How to comply with Minimum Social Safeguards under the EU Taxonomy?

First, alignment with minimum safeguards must occur on the following 4 topics:

1. Human Rights
2. Bribery and Corruption
3. Taxation
4. Fair Competition

To ensure alignment on each of the four, it is important that not just the outcome (for example, that there were no incidents of discrimination over the reporting period), but also the process (the preventive actions taken to ensure this remains the case and any future incidents are immediately identified and addressed) is compliant.

Procedural Element of the Minimum Social Safeguards

The procedural element examines whether a company has adequate due diligence procedures in place by assessing company reports on its policies, processes and practices on each topic.‍

1. Human Rights

To determine that the due diligence procedures are adequate, companies are advised to examine the existing due diligence process against the OECD Guidelines and UN Guiding Principles.

For EU companies, it is relevant to comply with the CSRD and the CSDDD. If not yet applicable due to the size of your company, adapt the process to your scale or use other data sources such as the World Benchmark Alliance, the VSME or LSME, the GRI, etc. For non-EU companies: WBA core UNGP indicators.

Once you've identified the social risks that must be mitigated within your company, put in place policies to identify adverse impacts and take actions to address them.

Companies are advised not to:

• Disregard specific human rights risks inherent to your business model;
• Operate in jurisdictions with systematic human rights violations while not addressing such risks; or
• Neglect known risks associated with your sector.

2. Bribery and Corruption

The company should develop adequate controls for preventing and detecting bribery and corruption. This requirement still applies to tiny teams, but relative to the company’s size, sector and risk. In practice, ESMA’s advisory body (the Platform on Sustainable Finance) translates this into two simple tests:

1. Develop and adopt internal controls/ethics measures to prevent and detect bribery, and
2. Ensure your company (or senior management) has no final conviction for corruption.
   

General financial transparency or compliance with financial reporting duties on its own isn’t enough. You need some positive anti-corruption measures, even if they’re lightweight. The OECD language explicitly calls for adequate internal controls, ethics and compliance programmes… developed on the basis of a risk assessment addressing the enterprise’s circumstances (e.g., sector, geography).

For micro enterprises, “adequate” can be very small: a short policy, a few basic controls, a named responsible person and a simple way for concerns to be raised.

But what does "minimum" actually mean for most companies?:

• 1-page anti-bribery statement approved by the owner/board: zero tolerance for bribery/facilitation payments; modest gifts & hospitality thresholds; conflicts of interest must be declared before customer/supplier engagements. Map this to ESRS G2 items you can actually answer (e.g., how incidents would be detected, investigated and overseen).  
• Simple risk assessment: where are you exposed (e.g. public tenders, agents, high-cash environments, certain countries)? Note the top 3 risks and the controls you apply.  
• Basic financial/process controls: dual approval for payments above €X; no cash (or strict cash limits); supplier onboarding checklist (who they are, what they do, any red flags), and standard anti-corruption clause in contracts for any intermediary.  
• Training/briefing: a short annual briefing for all staff on what counts as a bribe, gifts/hospitality rules, and how to escalate concerns.  
• Speak-up route: if you have <50 employees, the EU Whistleblowing Directive doesn’t force you to run a formal internal channel but you should still provide a functional way to raise concerns. For a micro, that can be an independent email inbox reviewed by a non-manager owner, an external accountant or an ombudsperson, with a no-retaliation statement.  
• Remediation & disclosure approach: write two short paragraphs on how you would handle a substantiated concern (investigate, discipline, fix root cause, remediate harm where relevant) and how you would report outcomes to leadership.  

3. Taxation

The company shall treat tax governance and compliance as important elements of oversight. It should have adequate tax risk management strategies. The assessments of tax compliance should extend to looking at tax avoidance through aggressive tax planning.

4. Fair Competition‍

The company should promote employee awareness of the importance of compliance with competition law. The company must provide training to senior management on competition issues.

Required Outcomes under Minimum Social Safeguards

For the outcome element there must be checks on final convictions in court, a will to enter into a dialogue with an OECD NCP and to respond to any inquiries by the Business & Human Rights Resource Centre ('BHRRC'). With regards to human rights, the company must ensure:

• No final court convictions.
• No adverse findings by National Contact Points (NCP), which is the grievance mechanism built into the OECD Guidelines (until the company implements a due diligence system deeming the repetition of such breaches unlikely as evidenced by an external audit).
• No lack of engagement with an NCP in relation to a complaint (until the company implements a due diligence system deeming the repetition of such breaches unlikely as evidenced by an external audit).
• No lack of engagement with the BHRRC on any allegations it seeks to raise with the company (if there is no response to BHRRC for three months there is no alignment with minimum safeguards for two years).

As for the other three topics (Bribery and Corruption; Taxation; and Fair Competition), the outcome is based on the existence of final court convictions.

Here is a summary on how to comply with the minimum social safeguards: