Skip to main content
Internal Market, Industry, Entrepreneurship and SMEs

Glossary of technical terms

Artisanal and small-scale mining (ASM)

The OECD defines ASM as “formal or informal mining operations with predominantly simplified forms of exploration, extraction, processing, and transportation. ASM is normally low capital-intensive and uses high labour-intensive technology. ‘ASM’ can include men and women working on an individual basis as well as those working in family groups, in partnership, or as members of cooperatives or other types of legal associations and enterprises involving hundreds of thousands of miners.”


A blockchain is a distributed database that is used to maintain a continuously growing list of records called blocks. Once recorded, the data in any given block cannot be altered without corrupting the entire chain. It offers a way for transactions to be reliably recorded and traced through the assent of everyone in the supply chain. It is increasingly being used in supply chain mapping software by many providers as a method of inter-organisational record keeping.

Conflict-affected and high-risk areas (CAHRAs)

According to the OECD due diligence guidance (OECD DDG), CAHRAs are characterised “by the presence of armed conflict, widespread violence or other risks of harm to people”. “High-risk areas are those where there is a high risk of conflict or of widespread or serious abuses as defined in paragraph 1 of annex II of the guidance.” The definition of a CAHRA in the EU regulation is coherent with the one provided by the OECD DDG.

Conflict minerals reporting template (CMRT)

The Conflict Minerals Reporting Template (CMRT) is a free, standardised reporting template created by the RMI in collaboration with members of the RMI, AIAG, and JEITA. The CMRT facilitates the transfer of information through the supply chain regarding the mineral country of origin and the smelters and refiners being utilised. It supports compliance with legislation and adherence to the OECD DDG. The template also facilitates the identification of new smelters and refiners to potentially participate in independent third-party assurance programs, pursuant to OECD step 4. The CMRT is intended to benefit suppliers and their customers by promoting consistency and efficiency in the minerals due diligence data exchange declaration process. The CMRT is designed to follow the IPC-1755 conflict minerals data exchange standard. IT solution providers often allow companies to upload the CMRT in MS Excel format to input directly into the IT platforms. 

See the CMRT

Corrective action plan

A corrective action plan is a step-by-step plan of action designed to address problems in a supply chain, most often used in audits. It should include concrete responsibilities and actions in prevention, mitigation and remediation, within a set time frame. 


According to the OECD, “enterprises should ensure that timely and accurate information is disclosed on all material matters regarding their activities, structure, financial situation, performance, ownership and governance. This information should be disclosed for the enterprise as a whole, and, where appropriate, along business lines or geographic areas. Disclosure policies of enterprises should be tailored to the nature, size and location of the enterprise, with due regard taken of costs, business confidentiality and other competitive concerns”.

See the OECD guidelines for MNEs document

Dodd-Frank act section 1502

Legislation that requires Securities and Exchange Commission (SEC) reporting companies (as per sections 13[a] or 15[d] of the exchange act) in the US to identify and report whether ‘conflict minerals’ from DRC and its 9 surrounding countries are present in their supply chains. This law, which is currently undergoing revision, does not prohibit the use of ‘conflict minerals’.

Downstream companies

All companies downstream of the refiners and smelters (see FAQ 5). Downstream companies include “metal traders and exchanges, bullion banks, other entities that do their own gold vaulting, component manufacturers, product manufacturers, original equipment manufacturers, jewellery manufacturers, retailers, and other companies using metals in the fabrication of products such as manufacturers and retailers of electronics equipment and/or medical devices”. (For more, see the due diligence guidance: towards conflict-free mineral supply chains. Specifically, the OECD easy to use guidance).

Due diligence

The processes through which enterprises can identify, prevent, mitigate and account for how they address their actual and potential adverse impacts (OECD guidelines for multinational enterprises, chapter II – general policies, para. 10). Due diligence can be included within broader enterprise risk management systems, provided that it goes beyond simply identifying and managing material risks to the enterprise itself, to include the risks of harm related to matters covered by the guidelines (OECD due diligence guidance for responsible business conduct – draft 2.1, p. 8). See page 6 of the OECD easy to use guidance above for a full description of risks. 

Due diligence schemes

Initiatives that can contribute to achieving the aims of the EU regulation and which “aim at breaking the link between conflict and the sourcing of tin, tantalum, tungsten and gold […] Such schemes use independent third-party audits to certify smelters and refiners that have systems in place to ensure the responsible sourcing of minerals. […] The methodology and criteria for such schemes to be recognised as equivalent to the requirements of this regulation should be established in a delegated act to allow for compliance with this regulation by individual economic operators that are members of those schemes and to avoid double auditing” (EU conflict minerals regulation).

EU regulation

As of 1 January 2021, companies have to comply with regulation (EU) 2017/821 laying down supply chain due diligence obligations for EU importers of tin, tantalum and tungsten, their ores, and gold originating from CAHRAs provided that the annual import volumes exceed those set out in annex 1 to the regulation.

Ex-post checks

Under the EU regulation, EU country competent authorities will carry out ex-post checks to ensure importers of minerals or metals comply with the regulation. The Commission has provided clear guidance to EU country competent authorities on how such ex-post checks should be carried out. Competent authorities will examine how the companies have complied with the regulation.


Formal and serious concerns and allegations brought forward by any interested party (affected parties or whistle-blowers) who alleges damage or voices a concern or dissatisfaction as a result of the company or its suppliers’ activities and impacts along the supply chain. The grievance involves the expectation that a response or a corrective action will be carried out by the company. Grievance procedures outline the steps that whistle-blowers can take to make a report (and the tools available to do so, such as dedicated hotlines, etc.), and how those reports must be acted upon by designated staff. 

Grievance and whistle-blowing mechanisms

The interrelated processes that support the implementation of a grievance procedure, such as receiving, investigating and responding to a grievance or complaint. 

Mangement system

A regime for achieving the commitments made in a policy. It typically comprises the policy, procedures, resources, roles, responsibilities, reporting obligations and methods, data management, and infrastructure necessary for fulfilling the policy. Greater detail is provided in the FAQs section.


Mitigation applies when there is a risk of creating or perpetuating harm through your business activities. These activities include contributing to serious abuses, direct and indirect support to non-state armed groups or public or private security forces, or inadequate, inaccurate and fraudulent chains of custody and/or traceability. Through a risk management plan with suppliers and stakeholders, you can source from those areas and suppliers while minimising any negative impact stemming from the risks. Risk mitigation is done once risks are identified or when they materialise and the process aims at reducing their negative impact. When an adverse impact materialises, remediation should also take place. 

The OECD due diligence guidance for responsible supply chains of minerals from conflict-affected and high-risk areas

A due diligence framework that was developed to enable companies to identify and manage conflict mineral risks in their supply chains. It consists of the following 5-step framework. (1) Establish strong company management systems. (2) Identify and assess risks in the supply chain. (3) Design and implement a strategy to respond to identified risks. (4) Carry out an independent third-party audit of the refiner’s due diligence practices. (5) Report annually on supply chain due diligence. The OECD DDG has separate supplements for the 3Ts (tin, tantalum and tungsten) and gold. The OECD recommends SMEs to adapt the OECD DDG in accordance with their own size and risk profile.


The OECD DDG for responsible business conduct states that remediation refers both to “the processes of providing remedy for an adverse impact and to the substantive outcomes that can counteract, or make good, the adverse impact, including: apologies, restitution or rehabilitation, financial or non-financial compensation (including establishing compensation funds for victims, or for future outreach and educational programs), punitive sanctions (whether criminal or administrative, such as fines), as well as prevention of harm through, for example, injunctions or guarantees of non-repetition” (OECD due diligence guidance for responsible business conduct, draft 2.1, p. 7).

Reasonable country of origin inquiry (RCOI)

An investigation conducted to determine whether any tin, tantalum, tungsten and gold (3TGs) in a supply chain originated from a conflicted-affected or high-risk area, or from recycled or scrap sources. The meaning of ‘reasonable inquiry’ depends on several factors including the size of the company, its products, the visibility of its supply chain, and supplier relationships. The Responsible Minerals Initiative (RMI) provides its members with a list of country of origin information on the source of conflict minerals in 3TG supply chains, to help companies to conform to the OECD DDG. See the RCOI list (full list available to members only).

Risks and risk assessment

Risks refer to the potentially adverse impacts a company’s operation could have through its business practices, its relationships with suppliers and its relationships with other entities in the supply chain. Through its due diligence process, a company identifies the potential risks of being linked directly or indirectly (for example through your supply chain) to irresponsible mining and processing of minerals in CAHRAs. A company carries out a risk assessment by looking into the factual circumstances of its business activity and assessing the level of risk by evaluating these circumstances in relation to compliance with national and international laws and standards.

Software as a service (SaaS)

SaaS is a model of software licensing and delivery where the software is granted on a subscription basis and centrally hosted. It is usually accessed by users through a web browser. 

Small and medium-scale enterprises

In the EU, “the category of micro, small and medium-sized enterprises (SMEs) is made up of enterprises which employ fewer than 250 persons and which have an annual turnover not exceeding €50 million, and/or an annual balance sheet total not exceeding €43 million”.

Supply chain mapping software

Supply chain mapping software helps companies to understand, communicate and gather data from their supply chain, usually through an online platform. These tools enable companies to centrally collate supply chain information, and then analyse and process the information in an efficient manner. This software can also help companies ensure the data they have collected from suppliers are aligned with any necessary legislation or guidelines with which they are required or aiming to comply/conform. 

Third-party audit

A third-party audit in the context of the OECD DDG is a process by which an independent third party verifies compliance with the 5 steps of the due diligence process. The auditor examines the activities, processes and systems used by a company to conduct supply chain due diligence. According to the EU regulation on conflict minerals (article 6), the auditor shall assess the conformity with the regulation of importers’ management systems, risk management and disclosure of information. The auditor shall make recommendations to the auditee on how to improve their due diligence practices. Importers can be exempt from carrying out third-party audits if they can provide evidence which demonstrates that their smelters and refiners comply with the EU regulation. This evidence shall include third-party audit reports.


As per the OECD DDG, traceability is the ability to identify provenance and who has handled the mineral or metal to find out where and from which circumstances it originates. Traceability depends on some process for tracking the minerals as they move along the supply chain (from the point of origin to the smelter or refiner). The paper trail that records the sequence of individuals and companies that take custody of the minerals in the process of moving along the supply chain is called the chain of custody. Note that new technologies are being developed to track and trace minerals.

Upstream companies

This includes “miners (artisanal and small-scale or large-scale producers), local traders and exporters from the country of mineral origin, international concentrate traders, mineral re-processors, refiners and smelters”.


Any collaborator, contractor, customer and/or third party that raises complaints and/or grievances related to the activities and impacts of the company or its contractors.

FAQ about OECD due diligence guidance

This section will help you find an answer to some of the most pressing questions SMEs ask themselves about due diligence.

SMEs’ frequently asked questions on due diligence

Step 1: Company management systems

Step 2: Risk identification and assessment

Step 3: Design and implement a strategy to respond to identified risks

Step 4: Third-party audit

Step 5: Reporting

Other FAQ

This section will help you find an answer to some of the most pressing questions SMEs ask themselves about due diligence.

Questions from EU training for small and middle enterprises (SMEs)

Contacts in EU countries

This section provides a list of the official EU country competent authorities, an edited version of that list with additional contact information only valid for this portal and other national authorities responsible for ensuring uniform compliance with the EU regulation.

Official list of EU country competent authorities

List of EU country competent authorities complemented with additional contact information only valid for this portal

Further national contacts