3.1 Business integrity

Business integrity is fundamental to Nedap’s long-term value creation and to the trust placed in us by customers, partners, employees, and society. We value ethical behavior, honesty, and respect, and we expect these principles to guide how we act toward each other and those we work with.

Operating in international markets with a high degree of autonomy calls for a strong ethical foundation, clear standards of conduct, and a culture that promotes responsibility and transparency. Nedap expects all employees and those working with us to act honestly, professionally, and in compliance with applicable laws and regulations. Integrity at Nedap goes beyond compliance with rules; it involves taking ownership, making responsible choices, and feeling able to speak up when behavior does not align with our standards.

The Board of Directors is responsible for promoting a culture of integrity and for aligning Nedap’s business conduct with company values, as set out in the code of conduct and related policies. The Supervisory Board oversees the effectiveness of this approach and monitors whether these standards and values are upheld across the organization.

Code of conduct

Our code of conduct sets out the standards, values, and behaviors that Nedap expects its employees and everyone working with Nedap to live by. It covers, among other topics, conflicts of interest, bribery and corruption, fraud, insider trading, confidentiality, and the careful handling of price-sensitive information. The code also emphasizes respect, equal treatment, responsible working practices, and consideration for the health and well-being of people, the environment, and society. Please refer to our website for the full code of conduct.

To embed these standards consistently throughout the Nedap organization worldwide, employees complete an e-learning course. Additionally, we conduct periodic governance visits to Nedap’s subsidiaries. The purpose is to align Nedap’s global governance topics with the local context, share practical experience, learn from each other, and ensure that available knowledge is used across the organization.

Nedap compliance training

To ensure that all our employees understand what the code of conduct means for their daily work and know how to apply it, they are required to undergo training. The code of conduct e-learning course is mandatory for all Nedap employees. Of all employees, 98% completed the e-learning course.

Additional training is provided on specific integrity topics, including personal data protection, AI, and information security, and is tailored to business needs and circumstances.

Anti-bribery and anti-corruption

Operating internationally exposes Nedap to bribery and corruption risks that could lead to reputational damage, legal sanctions, and financial loss. Nedap therefore maintains an anti-bribery and anti-corruption policy that sets out principles and expected behavior.

Risk mitigation measures include targeted training for relevant employee groups, a Speak Up! policy and procedure to report suspected irregularities, due diligence and risk-based screening of suppliers and business partners, and the integration of anti-bribery and anti-corruption topics into periodic compliance meetings.

Furthermore, we regularly assess risks in the markets and countries where we operate. We are cautious with respect to high-risk countries, providing additional guidance for conducting business in these countries, including sanctions and export controls. Awareness of corruption, bribery, and fraud risks is addressed through targeted guidance, training, and periodic compliance discussions.

Speak Up!

An open culture in which concerns can be raised without fear of retaliation is essential to safeguarding integrity. Nedap encourages employees and external stakeholders to speak up when they observe or suspect behavior that does not align with the code of conduct or applicable laws.

Nedap’s approach is based on transparency and personal responsibility. We encourage our employees to address concerns directly where possible, and we have incident reporting procedures in place to help them do so. Where direct discussion is not appropriate or feasible, employees can seek advice or raise concerns through trusted contacts within the organization, such as a trusted colleague, their captain, a member of the Board of Directors, one of the three confidential counselors for undesirable behavior (CCUs), or one of the two confidential counselors for integrity (CCIs) appointed by Nedap. Confidential counselors provide employees with advice and may refer them to external professionals. The confidential counselors also meet on a regular basis to evaluate, reflect, and share knowledge. All five confidential counselors have undergone appropriate training to fulfill their role. Nedap provides both internal confidential counselors as well as external confidential counselors.

Additionally, Nedap provides formal reporting channels, including the compliance officer and the IntegrityLog reporting system, which allows reports to be submitted confidentially and, if desired, anonymously. The IntegrityLog reporting system can be used to report wrongdoings or irregularities as set out in the Whistleblowers’ Protection Act, but also for any misconduct and suspicions of bribery, corruption, or fraud. These formal reporting channels are further described in Nedap’s Whistleblower Policy, which sets out the applicable procedures and protections.

Reported concerns are investigated and followed up promptly. Relevant cases are reported to the Board of Directors, and any material violations are reported to the chair of the Supervisory Board. Awareness of the Speak Up! process is reinforced through periodic governance visits and training.

In the year under review, no material violations of the code of conduct were reported through the formal channels. Informal procedures were used to address individual concerns and resulted in appropriate solutions.

Health & safety

The health and safety of our employees and contractors is fundamental to Nedap’s responsibility as an employer and to sustainable performance. We aim to provide a safe and healthy working environment, addressing physical and mental well-being and psychosocial working conditions.

Health and safety is a shared responsibility between the organization and its employees and is governed by policies aligned with applicable laws and regulations. The Board of Directors is responsible for employee health and safety and is supported by internal health and safety functions and emergency response arrangements. For subsidiary companies, local laws and regulations apply.

Specific safety policies are in place at our Smart production facilities, which operate in accordance with ISO 9001 and ISO 14001 standards. Additionally, emergency response training is conducted regularly across the organization.

Supply chain management

In our efforts to continuously enhance or maintain integrity and sustainability throughout the entire value chain, we seek to collaborate with suppliers whose values align with the principles outlined in our code of conduct.

Supplier selection and monitoring take into account sustainability criteria, including product quality, health and safety standards, and environmental performance. Following a three-year cycle, we conduct audits of our strategic and key suppliers in line with our 'Procurement Guidance Audits' to assess ongoing compliance with these standards and information security requirements. Electronic manufacturing services parties operate under ISO 9001 and ISO 14001 certifications.

Product safety and quality

Product safety and quality are integral to customer trust and market access. Nedap applies quality and safety requirements throughout product design, development, and manufacturing, supported by quality management systems in line with ISO 9001 and ISO 14001.

We manage risks associated with chemicals and hazardous substances in compliance with applicable regulations, including REACH and RoHS.

Nedap is dedicated to responsible material sourcing, aiming to prevent the use of conflict minerals (3TG materials) from high-risk areas, and suppliers are expected to comply with relevant sourcing regulations.

We support our clients by equipping our products with the appropriate certifications with respect to electromagnetic compatibility (EMC) and radio and electrical safety as required for unrestricted sales. We are also attentive to substances of concern and requirements related to packaging, cyber resilience, and batteries.

Human rights and other fundamental rights

Respect for human rights is a fundamental principle of Nedap’s business conduct. This commitment is formalized in our human rights policy and aligned with the UN Universal Declaration of Human Rights, the OECD Guidelines for Multinational Enterprises, and the ILO Declaration on Fundamental Principles and Rights at Work.

We respect freedom of association, collective bargaining, and the principle of free choice of employment in countries where we operate. Human rights considerations form part of supplier assessments and audits. In 2025, we received no reports or evidence of human rights violations.

Taxation

A responsible and conservative tax policy is an integral part of Nedap’s sustainability and business strategy. We regard paying taxes as a contribution to society and an element of sustainable long-term value creation. Our tax policy is founded on the principle of paying taxes locally, in line with the economic value generated by our activities.

Our policy is captured in the following specific principles:

Nedap’s primary financial objective is to create sustainable long-term value for all stakeholders.
Nedap’s organizational design is driven by operational considerations, not by tax considerations.
Nedap pays taxes in line with the economic value created by its activities.
Nedap complies with relevant tax laws and regulations and respects the spirit of the law.
Nedap maintains timely and comprehensive communications with tax authorities.

Tax compliance is integrated into both the Nedap Risk Management Framework and the sustainable value creation model.

The tax policy is approved by the Supervisory Board. The Board of Directors ensures that Nedap’s tax policy is aligned with and embedded in Nedap’s strategy. Potential material tax risks are discussed with the Supervisory Board at least annually. Awareness of tax-related risks is supported through internal training and regular discussions with relevant finance and tax functions.

Information security and personal data protection

Information security and the protection of personal data are critical to maintaining trust and ensuring business continuity. Nedap applies technical and organizational measures to mitigate the risk of unauthorized access to, loss, or misuse of data, including personal data, intellectual property, and other sensitive information relating to Nedap, its customers, and end-users.

In recent years, we have further strengthened our policies, procedures, and contractual agreements to enhance the protection of (personal) data. Our onboarding program for new employees gives due attention to the importance of privacy and information security.

We maintain a comprehensive security baseline for the organization, supplemented by additional controls for specific business units. These controls cover areas such as software development, email and endpoint protection, and incident prevention and response. As of December 2025, 24/7 monitoring and follow-up for endpoint detection and response (EDR) has been outsourced to a specialist cybersecurity firm, enabling faster threat identification and access to dedicated expertise. External audits for certification confirm adherence to relevant standards. Within the Healthcare, Livestock, and Security business units, we hold ISO 27001 certifications for information security. For the Healthcare business unit specifically, additional certifications include NEN 7510 (information security), ISO 27701 (privacy), ISO 27018 (privacy), and ISO 9001 (quality). The Healthcare and Retail business units have an ISAE 3402/SOC 1 Type II assurance report, and Retail also has a SOC 2 Type II assurance report.