Key takeaways
- An economic activity that scores perfectly on every environmental criterion still fails taxonomy alignment if the entity cannot demonstrate compliance with minimum safeguards under Article 18.
- The assessment covers four topics: human rights (including labour rights), bribery and corruption, taxation, and fair competition. Most audit firms have deep experience in two of these at best.
- The Platform on Sustainable Finance's October 2022 final report recommends a two-part test: a procedural check (do policies and processes exist?) and an outcome check (have any convictions or regulatory findings surfaced?).
- CSDDD compliance (post-Omnibus I: 5,000+ employees and €1.5B+ turnover) covers only human rights. The other three topics still need separate work.
Where most assessments fail
In early 2025, a mid-sized German manufacturer reported 74% of its revenue as taxonomy-aligned. It had passed every environmental screening criterion and met the technical thresholds for DNSH. Then its external auditor flagged that the company had no documented human rights due diligence process for its Eastern European supply chain. The entire alignment claim collapsed, not because of carbon or water, but because of a social governance gap the company treated as an afterthought.
This pattern repeats across industries. I have seen files where the minimum safeguards section is a single paragraph referencing the code of conduct, with no evidence that anyone actually tested the four topics against the entity's operations. That is a tick-box exercise, and the Platform on Sustainable Finance's October 2022 report explicitly warns against it.
Minimum safeguards are the social and governance due diligence procedures that an entity must have in place before any of its economic activities can qualify as taxonomy-aligned under the EU Taxonomy Regulation (Regulation 2020/852). Article 18 requires procedures aligned with the OECD Guidelines for Multinational Enterprises and the UN Guiding Principles on Business and Human Rights (UNGPs). It also references the ILO Declaration on Fundamental Principles and Rights at Work and the International Bill of Human Rights. In practice, these references translate into four assessment topics: human rights, anti-corruption, taxation, and fair competition.
How the two-part test works
The Platform on Sustainable Finance translated Article 18's high-level references into operational guidance in its October 2022 final report. Each of the four topics gets assessed on two dimensions.
The procedural element asks whether the entity has adopted the right processes. For human rights, that means a due diligence process consistent with the UNGPs. For anti-corruption, documented controls and training. For taxation, a governance framework that goes beyond basic compliance. For fair competition, awareness programmes and internal reporting channels.
The outcome element checks whether final court convictions or equivalent administrative decisions exist against the entity. A conviction does not automatically disqualify the entity. But the absence of adequate procedures does.
What actually happens in most firms is that the procedural element gets the attention and the outcome element gets a cursory search. I think this is backwards, because a clean outcome check on an entity with weak procedures tells you nothing, while a conviction paired with strong corrective action tells you the system is working. If the statutory auditor identifies potential non-compliance with anti-bribery or competition law during the financial statement audit, ISA 250 applies and may inform the minimum safeguards conclusion.
Human rights due diligence is the hard part
Human rights sits at the centre of the assessment, and it is where most audit teams struggle. Anti-corruption and tax governance map onto skill sets that financial auditors already have, and fair competition is close enough to antitrust work that most teams can get up to speed quickly. Human rights due diligence does not.
For entities also subject to the CSRD, ESRS S1 (own workforce) and ESRS S2 (workers in the value chain) disclosures provide evidence that feeds directly into the minimum safeguards assessment. Entities subject to the CSDDD (post-Omnibus I: 5,000+ employees and €1.5B+ turnover) will have statutory due diligence obligations overlapping with this element. But for the large number of entities below those thresholds, Article 18 still applies. Size does not exempt anyone from minimum safeguards.
What actually happens is that smaller entities hear "due diligence" and assume it means their existing supplier code of conduct. It does not. The Platform's report requires a process, not just a document. That process needs an owner, a risk identification methodology, evidence of periodic review, and documented responses to any findings. The file should tell a story of how the entity identified its salient human rights risks and what it did about them.
Worked example: Rossi Alimentari S.p.A.
Client: Italian food production company, FY2025, revenue €67M, IFRS reporter. Rossi sources olive oil and dairy from over 40 agricultural suppliers across southern Italy and North Africa. It reports three economic activities as taxonomy-eligible and now needs to assess minimum safeguards for alignment.
Step 1: map the four topics to existing policies
Rossi's compliance team reviews the code of conduct, supplier contracts, whistleblower channel, and tax governance framework against the four minimum safeguards topics. The entity has a supplier code referencing ILO core conventions and a whistleblower procedure compliant with Directive (EU) 2019/1937. It lacks a standalone human rights due diligence policy. This is the gap that matters.
Step 2: fill the human rights gap
Rossi falls below the CSDDD thresholds (5,000 employees, €1.5B turnover) and has no statutory obligation to conduct formal HRDD. The Platform's guidance still requires adequate processes, regardless of size. Management adopts a human rights due diligence policy covering its agricultural supply chain, assigns ownership to the procurement director, and schedules annual audits for the 12 highest-risk suppliers.
Here is where most worked examples stop. But in practice, this is where things get messy. Rossi's procurement director has no training in human rights risk assessment. The annual audit schedule means the 28 lower-risk suppliers get no review at all in year one. And the policy was adopted in Q4 2025, meaning it has operated for less than three months before the alignment assessment date. An auditor looking at this file should ask whether a policy adopted in October can genuinely demonstrate "adequate processes" by December.
Step 3: run the outcome check
The compliance team confirms no final court convictions or pending proceedings against Rossi on any of the four topics. But one supplier received a labour inspection fine in 2024 for working-time violations. Rossi documents the corrective action (contract amendment requiring quarterly compliance certificates from the supplier).
Step 4: reach a conclusion
Rossi's assessment produces a positive conclusion on all four topics. The human rights gap from Step 1 was remediated in Step 2. The supplier finding in Step 3 does not disqualify Rossi because the entity took documented corrective action. The three taxonomy-eligible activities may proceed to the environmental assessment for alignment.
Whether this conclusion is defensible depends on how strictly the auditor reads "adequate processes." I think it is defensible, but only if the file documents why a three-month-old policy is sufficient and what interim controls existed before adoption. A bare assertion that "the policy is in place" would not survive a second read.
The structural contradiction
Minimum safeguards sit at an awkward intersection. Article 18 demands social due diligence from every entity claiming taxonomy alignment, but the infrastructure for that due diligence (the CSDDD, mandatory HRDD frameworks, standardised outcome databases) only applies to the largest companies. Mid-caps and smaller entities are expected to build equivalent processes voluntarily, often without the internal expertise or external guidance to do so.
This creates a two-tier system. Large entities subject to the CSDDD can point to their statutory HRDD obligations and, for the human rights element at least, demonstrate compliance almost by default. Smaller entities have to construct the same evidence from scratch. I have reviewed files where a 200-person company produced a more rigorous minimum safeguards assessment than a 15,000-person group, because the smaller company actually thought about its risks rather than delegating the work to a compliance database.
There is legitimate disagreement about whether this gap is a problem or a feature. Some practitioners argue that proportionality should apply: a 200-person company should not need to demonstrate the same depth of HRDD as a multinational. Others point out that Article 18 makes no size distinction, and for good reason, because human rights risks in supply chains do not scale linearly with headcount. A small olive oil importer sourcing from conflict-adjacent regions may have more salient human rights exposure than a large domestic services firm.
Comparison with DNSH
| Dimension | Minimum safeguards (Article 18) | DNSH (Article 17) |
|---|---|---|
| Focus | Social and governance due diligence | Environmental harm prevention |
| Assessment basis | Procedural (policies and processes) plus outcome (convictions and violations) | Technical screening criteria set by delegated acts |
| Scope | Entity-wide across four topics | Activity-specific for each environmental objective |
| Governing standards | OECD Guidelines, UNGPs, ILO Declaration | Delegated Regulation (EU) 2021/2139 |
| CSRD interaction | ESRS S1, S2, G1 disclosures provide supporting evidence | ESRS E1 through E5 disclosures provide supporting evidence |
Both must be satisfied for taxonomy alignment. An activity that passes every DNSH environmental screening but fails minimum safeguards on human rights due diligence cannot be reported as aligned. In practice, this means the social side can veto the environmental side, which is a design choice that catches many first-time reporters off guard.
Related terms
Related tools
Related reading
Frequently asked questions
Do minimum safeguards apply to taxonomy-eligible activities or only taxonomy-aligned activities?
Only at the alignment stage. An entity can report an activity as taxonomy-eligible without assessing minimum safeguards. The assessment becomes mandatory when the entity claims taxonomy alignment under Article 3 of Regulation 2020/852, because all four criteria (substantial contribution, DNSH, minimum safeguards, and technical screening criteria) must be met simultaneously.
How do I document a minimum safeguards assessment?
Document each of the four topics separately. For each, record the procedural element (which policy exists, when it was adopted, who owns it) and the outcome element (conviction checks, regulatory database searches, media screening, and internal incident reports). The Platform on Sustainable Finance recommends retaining evidence of both elements in the taxonomy alignment file. I find the clearest approach is a four-column matrix with procedure, owner, outcome check, and evidence reference for each topic.
Does CSDDD compliance automatically satisfy minimum safeguards?
Not entirely. An entity subject to the CSDDD (post-Omnibus I: 5,000+ employees and euro 1.5B+ turnover) will have statutory due diligence obligations that overlap with the human rights element. But the non-human-rights topics (anti-corruption, taxation, fair competition, and related governance controls) still require separate assessment against the OECD Guidelines, because the CSDDD does not cover them.
What happens if a conviction surfaces during the assessment?
A conviction does not automatically disqualify the entity. The Platform's October 2022 report treats the outcome element as a red flag, not a bright-line rule. What matters is whether the entity had adequate procedures in place and, if the conviction is recent, what corrective action followed. An entity with a 2019 competition law fine that responded by overhauling its compliance programme is in a stronger position than one that ignored it.