From Activity to Impact: Rethinking Human Rights KPIs in the Technology Sector

By Paula Williams

For many companies working to implement human rights programs, a familiar question eventually emerges: how do we know whether these efforts are actually working?

Teams often track a wide range of indicators; policies adopted, risk assessments completed, training delivered. These signals demonstrate important steps have been taken and that systems are being put in place, but they do not tell us how effective the program is at reducing risk to people.

This challenge is what motivated the development of the Guidance on Developing KPIs for Human Rights Programs in the Technology Sector, created through a working group of technology companies convened by Steptoe.

Rather than prescribing a standard set of indicators, the guidance offers something more valuable: a structured methodology and a way to think about what should be measured and why.

Moving Beyond Activity

In our experience, working with companies as they develop and mature their human rights programs, we have noted a consistent pattern. Early efforts typically focus on putting the foundations of due diligence in place: policy commitments, governance structures, risk assessments, grievance mechanisms, and internal training. These are critical milestones. They demonstrate a good faith commitment and create the infrastructure needed to begin identifying and managing human rights risks, but once those foundations are established, the focus must shift. The question should no longer simply be “have we implemented these systems?” but “are they actually working?”

The newly published guidance helps organizations navigate this shift by distinguishing between robustness and effectiveness. Robustness tells us whether systems exist and are being implemented. Effectiveness asks the harder question: whether those systems are achieving their intended outcome, reducing risk to rights-holders. Both are important, but effectiveness ultimately demonstrates whether a human rights program is delivering on its purpose.

Making Measurement Work for Human Rights Programs

Across the ESG landscape, there is a growing expectation that the “S” pillar, covering human rights, labor practices, and broader social impacts, should generate more quantitative evidence of performance, similar to what we have seen emerge in the environmental space.
That shift is understandable. Data can help leadership understand risk, allocate resources, and demonstrate accountability. However, it’s important to keep in mind that human rights risks are inherently complex and often deeply contextual, so reducing them to numbers without careful thought can give a false sense of security or obscure the realities of lived experience.

Many practitioners find themselves navigating the tension between quantification demands and the feasibility of producing meaningful data. On one hand, there is a clear push for measurable indicators that can demonstrate progress. On the other, there is a responsibility to ensure those indicators accurately reflect whether risks to people are being prevented or mitigated.

What I appreciate about this guidance is that it shows how quantitative measurement can be done thoughtfully. By anchoring KPIs in salient risks and pathways to harm, it helps organizations develop indicators that reflect whether the most important risks to rights-holders are being managed effectively rather than simply tracking activity.

Pathways to Harm

A particularly valuable feature of the guidance is its use of salient risk and pathways to harm as the starting point for thinking about measurement. Rather than beginning with internal processes, the guidance asks organizations to examine how human rights risks could actually materialize in practice. It identifies a set of salient risks relevant to the technology sector and maps the specific ways harm could occur, such as through government access to user data, discriminatory outcomes in AI systems, misuse of biometric technologies, or failures to prevent online child exploitation, for example. Looking at risk through these pathways shifts the perspective. It encourages companies to consider the real-world contexts in which their products, services, or operations might affect people, and to think carefully about where in those pathways the company can intervene and interrupt that pathway.

Once those pathways are mapped, it becomes much easier to identify the critical steps that interrupt or mitigate risk. These might include escalation procedures, due diligence reviews, product design safeguards, monitoring systems, or response mechanisms. The guidance then helps organizations translate those intervention points into KPIs that signal whether those safeguards are functioning as intended.

While the examples in the report are tailored to risks in the technology sector, the underlying approach is widely applicable. The methodology can be adapted by companies in any sector seeking to design more meaningful human rights KPIs.

By starting with how harm could occur, the pathways approach keeps the focus firmly on people and lived impacts, while giving practitioners a practical way to connect measurement back to real risk management.

Ensuring Better Outcomes

Ultimately, the value of this guidance lies in helping organizations move from tracking activity to managing risk to people.

KPIs should not exist simply to fill out reporting frameworks or generate numbers. At their best, they help leadership ask better questions:

• Are we focused on the risks that matter most?
• Are the controls designed to prevent harm actually working?
• Where do we need to strengthen our systems?

Human rights programs are successful when they reduce harm and improve outcomes for people. No volume of metrics or polished reporting can substitute for that fundamental objective.

By anchoring KPIs in salient risks and real-world pathways to harm, this guidance helps organizations ensure that measurement remains focused on what matters most: understanding whether the systems designed to prevent harm are actually working for the people they are meant to protect.

To learn more and explore what steps you and your company can take to ensure regulatory readiness, please reach out at hello@articleoneadvisors.com.