?德國《供應鏈盡職調查法案》（“LKSG”）

自2022年以來，遵守人權和環境相關盡職調查要求一直是整個集團合規管理體系（CMS）的重點主題。TÜV南德意志集團的合規管理體系建立在以下七大支柱之上：

3.1. 合規文化

合規文化是TÜV南德意志集團合規管理體系的基礎，其特點是管理者“上層定調”。合規對TÜV南德意志集團至關重要，因為集團在致力于保護人類、環境和資產的過程中，始終以其獨立和誠信服務為根基。 TÜV南德意志集團的合規文化包括所有認同、尊重并支持合規行為重要性的員工。我們也希望供應商建立相應的合規文化。

3.2. 合規目標

TÜV南德意志集團合規管理體系的主要目標之一是確保TÜV南德意志集團的所有員工和簽約第三方在提供服務時守法合規。對于TÜV南德意志集團的供應商，我們的目標是使其符合TÜV南德意志集團供應商行為準則中提出的期望。集團將對所有違規指控進行調查，并對違規行為進行處罰。TÜV南德意志集團對任何違規行為均秉持零容忍態度。

3.3. 合規風險

通過在全集團對一般合規和特定LkSG風險進行定期分析，我們確定了可能造成違規行為進而導致無法實現合規目標的風險。對于TÜV南德意志集團等全球運營集團而言，各專業部門和地區之間的互聯互通至關重要。針對已識別的風險，我們會根據其發生概率及潛在后果進行分析。此外，由集團高管組成的合規委員會每年多次召開會議，討論全集團內的合規動態，并評估潛在的新風險。在風險分析的基礎上，制訂出旨在降低合規風險并防止違規行為的原則和措施。

3.4. 合規計劃

TÜV南德意志集團的合規計劃以預防為主。對于潛在的違規行為需要提前作好預防措施，尤其需提高員工意識、加強員工教育并實施預防性的企業流程。除了預防措施外，合規計劃還包括違規情況下的補救措施以及舉報系統（即TÜV南德意志集團信任渠道）。自2022年起，合規計劃還將著重關注人權和與人權相關的環境保護義務。

作為合規計劃的核心，行為準則規定了適用于整個集團的TÜV南德意志集團合規事項的基本規則。其中一章規定了遵守人權和環境保護義務。

在適用于整個集團并由專業部門發布的各類指南中，均明確提出了行為準則中規定的基本規則。集團人力資源部的各類指南確保TÜV南德意志集團在自身業務運營中始終尊重人權，包括人權和勞動法、多元化和包容性、結社自由、全球健康和安全管理、公平同酬等指南。其內容包含了與LkSG所定義的人權相關環境風險，尤其是在集團房地產部和環境政策中。采購部確保在供應鏈中尊重人權，并在采購指南、采購手冊和供應商行為準則中為此規定了必要和適當的措施。

3.5. 合規組織

TÜV SÜD AG 管理委員會全面負責TÜV南德意志集團合規管理體系和合規組織結構。TÜV 南德意志集團的合規組織包括位于TÜV SÜD AG且具有全球指導職能的全球合規辦公室、為全球所有公司和地區設立的地方合規官和區域合規官，以及企業合規委員會、企業風險委員會和信任渠道合規委員會。全球合規辦公室由首席合規官、企業合規主管、企業合規官、全球人權官和其他員工組成。TÜV南德意志集團的合規組織由首席合規官領導。首席合規官直接向管理委員會主席匯報工作，在履行這一職能時不受任何指示的約束。企業合規主管負責管理TÜV南德意志集團合規組織的戰略和運營。全球人權官負責監督LkSG規定的人權和環境相關盡職調查義務方面的風險管理。

3.6. 合規溝通

TÜV南德意志集團合規管理體系最重要的要素之一是合規問題的風險溝通。一方面，TÜV南德意志集團通過書面規定和培訓課程以及其他溝通措施對其員工進行合規溝通，如管理人員至少每六個月進行一次的“合規時刻”。合規溝通的目的是讓員工了解相關的合規問題，加深合規認識，同時彰顯員工對自身行為的責任感，并深化對TÜV南德意志集團合規管理體系的認識。指南出現修訂或新版本時，通過多種渠道在整個集團公布。TÜV南德意志集團全球所有員工都必須參加年度合規電子化學習。自2022年起，合規電子化學習還包括學習卡，內容涉及LkSG規定的人權和環境相關保護義務。此外，我們還開展了面向目標群體的溝通，例如針對TÜV南德意志集團供應商的溝通，或針對從事較多風險相關活動員工的課堂培訓。

除了對TÜV 南德意志集團員工進行溝通外，全球合規辦公室每年還向TÜV SÜD AG 管理委員會和監事會提交合規報告。合規報告包含上一年開展的合規活動以及處理的合規事件，包括采取的措施。全球人權官每年至少編寫一次報告（可能臨時編寫報告），介紹為遵守LkSG規定的人權和環境相關盡職調查義務所開展的監督風險管理方面的主要活動。該報告特別包括與TÜV南德意志集團自身業務運營及其供應商有關的基于事件（如適用）的定期風險分析結果，以及任何相應的措施。該報告需上交至TÜV SÜD AG管理委員會以及同樣屬于LkSG直接管轄范圍內的集團公司管理層。

3.7. 合規監督和改進

為了驗證合規管理體系的適當性和有效性，TÜV南德意志集團的合規管理體系不僅接受全球合規辦公室的定期監督，還接受內部和外部利益相關方的監督。為此，所有相關的合規活動均應具有適當的文件記錄。系統的合規監督應作為一項特別監督措施予以強調。合規監督基于事件相關的調查、TÜV南德信任渠道中的條目以及其他合規相關信息和數據，例如定期進行的員工調查。此外，合規監督還基于定期和標準化的合規監督調查，尤其是針對地方合規官的調查，以及集團內部審核部進行的定期合規核查。

如果在監督TÜV南德意志集團合規管理體系的過程中發現可能存在的薄弱環節或違規行為，一方面會向相關決策者報告，同時還會采取適當措施以改進合規管理體系。

To identify and assess human rights and environment-related risks in TÜV SÜD's own business operations and at TÜV SÜD's suppliers, the respective responsible departments conduct risk analyses as described below. These are carried out at least once a year and on an ad hoc basis, i.e. if TÜV SÜD must expect a significantly changed or significantly expanded risk situation in its own business operations or in the supply chain, for example due to new projects, business areas or relevant company acquisitions, or if reports from whistleblowers suggest a changed risk situation.

4.1. Risk analyses relating to TÜV SÜD's own business operations

Risk analyses relating to human rights risks within the meaning of Section 2 (2) Nos. 1-8 and 12 of the LkSG in TÜV SÜD's own business operations are carried out under the responsibility of the Human Resources Group Department; the Local Compliance Officers are consulted for specialist support.

Risk analyses relating to human rights and environment-related risks within the meaning of Section 2 (2) Nos. 9-11 and (3) LkSG in TÜV SÜD's own business operations are carried out by the Global Compliance Office; relevant departments such as the Real Estate Group Department or the Quality Management Group Department are consulted for specialist support.

The risk analyses in TÜV SÜD's own business operations are monitored by the Global Human Rights Officer, who provides specialist support where necessary. 

The risk analyses are carried out using the so-called countercurrent method: 

"Top-down": Coordination with various stakeholders and definition of risk scenarios relevant for TÜV SÜD. Preparation of a risk-based questionnaire that inquires with respect to each risk scenario i) what the potential impact of the occurrence of a risk is in a realistic worst-case scenario without countermeasures, ii) which relevant countermeasures exist, and iii) what the probability of occurrence of the risk scenarios is, taking into account the existing countermeasures. "Bottom-up": Risk assessment by means of a questionnaire along risk scenarios by employees in key functions of TÜV SÜD companies. In particular, these are employees who can potentially influence the risk, such as local QM officers in the case of environment-related risks within the meaning of Section 2 (3) LkSG or local HR officers in the case of human rights risks within the meaning of Section 2 (2) Nos. 1-8 and 12 LkSG. In addition, the questionnaire is answered by the local compliance officers in order to maintain the dual control principle and to take into account different professional views.

The evaluation of the questionnaires, weighting and prioritization of the risks identified, as well as documentation and reporting, are carried out by the responsible specialist department. Further details can be found in the group-wide Compliance Risk Analysis Guideline.

In addition to the risk analysis carried out subject to the countercurrent method described above, all TÜV SÜD group companies in which TÜV SÜD AG, TÜV SÜD Auto Service GmbH, TÜV SÜD Industrie Service GmbH, TÜV SÜD Product Service GmbH or TÜV Technische Überwachung Hessen GmbH directly or indirectly holds a majority stake or over which TÜV SÜD AG, TÜV SÜD Auto Service GmbH, TÜV SÜD Industrie Service GmbH, TÜV SÜD Product Service GmbH or TÜV Technische Überwachung Hessen GmbH otherwise exercises a decisive influence are monitored for potential human rights and environment-related risks using an artificial intelligence-based Internet screening software solution. This involves checking social media, news and other information available on the Internet 24/7 on the basis of a keyword search in order to find out reports on individual TÜV SÜD companies. Reports of potential risks are communicated to the Global Compliance Office by way of "risk alerts". The Global Compliance Office checks the "risk alerts" for adequate plausibility and deals with solid information in accordance with the procedure defined for notifications via the TÜV SÜD Trust Channel (cf. para. 7. below).

4.2. Risk analyses regarding TÜV SÜD's direct suppliers and, if applicable, indirect suppliers

Risk analyses relating to TÜV SÜD's suppliers are carried out under the responsibility of the Purchasing Group Department. This does not include risk analyses relating to TÜV SÜD's suppliers that are based on procurement transactions as per Annex 2 of the Purchasing Guideline and for which the Purchasing Group Department is therefore not responsible (such as insurance contracts or contracts with auditors and tax consultants); risk analyses relating to such suppliers are carried out under the responsibility of the Global Compliance Office.

Risk analyses relating to all TÜV SÜD suppliers are monitored by the Global Human Rights Officer, who provides specialist support where necessary.

The purpose of the risk analyses is to identify human rights and environment-related risks at TÜV SÜD's direct suppliers around the globe and to assess the identified risks, in particular, on the basis of the following criteria: the probability of occurrence of the risk, the severity of the breach typically to be expected if the risk occurs, TÜV SÜD's ability to influence the direct cause of the risk or breach, and the nature of TÜV SÜD's causal contribution.

4.2.1. Annual analysis of risks at TÜV SÜD's direct suppliers

The first thing obtained in the annual risk analysis is an overview of all current direct suppliers; of these, so-called exceptions as per Annex 2 of the Purchasing Guideline are filtered out and passed on to the Global Compliance Office for further analysis. Due to the large number of TÜV SÜD's direct suppliers and on the basis of an appropriate, risk-based approach, only those direct suppliers will be examined in more detail in the following until further notice where TÜV SÜD, due to its purchasing volume, exerts a certain degree of influence on the one hand, and on the other hand, a potential causal contribution to a possible breach would not be insignificant. In this way, priority is given to identifying those risks where TÜV SÜD's influence can be used to bring about a real positive change. This approach is reviewed on a regular basis.

Annual risk analyses are conducted in the following manner: 

• Taking into account numerous recognized indices such as the Global Slavery Index, the ITUC Global Rights Index or the EPI - Environmental Performance Index, various indicators from the UN SDG database, or the Research Report 543 published by the German Federal Ministry of Labor and Social Affairs in July 2020, the first step is to determine which of TÜV SÜD's direct suppliers are subject to an abstract industry-specific or country-specific risk. Considering the large number of TÜV SÜD's direct suppliers, a software solution is used to support this process. 
• In a second step, this abstract view is defined more precisely: The Purchasing Group Department i.a. uses information, on the one hand, obtained in the software solution through artificial intelligence-based internet screening and, on the other hand, supplemented by self-disclosures from suppliers. The Global Compliance Office carries out risk-appropriate, individual investigations. In this second step, the probability of occurrence and the severity of the violation when the risk occurs are also analyzed.
• In a final step, the purchasing volumes are used to determine TÜV SÜD's ability to influence as well as any causal contribution, and, in this way, prioritize which of TÜV SÜD's direct suppliers must first respond to the identified risks with appropriate measures.

In the future, in addition to considering direct suppliers, indirect suppliers are also to be more strongly included in the consideration of TÜV SÜD's supply chain. Among other things, "Worker Voice" surveys are planned for indirect suppliers identified as critical. 

4.2.2. Permanent monitoring of risks at TÜV SÜD's direct suppliers

In addition to the annual risk analysis described above, the direct suppliers with the highest risks and certain significant suppliers are permanently monitored for potential human rights and environment-related risks using a software solution. This involves checking social media, news and other information available on the internet 24/7 on the basis of a keyword search to find out what the reports are on direct suppliers. Reports of potential risks are communicated as "risk alerts" to the employees in the Procurement Group Department responsible for the relevant product group or region and to the Global Human Rights Officer. Such notifications trigger a review process defined in the Purchasing Manual, which may lead to further measures (for more details, cf. para. 5.2. and para. 6.2. below).

4.2.3. Risk analysis regarding new direct suppliers

Notwithstanding the foregoing, TÜV SÜD subjects all new direct suppliers to an independent risk analysis as per the criteria set out in para. 4.2.1. for annual risk analyses prior to entering into the new business relationship. 

4.2.4. Ad hoc event-related risk analyses with respect to individual indirect suppliers

If TÜV SÜD obtains substantiated knowledge of the existence of factual indications that suggest the possibility of materialization of a breach of human rights or environment-related obligations by an indirect supplier, the information available will promptly be subjected to an initial review by the Purchasing Group Department or, in case of suppliers as defined in Annex 2 of the Purchasing Guideline, by the Global Compliance Office, depending on its origin in the supply chain. Subsequently, the probability of materialization and the severity of the breach in case of materialization of the risk are analyzed or, in case of an actual breach of a human rights or environment-related obligation by an indirect supplier, the effects are analyzed. Depending on the ability to influence and any causal contribution, it is finally determined to what extent appropriate measures can be taken in response to the knowledge obtained (for more details, see para. 5.2. and para. 6.2. below).

The results of such an event-related risk analysis are used to review the outcome of the regular risk analysis in order to determine the extent to which the prioritized risks need to be adjusted.

4.2.5. Ad hoc event-related risk analyses regarding the entire supply chain

If TÜV SÜD anticipates a significantly changed or significantly expanded risk situation in the supply chain, the Purchasing Group Department and the Global Compliance Office will promptly conduct an initial review of the changed or added risks based on an abstract consideration of the relevant industry-specific and country-specific risks and then conduct targeted, risk-appropriate investigations. This is followed by an analysis of the probability of occurrence and the severity of the breach if the risk materializes in the supply chain. Finally, depending on the ability to influence and any causal contribution, the extent to which appropriate measures can be taken in response to the findings obtained is determined.

The results of such an event-related risk analysis are used to review the outcome of the regular risk analysis in order to determine the extent to which the prioritized risks need to be adjusted.

5.1. Preventive measures for risks in TÜV SÜD's own business operations

At TÜV SÜD, preventive measures taken with respect to the prevalence of human rights and environment-related risks in its own business operations consist primarily of defining the relevant rules of conduct in written rules, communicating them throughout the group via various channels, and reinforcing the content in training courses. Local Compliance Officers have been appointed in all TÜV SÜD companies and regions around the globe to coordinate the communication of compliance topics and compliance training, including content on human rights and environment-related obligations.

The core of this set of rules at TÜV SÜD is the Code of Conduct, which includes a chapter on compliance with human rights and environment-related protection obligations. The basic rules from the Code of Conduct are specified in group guidelines, such as the guideline on Human Rights and Labor Law, Diversity and Inclusion, Freedom of Association, Global Health and Safety Management, Fair and Equal Remuneration, and the Environmental Policy.

All TÜV SÜD employees around the globe are required to participate in the compliance e-learning once a year. Since 2022, this training has also included a learning card on human rights and environment-related protection obligations as defined by the LkSG, which is reviewed annually for the need for adjustment. In addition, there is target group-oriented communication and classroom training for employees who perform more risk-related activities.

In January 2023, the Compliance Moment was issued with a focus on human rights and environment-related risks. One Compliance Moment will be presented to all employees by their managers in each half year. In this way, all employees around the globe will be made aware in particular of the issue of human rights and environment-related obligations in a "Tone from the Top" approach.

In addition to the preventive measures above, which cover all TÜV SÜD employees, there are further risk-appropriate, target group-oriented measures. These include, in particular, the wide range of measures taken by the Purchasing Group Department. TÜV SÜD's procurement strategy is geared toward sustainability; in any purchasing decisions, a special focus is placed on the social and ecological aspects of sustainability. All employees of the Purchasing Group Department are regularly trained on human rights and environment-related due diligence. Compliance with the binding purchasing practices specified in the Purchasing Manual is reviewed at regular intervals.

Further, there are regular preventive control measures: For example, the Internal Audit Group Department conducted an internal audit in the first half of 2023 with a focus on reviewing the implementation status of the LkSG requirements. No negative deviations were identified. In the second half of 2023, the Internal Audit Group Department conducted another internal audit in which the implementation status of the LkSG requirements was reviewed specifically at the TÜV SÜD group companies that carry out procurement without the direct involvement of the central Shared Service Center Procurement. No significant deviations were identified during this internal audit.

5.2. Preventive measures for risks at TÜV SÜD's direct suppliers and, if applicable, indirect suppliers

One of the most important preventive measures regarding human rights and environment-related risks at TÜV SÜD's direct suppliers is a consistent selection. Before a contract is signed, a supplier is screened and evaluated from a sustainability perspective. When selecting suppliers, TÜV SÜD consistently ensures that they meet sustainability requirements.

Another important preventive measure is the TÜV SÜD Supplier Code of Conduct which was completely revised in 2024; it is the core of TÜV SÜD's understanding of sustainability and compliance in purchasing. In particular, it sets out the human rights and environment-related expectations vis-à-vis TÜV SÜD's direct suppliers. With the new version of the TÜV SÜD Supplier Code of Conduct, the purchasing processes were adapted and the risk-based approach was strengthened. The TÜV SÜD Supplier Code of Conduct is i.a. communicated to direct suppliers by e-mail and is published on the Internet in German and also in 12 other languages. It also forms an integral part of TÜV SÜD's General Terms and Conditions of Purchase. The purchasing volume from suppliers who have committed themselves to compliance with the expectations contained in the TÜV SÜD Supplier Code of Conduct by contract is to be continually increased to 100% by 2026.

TÜV SÜD also implements additional preventive measures to an extent appropriate to the risk. These include, for example, a training video targeted specifically to suppliers to raise awareness of human rights and environment-related protection obligations among direct suppliers, preventive self-reporting by suppliers, and on-site audits of suppliers to assess compliance with the expectations set out in the TÜV SÜD Supplier Code of Conduct.

If TÜV SÜD obtains substantiated knowledge of the existence of factual indications that suggest a possible breach of a human rights or environment-related obligation at an indirect supplier and in case these indications are also confirmed in the risk analysis (cf. para. 4.2.4. above), the responsible specialist department will take appropriate preventive measures from the list of possible measures described above, depending on its ability to influence the party directly responsible for the risk and TÜV SÜD's own causal contribution, if any. In addition, TÜV SÜD will use the knowledge thus obtained to review this Policy Statement for any need for adjustment.

5.3. Review of effectiveness of preventive measures

All sets of rules that apply to all TÜV SÜD employees throughout the group, as well as those that TÜV SÜD bindingly agrees with suppliers and third parties, are regularly reviewed for their effectiveness and any need for adjustment. The same applies to the other preventive measures described above. This is done at least once a year on the basis of the results of the annual risk analyses as well as on an ad hoc basis, i.e., if TÜV SÜD must expect a significantly changed or significantly expanded risk situation in its own business operations or in the supply chain, for example due to new projects, business areas, or relevant company acquisitions, or if reports from whistleblowers suggest a changed risk situation.

The regular review of the TÜV SÜD Supplier Code of Conduct, for example, revealed a certain potential for further development. The revision and publication took place in the first quarter of 2024.

6.1. 針對TÜV南德意志集團自身業務運營的補救措施

如果TÜV南德意志集團的業務運營中即將或已經發生違反人權或環境相關義務的明顯行為，TÜV南德意志集團應立即采取適當補救措施，防止或終止違規行為。TÜV南德意志集團對任何違規行為均秉持零容忍態度。

采取何種措施取決于各種因素，比如即將發生或實際發生的違規行為的類型和嚴重程度。根據特定案例的主要情況，可能會采取紀律處分，和/或提起刑事或民事訴訟。根據適用的勞動法，紀律處分的范圍涵蓋非正式的員工通知、正式警告函以及解雇（發出或不發出通知）。其他可能的措施包括參加特殊培訓課程的義務、雙方同意變更聘用合同以及調職。更多詳情，請參見集團有關“合規舉報、調查和制裁”的指南。

6.2. 針對TÜV南德意志集團直接供應商以及間接供應商（如適用）的補救措施

一旦TÜV南德意志集團獲悉TÜV南德意志集團的直接供應商即將或已經違反人權或環境相關義務，TÜV南德意志集團將立即采取適當補救措施，防止或終止違規行為，或減輕違規程度。

采取何種適當措施取決于特定案例的主要情況，如即將發生或實際發生的違規行為的類型和嚴重程度，以及TÜV南德意志集團施加影響的能力和任何因果貢獻，以決定在具體情況下采取何種適當措施。根據特定案例的主要情況，可以考慮采取以下措施：首先，憑借在保護人員、環境和資產免受技術風險方面的多年經驗和專業知識，TÜV南德意志集團可與相關供應商以及利益相關方（如適用）合作，共同制訂解決方案。 如果在可預見的將來無法終止違規行為，供應商應制定具有針對性的方案，以有效終止或減輕該行為。必要時，TÜV南德意志集團將提供相應的支持與協助。TÜV南德意志集團將對規定時間內該方案的實施情況進行核查。此外，TÜV南德意志集團還將隨時評估是否有必要與其他公司的合作，比如在行業倡議框架內合作，以增加對違規方施加影響的可能性。其他措施包括暫時中止供應關系，最嚴重時可以終止業務關系。

如果TÜV南德意志集團確鑿獲悉間接供應商出現違反人權或環境相關義務的跡象，且該跡象經風險分析得以確認（請參見上述第4.2.4條），負責的專家部門將根據其對違規方施加影響的能力以及TÜV南德意志集團自身的因果貢獻（如有），從上述措施清單中采取適當的補救措施。

6.3. 補救措施的有效性審查

適用于TÜV南德意志集團所有員工的所有規則，以及TÜV南德意志集團與供應商和第三方達成的具有約束力的協議，都會進行定期審查，以確定其有效性以及是否需要進行調整。上述其他補救措施也需進行審查。基于年度風險分析結果的審查每年應至少進行一次，此外在出現如下情況時也可進行臨時審查：在TÜV南德意志集團預計其自身業務運營或供應鏈中的風險狀況將發生重大變化或顯著擴大時，例如由于新項目、業務領域或相關公司收購，或當舉報人的報告顯示風險狀況發生變化時。

The TÜV SÜD Trust Channel may be used to submit complaints or information regarding human rights or environment-related risks as well as breaches of human rights or environment-related obligations.

The TÜV SÜD Trust Channel is a secure and confidential channel which is available 24/7 and may be used by all TÜV SÜD employees around the globe, as well as all customers, suppliers and other third parties, to report concerns about suspected cases or breach; reports may also be submitted anonymously to the extent required. Whistleblowers have the option of providing their contact details or setting up a secure electronic mailbox through which they can communicate with the Global Compliance Office anonymously and confidentially. The TÜV SÜD Trust Channel is an Internet-based whistleblower system that is available in the 19 languages relevant for TÜV SÜD's business activities and it is technically managed by a third-party provider. Any reported content is processed exclusively by TÜV SÜD employees. Any and all data contained in a whistleblower report is stored on secure servers in Germany. Further information on the whistleblower system as well as the rules of procedure are available on the TÜV SÜD Trust Channel website which is hosted on a secure server; the TÜV SÜD Trust Channel is also linked on TÜV SÜD's website and intranet and it is promoted at regular intervals on various communication tools. In order to ensure the most barrier-free access possible, the rules of procedure are available in 19 languages as well as an explanatory video.

Employees who report and submit information to the best of their knowledge and in good faith must not be disadvantaged in any way at TÜV SÜD. At the same time, TÜV SÜD recognizes the importance of protecting individuals against whom a tip-off is directed. Neither these persons nor whistleblowers may be compromised prematurely.

The compliance organization investigates any and all incoming information locally, regionally or globally, if necessary, also involving the Internal Audit Group Department. Any and all information is treated as confidential and forwarded only to individuals who need to know this information in the context of investigation or subsequent action ("need-to-know principle"). The protection of the whistleblower and the person concerned is ensured in every investigative measure.

If the whistleblower has communicated or set up a contact option, this person will receive an acknowledgement of receipt no later than seven days after submitting a whistleblower report. Within three months after sending the confirmation of receipt at the latest, the Compliance Officer in charge of the case will inform the whistleblower of any measures planned to be taken and, if applicable, already taken and the reasons for such measures, provided that this information does not adversely affect the investigation or the persons concerned.

Whenever a tip-off has been confirmed, appropriate disciplinary measures will be imposed and, if and where necessary, criminal or civil action will also be taken. TÜV SÜD pursues a zero-tolerance approach in this respect. The relevant decision-makers are informed at regular intervals about human rights or environment-related risks confirmed as a result of a tip-off, as well as breaches of human rights or environment-related obligations. In order to prevent future risks and breaches, appropriate measures are taken in confirmed cases, such as process changes, communication measures, and target group-oriented training.

Further details can be found in the group guideline on Compliance Tip-Offs, Investigations and Sanctions. As with all rules and regulations that apply to all TÜV SÜD employees throughout the group, this guideline is regularly reviewed for effectiveness and any need for adjustment. The same applies to the other procedures described above. This is done at least once a year on the basis of the outcome of the annual risk analyses and on an ad hoc basis, i.e., if TÜV SÜD must expect a significantly changed or significantly expanded risk situation in its own business unit or in the supply chain, for example as a result of new projects, business fields, or relevant company acquisitions, or if reports from whistleblowers suggest a changed risk situation.

Compliance with human rights and environment-related due diligence obligations as per Section 3 LkSG is continuously documented by the respective responsible departments specified in para. 3.-7. above. Documentation will be archived for at least seven years from the date of issuance. The Global Human Rights Officer will monitor compliance with documentation obligations of the respective responsible departments and provides specialist support where necessary.

In 2024, TÜV SÜD AG, TÜV SÜD Auto Service GmbH and TÜV SÜD Industrie Service GmbH filed a report as per Section 10 (2) LkSG regarding compliance with human rights and environment-related due diligence obligations as per Section 3 LkSG in the fiscal year 2023 for the first time and made it publicly available free of charge on TÜV SÜD's group uniform website.