Hostname: page-component-78c5997874-4rdpn Total loading time: 0 Render date: 2024-11-05T05:08:08.381Z Has data issue: false hasContentIssue false

Tort Liability of Private Safety Auditors in Global Value Chains

Published online by Cambridge University Press:  21 October 2022

Paul Verbruggen*
Affiliation:
Professor of Private Law, Department of Private, Business and Labour Law, Tilburg Law School, Tilburg University, Tilburg, The Netherlands.
Rights & Permissions [Opens in a new window]

Abstract

Private safety auditors are key constituents of modern risk governance in global value chains (GVCs). However, high-impact safety incidents causing extensive harm inside and outside the chain have cast widespread doubts as to the integrity and rigour with which these commercial auditors carry out their professional services. Civil liability has been considered an important legal instrument to incentivise auditors to improve audit accuracy and integrity. Relying on English law, this article assesses the extent to which this premise holds true for product safety and social auditing. To that end, it studies the liability exposure of private safety auditors for negligent auditing in GVCs. It is argued that this exposure is primarily a function of the contractual obligations these auditors undertake to perform for producers or suppliers in GVCs. This finding draws attention to the need to better understand and define the scope of the safety audits offered for risk management purposes within GVCs.

Type
Symposium on New Liabilities in Global Value Chains
Creative Commons
Creative Common License - CCCreative Common License - BY
This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution and reproduction, provided the original article is properly cited.
Copyright
© The Author(s), 2022. Published by Cambridge University Press

I. Introduction

Private safety auditors are key constituents of modern risk governance in global value chains (GVCs). Large buyer firms such as retailers and brands rely on these commercial auditors to monitor and assure supplier compliance with regulatory standards on matters of product safety, worker protection and environmental sustainability. Footnote 1 Private auditors thus provide invaluable information about the safety risks traded commodities may pose to end users of produced goods, as well as the degree to which foreign suppliers handle occupational health and safety risks for workers involved in production or the risks to the environment or communities in the vicinity of production. This compliance information assists large buyer firms in the management of reputational concerns and liability risks associated with the structural outsourcing of production in GVCs to foreign suppliers. In turn, it enables these firms to make strategic decisions about which suppliers to include or exclude in their chains. Footnote 2

However, the information that private safety auditors provide is not always complete or accurate. There are various examples in which the failure of auditors to report regulatory non-compliance have been implicated in major safety incidents that caused significant and widespread harm. The fire that raged in the Ali Enterprise factory in Karachi, Pakistan, in September 2012, killing 260 workers and leaving thirty more injured, is a tragic example of this. Just weeks before the blaze, private auditors had certified the factory as meeting a global private standard designed to attest safe working conditions, the SA8000 standard. Footnote 3 The high death toll was reported to be related, amongst other things, to the fact that many of the workers were trapped by locked emergency exists. Footnote 4 This was a violation of the applicable standard. Footnote 5

Scholars, governments and activists have advanced several explanations of why audit information about supplier compliance in GVCs may prove invalid. Central in this body of literature are conflicts of interests between the professionalism of auditors and the financial benefits they gain from auditing their clients. Empirical research on auditing practices in GVCs suggests that auditors are more lax when they: monitor their own paying clients; have the opportunity of cross-selling other business services such as consultancies or trainings to audited firms; face more competition on the price of auditing services; and operate in corrupt environments in which they receive side payments from the firms they audit. Footnote 6

One instrument to bolster audit quality and integrity is that of imposing tort liability on auditors for the negligent performance of their contracted professional services. Footnote 7 Third parties that benefit from compliance with the standards that private safety auditors are assigned to monitor under a services contract with the supplier firm may use tort law as a means to claim compensation for the losses they have suffered because of negligent auditing. For safety audits, these third parties primarily involve those who rely on the validity of the audit for the safe use of the product (ie the end user, businesses and consumers alike) and those who are involved in the production process and stand to gain from astute inspection of protective health and safety standards (ie workers). Footnote 8

The assumption underlying the measure of imposing tort liability is that the threat of incurring such liability, as it stands, creates sufficiently strong incentives for private safety auditors to improve the reliability of their audits. In other words, the threat of liability needs to be credible enough to create incentives for improvement. This contribution assesses the truth of that assumption by assessing the liability risk that private safety auditors face for providing incomplete or inaccurate compliance information via their contracted services in GVCs. While recognising that, in this context, factors such as prescription periods, (third-party) litigation funding and conflicts of law Footnote 9 play a significant role in shaping auditor exposure to civil liability in tort, the focus of the analysis here is on the material conditions governing auditor liability vis-à-vis third-party beneficiaries.

Using English tort law as the legal domain of analysis, this article argues that the liability risk that private safety auditors face in GVCs is distinctively determined by the contractual obligations they undertake to perform auditing services for the supplier firms. The “what”, “who”, “when”, “how” and “why” of safety audits are key proxies for courts to determine whether or not to impose a common law duty of care on the auditor towards third parties at risk of suffering a loss from negligently performed audits. In the absence of any legislative framework that holds differently, it is the contract between the supplier firm and the private safety auditor that principally defines these variables. Accordingly, it is held that the auditing contracts, including the audit standards and protocols these impose, play a central role in the allocation of tort liability concerning the safety risks to which third parties are exposed in GVCs.

This contribution is organised as follows: Section II sets out the structural role that private safety auditing plays in the modern governance of safety in GVCs. To that end, it discusses the pervasiveness and practices of food safety auditors and social auditors. Whereas the former assess regulatory compliance by primary producers, food manufacturers and suppliers for the purposes of placing safe food on global markets, the latter conduct audits to assess compliance with fundamental labour standards and human rights in global production networks. The extent to which these auditors hold themselves out as controlling the risks of physical harm for a defined class of persons, as we will see in Section III, is key in determining whether to assign to them a duty of care under the English common law tort of negligence. Establishing whether an auditor owes such a duty is a threshold issue. If no duty is established, the auditor is not answerable under tort law for any false information provided through its audit. By focusing the analysis on the duty element, the article will thus be able to offer an accurate picture of the liability exposure that private safety auditors face under English tort law and the common law jurisdictions relying on it. This descriptive legal analysis provides the basis for normative considerations around the need for subjecting private safety auditors in GVCs to liability for negligence in Section IV. Section V offers brief conclusions.

II. Private safety auditing in global value chains

Private auditing plays a key role in managing safety in GVCs across a wide range of economic sectors. The rise of this specific private governance mechanism can be explained by the increased desire of lead buyer firms to manage the reputational risks associated with the structural outsourcing of production in GVCs. These risks are significant given that the law and public institutions in production locations in the Global South may not be able (or willing) to ensure the levels of safety buyer firms headquartered in the Global North require of them. Footnote 10 At the same time, firms and individuals who buy products marketed by these lead firms are ever more concerned about the safety of products being traded or the protection of workers and the environment involved in production. Footnote 11

While lead firms continue to administer audits to verify compliance with safety standards, they increasingly outsource that verification task to third-party professionals. Footnote 12 Supplier firms contract with these professionals to periodically conduct compliance audits and pay a commercial fee for these auditing services. Supplier firms are typically required to do so based on enforceable obligations that are part of the supply contract with the lead buyer firm or as part of the latter’s private procurement scheme that manages their eligibility for a supply contract. Footnote 13 Accordingly, lead firms outsource the monitoring of compliance to for-profit, private, third-party auditors, without having to bear the costs of such monitoring directly.

To illustrate the pervasiveness of the activities of commercial third-party private safety auditors in GVCs, this section highlights the international practices of food safety auditing and social auditing. In both domains, a mature global industry of commercial third-party auditing has developed over recent decades. Footnote 14 These developments have also sparked discussion in the literature regarding audit quality and integrity, as well as the role of auditor liability to strengthen industry practice.

1. Food safety auditing

Private safety auditing is part and parcel of modern food safety regulation. Footnote 15 Since the 1990s, major food companies and retailers in Europe and the USA have developed private food safety standards for producers and suppliers of fresh produce and other (agri-)food products. The factors that drove the rise of these standards include the growing concentration of the economic power of food companies and retailers, the increase of global trade in food, the outbreak of recurrent international food safety crises, including bovine spongiform encephalopathy (BSE), a general perception amongst the public of failing government institutions and novel concerns amongst consumers about safety, animal welfare, dietary habits, the environment and fair trade. Footnote 16 Compliance with private food standards is monitored through refined certification schemes, which typically operate based on private third-party auditing. Footnote 17

There is a wide range of food safety auditing schemes, both at the national and international level. A leading scheme is GLOBALGAP. This is, in fact, the world’s most widely implemented private food safety scheme for agricultural food products. GLOBALGAP works with more than 2,000 trained third-party auditors at some 150 accredited certification bodies to perform compliance audits at more than 200,000 certified producers in over 135 countries. Footnote 18 These accredited certification bodies may be local players, but a fair share of them (approximately 20%) are subsidiaries of global for-profit auditing firms, such as Bureau Veritas (BV), Det Norska Veritas (DNV), Lloyds, Registro Italiano Navale Group (RINA), Société Générale de Surveillance (SGS) and the TÜV Group. Footnote 19 GLOBALGAP currently includes in its membership food producers, suppliers, retailers and food service providers, and it has developed a variety of private standards, each concerned with a different topic, including food safety, animal welfare and labour conditions. Food safety is regulated via GLOBALGAP’s Integrated Farm Assurance (IFA) scheme, which consists of different modules that apply to the product groups of crops, livestock and aquaculture. Footnote 20

While GLOBALGAP is an important auditing scheme, it is certainly not the only one. Firms supplying different retailers or markets are frequently confronted with multiple, partly overlapping schemes, each having its own audit standards and protocols. The resulting compliance costs are said to impede market access for small and medium-sized enterprises (SMEs), especially those in developing countries. Footnote 21 In response to these and other concerns, a group of global food retailers established the Global Food Safety Initiative (GFSI) in 2000. This industry organisation benchmarks competing private food safety standards following a set of baseline requirements with a view to coordinate, converge and ratchet up existing standards and enhance compliance with food safety laws. Footnote 22 To give an impression of the centrality of the GFSI in the food auditing industry, it was estimated in 2006 that 75–99 per cent of food products sold by the world’s leading supermarket chains were certified under GFSI-benchmarked schemes. Footnote 23

The GFSI has leveraged its pivotal position in industry to push leading international auditing schemes to adopt more stringent auditor training and audit protocols to increase food safety audit reliability, which has been a real concern. Footnote 24 For one, audited suppliers have been linked to major outbreaks of food-borne disease. For example, the German enterohaemorrhagic Escherichia coli (EHEC) outbreak of 2011 was traced back to organically certified fenugreek seeds imported from Egypt. The outbreak led to 3,842 cases of food-borne disease, including 137 deaths in Europe and North America. Footnote 25 In other instances, the outbreak was alleged to be related to poor auditing. One example concerns the contamination of cantaloupes in the USA with Listeria monocytogenes, which caused 147 reported cases of serious illness and 33 deaths. Footnote 26 The source of contamination was Jensen Farms, a grower based in Colorado. PrimusLabs, a commercial third-party auditor, had provided Jensen Farms a food safety certificate based on an audit performed by a subcontracted entity. The grower required this certificate by the distributors and retailers in order to do business with them. Victims of the outbreak claimed more than $50 million in damages in lawsuits against, inter alia, PrimusLabs. While several state courts acknowledged that the auditor owed the plaintiffs a duty of care in negligence, the factual question of whether the auditor breached its duty was never answered in trial. PrimusLabs settled the lawsuits before trial. Footnote 27

Incidents such as these, along with persistent concerns amongst the public authorities responsible for the enforcement of local food safety laws about private auditing, have driven the GFSI to bolster the quality of private food safety auditing. Over the years, the GFSI has developed stricter requirements on issues such as auditor competence, unannounced visits and fraud prevention. In May 2022, twelve global audit schemes have been shown to meet these standards. Footnote 28 One of the achievements of this gradual ratchetting up of auditing standards is that local food safety authorities in Canada, the Netherlands, the UK and the USA have come to integrate the audit status of food business operators under GFSI-benchmarked schemes as an indicator of the risk profile the operator has. An audited status typically leads to less frequent or less extensive inspection visits by the food authorities. Footnote 29 Consequently, public and private food safety controls have started to become more integrated in several jurisdictions.

2. Social auditing

Social auditing involves the practice of assessing producer or supplier compliance with fundamental labour standards and, more broadly, human rights. Social auditing emerged in the 1990s as a response to increased public awareness about serious labour rights violations by foreign suppliers, especially in the apparel, footwear and textile industry. Non-governmental organisation (NGO) reporting and extensive media coverage about forced labour, child labour, unfair and unequal pay and unsafe working conditions in GVCs tarnished the reputation of major brands in the industry. Footnote 30 Since then, numerous transnational private regulatory initiatives have been developed to effect change in labour practices. Footnote 31 The potential of these initiatives, amongst which private codes of conduct backed by social auditing are a principal instrument, was critically assessed by many. In particular, scholars and NGOs have called for more transparency and accountability towards the ultimate beneficiaries (ie workers and local communities) and the safeguarding of the independence of monitoring actors. Footnote 32

The industry of social auditing is led by large international auditing firms. Footnote 33 These firms are the very same firms that were observed to play a big role in food safety auditing. All of these have a long history in safety auditing, originally relating to the safety of maritime shipping. The audit firms have expanded their commercial activities in the last two decades to the domain of corporate social responsibility (CSR) to provide social auditing services to foreign producers and suppliers operating in GVCs of multinational firms based in the Global North. These producers and suppliers typically contract with a local chapter of the international auditing firm, which then performs the audit against payment of a commercial fee. Alternatively, the subsidiary may choose to outsource the auditing to audit firms or individuals with local expertise, as happened in the case of the tragic Ali Enterprise factory fire. Footnote 34 Regulations on non-financial reporting and supply chain due diligence that have emerged since the 2010s, including those discussed in the contributions by Villiers and by Lafarre and Rombouts in this Special Issue, have created further scope for the social audit industry to grow.

Similarly to food safety auditing, there are several competing schemes for social auditing. In terms of numbers, the SA8000 standard is the most widespread scheme. Footnote 35 Social Accountability International (SAI) developed this scheme in 1997 using substantive fundamental labour standards found in the Universal Declaration of Human Rights, conventions of the International Labour Organization (ILO) and national laws. These standards related to child labour, forced labour, occupational health and safety, working hours, remuneration as well as worker discrimination, freedom of association and collective bargaining. Footnote 36 Like GFSI-benchmarked schemes for food safety, the SA8000 standard operates on the basis of third-party auditing, which implies that the audits are carried out by auditing firms that have been accredited for that purpose by the Social Accountability Accreditation Services (SAAS). Footnote 37 BV, DNV, Lloyds, RINA, SGS and the TÜV Group again appear on the list of SAAS-accredited auditing bodies. Footnote 38

Competing audit schemes involve the Business Social Compliance Initiative (BSCI). The BSCI was launched in 2003 by the Brussels-based Foreign Trade Association. Now branded as Amfori BSCI, the initiative is a membership organisation offering some 2,400 member-companies a platform to enable them to improve social performance in their supply chains. Footnote 39 The BSCI Code of Conduct is, like the SA8000 standard, based on fundamental labour standards. SAAS-accredited auditing bodies (ie the very same for-profit audit firms recognised under the SA8000 standard and the GFSI-benchmarked schemes for food safety) check its compliance. Footnote 40 Despite its similar approach, the BSCI has been critically described as “SA8000-lite” as it offers less robust auditing standards then SAI’s auditing scheme. Footnote 41 Poor auditing under the BSCI Code of Conduct by TÜV India was alleged to have played a role in the harm that was caused to workers and their families in the tragic collapse of the Rana Plaza building in the Dhaka District of Bangladesh in 2013. Footnote 42 However, no legal responsibility for the extensive harm involved in this devastating event could be attached to TÜV India, since the cause of the collapse – the weak structural safety of the building – was not part of the scope of the social audit TÜV India was contracted for. Footnote 43

In addition to the traditional safety audit firms named above, the “Big Four” (ie Deloitte, EY, KPMG and PwC) are reported to have become formidable players on the global market for social auditing. Fransen and LeBaron suggest that the rise of legislation covering modern slavery and human trafficking (eg the California Transparency in Supply Chains Act 2010 and the UK Modern Slavery Act 2015) has led the Big Four to adopt comprehensive programmes to aid companies to meet the new requirements for disclosure on transnational labour standards in GVCs. Footnote 44 Producers or suppliers that wish to improve their compliance with social standards can sign up to these voluntary programmes, which are developed and audited by the audit firms themselves, as alternatives or complements to the SA8000 or BSCI schemes.

III. Tort liability of private safety auditors under English law

In discussing the scope of the international practices of food safety auditing and social auditing, the previous section highlighted the significance of audit reliability to the effectiveness of private safety auditing as a risk governance mechanism in GVCs. Economic conflicts of interest and the social relations that surround commercial third-party auditing, as currently organised, may compromise that reliability and can lead to widespread harm amongst those who rely on or stand to gain from the veracity of the audits. Footnote 45 Tort liability is seen as an important regulatory tool to strengthen audit reliability. This position assumes auditing firms are answerable under tort law for the harm that is caused by their negligence. Only to the extent that auditing firms are answerable may the threat of tort liability operate as an incentive to improve audit rigour, quality and integrity. Therefore, this section turns to the conditions governing the civil liability of private safety auditors. It will use English common law as the jurisdiction of analysis. This focus is not by accident. Common law courts around the world, including those in export-orientated countries in the Global South, such as Bangladesh, India and Pakistan, frequently rely on English law as a source to clarify standards of tort liability in novel cases.

Tort claims against a private safety auditor based on English law will be treated under the tort of negligence. A claim in negligence is successful where the claimant demonstrates that they suffered a loss because of a breach of a duty of care that the auditing firm owed to them while performing the auditing services. To determine the existence of a duty of care for the defendant vis-à-vis the claimant, it must be foreseeable for the defendant that the claimant would suffer a loss if they failed to take reasonable care, there is a sufficiently proximate relationship between the claimant and the defendant and it would be fair, just and reasonable, as a matter of legal policy, to impose a duty of care on the defendant. In assessing whether these three elements are satisfied, the law of negligence demands that an approach based on precedent be followed, considering the closest analogies with previous decided (categories of) cases. Footnote 46 If novel cases emerge, the court should proceed incrementally, recognising a duty of care more easily in situations that are similar to an “existing pocket of liability” Footnote 47 or “previously recognized duty situations”. Footnote 48 To do so allows for a step-by-step development of the law of negligence, whether this may be expansive or restrictive.

Private safety auditors in GVCs, as noted, are primarily concerned with providing professional services to assess the (level of) compliance of a corporate entity (the auditee) with the health and safety standards specified by the audit contract. Once that assessment and related compliance information are disclosed (be it in the form of a certificate, label or any other form of attestation), claimants may place reliance on it and suffer a loss if the information proves false. There are a number of established authorities in English case law that deal with negligent inspections and inaccurate compliance information that foreseeably resulted in physical harm – either personal injury or property damage – on the part of the claimant. These cases straddle the borderlands between different categories of negligence cases, namely “directly inflicted physical harm” and “assumption of responsibility for the risk of physical harm”. Footnote 49 In these case categories, as will be discussed, a principal concern of the courts in establishing that the defendant owes the claimant a duty of care has been the element of proximity. Footnote 50 This element concerns the question of whether there is a relationship of sufficient closeness or nearness between the claimant and defendant relevant to the allegedly negligent act or omission.

1. Previously recognised duty situations

a. Direct physical harm

In considering the existence of a duty of care for a defendant auditor for physical harm suffered by the claimant and the necessary proximity between the former and the latter, an important matter within the English law of negligence is the question of who is primarily responsible for the risk involved. A defendant generally owes a duty of care to the claimant if they carry primary responsibility and engage in conduct foreseeably importing the risk of personal injury for the claimant. Those concerned with safety audits or inspections may carry such primary responsibility. This follows from two established authorities on negligent safety inspections of property closely and directly affecting the claimants. The first is Clay v. Crump, in which an insecure wall at a building site had collapsed on a workman. Footnote 51 The relevant defendant was an architect, who had been contracted and charged with the responsibility of preparing and supervising the works on site. The architect had relied on the opinion of another that the wall was safe, but had he inspected the property himself, its dangerous condition would have been immediately apparent. Applying the legal principles laid down in Donoghue v. Stevenson, Footnote 52 Ormerod L.J. considered that the architect, by reason of his contractual arrangements, must have had in his contemplation the builders who would go on the building site. Footnote 53 As such, the contracted role of the architect to supervise the building site and the workmen on it established the required proximity between the defendant and claimant in this case.

The second authority is Perrett v. Collins, which involved the negligent inspection of an aircraft. Footnote 54 The aircraft, constructed from a do-it-yourself kit, was fitted with an incompatible gearbox. Knowing of this change, the relevant defendant, a private safety inspector, signed a permit to fly under the relevant statutory regulations. Footnote 55 When the owner of the aircraft took it for a test flight, he was unable to control his descent and his passenger – the claimant – was injured. Following the case of Clay, the element of proximity was found to be satisfied on the ground that the defendant’s acts had “the more or less inevitable consequences of causing physical injury to the claimants”. Footnote 56 The safety inspector was found to have a critical role in the safety inspection of the aircraft: without its inspection, as required by statute, the aircraft could not have taken off. Moreover, upon approval of the aircraft, a passenger is entitled to assume that the applicable safety requirements are met and to rely on it being the case that those involved in such inspection have taken proper care. Footnote 57 In more general terms, then, proximity exists in cases of physical harm where the claimant “belongs to a class which either is or ought to be within the contemplation of the defendant and the defendant by reason of his involvement in an activity which gives him a measure of control over and responsibility for a situation which, if dangerous, will be liable to injure the [claimant]”. Footnote 58

Do the food safety and social auditors discussed in this article find themselves in a situation in which they have a measure of control over and responsibility for a risk that is likely to injure the claimant in the same way as the defendants in Clay and Perrett? Surely, these auditors carry a degree of responsibility for the safety of the products, processes or premises they audit. However, that responsibility is not primary, in the sense that the audit is constitutive of the source of risk involved. The auditee is primarily responsible. It is their business operations that carry with them the risk to which the claimant is exposed. Food safety and occupational health and safety laws squarely place that responsibility on the food business operator and the employer involved. Footnote 59 For the private auditors discussed here, there are no contracts that discharge the auditees from their responsibility of safety and impose it on the auditors as happened between the building owner and the architect in Clay, nor are there statutes that impose on auditors a public law function as held by the aircraft inspector in Perrett. In fact, audit contracts typically impose on auditees the legal obligation to comply with all relevant safety regulations and will require them to indemnify the auditors for any civil liability for damage caused to third parties by the breach of those regulations. Footnote 60 Accordingly, it cannot be held in general that, for the case category of directly inflicted physical harm, food safety and social auditors are in a sufficiently proximate relationship with claimants injured following a negligent audit.

Support for this position is found in the case of Marc Rich and Co. v. Bishop Rock Marine Co. Ltd. Footnote 61 In this case, a vessel called the Nicolas H sank and along with it the cargo it carried. The cargo owners suffered physical harm (ie property damage) and sued the classification society that had surveyed the vessel to establish its seaworthiness. The defendant had previously recommended that even though the Nicolas H showed cracks in its hull, the vessel could complete her voyage with temporary repairs. These repairs proved inadequate and the vessel sank a short time afterwards. The House of Lords found the defendant not to owe a duty of care to the cargo owners. Lord Steyn (with whom a majority concurred) found that the case did not involve the direct infliction of physical damage. In his view, the ship owner bore primary responsibility for the vessel sailing in a seaworthy condition, the role of the surveying defendant being a “subsidiary one”. Footnote 62 Lord Steyn held further that the absence of any contact between the claimants and defendant, while not being necessarily decisive, argued against demonstrating proximity. The claimants, it was reasoned, did not suggest that they were aware that the classification society had inspected the vessel and simply relied on the ship owners to keep the vessel seaworthy and the cargo safe. Footnote 63

b. Assumption of responsibility for the risk of physical harm

This does not conclude the duty question. English courts have developed several theories in the law of negligence to overcome the proximity gap between a harmed claimant and a defendant who carries secondary responsibility for the risk leading to that harm. As such, courts may impose a duty on a defendant even if the defendant did not directly cause the damage, but a third party did. Footnote 64 Important for the analysis here is the case category in which the defendant had themself assumed responsibility for the risk of physical harm to which the claimant was exposed. Footnote 65 The test for this doctrine of “assumption of responsibility” consists of two legs. Footnote 66 The first requires that the defendant voluntarily took on the responsibility to take care to prevent or avoid the harm suffered by the claimant. Footnote 67 Whether they did is objectively determined by looking at the particular skills, profession, control or other relevant capabilities the defendant had in relation to the claimant. Footnote 68 The second leg of the test requires the claimant to have reasonably relied on the defendant’s assumption of responsibility. Footnote 69 Even if the plaintiff shows that these two conditions are met, policy reasons may militate against the imposition of a duty of care on the defendant. Footnote 70

A discussion of these legal principles in relation to the risk of physical harm is found in Watson v. British Boxing Board of Control Ltd. Footnote 71 In this case, an injured boxer sued Britain’s professional boxing association for negligent medical treatment when he sustained a brain haemorrhage during a match. The defendant had drafted regulations governing the safety of professional boxing, including immediate medical care of boxers who received personal injuries while taking part in a fight. However, these safety standards proved to fall behind standard medical practice. Relying on the authorities of Clay, Marc Rich and Perrett, Lord Phillips, MR, found the defendant to be in close proximity with each individual boxer fighting under its rules, including the claimant. The facts producing such proximity involved:

  • The function and objective of the defendant (ie to care for the physical safety of its members);

  • The claimant being part of a determinative class of persons, both in time and number, such that the defendant, when defining its safety standards, ought reasonably to have had within its contemplation the claimant as being closely and directly affected by its activities;

  • The defendant actively encouraging and supporting its members in the pursuit of an activity that inevitably involved physical injury and that requires medical precautions against such injury;

  • The defendant controlling every aspect of that dangerous activity, including the medical treatment that would be provided;

  • The defendant requiring individual boxers to sign for a boxing match a contract on terms under which its safety standards will apply;

  • The claimant, as a member boxer, placing reasonable reliance upon the defendant to look after his safety given that the defendant held itself out as treating the safety of boxers as of paramount importance and had, or had available, medical expertise as regards such safety. Footnote 72

Two cases confirm Watson as the leading authority to establish the proximity necessary to found a duty of care in cases involving the indirect infliction of physical harm caused by a defendant’s negligent advice, which foreseeably and directly affected the safety of a claimant. The first is Wattleworth v. Goodwood Road Racing Company Ltd & Ors, Footnote 73 which concerned a racer who died in a crash on a race circuit licenced by the national motor sports association. It was alleged by the widow of the racer that the death was caused by the negligent design of the safety measures that the defendant association had advised the circuit owner to implement. Davis J. accepted the defendant as owing a duty of care to the deceased racer as it had assumed a responsibility for racetrack safety. To support that conclusion, attention was drawn to the defendant’s measure of control over track safety, its acknowledged expertise in this domain, its universal desire to achieve high safety standards for circuits and the reasonable reliance of racers that those who had undertaken responsibility for safety matters exercised all due care. The defendant’s assumption of responsibility could not be displaced by the alleged indeterminacy of the class of persons to which a duty of care would be owed, nor by the defendant’s terms and conditions of the licencing arrangements for racers. Footnote 74

The second is the case of Sutradhar v Natural Environment Research Council, in which the defendant had, on its own motion, conducted a study to assess the hydrochemical character of water in a region of Bangladesh. Footnote 75 The Bangladeshi government had relied upon the research report to construct a tubewell for drinking water. However, the report had not tested the water for arsenic, nor did it explicitly state that arsenic was not tested. The claimant was one of the people affected. He alleged that the defendant knew or ought to have reasonably known that the report would be relied upon as a statement that the tubewell water was fit to drink. The House of Lords held that the defendant could not be held to owe a duty to the claimant for lack of proximity “in the sense of a measure of control over and responsibility for the potentially dangerous situation”. Footnote 76 The defendant had no control whatever, in law or in practice, over the source of danger (the supply of drinking water). Unlike in the authorities of Clay, Perrett and Watson, no statute, contract or other arrangement existed through which the defendant could be said to have assumed responsibility for the risk to which the claimant was exposed. Moreover, the class of potential claimants could be the entire population of Bangladesh or, at least, that of the testing area. It led one Lord to note that “the essential touchstones of proximity are missing”. Footnote 77

2. The case of Das v. Weston: the role of audit scope, timing and reliance

The body of English case law just described was used to found two judicial decisions in the more recent Canadian case of Das v. Weston. Footnote 78 This case involved a negligence claim brought by injured workers and family members of deceased workers in the aftermath of the devastating collapse of the Rana Plaza building in Bangladesh in April 2013. The defendants involved the Canadian retailer Loblaws and the global auditing firm Bureau Veritas. The former had contracted the latter to conduct social audits for a garment supplier that operated in the collapsed building. While the claim was primarily dismissed for being statute-barred by the applicable Bangladeshi Limitations Act, the decisions of the Ontario Superior Court and Ontario Court of Appeal include highly relevant considerations as to the question of when a private safety auditor owes a duty of care to workers of value chain partners under English law, and by extension under Bangladeshi and Canadian law. Footnote 79

The claimants alleged that Bureau Veritas had negligently failed to conduct reasonable inspections and to report any safety issues to Loblaws to ensure that they were remedied. The Canadian courts dismissed these allegations. Bureau Veritas was not held to owe a duty to the claimants, essentially because it had not assumed responsibility for the risk to which the injured claimants were exposed, namely the structural integrity of buildings in which the claimants worked. Its contracted function and objective were of a more limited material scope. Loblaws had contracted the auditing firm to audit and inspect the supplier’s compliance with its private standards, which spoke to workplace health and safety. The standards did not, however, address the structural integrity of the buildings in which the supplier operated. Footnote 80 Interestingly, Bureau Veritas did acknowledge that if it had negligently audited an aspect within the ambit of its contracted services, and employees of the audited supplier were injured as a result of that negligence, it would owe a duty of care to them. Footnote 81

The case of Das v. Weston draws attention to a second material fact that limits the duty private safety auditors may owe to injured workers. That fact concerns the element of time. The responsibility that a private third-party auditor may assume will not last in perpetuity. Bureau Veritas had inspected the supplier twice: in 2011 and 2012. In early 2013, Loblaws terminated its contract with Bureau Veritas and contracted another auditing firm (ie several months before the collapse). The responsibility assumed is thus time-bound. As held by the Canadian courts, the duty owed will not extend long beyond the termination of the contract. Footnote 82 What supplementary period would be considered reasonable depends on the circumstances at hand. One relevant factor will arguably involve the period of validity of the certificate, label or any other form of attestation of compliance for which the audit or inspection serves as a baseline. That period may differ depending on what the audit standards or protocols require as imposed by the audit contract. In addition, the source of the danger may be relevant. Risks related to the design or structural features of production facilities (eg the availability of flight plans, sprinkler systems and emergency exits for fire hazards) will not change much over time. If the auditing firm fails to report the absence of such a safety feature and an incident that could have been prevented by that feature occurs after the auditing contract has lapsed, the firm may still be said to owe a duty. Other risks might be more time-dependent and subject to change (eg new product designs) and may thus create new risk profiles for the audited firm that effectively require re-inspection. In that case, a duty will less likely be owed.

Third, the case of Das v. Weston deals with the matter of reliance. The courts dismissed the assertion of the claimants that the supplier’s employees relied on Loblaws and Bureau Veritas to ensure their safety in the workplace. On this point, Perell J. of the Ontario Superior Court drew specific attention to the improbability that the employees, many of them illiterate in Bangla and in English, would know about, depend upon or be influenced by the standards, the audits or the contractual arrangements between the retailer, supplier and auditor in coming to work. Footnote 83 While the absence of direct exchanges between the claimant and defendant auditor or the awareness of the first about the activities of the latter are important in considering whether the element of proximity is satisfied, these features should not be seen as necessarily decisive. Footnote 84 The authorities in English law discussed above all suggest that of primary concern is whether the defendant has a sufficient measure of control over and responsibility for the source of danger to which the claimant is exposed and that, as a consequence of that control or responsibility, they have or ought to have within their contemplation the class to which the claimant belongs as being closely and directly affected by its activities. Feldman J.A. was therefore more accurate in her opinion where she reasoned that no reliance could be placed on Bureau Veritas because structural safety was beyond the scope of responsibility that it had assumed under the audit contract. Footnote 85

3. Is the duty owed fair, just and reasonable?

Once the elements of foreseeability and of proximity are established, the question is whether, as a matter of legal policy, it is fair, just and reasonable for the defendant auditor to owe to the claimant a duty to prevent or avoid harm arising from the potentially dangerous situation. Such considerations of policy may militate against imposing a duty of care. Typical considerations include the negative impact that the exposure to liability may have on a defendant who acts in the public interest or otherwise pursues laudable societal activities or goals (“defensive behaviour”), the availability of insurance against the liability imposed, the risk that the defendant is exposed to indeterminate liability (“opening the floodgates”) and the burden that this will place on the court system and its public funding. Footnote 86

Where the claims in negligence involve direct physical injury, English courts have generally shown little sympathy for these policy considerations. Footnote 87 Also for the classes of cases of concern here, the courts have been very reluctant to uphold arguments advanced by defendant auditors or inspectors to the effect that recognition of a duty would be unfair, unjust and unreasonable. The exception is the case of Marc Rich. Lord Steyn’s reasoning was primarily grounded in the particularities of the organisation of maritime trade and, within it, the allocation of risks for cargo loss through a balanced system of international rules, contracts and liability insurance. Moreover, societies like the defendant operate to fulfil a role that promotes collective welfare (ie the safety of lives and ships at sea). This role would be at risk if classification societies would be exposed to claims coming from cargo owners, who already have contractual claims against the ship owners. Such duplication of this liability is unjust because societies cannot, via contracts, limit such liability in the way a ship owner can vis-à-vis cargo owners. Footnote 88

However, Marc Rich is considered an authority that is irrelevant for cases of personal injury. In Perrett, the considerations regarding the duplication of liabilities, insurance and the presumed negative implications of a duty for the continuation of the work of safety inspectors could not dispose of the duty that the defendant aircraft safety inspector owed to the claimant for personal injury that resulted from a dangerous activity that the defendant had a measure of control over. Footnote 89 Similarly, in Watson and Wattleforth, considerations of the insurance position of the defendants, the implications of a duty for their role in safety management and the possible opening of the floodgates of liability did not displace the desirability or reasonableness of the duty of care that was imposed on the defendants. Footnote 90 Further, it was found unreasonable to deny the duty as this would leave the claimant with no remedy. Footnote 91

IV. The case for a duty of private safety auditors

The analysis of English law suggests that the tort of negligence provides a clear scope for subjecting on private third-party auditors a duty of care for physical harm caused by negligent audits, in particular where the auditor has a degree of control over the source of danger involved. In the light of the importance of private safety auditing for risk management purposes in GVCs, the role that such auditing is assigned to in current and future regulation of corporate accountability in GVCs and the ongoing contestation around the proper scope of liability for safety auditors, Footnote 92 this section will further argue the need for subjecting private safety auditors in GVCs to liability for negligence.

First, the exposure to civil liability would strengthen audit integrity and reliability. Auditing firms and the individual auditors they contract would be disincentivised to relax audit standards, cut corners and inflate audit scores. Footnote 93 When a duty of care is imposed, the defendant auditor is required to exercise reasonable care. The standard of care is one of reasonable skill and care. Footnote 94 For professional services such as auditing, that standard normally involves the ordinary level of care exercised in the profession, trade or industry. Footnote 95 That level of care is at times expressed by self-regulatory norms and codes. Footnote 96 For safety auditors as discussed in this article, these would include auditor protocols and policies of schemes such as GLOBALGAP, SA8000 and the BSCI, the accreditation standards as required under these schemes (eg GFSI, SAAS), common practices (ISO/IEC Guide 65:2005) and, where available, governmental standards. Footnote 97

Consequently, to prevent a breach of their duty of care and avoid liability vis-à-vis groups of victims of unsafe products or practices, private auditing firms will need to conform to the common practices and standards of their profession. This also applies to the individual auditors or auditing firms they contract to perform the auditing services, thus offering a second argument for exposing auditing firms to liability for negligence. Most of the audit failures discussed in this article concern the situation in which the alleged negligent auditing services were carried out via subcontracting, either by an independent contractor or by a foreign subsidiary. Footnote 98 As auditing firms can be responsible for the negligence of their employees, independent contractors and foreign subsidiaries, Footnote 99 they will have an incentive to carefully select qualified auditors for their subcontracted services, properly train them in the use of the standards and protocols applicable and astutely monitor their overall performance within the audit scheme. Footnote 100 Since the liability exposure of auditing firms may also extend to the negligence of their employees and subcontractors, this will further spur auditing firms to improve the rigour of audits and avoid liability for negligence. For victims of subcontracted audits that were negligently performed, such liability can also offer an effective remedy, where otherwise there would be none. After all, the independent contractors or foreign subsidiaries involved might not prove solvent enough to compensate for the extensive harm that can be done in the context of safety auditing in GVCs.

Third, civil liability for negligence would make private safety auditors accountable for the justifiable reliance that others place on their professional activities and representations such as certifications, labels or other kinds of attestations of compliance with safety standards. Both consumers and commercial buyers rely on such attestations to the effect that these accurately represent the safety of the products that they buy for personal or professional use. Footnote 101 In addition, workers or other third parties that are intended to benefit from professional safety auditing can be said to rely on the accuracy and integrity of such auditing. English law, as discussed above, does not require contact between defendant auditor and claimant for such reasonable reliance to exist. Instead, the crucial element is that the defendant auditor exercised relevant control over the source of danger to which the claimant was exposed, and that through that control they had or ought to have had within their contemplation the class to which the claimant belongs. Footnote 102 Accordingly, auditing firms may be exposed to various sizeable categories of claimants beyond those who contracted their services, which will further incentivise them to use reasonable care in performing these services.

Fourth, there are several knock-on effects that the exposure of private safety auditors to liability for negligence has for the attainment of public regulatory goals. Depending on the scope of the audit and the auditing standards, the imposition of a duty for these auditors to use reasonable care will lead to higher compliance levels amongst products produced in GVCs and thus better consumer protection. It may also decrease the chances that lead firms and other commercial buyers in GVCs purchase non-conforming products, and it can help to protect workers from unsafe working conditions. Further, accurate and rigorous auditing may also complement existing public mechanisms of oversight, which in GVCs might be ineffective or even corrupt at the local level of production. In addition, the financial resources, technical knowledge and skills amongst public inspectorates may be lacking at this level, as a result of which rigorous private safety auditing is a much-needed complement. Footnote 103 Thus, liability exposure of private safety auditors can help to develop the necessary monitoring and enforcement capacity in GVCs.

Admittedly, the infrequency and episodic nature of civil litigation against private safety auditors does not generate enough pressure to effectively change the behaviour of these professional actors. The exposure to liability may not sufficiently deter individual auditors from cutting corners and incentivise them to better their professional services. What is clear, however, is that civil litigation for harm caused by (alleged) negligent auditing in GVCs does assist in setting the agenda of public and private entities concerned with safety auditing. High-impact incidents involving private safety auditors, such as the Poly Implante Prothèse (PIP) breast implants scandal, the Ali Enterprises factory fire or the Rana Plaza collapse, have each shaped the way in which activists, NGOs, policymakers and legislatures think about health and safety in GVCs. Footnote 104 Regardless of whether the claimants are successful in their damages actions against private auditing firms, the litigation they start will generate media attention and bring to light information about the design and implementation of audits. As such, it plays an important role in signalling whether and how business associations, audit scheme owners, policymakers and legislatures can improve and support the reliability of private safety audits.

Finally, it may be contended that the liability exposure for private safety auditors in GVCs will lead these auditors to shy away from their business, especially in high-risk contexts. Footnote 105 There is little conclusive empirical evidence on whether civil liability leads defendants to develop defensive practices and stops them from engaging in harmful behaviour. Footnote 106 The English courts have not been persuaded by this argument in recent times. Footnote 107 Instead, they have insisted on the ability of defendants to take out insurance as a measure to guard against significant liability costs and, in turn, redistribute the costs of insurance via the price of their auditing and surveillance activities. Footnote 108 In addition, auditors can insert indemnification clauses in the contracts that they sign with the producers and suppliers that they audit. Footnote 109 As a result of these clauses, auditors can effectively shift the costs of liability to the audited firm. To be clear, these contractual indemnities will not immunise auditors from claims by third parties harmed because of a negligent audit. However, if the negligence is related to non-compliance by the auditee that foreseeably and directly caused harm to a third party, the auditee will have to carry the costs of liability following from a successful damages claim that the third party brings against the auditor.

V. Conclusions

This contribution has sought to discuss the civil liability of private safety auditors for harm caused by their negligence within GVCs. Relying on the analysis of English tort law, the liability exposure of these auditors, who perform a crucial risk management function within GVCs, is held to be distinctively determined by the purpose and scope of their professional services, as outlined by the contractual obligations that they undertake to perform vis-à-vis audited firms. It is the audit contract, including the audit standards and protocols referenced in it, that principally defines the extent to which the auditor holds a degree of control over or responsibility for the source of danger to which the claimant was exposed. Only if that control or responsibility is established, also in relation to the time frame in which the danger arose, will the auditor owe a duty of care to the claimant. This implies that no duty is owed if the claimant is exposed to a risk that the auditor did not have control over, nor will it be owed if the claimant falls outside the class of persons that the audit scheme was intended to protect or suffered the kind of harm that the scheme was not intended to prevent. Therefore, and in the absence of any statutory regulations defining the role and competence of private safety auditors, the scope for civil liability of these auditors within GVCs is intimately linked to the specific auditing contract and scheme involved. Footnote 110

This finding draws attention to the need to better understand and define the scope of the safety audits offered for risk management purposes within GVCs. In this respect, social auditing is a rather elusive concept. It involves a very wide range of topics, risks and harms. Social auditing is liable for creating the impression that all conditions affecting the health and safety of workers in the workplace are within the scope of the auditing activities, whereas they are not. Footnote 111 In this respect, product safety audits are more transparent. Their purpose is to prevent safety risks for potential buyers, and the auditors involved will readily understand who will be closely and directly affected by their activities if they would act without proper care. This explains the position of the courts, who have more readily accepted a duty of care on the part of product safety auditors. Accordingly, not all private safety auditors involved in the risk governance of GVCs are exposed to the same degree of liability risks.

Financial support

This contribution is part of the project “The Constitutionalization of Private Regulation” (2017–2021) funded by the Netherlands Organisation for Scientific Research (NWO) under the Innovational Research Incentives Scheme (Veni Grant no. 451-16-011). Visit www.paulverbruggen.nl/projects for more information.

References

1 J Short, M Toffel and A Hugill, “Monitoring Global Supply Chains” (2016) 37 Strategic Management Journal 1878.

2 G Gereffi, J Humphrey and T Sturgeon, “The Governance of Global Value Chains” (2005) 12 Review of International Political Economy 78; S Ponte and P Gibbon, “Quality Standards, Conventions and the Governance of Global Value Chains” (2005) 34(1) Economy and Society 1.

3 Final Statement in Ali Enterprises Factory Fire Affectees Association (AEFFAA) and others v. RINA Services S.p.A [2020] Italian National Contract Point for the OECD Guidelines, paras 12–22.

4 Social Accountability International, “Report Addendum: Fire Safety in Pakistan and Worldwide” (2013) 15–16.

5 Social Accountability 800 2008 Art 3.9. The standard’s version used at the time of the fire stipulates: “All personnel shall have the right to remove themselves from imminent serious danger without seeking permission from the company.”

6 See for a summary of the literature Short et al, supra, note 1, 1880–81.

7 See eg T Lytton and L McAllister, “Oversight in Private Food Safety Auditing: Addressing Auditor Conflict of Interest” (2014) (2) Wisconsin Law Review 309-311; J Short and M Toffel, “The Integrity of Private Third-Party Compliance Monitoring” (2016) 42(1) Administrative & Regulatory Law News 25; C Glinski and P Rott, “The Role and Liability of Certification Organisations in Transnational Value Chains” (2018) 23 Deakin Law Review 116; Y Kaplan and O Perez, “Tort as Meta-Regulation: The Liability of Private Transnational Regulators” (2021) 43(2) University of Pennsylvania Journal of International Law 31–37.

8 These third parties have been qualified in the regulation literature as “regulatory beneficiaries”. See for a conceptual account M Koenig-Archibugi and K Macdonald, “The Role of Beneficiaries in Transnational Regulatory Processes” (2017) 670(1) Annals of the American Academy of Political and Social Science 36–57.

9 See in detail European Law Institute, “Business and Human Rights: Access to Justice and Effective Remedies” (2022).

10 In the GVC literature, the expressions of “Global North” and “Global South” are used to describe today’s developed and developing nations, respectively. See extensively R Baldwin, The Great Convergence: Information Technology and the New Globalization (Cambridge, MA: Harvard University Press 2019).

11 T Bartley, “Institutional Emergence in an Era of Globalization: The Rise of Transnational Private Regulation of Labor and Environmental Conditions” (2007) 113 American Journal of Sociology 297.

12 M Blair, C Williams and L-W Lin, “The New Role for Assurance Services in Global Commerce” (2008) 33 Journal of Corporation Law 325.

13 F Cafaggi and P Iamiceli, “Regulating Contracting in Global Value Chains: Institutional Alternatives and Their Implications for Transnational Contract Law” (2020) 16(1) European Review of Contract Law 44; P Verbruggen, “Private Regulatory Standards in Commercial Contracts: Questions of Compliance” in R Brownsword, RAJ van Gestel and H-W Micklitz (eds), Contract and Regulation: A Handbook on New Methods of Law Making in Private Law (Cheltenham, Edward Elgar 2017).

14 Not-for-profit auditing schemes, such as those run by the Fair Labor Association or the Accord on Fire and Building Safety in Bangladesh, are beyond the scope of this inquiry.

15 See for a lucid account T Lytton, Outbreak: Foodborne Illness and the Struggle for Food Safety (Chicago, IL, Chicago University Press 2019).

16 See eg P Verbruggen and T Havinga (eds), Hybridization of Food Governance: Trends, Types and Results (Cheltenham, Edward Elgar 2017); AB Marks, “A New Governance Recipe for Food Safety Regulation” (2016) 47 Loyola University Chicago Law Journal 907; T Marsden, R Lee, A Flynn and S Thankappan, The New Regulation and Governance of Food. Beyond the Food Crisis? (London, Routledge 2010) p 3.

17 M Hatanaka, C Bain and L Busch, “Third Party Certification in the Global Agrifood System” (2005) 30 Food Policy 354.

18 “What We Do” (GLOBALGAP) <https://www.globalgap.org/uk_en/what-we-do/> (last accessed 20 September 2022).

19 “Approved Certification Bodies” (GLOBALGAP) <https://www.globalgap.org/uk_en/what-we-do/the-gg-system/certification/Approved-CBs/index.html> (last accessed 20 September 2022).

20 “Cultivation the Future of the Planet” (GLOBALGAP) <https://www.globalgap.org/uk_en/what-we-do/globalg.a.p.-certification/globalg.a.p./> (last accessed 20 September 2022).

21 See for an analysis M Martens and J Swinnen, “Private Standards, Global Food Supply Chains and the Implications for Developing Countries” in A Marx et al (eds), Private Standards and Global Governance: Economic, Legal and Political Perspectives (Cheltenham, Edward Elgar 2012).

22 See in detail T Havinga and P Verbruggen, The Global Food Safety Initiative and State Actors: Paving the Way for Hybrid Food Safety Governance” in P Verbruggen and T Havinga (eds), Hybridisation of Food Governance: Trends, Types and Results (Cheltenham, Edward Elgar 2017).

23 L Fulponi, “Private Voluntary Standards in the Food System: The Perspective of Major Food Retailers in OECD Countries” (2006) 31 Food Policy 6.

24 See eg F Albersmeier et al, “The Reliability of Third-Party Certification in the Food Chain: From Checklists to Risk-oriented Auditing” (2009) 20 Food Control 927.

25 RKI, Department for Infectious Disease Epidemiology, Division 35 (ed.), Final Presentation and Evaluation of Epidemiological Findings in the EHEC O104:H4 Outbreak – Germany 2011 (Berlin, Robert Koch Institute 2011) 4, 11.

26 “Multistate Outbreak of Listeriosis Linked to Whole Cantaloupes from Jensen Farms, Colorado” (Centers for Disease Control and Prevention, 27 August 2012) <https://www.cdc.gov/listeria/outbreaks/cantaloupes-jensen-farms/index.html> (last accessed 20 September 2022).

27 T Lytton, “Exposing Private Third-Party Food Safety Auditors to Civil Liability for Negligence: Harnessing Private Law Norms to Regulation Private Governance” (2019) 27(2) European Review of Private Law 363.

28 “Certification Programme Owners. Once certified, recognized everywhere” (GFSI) <https://mygfsi.com/how-to-implement/recognition/certification-programme-owners> (last accessed 20 September 2022). One of these audit schemes is PrimusGFS, which is owned and managed by Azzule Systems, which in turn is contracted by PrimusLabs to provide information management support services. See “PrimusGFS” (Azzule) <https://www.primuslabs.com/modules/services/azzule.aspx> (last accessed 20 September 2022).

29 P Verbruggen and T Havinga, “Transnational Business Governance Interactions in Food Safety Regulation: Exploring the Promises and Risks of Enrolment” in S Wood et al (eds), Transnational Business Governance Interactions: Empowering Marginalized Actors and Enhancing Regulatory Quality (Cheltenham, Edward Elgar 2019); MT Oldfield, “Enactment of the Food Safety Modernization Act: The US FDA within the Context of Interacting Public-Private Governance Processes” (2015) 6(4) European Journal of Risk Regulation 488.

30 See for a comprehensive study on Nike RM Locke, The Promise and Limits of Private Power: Promoting Labor Standards in a Global Economy (Cambridge, Cambridge University Press 2013) pp 46–77.

31 See for an authoritative account of the “waves” and “cascades” of codes of conduct developed by transnational corporations (TNCs) A Kolk and R van Tulder, “Setting New Global Rules? TNCs and Codes of Conduct” (2005) (14)3 Transnational Corporations 1.

32 See for a forceful academic critique D O’Rourke, “Outsourcing Regulation: Analyzing Nongovernmental Systems of Labor Standards and Monitoring” (2003) 31 Policy Studies Journal 1. See for an NGO perspective C Müller-Hoff, Human Rights Fitness of the Auditing and Certification Industry? A Cross-Sectoral Analysis of Current Challenges and Possible Responses (Berlin, ECCHR & V.i.S.d.P 2021).

33 Blair et al, supra, note 12.

34 M Theuws, M van Huijstee, P Overeem and J van Seters, Fatal Fashion: Analysis of Recent Factory Fires in Pakistan and Bangladesh: A Call to Protect and Respect Garment Workers’ Lives (Amsterdam, SOMO 2013) p 25.

35 M Sartor et al, “The SA8000 Social Certification Standard: Literature Review and Theory-Based Research Agenda” (2016) 175 International Journal of Production Economics 165.

36 “SA8000® standard” (SAI) <https://sa-intl.org/programs/sa8000/> (last accessed 20 September 2022).

37 “SA8000® Accreditation Program” (SAI) <https://sa-intl.org/services/assurance/sa8000-accreditation/> (last accessed 20 September 2022.

38 All named firms are accredited, but for Lloyds (LRQA), for with the accreditation expired in 2019. “SA8000 Accredited Certification Bodies” (SAI) <https://sa-intl.org/resources/sa8000-accredited-certification-bodies/> (last accessed 20 September 2022).

39 “Amfori BSCI” (Amfori) <https://www.amfori.org/content/amfori-bsci> (last accessed 20 September 2022); “Our Members” (Amfori) <https://www.amfori.org/content/our-members> (last accessed 20 September 2022).

40 “Audit Integrity Programme” (Amfori) <https://www.amfori.org/sites/default/files/Amfori-Design-Final-highres.pdf> (last accessed 20 September 2022).

41 D Pruett, Looking for a Quick Fix: How Weak Social Auditing Is Keeping Workers in Sweatshops (Amsterdam, Clean Clothes Campaign 2005) p 64.

42 C Terwindt and A Armstrong, “Oversight and Accountability in the Social Auditing Industry: The Role of Social Compliance Initiatives” (2019) 158(2) International Labour Review 245.

43 Final Statement in European Center for Constitutional and Human Rights and others v. TÜV Rheinland AG & TÜV Rheinland India Pvt. Ltd [2018] German National Contract Point for the OECD Guidelines para 30.

44 L Fransen and G LeBaron, “Big Audit Firms as Regulatory Intermediaries in Transnational Labor Governance” (2019) 13(2) Regulation & Governance 265.

45 It should be noted that despite powerful allegations put forward by NGOs and victims as to the flagrant failure of private third-party auditing to ensure safe products and safety production practices, there is no empirical evidence of systemic failures of such auditing attributable to conflicts of interest. Nonetheless, there are cases that reveal that such conflicts lead to audit failure. One prominent example is the breast implants scandal of the French producer Poly Implante Prothèse (PIP). In 2021, the Paris Court of Appeal ruled that the auditing firm involved (TÜV Rheinland) negligently certified the producer of the implants due to a lack of impartiality on the part of its subcontracted auditor (TÜV France) and was therefore liable under French tort law for the harm suffered by victims who received faulty breast implants. See for a discussion of the (unpublished) ruling of Cour d’appel Paris, 20 May 2021, Pôle 4 – Chambre 10, M-F Steinle-Feuerbach, “Prothèses mammaires PIP: Les limites de la responsabilité des societés certificatrices” (2021) 209 Le Journal des Accidents et des Catastrophes <https://www.jac.cerdacc.uha.fr> (last accessed 30 September 2022). For more background on the PIP breast implant scandal and auditor liability Glinski and Rott, supra, note 7; P Verbruggen and B van Leeuwen, “Liability of Notified Bodies under the EU’s New Approach: The Impact of the PIP Breast Implants Case (C-219/15)” (2018) 42(3) European Law Review 394.

46 Cf. Caparo Industries plc v. Dickman [1990] 2 AC 605 [617]–[618] (Lord Bridge). See more recently Robinson v. Chief Constable of West Yorkshire Police [2018] UKSC 4 [21]–[29] (Lord Reed, discussing all relevant authorities since Caparo).

47 S Deakin and Z Adams, Markesinis and Deakin’s Tort Law (Oxford, Oxford University Press 2013) p 116.

48 J Steel, Tort Law: Text, Cases, and Materials (Oxford, Oxford University Press 2017) p 166.

49 Negligence liability for pure economic loss within the category of “assumption of responsibility” such as false bank statements or financial audits are outside the scope of the analysis. See for that category Hedley Byrne & Co. Ltd. v. Heller & Partners Ltd. [1964] AC 465; Caparo Industries plc v. Dickman [1990] UKHL 2; NRAM Ltd. v. Steel [2018] UKSC 13; Banca Nazionale del Lavoro SPA v. Playboy Club London Ltd. & others [2018] UKSC 43. Some have attempted, against the logic of common law precedent, to argue that social auditors owe a duty of care to injured workers by reference to the duty that financial auditors owe to those knowingly relying on the audit. See eg T Van Ho and C Terwindt, “Assessing the Duty of Care for Social Auditors” (2019) 27(2) European Review of Private Law 379.

50 The element of “foreseeability”, while constitutive for the existence of a duty of care, was not found to be problematic for claimants to demonstrate in cases involving negligent audits and inspections.

51 Clay v. AJ Crump & Sons Ltd. [1964] 1 QB 533 (CA).

52 Donoghue v. Stevenson [1932] AC 562.

53 Cf Clay, supra, note 51, 557.

54 Perrett v. Collins & Ors [1998] 2 Lloyd’s Rep 255 (CA).

55 In this case, these were the Civil Aviation Act 1982 and the Air Navigation Order 1989.

56 C Witting, “Negligent Inspectors and Flying Machines” (2000) 59 Cambridge Law Journal 555.

57 Cf Perrett, supra, note 54, 264–65.

58 Cf Perrett, supra, note 54, 262 (Hobhouse L.J.).

59 See for food safety eg Art 17 Regulation 178/2002/EC of the European Parliament and of the Council of 28 January 2002 laying down the general principles and requirements of food law, establishing the European Food Safety Authority and laying down procedures in matters of food safety [2000] OJ L 31/1. See for occupational health and safety eg Art 5(1) of Council Directive 89/391/EEC of 12 June 1989 on the introduction of measures to encourage improvements in the safety and health of workers at work [1989] OJ L 183/1.

60 See eg Sections 3.2, 3.3, 11.1 and 11.2 of “Sublicence and Certification Agreement (v4.0)” (GLOBALGAP, 3 February 2015) <https://www.globalgap.org/.content/.galleries/documents/150302_GG_Sublicense-and-Certification-Agreement_V4_en_de.pdf> (last accessed 20 September 2022).

61 Marc Rich and Co. v. Bishop Rock Marine Co. Ltd [1995] UKHL 4, [1996] AC 211.

62 ibid, 23.

63 ibid, 23.

64 See fundamentally Dorset Yacht v. Home Office [1970] AC 1004, at 1060 (Lord Diplock).

65 See for illustrations Mitchell v. Glasgow City Council [2009] UKHL 11 [81]–[83] (Lord Brown); Michael v. Chief Constable of South Wales Police, 2015 UKSC 2 [100] (Lord Toulson JSC).

66 See generally Steel, supra, note 48, 368ff. See specifically for health and safety regulators D Fairgrieve, The Negligence Liability of Public Authorities (Oxford, Oxford University Press 2019) p 634.

67 This does not imply that the defendant must have knowingly and deliberately accepted a responsibility for the claimant’s safety before a duty can be imposed. The phrase “assumption of responsibility” means simply “that the law recognises that there is a duty of care. It is not so much that responsibility is assumed as that it is recognised or imposed by the law.” Phelps v. Hillingdon London Borough Council [2001] 2 AC 619 (HL) 654 (Lord Slynn).

68 Henderson v. Merrett Syndicates Ltd. [1994] UKHL 5, 14 (Lord Goff).

69 See eg Chandler v. Cape plc [2012] EWCA Civ 525 (CA) [80].

70 This applies to cases involving pure economic loss mostly. See for a full review of the authorities NRAM Ltd v. Steel [2018] UKSC 13 [18]–[24] (Lord Wilson JSC).

71 Watson v. British Boxing Board of Control Ltd [2001] Q.B. 1134.

72 ibid, [73]–[83].

73 Wattleworth v. Goodwood Road Racing Company Ltd & Ors [2004] EWHC 140 (QB).

74 ibid, [118]–[126].

75 Sutradhar v Natural Environment Research Council [2006] UKHL 33 (5 July 2006).

76 ibid, [38] (Lord Hoffmann).

77 ibid, [48] (Lord Walker). See for a critical account of the reasoning as applied by the Court of Appeal and upheld by the House of Lords D Howarth, “Poisoned Wells: ‘Proximity’ and ‘Assumption of Responsibility’ in Negligence” (2005) 64(1) Cambridge Law Journal 23.

78 Das v. George Weston Limited 2017 ONSC 4129 (confirmed by Das v. George Weston Limited 2018 ONCA 1053, paras 195–200).

79 The courts recognised that for all jurisdictions, the case against Bureau Veritas constituted a novel case. In those circumstances, Bangladeshi and Canadian judges draw on English law to establish the legal principles for the case.

80 As Perell, J. held in Das v George Weston Limited, 2017 ONSC 4129 para 446: “… the contract, in this case, a limited remit for a social not a structural audit, still remains relevant to determining the ambit of that duty of care”. On appeal, Feldman J.A. similarly reasoned that the analogy with the case of Clay, as relied upon by the claimants, broke down due to the limited scope of the audit contract: “While that case imposed a duty of care on the architect to a third party, the duty was limited to negligence in the performance of his contractual functions. Here, Bureau Veritas’ limited retainer did not extend to conducting a structural audit of Rana Plaza”, 2018 ONCA 1053, para 197. A similar argumentation was applied by the National Contact Point for the OECD Guidelines in Germany in a complaint lodged against TÜV India because of its alleged substandard auditing practices. See supra, note 43.

81 ibid, [444].

82 ibid, [447] and 2018 ONCA 1053 para 198.

83 Supra, note 80, [437]–[439].

84 Cf. Marc Rich, supra, note 61, 23 (Lord Steyn). See also Wattleforth, supra, note 73, [118].

85 2018 ONCA 1053 para 178.

86 These considerations may hark back to the elements of foreseeability and proximity. It has indeed been recognised early on that the three separate requirements of the duty test “are, at least in most cases, in fact merely facets of the same thing”. Caparo, supra, note 46, [633] (Lord Oliver). See also Watson, supra, note 71, [86].

87 See supra, note 70. See also Fairgrieve, supra, note 66, 634.

88 Marc Rich, supra, note 61, 23–28.

89 Perrett, supra, note 54, 265 (Hobhouse L.J.) and 276–77 (Buxton L.J.).

90 Watson, supra, note 71, [87]–[91] and Wattleworth, supra, note 73, [128] (where Davis J. considers that the defendant could redistribute the extra costs of insurance by passing them on to circuit owners, which will in due course be recovered from the licensed drivers). See also Fairgrieve, supra, note 66, 638–39.

91 Watson, supra, note 71, [87] See also Perrett, supra, note 54, 265: “it was perfectly possible that circumstances could exist where an innocent third party would suffer personal injury and be unable to recover from [the owner of the aircraft]”. If a duty for the defendant would not be recognised, the claimant would then have no remedy.

92 See eg the pending damages claim against the German auditing firm TÜV SÜD before the German courts. In this claim, based on Brazilian law, 1,100 claimants allege that the firm, operating through a foreign subsidiary, negligently certified the Brumadinho dam in Brazil as safe in 2018. That dam collapsed four months later, as a result of which 272 persons died and significant environmental damage was sustained. See M Binder, “Die Haftung von Zertifizierungs- und Prüfunternehmen als gebotener Bestandteil eines effektiven Lieferkettengesetzes” (Verfassungsblog, 10 June 2020) <https://verfassungsblog.de/die-haftung-von-zertifizierungs-und-pruefunternehmen-als-gebotener-bestandteil-eines-effektiven-lieferkettengesetzes/≥ (last accessed 20 September 2022); “TÜV SÜD lawsuit in Germany (re role in Brumadinho dam collapse)” (Business & Human Rights Resource Centre) <https://www.business-humanrights.org/en/latest-news/t%C3%BCv-s%C3%BCd-lawsuit-in-germany-re-role-in-brumadinho-dam-collapse/> (last accessed 20 September 2022).

93 Lytton, supra, note 27, 370.

94 Bolam v. Friern Hospital Management Committee [1957] 1 WLR 582 (QB).

95 However, even the most widely followed practice can fall short of what is reasonable. It is therefore for the courts to determine what the acceptable standard of care is. See Watson, supra, note 71, [108] (dismissing the contention of the defendant association that “there was no evidence that any other boxing authority in the World imposed more rigorous requirements than those of the [defendant’s] rules”) and Wattleworth, supra, note 73, [140]–[163] (on codes and criteria for racing safety).

96 See for auditors in particular Rihan v. Ernst & Young Global Ltd and Others [2020] EWHC 901 (QB), concerning the dismissal of an employee of the auditing firm (Ernst & Young – now EY) after he blew the whistle on an unethical and unprofessional audit, which was carried out by an EY subsidiary for a Dubai gold refiner. As a result of this audit, potential international money laundering was covered up. After finding that EY owed a duty to the employee, Kerr J. held the standard of care to be defined by the Code of Ethics for Professional Accountants adopted by the International Federation of Accountants as an “objective source of acceptable standards” [677]. It was established that this code was breached at EY’s highest levels of management, eventually leading to EY’s liability in negligence vis-à-vis its former employee for his loss in earnings.

97 Eg in the European Union: Regulation 765/2008/EC of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Reg (EEC) No 339/93 [2008] OJ L 218/30.

98 See supra, note 26 (PrimusLabs), note 34 (TÜV Group), note 43 (RINA), note 45 (TÜV Rheinland), note 92 (TÜV SÜD) and note 96 (EY).

99 See for the scope of such “vicarious liability” applying to employees and independent contractors Barclays Bank plc v. Various Claimants [2020] UKSC 13; Cox v. Ministry of Justice [2016] UKSC 10; Mohamud v. WM Morrison Supermarkets [2016] UKSC 11. See for parent company liability for foreign subsidiaries Chandler, supra, note 69; AAA and Others v Unilever PLC and Another [2018] EWCA Civ 1532; Okpabi and Others v Royal Dutch Shell Plc and Shell Petroleum Development Company of Nigeria Ltd [2018] EWCA Civ 191; Vedanta Resources Plc and Konkola Copper Mines Plc (Appellants) v Lungowe and Ors. (Respondents) [2019] UKSC 20.

100 See also Lytton, supra, note 27, 370. See for a different approach based on the doctrine of “non-delegable duties” Van Ho and Terwindt, supra, note 49, 399–400.

101 See for food safety certification Lytton, supra, note 27, 371.

102 See supra, note 84.

103 See for food safety standards Verbruggen and Havinga, supra, note 22. See more generally on product safety and environmental standards E Meidinger, “Governance Interactions in Sustainable Supply Chain Management”, in Wood et al, supra, note 22.

104 The PIP breast implants scandal and the dubious role played in it by TÜV Rheinland and its subsidiary TÜV France have led to major revisions in the safety regulation of medical devices in the European Union. That was well before the Paris Court of Appeal held TÜV Rheinland liable for the harm suffered by those women who had received PIP implants. See Verbruggen and Van Leeuwen, supra, note 45, 404–05.

105 See Lord Steyn in Marc Rich, supra, note 61, 26–27 (questioning whether the classification society involved would be able to carry out their public functions as efficiently “if they become the ready alternative target of cargo owners, who already have contractual claims against shipowners. In my judgment there must be some apprehension that the classification societies would adopt, to the detriment of their traditional role, a more defensive position”).

106 See B van Rooij and M Brownlee, “Does Tort Deter? Inconclusive Empirical Evidence about the Effect of Liability in Preventing Harmful Behaviour” in B van Rooij and D Sokol (eds), The Cambridge Handbook of Compliance (Cambridge, Cambridge University Press 2021) (using a literature review of multiple empirical studies in seven domains of tort law).

107 Fairgrieve, supra, note 66, 634.

108 See supra, notes 89 and 90.

109 See supra, note 6.

110 Arguably, the ground on which the private auditor holds control over or has responsibility for a risk to which the claimant is exposed does not matter. That ground may be contractual, statutory or even incidental in nature. See the main text at notes 76 and 77, as well as Glinski and Rott, supra, note 7, 110 and 116–17. However, for the reasons explained in Section II, the audits occurring in GVCs will for the most part be only contract-based.

111 The unsuccessful legal claims brought by victims of the Rana Plaza disaster are evidence of this. See supra, notes 43 and 80.