The COVID-19 pandemic accelerated digitalization, transforming traditional work settings. With more companies adopting remote and hybrid working environments, adapting existing working conditions to evolving regulatory frameworks has become paramount. With that, there was evidently a proliferation of internal policies—which are neither transparent nor democratically produced. This phenomenon erodes the rule of law within organizations, distorting the very notion of corporate governance. Unilateral rules are wrongly defined as policies: they are not drafted by policy or legal experts but rather by managers and HR personnel who are neither trained for nor legally empowered to execute such tasks.
These “faux policymakers” create a parallel legal order that is neither accountable to the principles of legality nor constrained by the limits of legitimate authority. They may constitute a violation of existing laws themselves.
In the law case Irving Pulp & Paper Ltd. v. CEP, Local 30, the judge ruled that any company policy unilaterally imposed by the employer must be consistent with the collective agreement and be reasonable. This precedent underscores companies’ importance in ensuring that their internal policy development processes align with legal standards and existing agreements.
Rule of Law vs. Rule by Policy
Rule of law “refers to a principle of governance in which all persons, institutions, and entities, public and private … are accountable to laws that are publicly promulgated, equally enforced, and independently adjudicated, and which are consistent with international human rights norms and standards,” as stated in the United Nations Security Council, “The rule of law and transitional justice in conflict and post-conflict societies,” S/2004/616 at para. 6.
In the hierarchy of the law, internal policies rank lower in authority than laws, regulations, and constitutional provisions. They are a form of soft law—non-binding as defined in legal theory—but highly coercive in practice. In other words, they must comply with overarching legal standards, whether labor law, constitutional rights, or other administrative law principles. Non-compliance by employees in the most adverse circumstances may lead to the termination of their contracts.
In addition, these internal policies are frequently rolled out with little transparency. Slack conducted a survey, and the results showed impressive results: over 80% of workers want a better understanding of decisions. The percentage is higher among job seekers, with 87% seeking transparency in their future workplace. Though Slack collected this data only to improve working conditions, it reveals that companies should increasingly adapt to workforce demands while safeguarding the law.
Arbitrary rulings may happen in different ways; alongside a lack of transparency, the informality of the implementation of these rulings can also be questioned. Employees may receive vague emails announcing a new rule or even verbal instructions, often without consultation and, most importantly, without collective participation. In worse cases, these rulings may contradict national labor laws or infringe upon privacy rights. Escalation may cause organizations to be subject to lawsuits in response to their employees’ wrongdoing.
The Independent Television News (ITN) is being investigated for its internal complaint mechanism, raising concerns about low trust and lack of psychological safety of its employees. They argue that the Non-Disclosure Agreements (NDAs) they are obliged to sign are used to conceal ‘gender pay discrimination, harassment, and bullying,’ as described in the law case.
Another example is the misuse of companies’ “codes of conduct” that facilitate the suppression of free expression. Social media has exacerbated this narrative. Employees who post critical—but lawful—comments on their personal social media accounts may face internal sanctions or bullying. They are often victims of cyberstalking by their colleagues and superiors.
EU Directive 2000/78/EC—Equal Treatment in Employment and Occupation prohibits discrimination and harassment in the workplace, including cyberstalking. The directive ensures that employees are protected from such practices. National regulations in European countries, including employment law, civil codes, and others, also contain cyberstalking provisions abiding by European supranational regulations.
Corporate Governance Without Legal Literacy
The erosion of the rule of law in the workplace is not only a legal issue but also a corporate governance failure. Effective policymaking requires more than authority—it demands legal literacy, ethical foresight, and procedural fairness. Paul J. Zak, in a Harvard Business Review study, suggested that ’employees in high-trust workplaces are 76% more engaged and 29% more satisfied with their lives.’
Recommended steps for the elaboration of in-company policies:
1. Identify the Need: Gather past cases for improvements and the need for updated or new formal policies.
2. Research and Consultation: Verify compliance with laws, regulations, and industry standards.
3. Draft the Policy: Write a clear and concise first version.
4. Internal Approval: Management and representatives review and approve the draft policy.
5. Communication and Implementation: Distribute the final policy to all relevant parties and provide training if needed. Often, it can be done as a code of conduct, employee handbook, or issued as a standalone policy document.
6. Monitor and Review: Regularly check if the policy is effective and compliant; revise if necessary.
For startups that do not have enough resources, partnering with business associations is recommended for ongoing support.
Many organizations, particularly those undergoing digital transformation or rapid expansion, tend to codify every possible situation, which can be defined as ‘policy inflation.’ As a result, it may lead to contradictory and overlapping rules, not to mention the possibility of infringing regulations and laws. The implications for employees are numerous: if they find themselves in an uncertain environment, they might become risk-averse, self-censoring, and disengaged. Turnover is the most direct consequence in this scenario.
Transparency is critical to any organization. Internal policies should be published, searchable, and clearly explained to employees. Depending on the nature of the business, they should be passed or voted on by a designated committee. Equally, consultation processes must be established, allowing employees to give feedback and challenge unjust rules. Ultimately, organizations should increasingly adopt an employee-centric approach, as employees are their most valuable asset.
