Our goal is to be a role model for responsible business conduct in our sector as well as a trusted company. Ensuring that our interactions with business partners, our employees, the capital markets and the general public are conducted with integrity and within the bounds of the law is vital to our reputation and creates the basis for sustainable business success.
When we speak of compliance, we are referring to a range of topics that deal with adherence to legal requirements or to our own policies, with the goal of addressing identified risk potential and preventing any violations that could negatively impact our reputation or result in fines or penalties.
We take steps to promote honest and transparent business practices in compliance with the law by focusing on training executives and our employees in compliance-relevant content, on shaping sustainable and stable relationships with business partners and on integrating sustainability metrics into our steering processes and incentive schemes.
The rules for ethical conduct set forth in our codes of conduct are further specified in the Human Rights and Anti-Corruption Policies. Our focus at all times is on preventing potential violations of legal requirements or internal guidelines.
Material impacts, risks and opportunities (ESRS 2 SBM–3)
In the course of the materiality assessment, we identified positive impacts of our corporate culture as well as risks.
MATERIAL IMPACTS AND RISKS IDENTIFIED
ESRS aspect
Impacts on the business model1
Impact on the
value chain
Corporate culture
Corporate culture
Upholding high ethical, social and environmental standards helps promote good business practices and an inclusive corporate culture, which can have positive spillover effects on the upstream value chain.
Positive
impact (potential)
Yes
Entity-specific
Fraud, conflicts of interest, antitrust law and competition
Unlawful competitive behavior and antitrust violations may be grounds for legal action, which could lead to fines and other financial losses and negatively impact our reputation.
Risk
No
Export controls and
embargo management
Doing business with countries or persons that are on sanctions lists or subject to embargoes can lead to significant fines, reputational damage and negative financial impacts.
Risk
Yes
1 The ESRS call for the following distinction: actual impacts occurred at least once during the fiscal year, whereas potential impacts did not.
Business conduct policies and corporate culture (ESRS G1–1)
We are committed to upholding all relevant international anti-corruption standards and statutes, including the United Nations Convention Against Corruption, and we are a member of the Partnering Against Corruption Initiative of the World Economic Forum. We provide all of our services in compliance with current legislation and our corporate values as defined in the respective Group policies.
Our corporate culture provides our employees with a foundation for cooperating with each other in an atmosphere of trust, thus cultivating an environment in which business can be conducted in a transparent, legally compliant and ethical manner that can positively impact the upstream value chain.
We inform our employees about the value and significance of compliance for the Group via frequent communications in the Group intranet as well as through accompanying campaigns and appropriate training courses. In fiscal year 2025, we held a divisional Compliance Awareness Week focusing on the future of compliance, and we also implemented compliance measures customized to the business models of the different corporate divisions and regions. The campaign was supported by messages from Board of Management members (tones from the top) and reinforced by awards for especially successful compliance solutions (best practices). Additional communication measures served to continuously raise awareness of compliance issues among our employees and to highlight the available compliance channels with the aim of fostering internal dialogue. With our actions we can also enable positive spillover effects on the upstream value chain.
The rules for ethical conduct set forth in our two codes of conduct are further specified in our respective policy statements on human rights and on corruption prevention. Our ongoing focus is on preventing potential violations of legal or internal Group requirements. Through this approach and the accompanying training programs, we provide clear guidance and support employees in identifying situations that could jeopardize the company’s integrity. Our suppliers are able to familiarize themselves with our requirements via a training tool covering the Supplier Code of Conduct.
Corporate Internal Audit evaluates the effectiveness of our risk management system, our control mechanisms and our management and monitoring processes as well as compliance with Group policies, thereby contributing to their improvement. It does so by performing independent regular and ad hoc audits at all Group entities and at corporate headquarters on the authority of the Board of Management. The audit teams discuss the audit findings and agree on actions for improvements with the audited organizational units and their senior managers. The Board of Management is informed of the findings on a regular basis. The Supervisory Board is provided with a summary once per year in addition to ad hoc reports as needed. We have described the competencies and capabilities of the Board of Management and the Supervisory Board as well as their roles under roles of the Board of Management and Supervisory Board.
The aforementioned actions serve to mitigate the risk identified with respect to unlawful competition, antitrust violations or conducting business with countries or persons subject to sanctions as well as risks arising from goods subject to foreign trade embargoes or sanctions.
RELEVANT BODIES, STANDARDS AND GROUP POLICIES FOR BUSINESS CONDUCT
This chart shows the organizational chart with the key committees on the left and the underlying standards, relevant Group policies, and memberships and partnerships for environmental issues on the right. The organizational chart is shown in the left-hand block. At the top of the hierarchy is the Board of Management, which has central responsibility for decision-making and the strategic direction of sustainability. Below this is the second level of the hierarchy with four thematic boards: the Strategy & Sustainability Steering Board (overseeing the sustainability agenda), the Operations Board (responsible for the operational management of climate and environmental protection and occupational safety, among other things), the IT Board (responsible for cybersecurity, data protection, and IT systems, among other things), and the Finance Board (responsible for key performance indicators, planning, risk assessment, and reporting, among other things). The third level of the hierarchy shows thematic committees, including the Energy Management Steering Committee, the SAF Steering Committee, Information Security Committee, ESG Change Board, and the Risk Committee. Below these are the divisions responsible for the operational management of sustainability issues. The right-hand block shows the accounting standards applied, key group policies, and memberships and partnerships. Applied standards: UN Global Compact; principles of the Universal Declaration of Human Rights; International Labor Organization (ILO) Declaration on Fundamental Rights and Principles at Work; OECD Guidelines for Multinational Enterprises and international anti-corruption standards and laws, including the UN Convention against Corruption. Key Group policies: Code of Conduct; Supplier Code of Conduct; Human Rights Policy Statement; Anti-Corruption Policy Statement, Anti-Corruption and Business Ethics Policy (internal); Group Data Protection Policy; Group Procurement Policy (internal) Key memberships and partnerships: United Nations: UN Convention against Corruption and World Economic Forum: Partnering against Corruption
Compliance management system for prevention and detection of corruption and bribery (ESRS G1–3)
One important aspect of compliance involves the legal requirements to prevent corruption and bribery. Stipulating and monitoring legally compliant conduct in our business activities and in our interactions with our employees is an essential task of all Group management bodies. Responsibility for designing the compliance management system (CMS) lies with the Chief Compliance Officer, who reports directly to the CFO. Within the corporate divisions, implementation of the CMS is the responsibility of the compliance officers of the corporate divisions.
The CMS includes, for example, elements to identify and analyze risk, elements to evaluate business partners, communications and training measures, monitoring and reporting as well as elements to derive action plans and targets. This process serves to define uniform minimum standards for the Group as a whole, which enables us to adhere to applicable law, for instance anti-corruption laws, as well as to the relevant internal policies such as our Anti-Corruption and Business Ethics Policy and the Policy Statement on Anti-Corruption.
ELEMENTS OF THE COMPLIANCE MANAGEMENT SYSTEM
The circle graphic shows the elements of the compliance management system. Clockwise (starting at 12 o'clock), the elements are as follows: Implement compliance organization, perform risk analysis, implement guidelines, provide whistleblower system, evaluate business partners, communicate and provide training concepts, monitor and improve measures with the compliance program and reporting system, derive new measures and track their implementation, create and maintain a compliance culture, set goals and track progress.
Whistleblower system
Potential compliance violations can be reported 24/7 via our publicly accessible whistleblower system. Reports may also be made anonymously, whistleblower system. The technical platform for submitting reports is provided by an independent third party. The whistleblower system is available to anyone via the Group website. Potential violations may be reported in writing or by phone using a system-based, question-guided dialogue function. The reports received are investigated for potential violations and resolved as part of a standardized process. Compliance metrics on reports and topics are recorded Group-wide in the compliance reporting tool (incident management dashboard), with the information reported flowing into the compliance report to be presented to the Board of Management. Reports on the CMS are submitted to the Board of Management and to the Supervisory Board’s Finance and Audit Committee once per year as well as ad hoc in the event that the potential violation is serious.
Our top priority is to protect the reporting person, in line with the European Directive on the protection of whistleblowers and the German Whistleblower Protection Act. An independent agency has certified the proper functioning of the reporting system’s anonymity function. Encryption and special security programs are used to ensure that reports remain anonymous. Personal data are processed in accordance with the deletion policy.
Training policies
Compliance training is mandatory for managers in middle and upper management and for many employees. By offering training on compliance matters, we raise our employees’ awareness of potential compliance risks and enable our employees to manage those risks appropriately. Senior managers in middle and upper management may be at particular risk of becoming involved in corruption or bribery as a result of their roles. Board of Management members also take part in compliance training. Compliance training comprises our core compliance curriculum (anti-corruption, antitrust and competition law, Code of Conduct) plus training on data protection, which our employees must complete every two years.
Targets and results, confirmed incidents of corruption or bribery (ESRS G1–4)
We use the share of valid compliance training certificates among managers in middle and upper management as a steering-relevant performance indicator. The certification rate was 99.2% in fiscal year 2025 (2024: 99.1%). We thus exceeded our target of 98%. All members of our Board of Management have also successfully participated in the training. In fiscal year 2026, the share of valid certificates for compliance training in middle and upper management is to be maintained at a high level of at least 98%. In the context of its 217 internal audits (2024: 214 internal audits), Corporate Internal Audit also reviewed our compliance management system processes and the implementation of agreed-upon follow-up actions. Findings from regular audits facilitate the identification of other compliance risks and help to continuously refine our compliance processes.
In fiscal year 2025, there were no incidents of corruption or bribery that resulted in either convictions or fines.
Management of relationships with suppliers (ESRS G1–2)
As supplier, we define a natural person, a private or government entity, or a combination thereof that performs services or delivers goods based on a contract with DHL Group and/or a purchase order issued by a subsidiary as well as potential suppliers that may be considered in a tendering process. Exceptions to this are:
Suppliers specified by the customer (only applies during the first twelve months of cooperation)
Trade unions
Authorities that either provide law enforcement or administrative services (e.g., police, commercial registries, environmental authority) or whose services are monopolistic (fees, e.g., for landing and parking rights as well as overflight rights)
Memberships/trade associations, if membership enables DHL Group to claim a status, and not if the purpose of membership is to purchase goods and services at a reduced price
We use our Supplier Code of Conduct to implement our ethical, social and environmental standards in the upstream value chain with the goal of facilitating ethical business practices and positively impacting business conduct in general. The Supplier Code of Conduct sets forth clear requirements for working conditions (adequate wages and a healthy and safe workplace) and for the prevention of violence and harassment in the workplace as well as the avoidance of child labor. This is also done to protect our suppliers’ workers who are engaged in our order fulfillment, in order to address the potential negative impacts identified. The Supplier Code of Conduct is a binding component of all Group supplier relationships. It requires our suppliers to adhere to our standards and to implement them in their own supply chains.
Training for suppliers and our employees
We convey our expectations to our suppliers via our supplier portal and introduce our selection processes. Suppliers can use the supplier portal to familiarize themselves with our Supplier Code of Conduct in advance, which we provide in numerous languages along with the corresponding training module. From there, they can also access our whistleblower system, which they can use at any time to report potential violations of the Supplier Code of Conduct or statutory provisions as well as cybersecurity incidents.
Our procurement employees are regularly trained to identify potential supplier-related risks early on. Managers in middle and upper management are obliged to complete the training modules “Supplier Code of Conduct” and “Purchasing Compliance.”
Supplier selection and assessment process
Corporate Procurement primarily selects suppliers that meet our standards as set forth in our Supplier Code of Conduct. The selection process is based on a standardized assessment procedure that also takes into account the different requirements and possible risk profiles of our business models and procurement categories. The following internal Group policies set out in detail the requirements that are considered in our supplier assessment process. The requirements apply to the supplier selection process as well as to the supplier assessments carried out in the course of the business relationship:
Minimum supplier due diligence standards (Corporate Procurement Policy)
The minimum requirements for risk assessment are based on risk potential, which we re-evaluate annually depending on the procurement category and the geographical location of the supplier. The risk assessment is influenced by the procurement category and various other types of risk within the relevant risk domains sustainability, the economy, technology, law and politics, and cybersecurity. We also consider factors such as diversity and respect for human rights in the risk assessment in addition to external criteria for determining risk potential such as the Corruption Perceptions Index issued by Transparency International and/or Verisk Maplecroft’s risk classification system. The final assessment of risk potential is based on an evaluation of the probability of occurrence and possible impact. The selection of suppliers for risk assessments is based on the following criteria, which may be applied individually or in combination:
Frequency of cooperation
Continuity of the business relationship
Amount of expenditure
Geographical location
In addition, individual assessments may be carried out.
The Group-wide risk management system for a supplier evaluation is continuously reviewed for potential improvements and adjusted as necessary. Our assessment procedure takes the different requirements of our business models into account. The following evaluation tools can be used individually or in combination with each other, depending on the requirements of the specific tendering process, or they may be used to review existing contractual relationships.
SUPPLIER MANAGEMENT EVALUATION TOOLS
Self-assessment questionnaires
Virtual or onsite audits
Certification issued by a third party
Risk rating issued by a third party
Checking suppliers against sanctions lists
If supplier practices are identified that are not in line with our standards, this could result in the supplier being excluded from tenders. Should a serious breach or material shortcoming be identified among existing suppliers, we jointly agree on specific actions for improvement with the supplier and follow up on their implementation. We reserve the right to terminate the supplier relationship if we do not identify sufficient improvements when re-assessing the supplier.
Metrics and targets
We evaluate the effectiveness of our supplier management processes using the metrics “Supplier spend covered by an accepted Supplier Code of Conduct” and “Potential high-risk suppliers assessed.” Each month, the progress made with regard to supplier spend is reported to management, and the performance of this metric is discussed with the CEO and CFO. The second metric is calculated on an annual basis.
Supplier spend covered by an accepted Supplier Code of Conduct: We use this metric to measure our ability to enforce compliance with our standards in the upstream value chain. We consider the following to be an accepted Supplier Code of Conduct:
Own Supplier Code of Conduct
The supplier’s code of conduct, provided that we have classified it as equivalent, and it has been implemented by the supplier
Mutual recognition of the companies’ own codes of conduct if both contracting parties are simultaneously suppliers and customers and the codes can be classified as equivalent.
Supplier spend covered by an accepted Supplier Code of Conduct comprises the eligible expenditures reported via our Group-wide procurement dashboard. The calculation of this metric excludes, for example, taxes, rents or internally allocated costs.
Potential high-risk suppliers assessed:As announced, this metric was reviewed during the fiscal year and its definition was confirmed. We measure our ability to contractually enforce adherence to the standards set forth in our Supplier Code of Conduct in the upstream value chain. Suppliers with an ongoing business relationship and potential new suppliers are assessed if they are identified as having high risk potential in accordance with the criteria outlined above or on the basis of an individual risk characteristic. This also affects suppliers in procurement categories, in which we have identified both positive and negative impacts on workers in the value chain.
In fiscal year 2025, the supplier spend covered by an accepted Supplier Code of Conduct amounted to at least €38.2 billion (2024: at least €39.2 billion), which corresponds to a share of 96.9% of eligible supplier spend (2024: 95.7%). In addition, we assessed 7,890 potential high-risk suppliers (2024: >6,000). At the end of the year, 280 suppliers remained with a confirmed high risk. Appropriate improvement measures are agreed upon and their implementation is monitored. If we do not see sufficient progress, we reserve the right to terminate the supplier relationship.
