Back to Frameworks
UN Guiding Principles on Business and Human Rights (UNGPs)
International (United Nations)
v2011
3 domains
20 controls
The United Nations Guiding Principles on Business and Human Rights (UNGPs), unanimously endorsed by the UN Human Rights Council in 2011, establish the authoritative global standard for preventing and addressing human rights impacts linked to business activity. The UNGPs rest on three pillars: the State duty to protect human rights, the corporate responsibility to respect human rights, and access to remedy. The corporate responsibility pillar requires human rights due diligence — a process to identify, prevent, mitigate, and account for adverse human rights impacts. The UNGPs inform mandatory human rights due diligence legislation globally (EU CSDDD, German LkSG, French Loi de Vigilance).
Verified
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (3)
Pillar I — State Duty to Protect (Principles 1-10)
5 controls
| Code | Title |
|---|---|
| GP 1 | State Obligation to Protect |
| GP 2 | Regulatory and Policy Functions |
| GP 3 | Enforcement of Laws |
| GP 4 | State-Business Nexus |
| GP 7 | Conflict-Affected Areas |
Pillar II — Corporate Responsibility to Respect (Principles 11-24)
9 controls
| Code | Title |
|---|---|
| GP 11 | Responsibility to Respect |
| GP 13 | Avoid Causing Harm |
| GP 15 | Policy Commitment |
| GP 17 | Human Rights Due Diligence |
| GP 18 | Assessing Actual and Potential Impacts |
| GP 19 | Integrating and Acting on Findings |
| GP 20 | Tracking Effectiveness |
| GP 21 | External Communication |
| GP 22 | Remediation of Impacts |
Pillar III — Access to Remedy (Principles 25-31)
6 controls
| Code | Title |
|---|---|
| GP 25 | State-Based Judicial Mechanisms |
| GP 26 | State-Based Non-Judicial Mechanisms |
| GP 27 | Non-State-Based Grievance Mechanisms |
| GP 28 | State-Based Non-Judicial Mechanisms (Detail) |
| GP 29 | Operational-Level Grievance Mechanisms |
| GP 31 | Effectiveness Criteria for Mechanisms |
Maps to 180 other frameworks
20 total controls
Modern Slavery Act 2018 (Australia)
4 source controls mapped|6 target controls covered
20%
EU Taxonomy Regulation
4 source controls mapped|3 target controls covered
20%
Singapore Government Instruction Manual on ICT&SS Management (IM8)
4 source controls mapped|2 target controls covered
20%
US OFAC Sanctions Compliance Framework
4 source controls mapped|3 target controls covered
20%
Voluntary Principles on Security and Human Rights (VPs)
3 source controls mapped|3 target controls covered
15%
EU Better Internet for Kids (BIK+) Strategy
3 source controls mapped|1 target controls covered
15%
ILO Declaration on Fundamental Principles and Rights at Work (Core Conventions)
3 source controls mapped|3 target controls covered
15%
Bank Secrecy Act / Anti-Money Laundering (BSA/AML)
3 source controls mapped|3 target controls covered
15%
AML/CTF Act 2006 (Australia)
3 source controls mapped|3 target controls covered
15%
Ethical Trading Initiative (ETI) Base Code
3 source controls mapped|1 target controls covered
15%
South Africa Promotion of Access to Information Act (PAIA)
3 source controls mapped|1 target controls covered
15%
Sweden Data Protection Act (Dataskyddslag, 2018:218)
3 source controls mapped|1 target controls covered
15%
UK Modern Slavery Act 2015
3 source controls mapped|3 target controls covered
15%
DFARS 252.204-7012 — Safeguarding Covered Defense Information
3 source controls mapped|2 target controls covered
15%
Connecticut Data Privacy Act (CTDPA)
3 source controls mapped|2 target controls covered
15%
Illinois Biometric Information Privacy Act (BIPA)
3 source controls mapped|2 target controls covered
15%
NAIC Insurance Data Security Model Law (MDL-668)
3 source controls mapped|2 target controls covered
15%
OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (2023 Update)
3 source controls mapped|3 target controls covered
15%
German Supply Chain Due Diligence Act (LkSG)
3 source controls mapped|3 target controls covered
15%
ISO 20400:2017 — Sustainable Procurement
3 source controls mapped|2 target controls covered
15%
ICMM Mining Principles (2024 Update)
3 source controls mapped|1 target controls covered
15%
SASB Standards (ISSB Integrated)
3 source controls mapped|1 target controls covered
15%
SASB Standards
3 source controls mapped|1 target controls covered
15%
OECD AI Principles (2024 Update)
3 source controls mapped|2 target controls covered
15%
TNFD Recommendations
3 source controls mapped|1 target controls covered
15%
AASB S2 Climate-related Disclosures
3 source controls mapped|1 target controls covered
15%
ISO 26000:2010
3 source controls mapped|3 target controls covered
15%
COSO Internal Control — Integrated Framework (2013)
3 source controls mapped|2 target controls covered
15%
ASEAN Data Management Framework
3 source controls mapped|2 target controls covered
15%
ILO Tripartite Declaration of Principles concerning Multinational Enterprises (MNE Declaration)
3 source controls mapped|2 target controls covered
15%
UNESCO Recommendation on the Ethics of AI
3 source controls mapped|1 target controls covered
15%
AWS Well-Architected Security Pillar
1 source controls mapped|1 target controls covered
5%
ANSSI Cybersecurity Framework
1 source controls mapped|1 target controls covered
5%
APRA CPS 230 Operational Risk Management
1 source controls mapped|1 target controls covered
5%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
1 source controls mapped|1 target controls covered
5%
CSA CCM v4
1 source controls mapped|5 target controls covered
5%
CSA STAR (Security, Trust, Assurance, and Risk)
1 source controls mapped|2 target controls covered
5%
Australian Energy Sector Cyber Security Framework (AESCSF)
1 source controls mapped|2 target controls covered
5%
CAIQ (CSA)
1 source controls mapped|1 target controls covered
5%
CISA Zero Trust Maturity Model
1 source controls mapped|1 target controls covered
5%
CFTC System Safeguards (17 CFR 37, 38, 39, 49)
1 source controls mapped|2 target controls covered
5%
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04)
1 source controls mapped|1 target controls covered
5%
ISO/IEC 30111:2019
1 source controls mapped|3 target controls covered
5%
ISO/IEC 29147:2018
1 source controls mapped|4 target controls covered
5%
ASIC Cyber Resilience Good Practices
1 source controls mapped|1 target controls covered
5%
APRA Prudential Standard CPS 234 — Information Security (Australia)
1 source controls mapped|1 target controls covered
5%
California IoT Security Law
1 source controls mapped|1 target controls covered
5%
FFIEC Cybersecurity Assessment Tool (CAT)
1 source controls mapped|1 target controls covered
5%
ETSI EN 303 645
1 source controls mapped|1 target controls covered
5%
CNCF Cloud Native Security (Cloud Native Computing Foundation)
1 source controls mapped|2 target controls covered
5%
APEC Cross-Border Privacy Rules (CBPR) System
1 source controls mapped|1 target controls covered
5%
ASD Essential Eight Maturity Model
1 source controls mapped|1 target controls covered
5%
Canada ITSG-33 — IT Security Risk Management
1 source controls mapped|3 target controls covered
5%
FTC GLBA Safeguards Rule (16 CFR Part 314)
1 source controls mapped|3 target controls covered
5%
Nevada Gaming Control Board Cybersecurity Requirements
1 source controls mapped|2 target controls covered
5%
Lloyd's Minimum Standards — Cyber Security
1 source controls mapped|2 target controls covered
5%
FTC Safeguards Rule (16 CFR Part 314)
1 source controls mapped|3 target controls covered
5%
OWASP ASVS
1 source controls mapped|1 target controls covered
5%
C5 (Germany)
1 source controls mapped|1 target controls covered
5%
ASEAN Guide on AI Governance and Ethics
1 source controls mapped|1 target controls covered
5%
FedRAMP Rev 5
1 source controls mapped|3 target controls covered
5%
GLI-33 — Gaming Laboratories International Event Wagering Systems
1 source controls mapped|1 target controls covered
5%
EIOPA Guidelines on ICT Security and Governance (2020)
1 source controls mapped|1 target controls covered
5%
TISAX — Trusted Information Security Assessment Exchange
1 source controls mapped|1 target controls covered
5%
Telecommunications Sector Security Reforms (TSSR)
1 source controls mapped|1 target controls covered
5%
Defence Security Principles Framework (DSPF)
1 source controls mapped|1 target controls covered
5%
Protective Security Policy Framework (PSPF) Release 2024
1 source controls mapped|1 target controls covered
5%
Spain ENS
1 source controls mapped|1 target controls covered
5%
NIST SP 800-171A — Assessing CUI Security Requirements
1 source controls mapped|2 target controls covered
5%
EDM Council DCAM — Data Management Capability Assessment Model
1 source controls mapped|1 target controls covered
5%
CMMC 2.0
1 source controls mapped|1 target controls covered
5%
Ghana Cybersecurity Act
1 source controls mapped|1 target controls covered
5%
ISO/IEC 29134:2023
1 source controls mapped|1 target controls covered
5%
OWASP DevSecOps Maturity Model (DSOMM)
1 source controls mapped|1 target controls covered
5%
EU Cyber Resilience Act
1 source controls mapped|1 target controls covered
5%
BSI IT-Grundschutz
1 source controls mapped|1 target controls covered
5%
DoD Zero Trust Reference Architecture
1 source controls mapped|1 target controls covered
5%
Azure Security Benchmark
1 source controls mapped|1 target controls covered
5%
Belgium CyberFundamentals
1 source controls mapped|1 target controls covered
5%
BSIMM
1 source controls mapped|1 target controls covered
5%
US Gramm-Leach-Bliley Act (GLBA) — Higher Education Safeguards Rule
1 source controls mapped|1 target controls covered
5%
3GPP Security
1 source controls mapped|1 target controls covered
5%
NIST AI Risk Management Framework (AI RMF 1.0)
1 source controls mapped|1 target controls covered
5%
NIST AI 600-1 Generative AI Profile
1 source controls mapped|1 target controls covered
5%
FISMA
1 source controls mapped|1 target controls covered
5%
ISO/IEC 27011:2024
1 source controls mapped|1 target controls covered
5%
HKMA Cyber Resilience Assessment Framework (C-RAF)
1 source controls mapped|1 target controls covered
5%
UK Defence Standard 05-138 — Cyber Security for Defence Suppliers
1 source controls mapped|1 target controls covered
5%
Cyber Essentials Plus
1 source controls mapped|1 target controls covered
5%
MITRE D3FEND
1 source controls mapped|1 target controls covered
5%
NIST SP 800-160
1 source controls mapped|1 target controls covered
5%
MITRE ATT&CK
1 source controls mapped|1 target controls covered
5%
NIST SP 800-145
1 source controls mapped|1 target controls covered
5%
ISMAP (Japan)
1 source controls mapped|1 target controls covered
5%
ASD Information Security Manual (ISM)
1 source controls mapped|2 target controls covered
5%
OWASP SAMM
1 source controls mapped|1 target controls covered
5%
NYDFS Cybersecurity Regulation (23 NYCRR Part 500)
1 source controls mapped|1 target controls covered
5%
ISO 27043
1 source controls mapped|1 target controls covered
5%
PAS 1192-5:2015 — Security-Minded Approach to BIM and Digital Built Environments
1 source controls mapped|2 target controls covered
5%
New Zealand Information Security Manual (NZISM)
1 source controls mapped|2 target controls covered
5%
MARS-E — Minimum Acceptable Risk Standards for Exchanges
1 source controls mapped|2 target controls covered
5%
South Korea Cloud Security Assurance Program (CSAP)
1 source controls mapped|2 target controls covered
5%
NRC 10 CFR 73.54 — Nuclear Facility Cybersecurity
1 source controls mapped|2 target controls covered
5%
MTCS (Singapore)
1 source controls mapped|1 target controls covered
5%
SSAE 18 — Attestation Standards (SOC Reporting)
1 source controls mapped|1 target controls covered
5%
NIST SP 800-88
1 source controls mapped|1 target controls covered
5%
RBI Cybersecurity Framework for Banks
1 source controls mapped|2 target controls covered
5%
SA8000:2014 — Social Accountability Standard
1 source controls mapped|1 target controls covered
5%
ISO/SAE 21434
1 source controls mapped|1 target controls covered
5%
CISA Secure by Design Principles
1 source controls mapped|3 target controls covered
5%
ISO 27018
1 source controls mapped|1 target controls covered
5%
NIST SP 800-218
1 source controls mapped|1 target controls covered
5%
NIST SP 800-128
1 source controls mapped|1 target controls covered
5%
SSDF (NIST)
1 source controls mapped|1 target controls covered
5%
US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements
1 source controls mapped|1 target controls covered
5%
UK PSTI Act
1 source controls mapped|1 target controls covered
5%
FAA Cybersecurity Framework for Aviation
1 source controls mapped|1 target controls covered
5%
Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016)
1 source controls mapped|1 target controls covered
5%
Japan FSA Cybersecurity Guidelines for Financial Institutions
1 source controls mapped|2 target controls covered
5%
Kuwait National Cybersecurity Framework
1 source controls mapped|1 target controls covered
5%
NIST SP 800-171
1 source controls mapped|1 target controls covered
5%
NIST SP 800-61
1 source controls mapped|1 target controls covered
5%
ISO 27017
1 source controls mapped|1 target controls covered
5%
NIST SP 800-146
1 source controls mapped|1 target controls covered
5%
NIST SP 800-190
1 source controls mapped|1 target controls covered
5%
NIST SP 800-150
1 source controls mapped|1 target controls covered
5%
NIST SP 800-115
1 source controls mapped|1 target controls covered
5%
NRF Cybersecurity and Data Privacy Framework (National Retail Federation)
1 source controls mapped|1 target controls covered
5%
Oman National Cybersecurity Framework
1 source controls mapped|1 target controls covered
5%
NIST SP 800-172
1 source controls mapped|1 target controls covered
5%
NIST Privacy Framework 1.0
1 source controls mapped|1 target controls covered
5%
Singapore Cybersecurity Act 2018
1 source controls mapped|1 target controls covered
5%
NIST SP 800-181
1 source controls mapped|1 target controls covered
5%
ISO 27002:2022
1 source controls mapped|1 target controls covered
5%
Security of Critical Infrastructure Act 2018 (SOCI)
1 source controls mapped|1 target controls covered
5%
NIST SP 800-144
1 source controls mapped|1 target controls covered
5%
NIST SP 800-183
1 source controls mapped|1 target controls covered
5%
UK FCA/PRA Operational Resilience Framework
1 source controls mapped|1 target controls covered
5%
OWASP MASVS
1 source controls mapped|1 target controls covered
5%
NIST SP 800-92
1 source controls mapped|1 target controls covered
5%
OpenSSF Scorecard
1 source controls mapped|1 target controls covered
5%
NIST SP 800-207
1 source controls mapped|1 target controls covered
5%
Responsible Minerals Initiative (RMI) — Responsible Minerals Assurance Process
1 source controls mapped|1 target controls covered
5%
DISA Security Technical Implementation Guides (STIGs)
1 source controls mapped|1 target controls covered
5%
NIST SP 800-137
1 source controls mapped|1 target controls covered
5%
PTES
1 source controls mapped|1 target controls covered
5%
ECB TIBER-EU Framework
1 source controls mapped|1 target controls covered
5%
Saudi NCA ECC
1 source controls mapped|1 target controls covered
5%
Notifiable Data Breaches Scheme (Australia)
1 source controls mapped|1 target controls covered
5%
EU Digital Markets Act
1 source controls mapped|1 target controls covered
5%
FTC Health Breach Notification Rule
1 source controls mapped|1 target controls covered
5%
UK Product Security and Telecommunications Infrastructure Act (PSTI)
1 source controls mapped|1 target controls covered
5%
EAR — Export Administration Regulations
1 source controls mapped|1 target controls covered
5%
European Accessibility Act (Directive (EU) 2019/882)
1 source controls mapped|1 target controls covered
5%
EU Deforestation-Free Products Regulation (EUDR)
1 source controls mapped|1 target controls covered
5%
Ontario Accessibility for Ontarians with Disabilities Act (AODA) — IASR Web Standard
1 source controls mapped|1 target controls covered
5%
EU NIS2 Directive — Energy Sector Cybersecurity Requirements (Directive 2022/2555)
1 source controls mapped|1 target controls covered
5%
US ITAR and EAR — Export Control and Data Security
1 source controls mapped|1 target controls covered
5%
US SEC Digital Assets and Crypto Regulatory Framework
1 source controls mapped|1 target controls covered
5%
Australia Consumer Data Right — Banking (CDR)
1 source controls mapped|1 target controls covered
5%
Australia eSafety Commissioner — Online Safety Expectations for Industry
1 source controls mapped|1 target controls covered
5%
TSA Pipeline Cybersecurity Directives
1 source controls mapped|1 target controls covered
5%
TSA Pipeline Security
1 source controls mapped|1 target controls covered
5%
SEC Cybersecurity Disclosure Rules
1 source controls mapped|1 target controls covered
5%
SLSA
1 source controls mapped|1 target controls covered
5%
NIST SP 800-161
1 source controls mapped|1 target controls covered
5%
NIST SP 800-53 Rev 5
1 source controls mapped|2 target controls covered
5%
UNECE WP.29 R156
1 source controls mapped|1 target controls covered
5%
NIST SP 800-53A
1 source controls mapped|1 target controls covered
5%
NIST SP 800-63
1 source controls mapped|1 target controls covered
5%
PCI DSS v4.0
1 source controls mapped|1 target controls covered
5%
O-RAN Alliance Security Specifications (O-RAN.WG11)
1 source controls mapped|1 target controls covered
5%
NIST SP 800-187
1 source controls mapped|1 target controls covered
5%
UK Building Safety Act 2022
1 source controls mapped|1 target controls covered
5%
SIG (Shared Assessments)
1 source controls mapped|1 target controls covered
5%
NIS2 Directive Implementing Acts
1 source controls mapped|1 target controls covered
5%
AICPA Privacy Management Framework (PMF)
1 source controls mapped|1 target controls covered
5%
UNECE WP.29 R155
1 source controls mapped|1 target controls covered
5%
South Korea ISMS-P
1 source controls mapped|1 target controls covered
5%
NIST SP 800-123
1 source controls mapped|1 target controls covered
5%
Frequently Asked Questions
What is UN Guiding Principles on Business and Human Rights (UNGPs)?
UN Guiding Principles on Business and Human Rights (UNGPs) is a compliance framework from International (United Nations) with 3 domains and 20 controls. The United Nations Guiding Principles on Business and Human Rights (UNGPs), unanimously endorsed by the UN Human Rights Council in 2011, establish the authoritative global standard for preventing and addressing human rights impacts linked to business activity. The UNGPs rest on three pillars: the State duty to protect human rights, the corporate responsibility to respect human rights, and access to remedy. The corporate responsibility pillar requires human rights due diligence — a process to identify, prevent, mitigate, and account for adverse human rights impacts. The UNGPs inform mandatory human rights due diligence legislation globally (EU CSDDD, German LkSG, French Loi de Vigilance). It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does UN Guiding Principles on Business and Human Rights (UNGPs) have?
UN Guiding Principles on Business and Human Rights (UNGPs) has 20 controls organised across 3 domains. The largest domains are Pillar II — Corporate Responsibility to Respect (Principles 11-24) (9 controls), Pillar III — Access to Remedy (Principles 25-31) (6 controls), Pillar I — State Duty to Protect (Principles 1-10) (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does UN Guiding Principles on Business and Human Rights (UNGPs) map to?
UN Guiding Principles on Business and Human Rights (UNGPs) maps to 180 other compliance frameworks. The top mapping partners are Modern Slavery Act 2018 (Australia) (20% coverage), EU Taxonomy Regulation (20% coverage), Singapore Government Instruction Manual on ICT&SS Management (IM8) (20% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with UN Guiding Principles on Business and Human Rights (UNGPs) compliance?
Start your UN Guiding Principles on Business and Human Rights (UNGPs) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about UN Guiding Principles on Business and Human Rights (UNGPs) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 20 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 692 frameworks.
Get Started Free →Free forever — no credit card required