A week ago, I read the labour standards of one of the world’s most recognised agricultural certifiers. The requirement under “Hired Labour” included developing policies to address the most salient risks, communicating them to staff, and revising them every three years. A second major certifier said almost the same: conduct a risk assessment, build a management plan, deliver services to workers.

No mention of children picking cocoa in Côte d’Ivoire nor of  migrant labourers in a Malaysian factory. Workers and affected communities often appear primarily as subjects of risk management processes rather than participants in shaping them. Standard certification requirements frequently focus on whether companies have policies, plans, and remediation procedures in place, while offering far less attention to whether workers themselves meaningfully influence those systems or experience improved outcomes as a result.

That gap between what standards require and what workers actually experience is the subject of this piece. And it matters now more than ever. The global Environmental, Social, and Governance (ESG) investing market, valued at $39 trillion in 2025 and projected to approach $180 trillion by 2034, has not brought the governance of investments in line with the scale of harm it is supposed to address.

The Score and the Reality

Take three companies that routinely appear in ESG leaders’ lists.

Starbucks has aligned its commitments with international standards and expanded its ethical sourcing disclosures. Yet legal challenges have pointed to child and forced labour within supply chains that were, on paper, compliant. Dyson’s scandal– migrant workers at a Malaysian contractor trapped in debt bondage after paying excessive recruitment fees, emerged while the company held responsible sourcing certifications. While Amazon’s ESG reports are extensive; its warehouse injury rates and subcontracted labour practices have faced judicial scrutiny in courts across three continents.

I am not arguing that these companies are bad. I am arguing that the ESG-ratings system works exactly as designed.

ESG ratings measure what companies disclose, not what workers experience. When an analysis of 39 Indian firms found that human rights performance ranked among the least weighted indicators, with environmental innovation consistently dominating overall scores. That was not a methodological flaw waiting to be fixed. It was the architecture expressing its priorities.

The Segmentation Trick

Brazil’s soy sector shows the structural problem with unusual clarity. As European due diligence laws have tightened, exporters have responded not by cleaning up supply chains but by splitting them. Compliant products go to the EU; higher-risk flows are redirected elsewhere. The same company presents a clean ESG report for its European segment while remaining tied to land conflicts and deforestation in the rest of its portfolio. ESG score, therefore, reflects one slice of a business, not the whole business.

The pattern is not unique to Brazil. In Paraguay’s Gran Chaco, the world’s second-largest dry forest, losing ground at one of the fastest rates on the planet, cattle ranchers and hide exporters face no equivalent EU scrutiny, because Paraguay has not been classified as high-risk under the EUDR benchmarking system despite well-documented deforestation rates. Product that would face compliance checks if it came from Brazil moves freely if it transits through a lower-scrutiny jurisdiction. The regulatory gap does not eliminate the harm. It redirects it.

In India, ESG adoption is accelerating- but the engine is investor capital, not domestic rights enforcement. Listed firms and large formalised suppliers adopt ESG frameworks because the cost of accessing institutional capital rises if they do not. The compliance is real, but it is also bounded: it covers what auditors can see and what sustainability reports can carry. What it does not reach are the micro and small enterprises embedded deeper in the supply chain- firms that cannot afford audits, cannot meet the administrative expectations ESG assumes, and survive precisely because certified suppliers quietly pass work their way. When ESG pressure tightens at the top, these firms do not exit the supply chain. The work gets rerouted- through an additional intermediary, behind an additional layer- and the small firm continues, now further from any audit trail than before. The risk does not reduce. It relocates. And the ESG report at the top of the chain gets cleaner at exactly the moment the conditions at the bottom become harder to see.

What Certification Standards Miss and Why

Here is what troubles me most about the current state of certification. Requirements are structured around the existence of policies, not the quality of outcomes. Has the company written a child labour policy? Tick. Has it been revised within three years? Tick. Have child labour incidents actually fallen? That question is rarely asked and almost never answered in a way that external parties can meaningfully verify.

I have worked with grassroots civil society organisations embedded in sourcing communities across South and Southeast Asia. In every context, workers are positioned as recipients of compliance programmes, not participants in designing them. Risk assessments are conducted about workers, not with them.

Another certification standard requires management to develop a plan based on a risk assessment and provide workers with “services” under it. Worker and management dialogue in designing that plan is not required. The UN Guiding Principles on Business and Human Rights are explicit on the necessity of meaningful consultation with affected groups. The gap between that principle and what certification actually mandates is where most of the damage persists.

Three Structural Weaknesses

The ‘S’ in ESG is methodologically thin. Generic social categories- “community engagement,” “employee satisfaction,”  bear only a loose relationship to recognised international standards. Without a shared, enforceable definition of social performance rooted in the UNGPs, OECD Guidelines for Multinational Enterprises,  ILO’s core conventions, firms can overstate benefits and understate harms with minimal consequence. Researchers have named this impact-washing. It is a precise term for an ordinary occurrence.

Data gaps amplify power imbalances. ESG raters depend almost entirely on corporate self-disclosure. Labour repression, land seizures, and violence against human rights defenders are chronically under-reported, especially in fragile or authoritarian operating contexts. The implication is not merely technical: the more power a company has to suppress information, the less likely its harms are to surface in any ESG data stream. The system inadvertently penalises transparency and rewards opacity.

Investor engagement remains largely absent. A 2024 assessment of 45 of the world’s largest asset managers found that only 22% both assessed human rights risks before investing and actively engaged portfolio companies on those issues. For the majority, human rights is one item on a checklist,  triggered only when financial materiality is clear and immediate. That threshold is set too high and too late for the communities bearing the actual cost of persistent harm.

What Needs to Change

The answer is not to abandon ESG. The EU’s Corporate Sustainability Due Diligence Directive (CS3D) is a genuine step forward. Unlike ESG disclosure frameworks, it imposes a legal obligation to prevent, mitigate, and remediate human rights harms, and introduces administrative sanctions enforced by national supervisory authorities against companies that fail to comply. It also requires companies to establish operational grievance mechanisms: accessible channels through which affected workers and communities can raise concerns and seek remedies. That said, the directive’s enforcement regime has been notably weakened. The civil liability provision, which would have allowed affected individuals and communities to seek remedies directly through courts, was removed during the Omnibus revision process. What remains are administrative sanctions imposed by national authorities, which, while meaningful, place the burden of enforcement on governments rather than those harmed. This is a significant gap, and one that civil society must continue to press to close.

Furthermore, the CSDDD is stronger in design than it is likely to be in practice. Three gaps remain, and they compound each other. The first is access: the Directive requires grievance mechanisms to be accessible but says nothing about what accessibility actually means for an undocumented migrant in a Malaysian factory, a landless smallholder in Brazil, or an Indigenous community with no representative in any company process, a right you cannot exercise is not a right. The second is cost: in multi-tier supply chains, which is to say most supply chains in garment and agriculture, the question of who funds remediation is left entirely to member state courts  institutions, and most affected communities have neither the resources nor the standing to navigate. The third is recurrence: nothing in the Directive obliges a company to demonstrate that harm does not return after a grievance is resolved, which means the remedy can function as a one-time payment rather than a structural fix.

What needs to change, then, is both what we measure and who gets to define the measure, but also when measurement is triggered.

On indicators: instead of asking whether a policy exists, ask whether it works. Are workers earning a living wage? What share of certification premiums actually reaches smallholders? When a grievance is filed, what happens and how long does it take? Are indigenous communities consulted before land decisions are made, or informed after? Are children in sourcing communities in school?

These are not aspirational goals. They are measurable. But they require sources that companies cannot curate on their own behalf: worker surveys by independent organisations, community interviews by civil society groups trusted by affected people, and public legal records, labour tribunal filings, land dispute proceedings, injunctions brought against suppliers, which routinely surface harms that audits and corporate grievance mechanisms never will.

On governance: civil society organisations embedded in communities and trusted by workers must be brought into ESG governance as co-designers, not called upon as occasional consultees. The ILO’s fair recruitment framework shows what this requires in practice: starting at the point of hire, where debt bondage and coercion begin, rather than at the point where paperwork starts. ESG governance that begins where the audit trail begins will always arrive too late.

On investor responsibility: persistent human rights violations must be treated as non-diversifiable risks, not items to be offset by a strong governance score or an impressive environmental disclosure. A portfolio that scores well on carbon transition but sources from supply chains with endemic child labour has not managed its human rights exposure. It has hidden it.

The Choice Embedded in the Architecture

The system was designed to help investors price ESG-related financial risk. It was not designed to guarantee that no child is picking cocoa, no community has lost land to soy farming, and no migrant worker is trapped in debt bondage to make a smartphone. It cannot be made to do what it was never meant to do without fundamental restructuring.

Three changes are essential and achievable. The ‘S’ in ESG must be grounded in enforceable international human rights law, not aspirational references to it. Measurement must shift from corporate inputs (policies, processes, audits) to outcomes for workers and communities. And suppliers, workers, and the civil society organisations that work alongside them must be embedded in the design of governance systems, not merely surveyed by them.

None of this is technically simple. But continuing to reward compliance on paper while abuses persist in practice is not a technical limitation. It is a choice, one embedded in the architecture of the system we have built. We can redesign that architecture. The harder question is whether we are willing to.