: confirmation SLA (7 days), primary assessment (30), total/interim response (90).
Independence: exclusion of conflicts of interest; possibility of external mediation/arbitration.
Remediation: compensations, correction of records/data, change of policy/controls.
Without reprisals: defending those who filed complaints in good faith.
11) Management and RACI
12) Metrics and dashboard
Incidents and complaints: number, structure, proportion confirmed, average closing time.
DEI: gender/ethnic balance by level, pay gap.
Supply chain:% of suppliers who signed the Code;% audited in risk areas; closed CAPAs.
Privacy: SLA on DSR, DPIA number, leaks/near-miss.
Responsible Gaming: share of self-exclusions, compliance with limits, successful interventions.
Responsible AI: results of fairness tests, the number of appeals and reviews of decisions.
Training: training coverage (HR/DEI/Privacy/AI/Marketing Ethics).
13) Reporting and Communications
Human Rights/ESG Annual Report: Key Risks, Cases, Measures and Progress on KPIs.
Principles of transparency: do not hide complex cases; Describe lessons learned and changes
Communication with communities: local consultations before major changes (office, data center, campaign marketing).
14) Example of caveats (fragments)
Statement of Respect for Human Rights: "The Company undertakes to respect internationally recognized human rights in all operations and supply chain; violations are treated as serious disciplinary liability."
Suppliers: "Supplier confirms compliance with the Supplier Code and allows for independent reviews; gross violations entail suspension and/or termination of the contract."
Responsible AI: "Decisions affecting the essential interests of the user are subject to explanation and revision upon request."
Complaints: "Confidential channels are available without risk of reprisals; confirmation in 7 days, final response in 90 days or interim report."
15) Implementation checklist (90-120 days)
1. Approve policy and assign direction owner (ESG/Human Rights Lead).
2. Conduct risk screening and mini-HRIA for key markets/processes.
3. Launch complaint channels and update Whistleblower Policy.
4. Implement Supplier Code, add clauses to new/rolling contracts.
5. Embed DPIA/Responsible AI-check in the process of outputting features.
6. Train managers (DEI, anti-harassment, Responsible Gaming, Privacy).
7. Set up a dashboard with KPIs and quarterly Management Review.
8. Publish a summary report and improvement plan.
16) Related Documents
Code of Ethics and Conduct
Whistleblower policy and personnel protection
Anti-Corruption Standards and ISO 37001
Privacy and data protection policy
Responsible AI Policy
Responsible Gaming Policy
Supply Chain Code of Conduct
Conclusion
Respect for human rights is not a one-time audit, but a constant management cycle: evaluate → integrate into processes → monitor → respond to → report. It is critical for iGaming/fintech platforms to focus on advertising and vulnerable groups, privacy and AI, supply chain labor rights and effective remedies. Clear policies, clear complaint channels, measurable KPIs and open reporting turn values into practice and protect people - and with them the reputation of the business.