Endnotes 1 Gartner Says Four Trends Are Shaping the Future of Public Cloud, Gartner, 2021. 2 A series of UN B-Tech project papers have elaborated on the technology sector’s responsibility to conduct downstream human rights due diligence (HRDD). Downstream HRDD will likely also be included as a requirement in the forthcoming EU Mandatory Environmental and Human Rights Due Diligence Law. 3 See BSR’s report Human Rights Due Diligence of Products and Services: Assessing the Downstream Value Chain. 4 Gartner Says Four Trends Are Shaping the Future of Public Cloud, Gartner, 2021. 5 See BSR’s report Responsible Product Use in the SaaS Sector. 6 Leading software as a service (SaaS) countries worldwide in 2021, by number of companies, Statista, 2021. 7 A vast spectrum of SaaS services exists within each of these categories. The International Data Corporation (IDC) has developed a cross-cutting typology of 15 SaaS solutions based on the business needs they address; however, this categorization is not exhaustive and oversimplifies the complexity and range of SaaS service offerings. 8 See Navigating the Tech Stack: When, Where and How Should We Moderate Content? by Joan Donovan, and A Framework for Moderation and Moderation in Infrastructure by Ben Thompson. 9 Parler claims it was also dropped by Slack after Amazon and other tech giants cut ties with the controversial social media company, Business Insider, 2021. 10 See BSR’s report Human Rights Assessments: Identifying Risks, Informing Strategy. 11 Ibid. 12 Ibid. 13 See BSR’s Human Rights Assessment: Identifying Risks, Informing Strategy, and The Danish Institute of Human Rights (DIHR) human rights impact assessment guidance and toolbox, and Oxfam community-based human rights impact assessment as examples. 14 See Sector wide impact assessments (SWIA) by the Danish Institute of Human Rights. 15 Human Rights Due Diligence of Products and Services: Assessing the Downstream Value Chain, BSR, 2021. 16 See Seven Questions to Determine a Company’s Connections to Human Rights Abuses by Jonathan Drimmer and Peter Nestor for guidance on how to use the cause/contribute/directly linked framework. 17 The B-Tech Project aims to translate the UN Guiding Principles on Business and Human Rights (UNGPs) to the technology sector. It is an initiative of the Office of the United Nations High Commissioner for Human Rights. 18 See the B-Tech Foundational Paper Taking Action to Address Human Rights Risks Related to End-Use. 19 Human Rights Due Diligence of Products and Services: Assessing the Downstream Value Chain, BSR, 2021. 20 UN Guiding Principles on Business and Human Rights. 21 See BSR’s report Human Rights Due Diligence of Products and Services: Assessing the Downstream Value Chain. 22 See With Great (Computing) Power Comes Great (Human Rights) Responsibility: Cloud Computing and Human Rights by Vivek Krishnamurthy. 23 See Section 3 of this report for a more detailed description of the differentiating characteristics. 24 See the B-Tech Foundational Paper Addressing Business Model Related Risks. 25 See BSR’s report The Shared Opportunity to Promote: A Second-Decade Priority for the UNGPs. 26 See With Great (Computing) Power Comes Great (Human Rights) Responsibility: Cloud Computing and Human Rights by Vivek Krishnamurthy. 27 See Principle 19 of the UN Guiding Principles on Business and Human Rights for a more detailed description. 28 See Responsible Use of Technology by BSR and WEF. 29 See BSR’s report Responsible Product Use in the SaaS Sector for further guidance on standard components to include in an Acceptable Use Policy. 30 There are a wide range of available indices spanning specific human rights issue areas; however, those most relevant to SaaS companies in high-risk areas pertain to (i) the presence of armed international or non-international conflict or military occupation (see RULAC) (ii) the incidence of ongoing mass violence (see Global Peace Index, ACLED, V-Dem Physical Violence Index) (iii) the rule of law (World Justice Project, Global State of Democracy Index), (iv) discrimination (V-Dems Social Group Equality In Respect For Civil Liberties Indicator) and (v) freedom online (Freedom House’s Freedom on the Net Score). 31 H&M and Microsoft have both piloted such programs. H&M hosts an Ethical AI Debate Club to discuss fictional scenarios and ethical dilemmas related to the use of AI in the fashion industry. Microsoft has established a “champs” program that designates resident experts who raise awareness and provide advice and assistance on ethical and human rights issues related to AI. 32 Independent Bioethics Advisory Committee (IBAC). 33 Ethical Review Process being designed by the Future of Privacy Forum. The conclusions presented in this document represent BSR’s best professional judgment, based upon the information available and conditions existing as of the date of the review. In performing its assignment, BSR relies upon publicly available information, information provided by member company, and information provided by third parties. Accordingly, the conclusions in this document are valid only to the extent that the information provided or available to BSR was accurate and complete, and the strength and accuracy of the conclusions may be impacted by facts, data, and context to which BSR was not privy. As such, the facts or conclusions referenced in this document should not be considered an audit, certification, or any form of qualification. This document does not constitute and cannot be relied upon as legal advice of any sort and cannot be considered an exhaustive review of legal or regulatory compliance. BSR makes no representations or warranties, express or implied, about the business or its operations. BSR maintains a policy of not acting as a representative of its membership, nor does it endorse specific policies or standards. The views expressed in this document do not reflect those of BSR member companies. The conclusions presented in this document represent BSR’s best professional judgment, based upon the information available and conditions existing as of the date of the review. In performing its assignment, BSR relies upon publicly available information, information provided by member company, and information provided by third parties. Accordingly, the conclusions in this document are valid only to the extent that the information provided or available to BSR was accurate and complete, and the strength and accuracy of the conclusions may be impacted by facts, data, and context to which BSR was not privy. As such, the facts or conclusions referenced in this document should not be considered an audit, certification, or any form of qualification. This document does not constitute and cannot be relied upon as legal advice of any sort and cannot be considered an exhaustive review of legal or regulatory compliance. BSR makes no representations or warranties, express or implied, about the business or its operations. BSR maintains a policy of not acting as a representative of its membership, nor does it endorse specific policies or standards. The views expressed in this document do not reflect those of BSR member companies. 51 Human Rights Assessment of the Software-as-a-Service Sector

Human Rights Assessment of the Software-as-a-Service Sector - Page 52 Human Rights Assessment of the Software-as-a-Service Sector Page 51 Page 53