The UK 2013 NAP provides in relation to New Actions planned [page 11]:

“The Government will do the following to reinforce its implementation of its commitments under Pillar 1 of the UNGPs:

(v) In line with the UK Cyber Exports Strategy, develop guidance to address the risks posed by exports of information and communications technology that are not subject to export control but which might have impacts on human rights including freedom of expression on line.”

The UK 2013 NAP states in relation to Further actions planned that [page 15]:

“We will:

(ii) encourage trade associations/sector groupings of companies to develop guidance relevant to their members’ sector of activity on developing human rights policies and processes, including due diligence. There is generic guidance online about doing this e.g. at the Business & Human Rights Resource Centre. Some sector-specific guidance also exists, for example the International Council on Mining and Metals has produced a guide for mining companies on human rights due diligence. The European Commission has created guidance on the information communications technology (ICT), oil and gas and employment and recruitment sectors;

The UK 2016 Updated NAP also makes a reference to ICT in the section discussing Actions taken [page 9]:

“To give effect to the UN Guiding Principles, the Government has: (…) strengthened international rules relating to digital surveillance, including leading work in the Wassenaar Arrangement to adopt new controls on specific technologies of concern. Specifically, new controls were agreed on: – equipment and software for creating and delivering “intrusion software” designed to be covertly installed on devices to extract data. – “internet surveillance systems” which can monitor and analyse internet traffic and extract information about individuals and their communications.”

The UK 2016 Updated NAP refers to ICT in the section Cyber Export Guidance [page 18]:

“The expansion of ‘cyber space’ has brought huge economic and social benefits. However, it also poses risks and new opportunities for hackers, criminals and terrorists. To help mitigate these risks, companies have developed security products and services which defend networks from malicious activity. In many countries, such as the UK, these products are used legitimately, including by law enforcement authorities, in accordance with domestic and international law obligations. However, in some countries which do not adhere to their international human rights obligations, there is a risk that the same products are used in ways that could breach state’s legal obligations, e.g. to restrict freedom of expression or to contribute to internal repression. Normally, exports that could cause harm, such as arms, are covered by the export licensing regime. However, many cyber capabilities, products and services are not listed. This problem was recognized by the Cyber Growth Partnership a joint body representing industry, academia and government. The FCO worked with techUK, a technology trade association, and the Institute for Human Rights and Business to produce practical guidance for companies on managing human rights risks.  “Assessing Cyber Security Export Risks: Human Rights and National Security” was published in November 2014. It is the first guidance for this sector in the world, and sets out:

  • the different sorts of potential harm associated with particular cyber capabilities;
  • a process to help companies assess country specific risks and to evaluate business partners and re-sellers; and
  • potential mitigation options for avoiding or reducing risks.”