Gating processes can be applied at an industry or customer level. An industry-based approach identifies the characteristics of high-risk industries or industries where the SaaS product or service is likely to be connected to a harm. These characteristics then inform the development of criteria that determine which industries the company will or will not work with. Gun manufacturers or providers of hacking tools might be an example. A customer-based approach to gating identifies customer characteristics, behaviors, use cases, or markets that are likely to be connected to human rights harms and informs who the company will or will not sell to. A company with a history of causing human rights viola- tions might be an example. Regardless of approach, gating processes should be formalized and consistently applied across prospective customers, rather than implemented ad hoc. They should be based on established international human rights standards and norms. Guiding questions to help companies establish boundaries on who they will and will not do business with, and how to implement these limitations, can be found in the paper, “Responsible Product Use in the SaaS Sector.” While gating can help avoid and prevent human rights harms, it should be implemented with caution. While gating can help avoid and prevent human rights harms, it should be implemented with caution. As mentioned in the human rights impacts section above, if a growing number of SaaS, PaaS, and IaaS providers implement similar gating processes at the same time, they may unintentionally yet systematically infringe on human rights by limiting use of the technology to an entire swath of actors. This could, in turn, result in restrictions to freedom of expres- sion, creating less room for dissent, or inhibiting downstream customers from accessing technologies that enable the realization of human rights, such as education, health, social services, or other critical goods and services. Examples might include SaaS providers creating gating processes that restrict or ban customers with platforms allowing “awful but lawful” speech, or civil service departments in high-risk countries (such as Afghanistan or Myanmar) where public services continue to play a vital role. Gating processes are often most suited to situations where the company is delivering customized solutions for customers; however, a customer self-gating process (or online form) could also be deployed before the sale of less customized products and solutions, 36 Human Rights Assessment of the Software-as-a-Service Sector
Human Rights Assessment of the Software-as-a-Service Sector Page 36 Page 38