Human Rights Guidance for Cyber Security Companies

Today techUK published the Cyber Growth Partnership’s Industry Guidance ‘Assessing Cyber Security Export Risks’. IHRB facilitated industry consultation and input into the human rights section of this guidance and played a central role in the drafting and review of this section of the guidance.

The guidance outlines a risk assessment process that helps companies to:

• Look at the capabilities of the product or service they want to export and how it could be used by purchasers

• Examine the places where they are exporting to including their political and legal frameworks, the state’s respect for human rights and potentially vulnerable people

• Assess who the end purchaser of the product is and how they intend to use it

• Evaluate potential business partners and re-sellers

• It also provides advice on how to mitigate and build risk management clauses into the contract

Read the report on techUK's website.

Lucy Purdon, IHRB's ICT Project Manager, commented:

"I welcome this very important initiative from techUK and the Cyber Growth Partnership. Cybersecurity companies have a critical role as key players in the human rights discourse. On the one hand they strive to improve security and the enjoyment of human rights; on the other they must act to prevent harm to human rights arising through misuse of their products and services.  During the industry consultation there was a high level of engagement among participating companies which provided thoughtful insights into the challenges they face and their possible courses of action. As a result, this guidance is a valuable contribution to the human rights and technology debate."

Tech UK says:

"This is the first tech sector guidance of its kind in the world. It provides cyber security companies of all sizes with actionable advice to help identify and manage the risks of exporting their products and services. It gives detailed background information and a framework to help companies develop their due diligence processes, manage human rights risks and identify national security risks."

Ed Vaizey the Minister for Culture and Digital Industries and Co-Chair of the Cyber Growth Partnership said:

“techUK’s guide is a valuable and accessible tool which will help British companies respond with confidence to opportunities in the global cyber security market. I am grateful to all those who have contributed and I am proud to endorse this guidance, the first of its kind in the world”.

Gavin Patterson, CEO of BT and Co-Chair of the Cyber Growth Partnership said:

“BT is delighted to support the work being undertaken by the Cyber Growth Partnership to promote UK business selling cyber abroad.”

Dibble Clark, Cyber Lead at 3SDL, a Malvern Cluster cyber security company commented:

“Recent events have put the human rights responsibilities of cyber export companies in the spotlight and there is particular scrutiny on our sector, both from governments and NGOs. The responsibility to respect human rights is something no company can ignore, whether large or small. This guidance is a valuable tool in guiding companies to the most appropriate human right due diligence policies and processes. 3SDL welcomes this guidance and was delighted to be able to support it. We look forward to contributing to further discussion on the challenges and opportunities in respecting human rights in the future.”

Rt. Hon Baroness Anelay, Minister of State for Foreign and Commonwealth Affairs said:

“I welcome this initiative by techUK in collaboration with the Institute for Human Rights and Business. The UK’s Action Plan ‘Good Business’ – to implement the UN Guiding Principles – represents the Government’s commitment that the promotion of business and respect for human rights should go hand in hand. This groundbreaking guidance will help cyber security businesses manage human rights risk by adopting effective due diligence policies and enable them to respect human rights wherever they operate.”