Companies’ self-regulation

In addition to international, EU-level and national regulation, voluntary self-regulation plays an important role in implementing sustainable business practices across companies’ supply chains. Self-regulation includes international or national standards and certifications. It is important to be aware how well existing certificates, standards and collaborative initiatives may or may not fit for the purpose to facilitate the sustainability due diligence process.

Many companies already operate management systems that structure how risks are identified, requirements are defined, performance is monitored, and improvements are made. Widely used international management system standards, such as ISO 9001 (Quality Management Systems), ISO 14001 (Environmental Management Systems), ISO 45001 (Occupational Health and Safety Management Systems) and ISO 31000 (Risk Management Guidelines), provide structured processes for identifying requirements, managing risks, monitoring performance, and supporting continuous improvement.

Other international standards and guidance documents address responsible business conduct and procurement practices. Examples include ISO 26000 (Social Responsibility) and ISO 20400 (Sustainable Procurement). Together, these standards and guidelines help companies translate international principles into operational governance processes. However, it is important to note that the ISO standards and guidelines do not cover all issues of sustainable business.

The International Organization for Standardization (ISO) has published ESG Implementation Principles (IWA 48), which provide guidance for integrating environmental, social, and governance considerations into organizational strategy, governance, and decision-making. The document outlines key principles and practical approaches for embedding sustainability into management systems and business practices. It is currently available free of charge on ISO’s website, although ISO has indicated that a revised version is under development.

Sustainability due diligence can often build on existing governance structures, such as management system standards, rather than starting from scratch.

Other kinds of private self-regulation that guide companies in their sustainability efforts also exist. Some of these voluntary frameworks, such as the Global Reporting Initiative (GRI) and Forest Stewardship Council (FSC), have national offices. Other voluntary ethical principles also exist at the national level.

Although voluntary, self-regulation is not necessarily a weak form of regulation. Losing certification against a standard can prevent access to markets. Buyers may refuse to buy uncertified products, and investment organisations may refuse to provide financing for an important investment.