What are the responsibilities of a business in society? Practical guidance and checklist

What is the responsibility of business to the society? Definition and core categories

The phrase responsibility of business to the society refers to the range of duties and expectations that companies face from law, markets and the communities where they operate. According to ISO 26000, international guidance typically frames these responsibilities in four complementary categories, legal, economic, ethical and philanthropic, and treats them as parts of an overall approach to social responsibility ISO 26000 – Social responsibility.

These categories cover mandatory compliance duties and voluntary practices. Legal responsibilities require compliance with applicable law, economic responsibilities cover duties to employees and investors, ethical responsibilities go beyond legal minima, and philanthropic actions are voluntary community contributions. This structure is described in international guidance and used by practitioners when they draft policies and reports.

In practice, modern frameworks advise treating the categories as complementary rather than mutually exclusive. That means governance systems should integrate legal and ethical checks, economic planning and community engagement into one coherent program rather than handling each area in isolation.

Key international frameworks that shape business responsibilities

ISO 26000 provides a comprehensive description of social responsibility principles and core subjects such as organizational governance and human rights. For readers seeking the standard text, the ISO page summarizes those principles and how they are used as a foundation for policy design ISO 26000 – Social responsibility.

The UN Guiding Principles on Business and Human Rights set out the protect, respect and remedy framework that assigns responsibilities to states and to companies to identify and address harms; these principles underpin corporate duties to identify, prevent, mitigate and remedy human rights impacts Guiding Principles on Business and Human Rights.

The OECD Due Diligence Guidance operationalizes risk-based expectations and gives practical steps companies should follow when conducting due diligence across global operations. It focuses on integrating due diligence into corporate systems and decision-making processes and is commonly cited in policy and compliance work Due Diligence Guidance for Responsible Business Conduct.

A practical framework: governance, stakeholder engagement and risk-based due diligence

Leaders commonly follow a sequence to operationalize responsibility: set governance and policy, engage stakeholders to identify priorities, run risk-based due diligence, set measurable targets, report transparently and provide remediation pathways. This sequence is consistent with ISO 26000 and the OECD guidance on integrating responsibility into management systems ISO 26000 – Social responsibility.

Good governance means clear board oversight, documented policies and defined roles for responsibility and accountability. Boards and senior management should ensure that policies align with the organization’s size and risk profile and that responsibility is not left only to a single function. The OECD guidance highlights the need to embed due diligence into governance so decisions reflect responsible practice Due Diligence Guidance for Responsible Business Conduct.

Stakeholder engagement informs materiality and priority setting. Engaging employees, affected communities, customers and investors helps define which issues carry the highest social or operational risk and therefore need earlier attention. Stakeholder input should be documented and reflected in decision records so priorities are auditable and defensible.

Risk-based due diligence follows basic steps: identify potential adverse impacts, prevent or mitigate those impacts, track progress and account for results, and remediate harms when they occur. The UN Guiding Principles and OECD guidance describe these steps as core components of corporate human rights and responsibility programs Guiding Principles on Business and Human Rights.

Legal and economic responsibilities: compliance, taxation and employment duties

Legal duties are non-negotiable and include compliance with labor, environmental and corporate law requirements. ISO 26000 frames legal responsibilities as foundational and emphasizes that companies must meet legal obligations as a baseline for responsible conduct ISO 26000 – Social responsibility.

Economic responsibilities include paying applicable taxes, providing fair employment terms and delivering lawful value to investors. These duties overlap with governance and due diligence where, for example, employment standards are both legal requirements and material issues for stakeholder groups.

Management decisions about taxation, employment contracts and corporate governance should reflect both compliance and the company’s stated policies. When risks concerning legal or economic obligations are detected, the OECD due diligence framework recommends integrating remediation and corrective action into corporate processes Due Diligence Guidance for Responsible Business Conduct.

Ethical and philanthropic responsibilities: voluntary actions and community investment

Ethical responsibilities describe expectations that go beyond legal minimums. ISO 26000 identifies ethics as a central dimension of social responsibility and situates philanthropic efforts as voluntary choices companies can make to support community welfare ISO 26000 – Social responsibility.

Philanthropic actions can include donations, volunteer programs and targeted community investments. These activities are supplementary to compliance and governance duties. They are often used to build relationships with stakeholders, but they should not replace core duty-based activities such as due diligence or remediation.

When summarizing a company or candidate’s philanthropic aims, attribute the source, such as a campaign statement or a corporate report. That keeps claims verifiable and prevents overstating impacts.

Reporting, metrics and the rise of mandatory disclosure in the EU

The Corporate Sustainability Reporting Directive expanded mandatory sustainability disclosures in the EU with phased implementation through 2026, increasing reporting obligations for many companies, according to the European Commission Corporate sustainability reporting (CSRD).

Choosing measurable targets means selecting indicators that align with the company’s material issues and stakeholder expectations. Transparent reporting and, where feasible, external assurance help improve comparability and credibility of disclosures across firms and jurisdictions.

Open questions remain about global comparability and which standardized metrics best predict social outcomes versus financial performance. Companies operating in multiple jurisdictions should map regulatory obligations and prioritize harmonized indicators where possible.

Risk management, remediation and accessible tools for implementation

Remediation is an essential step when harms are identified, consistent with the UN Guiding Principles’ protect, respect and remedy framework. Companies should have clear procedures for assessing harms and for providing or enabling remedies where impacts occurred Guiding Principles on Business and Human Rights.

Risk management should include tracking, reporting and remediation procedures and the OECD guidance outlines how due diligence should be integrated into corporate risk systems. That includes documenting decisions, monitoring corrective actions and updating risk assessments over time Due Diligence Guidance for Responsible Business Conduct.

Practical templates and checklists help teams follow the identify-prevent-track-remediate cycle. Examples include risk registers, stakeholder maps and remediation flowcharts that show responsible decision points and record-keeping steps.

Teams should use templates proportionate to the organization’s size and risk profile. For higher-risk sectors, more detailed procedures and external assurance may be appropriate, while lower-risk activities can follow a scaled checklist approach.

How responsible practices can relate to business performance

Management literature emphasizes conditionality: responsible practices can support reputation, operational resilience and investor relations in some contexts, but the financial outcomes are not universal and depend on how practices are implemented and measured.

Leaders should evaluate performance effects using context-specific metrics and avoid assuming automatic financial benefits. Evidence should guide decisions about investment in responsibility programs rather than headline assumptions.

Decision criteria: how leaders prioritize where to act first

A risk-based prioritization approach recommends addressing highest-risk issues first, aligned with OECD guidance. That means companies should map their operations and value chains to identify where the most severe potential impacts lie and sequence work accordingly Due Diligence Guidance for Responsible Business Conduct.

Leaders should also consider stakeholder salience and likely impact when setting priorities. Questions to ask include which groups are most affected, how likely harms are, and whether the company has the capacity to prevent or remediate the issue effectively.

Phased implementation is often practical: start with governance and high-risk due diligence, then expand targets and reporting as capability and evidence develop. This helps match ambition to available resources and reduces the risk of unfinished or superficial programs.

A practical checklist: business responsibilities to society

Governance and policy, verification question: Does the board review responsibility policies at least annually and are roles and escalation paths documented? This item reflects ISO 26000 guidance on integrating responsibility into governance ISO 26000 – Social responsibility.

Stakeholder engagement, verification question: Has the company mapped affected stakeholders and recorded their input to inform materiality? Stakeholder engagement practices help identify priorities and avoid box-ticking.

Risk-based due diligence, verification question: Does the organization have a documented process to identify, prevent or mitigate, track and remediate harms? This sequence follows the UN Guiding Principles and OECD guidance on due diligence Guiding Principles on Business and Human Rights.

Targets and indicators, verification question: Are measurable targets defined for material issues and is responsibility for each target assigned to a specific owner? Clear targets support transparent reporting and performance tracking.

Reporting and assurance, verification question: Does the company publish regular sustainability reporting that aligns with applicable regulation and seek external assurance where feasible? The CSRD expanded mandatory disclosures in the EU and increased the value of assured reporting Corporate sustainability reporting (CSRD).

Remediation, verification question: Are remediation procedures documented and accessible to affected stakeholders and do they include monitoring of outcomes? Effective remediation is central to responsible practice and to the protect, respect and remedy framework.

Common mistakes and pitfalls in implementing responsibility programs

Box-ticking compliance is a common error. Treating responsibility work as a checklist rather than an integrated management practice can leave real risks unaddressed and reduce stakeholder trust. The OECD guidance warns that compliance alone does not substitute for meaningful due diligence Due Diligence Guidance for Responsible Business Conduct. Further analysis is available at the BIICL blog The Normative Transformation of the OECD Guidelines.

Poor stakeholder engagement is another frequent pitfall. Engagement that is superficial, not well documented or not acted upon tends to produce weak materiality assessments and misaligned priorities. Meaningful engagement requires both outreach and follow-through.

Overreliance on unverified reporting creates credibility risks. Where feasible, external assurance and clear methods for indicator selection improve comparability and reduce the chance of inconsistent or misleading claims.

How small and medium-sized enterprises can scale due diligence sensibly

SMEs are advised to adopt proportionate, risk-based approaches rather than full-scale programs. The OECD guidance supports proportionate due diligence and recognizes that smaller entities should scale processes to fit resources and exposure Due Diligence Guidance for Responsible Business Conduct.

Low-cost measures for SMEs include basic stakeholder mapping, a simple risk register, prioritized policies for high-risk issues and light disclosure about material concerns. These steps help establish a credible foundation for gradual expansion.

SMEs should document decisions and keep records that show how priorities were chosen. Over time, repeated cycles of assessment and remediation create a stronger, evidence-based program without requiring large upfront investments.

Practical scenarios: short case-like examples for decisions and trade-offs

Scenario 1, choosing reporting priorities under CSRD-like rules: A mid-size company operating in the EU must prioritize disclosures that CSRD lists as material to its sector. The company maps its operations, identifies high-impact areas and sequence reporting to meet regulatory deadlines while planning additional indicators for a later cycle. This approach links CSRD reporting obligations to internal governance and targets Corporate sustainability reporting (CSRD).

Scenario 2, responding to an identified human rights risk: A supplier audit uncovers potential rights abuses. The company follows the identify-prevent-mitigate-remediate cycle, engages stakeholders including the supplier and affected workers, and documents remediation steps. The UN Guiding Principles and OECD guidance recommend these steps as part of human rights due diligence Guiding Principles on Business and Human Rights.

Both scenarios show trade-offs: compliance timelines versus depth of analysis, and immediate remediation versus longer-term capacity building. Documented decisions and stakeholder engagement help justify sequencing choices and show alignment with international guidance.

Conclusion: next steps and primary sources to consult

Recap the practical sequence: establish governance, engage stakeholders, carry out risk-based due diligence, set targets, report transparently and provide remediation where harms are found. This sequence aligns with ISO 26000, the UN Guiding Principles and OECD guidance and offers a structured pathway for action ISO 26000 – Social responsibility.

Primary sources to consult include the ISO 26000 guidance for social responsibility, the UN Guiding Principles on Business and Human Rights for remediation and the OECD Due Diligence Guidance for operational steps, as well as the European Commission page on CSRD for reporting obligations in the EU Due Diligence Guidance for Responsible Business Conduct.

For legal obligations, consult regulators and primary legal texts applicable to your jurisdiction and seek professional advice when necessary. Using primary standards and public regulatory pages ensures claims are verifiable and up to date.