G1 Business conduct

For more information on the roles of administrative, management, and supervisory bodies, as well as the process for identifying and assessing significant impacts, risks, and opportunities related to corporate governance, please refer to the disclosures in ESRS 2.

Management of impacts, risks and opportunities

Corporate culture and business conduct policies

At Zeppelin, the ethical basis for compliance is the conviction that a sense of social responsibility, adherence to the law, and integrity ensure long-term success. Adherence to legal regulations, official requirements, and internal company guidelines is an integral part of Zeppelin's management and corporate culture. As part of its compliance management system, the Zeppelin Group has established processes to prevent or, at least, detect and remedy compliance violations. Internal rules and guidelines provide management and employees with clear specifications and explain the ethical and legal motivations behind the compliance program. The Zeppelin Code of Conduct for Business Ethics and Compliance outlines these fundamental principles of corporate behavior within the group and in relation to its partners and the public.

Zeppelin has described its expectations for its partners, including suppliers, service providers, and subcontractors, in the Supplier Code of Conduct. These expectations serve as the basis for cooperation. Integrity is an irrefutable corporate value in all business activities and relationships.

The central set of rules for compliance is the "Compliance" group guideline. It applies to the entire Zeppelin Group, including non-consolidated subsidiaries and majority shareholdings in Germany and abroad. The guideline establishes the framework for the compliance organization and its responsibilities within the Zeppelin Group. It is implemented in the Group companies' corresponding instructions and guidelines and regulates the tasks and structure of the Zeppelin Group's compliance organization. Group management is responsible for ensuring that the Zeppelin Group, its executive bodies, and its employees can fulfill this obligation at all times. The Group policy "Compliance" implements the organizational measures required to fulfill this task and communicates these requirements to employees. The Chief Compliance Officer reports quarterly to the Zeppelin Group's management and Supervisory Board on current figures and compliance issues.

In addition, two further key guidelines exist: the Group policy on whistleblower protection and the Group policy on handling gifts and invitations ("Benefits Policy"):

• The Group policy on Whistleblower Protection regulates the submission of information on compliance violations and applies to all Group companies in which Zeppelin GmbH directly or indirectly holds at least a 50 % stake. It is based on the EU Whistleblower Directive and the laws of EU member states derived from it. Management teams at Group companies are responsible for implementing the Directive's provisions, communicating them to employees, and monitoring compliance. The Supervisory Board is responsible for monitoring, advising, and auditing Group management with regard to these activities. The Chief Compliance Officer reports to the Group Management Board and the Supervisory Board quarterly on current information and compliance cases.

• The Group policy on handling gifts and invitations applies to all Group companies in which Zeppelin GmbH directly or indirectly holds at least a 50 % stake. The management of the Group companies is responsible for implementing the policy's provisions in their companies, communicating them to employees, and monitoring compliance. The Supervisory Board is responsible for monitoring, advising, and auditing Group management regarding these activities. This Group guideline regulates the treatment of benefits from business partners to Zeppelin employees and from Zeppelin to its business partners and customers. It provides a binding framework and guidance for legally handling benefits. The policy also serves to prevent white-collar crime, particularly corruption and bribery. It protects our employees and the company from potential liability.

Prevention and detection of corruption and bribery

We reject any form of corruption, bribery, extortion, or embezzlement in business transactions, as well as the violation of export control regulations and sanctions. All employees are informed of the scope of the compliance requirements and how to meet them through information and training. The rules to be observed, the early identification of risks and violations, and the submission of information to rectify possible irregularities are all addressed. The Zeppelin Group strives to independently, objectively, promptly, and in accordance with internally defined guidelines, investigate potential or reported compliance violations. The compliance organization and the individuals conducting the investigations are independent of the operational, organizational, and management structures within the Group and its strategic business units. This independence allows for an objective and impartial assessment.

As part of the double materiality assessment, financial risks due to corruption and bribery were classified as significant in governance because high fines and penalties can be imposed for compliance violations. To counteract this risk, the Zeppelin Group has firmly established a compliance organization, processes, and guidelines.

The internal compliance organization coordinates the compliance management system throughout the Group and ensures that contact persons are available in all companies to whom employees can turn in confidence. There is also a separate email address for questions and comments related to compliance. An online whistleblower system is available for submitting reports in all relevant languages of the Zeppelin Group and its business partners. This system allows users to contact the Zeppelin Group anonymously and confidentially. Zeppelin works with an external partner to provide this reporting system and ensure it reflects the laws and requirements of global whistleblower reporting. The system complies with the General Data Protection Regulation and is audited and ISO 27001 certified. Zeppelin has appointed external ombudspersons in select countries where it does business. Through these ombudspersons, you can confidentially contact a neutral, trained person with questions about compliance, particularly regarding adherence to legal requirements and internal guidelines. You may also contact the Chief Compliance Officer (CCO) and employees of the compliance organization directly. All methods of contact are available to employees, business partners, and other third parties. These processes are described in the "Compliance" and "Whistleblower Protection" group guidelines.

Whistleblowers who report legal violations in good faith via one of the reporting channels are protected. This protection also applies if the suspicion turns out to be unfounded after further investigation, provided that the whistleblower had reasonable grounds to believe the reported information was true when the report was made. Zeppelin will not take or threaten to take any action in connection with the whistleblower's report that could be detrimental to the whistleblower ("reprisals"). Accordingly, no labor law measures will be taken in this regard, nor will any form of discrimination be made on the basis of the report's submission. Zeppelin will not tolerate retaliation or discrimination against an employee who has reported a violation in accordance with this policy. Any threat or reprisal of this nature must be reported immediately to the Chief Compliance Officer.

The Zeppelin Group's compliance training program consists of e-learning courses on basic compliance knowledge and key statements from the Zeppelin Code of Conduct for Business Ethics and Compliance, which are required for all employees. Employees in high-risk roles, such as purchasing and sales, receive supplementary e-learning programs that provide in-depth knowledge about corruption, money laundering and terrorist financing prevention, export controls, and embargoes. To increase participation, the Workday learning management system sends regular email reminders to employees who have yet to complete the training. These are accompanied by targeted communications within the strategic business units. In addition to the e-learning courses, workshops and ad hoc training courses are held for groups at various locations.

Progress 2024

During the reporting period, additional training was introduced for individuals in high-risk roles regarding interactions with business partners. The e-learning course covered anti-corruption in purchasing, sales, and marketing; anti-money laundering; export control; and sanctions. Additionally, the "Ethical Leadership Boost" live training course was introduced for managing directors, division heads, and other managers who lead large teams. The workshop aims to make participants aware of ethical conflicts and compliance violations and show them how to best resolve dilemma situations based on their previous experience.

Targets and metrics

After consulting with the Group Management Board and in accordance with the Group guidelines, the following targets were set for the Compliance Department.

Monitoring and reporting are based on the latest figures from the Workday learning management system, which documents the current training status of each participant. The training rate indicator is calculated by measuring the percentage of employees who have completed basic compliance training at least once against the total number of Zeppelin Group employees.

There were no violations of anti-corruption and anti-bribery procedures and standards in the reporting year, so no measures had to be taken.