We encourage Dassault to enhance disclosure of their customer due diligence procedures.
Objective: Encourage Dassault to enhance disclosure of their customer due diligence procedures as a way of managing the risk of client misuse of their products.
We met with Dassault Systèmes in September as a follow-up conversation to a letter we sent in February. The company had been named in a report that linked their 3D design software to the Myanmar military.15 After an internal review, Dassault confirmed in a statement16 they had not in fact sold their software to the Myanmar military, and that the entities named in the report were not on Dassault’s client list.
The story led us to question Dassault about how they consider the potential for misuse of their products by their customers. The risk of significant reputational damage due to lack of oversight in this area is clear, and we wanted to better understand the company’s internal controls. They explained the three main tools they use for conducting customer due diligence are export controls, acceptable use policies, and individual case review based on reports of controversial use. These tools allow for coordinated action to help the company prevent adverse human rights impacts.
The company was candid with us and provided examples of their policies in action. They were open to our recommendation that they improve public disclosure, as it appeared to us they had strong procedures in place; we explained it would be helpful to investors if they made that more explicit in their materials. They were appreciative of the resources we provided related to the management of downstream human rights risks. We pointed them to an industry tool that outlines specific human rights considerations for enterprise software providers, and we supplied public policies from peer companies that include human rights assessments and due diligence procedures.
Downstream human rights impacts of highly sensitive technology applications are a growing risk for companies. For example, surveillance company Clearview AI neglected to protect against the risks to communities impacted by the sale of its faceprint database. The company was sued for violating Illinois state biometric law and was restricted from making its faceprint database available to private entities across the U.S. as part of the settlement.17 Cases such as this bring to the forefront the legal and operational risks when adequate due diligence is not performed. Business practices and their impact on customers, employees, communities and other stakeholders may have a material financial impact. Not only are litigation costs potentially incurred, a company could lose future orders and revenues.
Next steps: We will look for enhanced disclosure in this area, as the company said they were in the process of reshaping the sustainability section of their annual report.