Analysis of the OECD Due Diligence Guidance for Responsible AI

Brent Petterson is a master’s student in International and European Law at NOVA School of Law, and a research associate at the NOVA Knowledge Centre for Business, Human Rights and the Environment.

Recent Developments Regarding Responsible Business Conduct and Artificial Intelligence

The Organisation for Economic Co-operation and Development (OECD) published a new guidance on 19 February 2026, titled ‘OECD Due Diligence Guidance for Responsible AI’. The guidance intends to serve as an assistance to enterprises in implementing the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (MNE Guidelines), and the Recommendation of the Council on Artificial Intelligence, better known as the AI Principles.^[1]

The MNE Guidelines were introduced in 1976 and subsequently amended various times, last amended in 2023. The Guidelines serve to enhance the contribution of enterprises to sustainable development and to address adverse impacts caused by enterprises to people, planet and society.^[2] The AI Principles were created as a proposal by the Digital Policy Committee and subsequently adopted by the OECD Council meeting at ministerial level in 2019 as a ‘Recommendation of the Council on Artificial Intelligence’. The Recommendation was last amended in 2024. Each Member and non-Member of the OECD that adheres to the Recommendation shall promote and implement these principles for responsible stewardship of trustworthy AI.^[3] The Principles thus aim to promote innovative and trustworthy AI, that hold respect for human rights and democratic values.^[4]

Growing Usage of AI Within Enterprises

In a survey conducted by McKinsey & Company in 2025 among various organisations and enterprises worldwide, almost nine out of ten respondents said that their organisation regularly used AI in that year. Furthermore, almost half of these respondents whose organisation regularly uses AI, said that AI usage has led to a cost decrease within the business unit ‘risk, legal and compliance’. At the same time, seventeen percent of these respondents saw a decrease in personnel within the discussed business unit, and twenty-six percent expect a decrease of personnel next year.^[5] To summarise, more and more enterprises are using AI to fulfil tasks related to remediation processes, whilst decreasing the number of personnel dedicated to such work.

These developments fit into a broader international process of increasing automatization and digitalisation due to the introduction of new digital technologies. For enterprises that are involved in any part of the AI system value chain, be it training AI or implementing them, it is vital that rules are created to protect people, planet and society from the adverse impacts that AI systems might cause. The new OECD Guidance is, therefore, a useful tool for enterprises that seek a framework to implement responsible AI usage in their organisation.

Due Diligence Framework for Responsible AI

The MNE Guidelines have set out a responsible business conduct (RBC) due diligence framework for enterprises that consists of six different steps. This framework was created to be used in a broader sense and not to be used merely in one sector. Therefore, the MNE Guidelines are a useful tool for any enterprise that wishes to create a mechanism to ensure that proper due diligence is carried out. The steps of the framework are as following: One, an enterprise must embed RBC into policies and management systems. Two, they must then identify and assess actual and potential adverse impacts associated with the enterprise’s operations, products or services. Three, they must cease, prevent and mitigate adverse impacts. Four, enterprises must track implementation and results. Five, they must communicate how impacts are addressed. And lastly, a enterprise must provide for, or co-operate in, remediation when appropriate. These steps are meant to be taken simultaneous and iterative, as due diligence is an ongoing process.^[6]

The new guideline adopts this due diligence framework and applies it to the development and use of AI systems. Furthermore, each step is accompanied by a roadmap of related provisions in existing frameworks to show how each step is complemented by, and related to, other AI risk management frameworks. To enhance the proper usage of the guidance, the target audience is divided into three groups: Suppliers of AI inputs, Enterprises actively involved in the design, development, deployment, and operation of AI Systems, and Users of the AI system. For each step of the due diligence framework, an explanation is offered about what the step entails. Thereafter, various sub-steps may be laid out per step, that provide a further explanation about a specific part of the step. Lastly, practical examples are provided specific for each of the three target audience groups, to help them apply these steps.^[7]

As an example, we shall take a look at Step 1, titled ‘Embed RBC into policies and management systems’. The Step starts with a table titled ‘Roadmap of related provisions in existing frameworks’. In the roadmap, relevant AI risk management frameworks are listed, and so are their related provisions. For example, the Roadmap states that the European Union AI Act has two related provisions to the first Step of the OECD Guidance: Article 9.1-3 ‘Risk Management System’, and Article 17.1 ‘Quality Management System’.

Thereafter, Step 1.1 is titled ‘RBC policies’, and goes into depth about the importance of policies on RBC issues that articulate the enterprise’s commitment to the principles and standards contained in the MNE Guidelines and AI Principles. Then, it lists seven practical examples for implementation that can be applied by all three target audience groups. A practical example for implementation given is, for example, for an enterprise to commit to implement the OECD AI Principles.

Continuing, Step 1.2 is titled ‘Internal management systems’ and discusses how enterprises must seek to embed RBC issues and trustworthy AI into various parts of their internal organisation, and to implement them as part of the regular processes whilst taking into account, for example, the autonomy of some of these bodies as stated in national legislation. The sub-step is followed by a total of sixteen practical examples for implementation, relevant for all enterprises in the AI value chain. An example given is to communicate the policies to the organisation’s relevant staff.

Lastly, Step 1.3 is titled ‘Expectations on business relationships’, and states how RBC expectations and policies must be incorporated into engagement with business relationships. Five practical examples are given relevant for all enterprises in the AI value chain. For example, when relevant, enterprises must consider providing adequate resources to any party they are in contact with for them to understand and apply relevant RBC policies.^[8]

The Guidance is unique, as it is the only government-backed framework that looks at the entire AI value chain.^[9] As the value chain is interconnected, advocating for responsible AI usage in one part of the value chain is only truly valuable if AI is used responsibly in all other phases of the value chain as well.

Potential Improvements of the Guidance

In response to the publication of the Guidance, the Trade Union Advisory Committee (TUAC) to the OECD was positive about the new Guidance, but they also stated that the Guidance failed to deliver on its potential. Their argumentation is that the Guidance adopts a risk-agnostic approach by failing to include concrete recommendations related to specific risks, such as the risk of labour rights violations occurring across the AI value chain. TUAC, furthermore, argued that the Guidance would be improved if it would mention the need of AI deployment to comply with the ILO Declaration on Fundamental Principles and Rights at Work. Moreover, they believed that the Guidance would be improved if there was a mention of the importance of stakeholders to actively monitor risks & participate in decision-making around mitigation measures, and for the Guidance to make an acknowledgement of the importance of collective bargaining & specific clauses in collective agreements meant to help regulate AI.^[10]

Similarly, OECD Watch, which is the representative of civil society to the OECD Committee that promotes the MNE Guidelines, was positive about the new Guidance but also stated various grounds upon which the Guidance could have improved. OECD Watch believed that the Guidance falls short of expectations due to various reasons. For one, they state, similarly to TUAC’s criticism, that there is no mention of the various risks that AI may pose. Secondly, OECD Watch regrets that there is no mention of government actors using AI, specifically the usage of AI by repressive governments. Lastly, the organisation identifies a key gap in that the Guidance implies, but does not explicitly spell-out, the gaps in parallel AI standards and laws, particularly those relating to stakeholder engagement & remedy.^[11]

How and why enterprises can and should use this report

Despite the criticism given, it is important to emphasise that the new Guidance can, and should, be applied by any enterprise, as the Guidance addresses a gap in AI risk management frameworks which is relevant for any organisation due to the rising usage of AI worldwide. Therefore, it is vital that enterprises understand the Guidance properly and how to apply it within their organisation.

To start incorporating responsible AI conduct within their organisation, a enterprise must first use the Guidance to seek which of the three target audience groups it fits into best. This way it can benefit from the help and examples provided by the Guidance for each of these groups. Secondly, a enterprise has to go over each (sub-)step and read the information provided. Thirdly, use, among other tools provided by third parties and other AI regulation frameworks, the practical examples to embed RBC and due diligence practices accurately within their organisation. As stated before, the due diligence process is iterative and simultaneous, as it is an ever-ongoing process. Therefore, once all steps have been put in place, ensure that the right resources are allocated so that AI will continue to be used responsibly within the organisation.

Conclusion

The new Guidance of the OECD on responsible AI fits within the global developments surrounding artificial intelligence, and it is the only government-backed framework that looks at the entire AI value chain. The Guidance aims to help enterprises to implement the OECD MNE Guidelines and the OECD AI Principles.

This is increasingly important, as a survey from McKinsey & Company in 2025 showed that many enterprises are already embedding AI into their daily operations, specifically within the business unit ‘risk, legal and compliance’, whilst at the same time decreasing the number of personnel that work in this unit. To ensure that these changes will not create adverse impacts on clients and society, it is important that AI is used responsible within organisations.

With this aim in mind, the new Guidance builds onto the due diligence framework created in the MNE Guidelines and applies it to the development and use of AI systems. For each step of the due diligence framework, a roadmap is provided that shows related provisions from other AI risk management frameworks. Furthermore, the Guidance explains what each step entails, sometimes followed up by various sub-steps, and offers practical examples for each of the three audience groups to help them apply these steps.

Suggested citation: B. Petterson, ‘Analysis of the OECD Guidance on Due Diligence: Responsible AI’, NOVA BHRE Blog, 27 April 2026

References:

[1] OECD (2026), OECD Due Diligence Guidance for Responsible AI, OECD Publishing, Paris, https://doi.org/10.1787/41671712-en.

[2] OECD (2023), OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, OECD Publishing, Paris, https://doi.org/10.1787/81f92357-en.

[3] OECD (2019), Recommendation of the Council on Artificial Intelligence (OECD/LEGAL/0449). https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449

[4] OECD (2024), AI Principles, OECD Publishing, Paris, https://www.oecd.org/en/topics/sub-issues/ai-principles.html.

[5] Singla A., Sukharevsky A., Hall B., et al.. (2025, November 5). The state of AI: Agents, innovation, and transformation. McKinsey & Company,
https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai#/.

[6] OECD (2023), OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, OECD Publishing, Paris, https://doi.org/10.1787/81f92357-en.

[7] OECD (2026), OECD Due Diligence Guidance for Responsible AI, OECD Publishing, Paris, https://doi.org/10.1787/41671712-en.

[8] Ibid.

[9] Abelson R., & Bijelic, B. (2026, February 19). The OECD’s new responsible AI guidance: A compass for businesses in a complex terrain. OECD.AI. Retrieved from https://oecd.ai/en/wonk/responsible-ai-guidance-compass-for-businesses.

[10] Trade Union Advisory Committee (TUAC). “‘Risk-agnostic’ approach of new OECD AI guidance a missed opportunity for workers.” 19 February 2026. Available at: https://tuac.org/news/risk-agnostic-approach-of-new-oecd-ai-guidance-a-missed-opportunity-for-workers/

[11] OECD Watch. LinkedIn post on OECD Due Diligence Guidance for Responsible AI. 23 February 2026. Available at: https://www.linkedin.com/posts/oecd-watch_oecdguidelines-duediligence-activity-7431701312146255879-gKuK

↓ Download as PDF

Analysis of the OECD Due Diligence Guidance for Responsible AI

Latest Posts

The Transposition of the CSDDD in Spain: The Public Consultation Process

A Revisão da CSDDD pela Diretiva Omnibus I: Simplificação ou Retrocesso?

Women, Business and Environmental Justice: Advancing a Gender-Responsive Just Transition

Corporate Power, Pesticides and Human Rights Impacts in Brazil

Revisiting International Corporate Criminal Liability in Light of the Crime of Ecocide

Categories

Stay informed

University

People

Legal info