- Date filed
- 27 July 2021
- Keywords
- Countries of harm
- Current status
-
No resolution
- Sector
- NCP
Allegations
On 27 July 2021, the Centre for Research on Multinational Corporations (SOMO) on behalf of 474 Myanmar-based civil society organisations submitted a complaint against Telenor ASA to the Norwegian NCP. The complaint contends that Telenor’s sale of its Myanmar business to the Lebanese company M1 Group fails to meet the standards of responsible disengagement set out in the OECD Guidelines, in three key respects:
1. Telenor has failed to conduct appropriate risk-based due diligence and has failed to seek to prevent or mitigate adverse human rights impacts potentially arising from the sale of its Myanmar operations.
2. Telenor has failed to meaningfully engage with relevant stakeholders in relation to the sale of Telenor Myanmar to M1 Group, including the Myanmar-based civil society organisations endorsing the complaint.
3. Telenor has not been transparent in relation to its decision to disengage from its Myanmar operations.
Telenor’s sale to M1 Group comes after the Myanmar military’s 1 February 2021 coup and brutal crackdown on peaceful protests, civil society and independent media, as well as heightened electronic surveillance. Civil society members involved with the complaint have explained their need for responsible telecommunications businesses that will push back, rather than collude, with repression by the authoritarian government. M1 Group is owned by the billionaire Mikati family, who have a history of business in authoritarian countries including Syria, Sudan and Yemen and face unresolved allegations of corruption and terrorist financing. The complainants do not trust that M1 Group will uphold their human rights responsibilities or do business with integrity.
Relevant OECD Guidelines
- Chapter II
- Chapter II Paragraph A10
- Chapter II Paragraph A14
- Chapter III
- Chapter III Paragraph 1
- Chapter III Paragraph 2 f
- Chapter IV
- Chapter IV Paragraph 1
- Chapter IV Paragraph 5
Outcome
On 27 September 2021, the Norwegian NCP issued an initial assessment accepting the complaint for good offices.
On 28 October 2022, the Norwegian NCP published a Memorandum of Understanding (MoU) agreed between the parties. The parties have been engaged in mediation since June 2022. Following the mediation, the parties arrived at a preliminary MoU that captured the mediation discussions, the agreements and acknowledgements made by both parties, and a path forward for further mediation and agreement. The parties have taken steps to implement the agreements made in the MoU. Among other things, they will jointly select an independent researcher to conduct an ICT Eco-System Risk Study. Telenor is sharing its expertise and experience about risks to digital rights and freedoms in Myanmar under the junta and has commenced an internal review process with the possibility for the complainants to provide input.
The parties intend to reach a full agreement by the end of 2022 and to conduct regular meetings to implement the MoU. Telenor has also agreed to support the implementation of follow-up actions recommended by the ICT Eco-System Risk Study. One of these actions is exploring how an independent Myanmar digital security relief mechanism could be soon established to provide training and financial and legal support to Myanmar citizens at risk due to their digital footprint.
Relatedly, on 7 October 2025, Defend Myanmar Democracy, Myanmar Internet Project, and others, supposed by SOMO and Open Society Justice Initiative, sent a pre-action letter to Telenor ASA formally notifying Telenor that the claimants intend to file a lawsuit in Norway over the company’s reported disclosure of sensitive customer data to Myanmar’s military junta, data that was used to track, detain, torture, and kill activists and other civilians. The letter is closely related to the issues raised in the NCP complaint against Telenor. More information is available on SOMO’s website.
On 11 December 2025, the Norweigan NCP published its final statement. The NCP stated that generally “provision of user data to a military junta that uses the data for surveillance of political opponents may be regarded as contribution to adverse human rights risks and impacts” and that Telenor’s prioritisation of employee security resulted in the company failing to take “nearly any possible actions to mitigate the risks for end users”, such as helping customers protect their communication.
The NCP made detailed determinations and recommendations regarding Telenor’s alignment with the OECD Guidelines, including that Telenor did not carry out human rights due diligence commensurate with the severity and likelihood of the adverse impacts with which it was involved in Myanmar:
“137. Some serious human rights risks were identified and mitigated through Telenor’s human rights due diligence in relation to its disengagement from Myanmar. Protecting the lives and security of employees is indeed a core component of the corporate responsibility to respect human rights.
138. Telenor did not, however, undertake ongoing human rights due diligence commensurate to the severity and likelihood of the adverse impacts with which the company was involved in in Myanmar; it was not in accordance with the expectations of Guidelines to systematically give priority to one set of rightsholders, i.e. Telenor’s own employees. Telenor’s human rights due diligence systematically gave lower precedence to engagement with other rightsholders, e.g. measures to help customers protect their communication, and risk-based prioritisation of impacts with which the company actually or potentially were involved. The human rights due diligence was therefore not as dynamic and risk-based as the Guidelines expect. Any consequences of this in individual cases have not been examined by the NCP.
139. Telenor’s human rights due diligence after the coup was furthermore limited by the fact that the company’s ability to mitigate risks for all those who were seriously at risk of persecution or reprisals most likely was more limited than it could have been if the company’s human rights due diligence prior to the coup had encompassed the possibility of reintroduction of full military rule in Myanmar and a forced exit from the country, with corresponding human rights due diligence based on exit scenarios.72
140. A new, thoroughgoing risk-assessment, human rights due diligence and reassessment of prioritisation of risks pertaining to the sale of the company should have been undertaken when it became clear that the Myanmar authorities required that M1 Group found a local partner as majority owner.
141. Telenor’s contract with M1 Group should have gone beyond simply ensuring that the company expressed an ambition to respect human rights. Telenor should at least have required that the buyer put specific human rights-related policies and procedures in place to commit them to, as far as possible, operate responsibly in a conflict-affected context.
142. The NCP expects Telenor to take an active role in remediation to the extent of its contribution to adverse impacts by further follow-up of the commitments in the MoU, notably through a digital relief security mechanism. Telenor is furthermore expected to cooperate in the remediation of adverse impacts, as a key telecommunications operator, within a broader remedy ecosystem.”
In OECD Watch’s view, the Norwegian NCP’s determinations strongly underscore the importance of companies conducting ongoing, dynamic risk-based human rights and environmental due diligence—particularly in conflict-affected and high-risk regions. The Telenor case, which addressed the rapidly changing context in Myanmar before and after the 2021 coup, highlights that due diligence cannot be a one-off exercise. Companies must continuously assess evolving conditions and be prepared to adjust their operations accordingly.
Crucially, the NCP’s determinations and recommendations also demonstrate the need for companies to consider at the earliest possible moment how they will responsibly disengage from business relationships if circumstances shift and continued involvement becomes inconsistent with responsible business conduct. Companies should not enter into partnerships or investments without a clear, responsible exit strategy in place. This is especially important for companies entering or operating in high-risk, conflict-affected contexts. The absence of responsible disengagement policies and planning creates significant risks not only for companies but also for affected stakeholders, including workers and affected communities.
While responsible disengagement policies are essential for conflict-affected areas, their importance extends further. In the context of the just transition—companies transitioning from fossil fuel extraction to renewable energy systems—companies must also anticipate how and when they should responsibly wind down or shift certain activities. Robust, risk-based human rights and environmental due diligence and disengagement policies and practices are therefore critical across sectors as global expectations for responsible business conduct continue to rise.
The NCP will follow-up on its recommendations and any other activities relevant to the issues raised in one year.
Ko Ye, former Telenor Myanmar customer and one of the complainants, reacted to the NCP’s final statement:
“Telenor has betrayed its 18 million users and left them at risk from the military junta’s surveillance and repression. It must now follow the NCP’s decision to remediate those who have been harmed by Telenor’s actions.”
Joseph Wilde-Ramsing, Advocacy Director at SOMO, stated:
“The NCP’s decision affirms the concerns we raised about Telenor’s irresponsible behaviour and exit from Myanmar. It sets an important precedent regarding corporate accountability in high-risk contexts, and it is a powerful acknowledgement that businesses should never disengage irresponsibly. If they do, they are on the hook for remediating the harm.”
More details
- Defendant
- Company in violation
- Complainants
- Affected people
- Date rejected / concluded
- 11 December 2025