G1 Business conduct

Impacts, risks and opportunities related to business conduct

(G1 ESRS 2 IRO-1)

A strong and positive corporate culture ensures compliant and ethical business conduct. It fosters employee satisfaction, engagement and environmental protection. Compliance is essential to maintaining Vetropack’s reputation and financial success.

Whistleblower protection is another key aspect of responsible business conduct. Effective whistleblowing processes help to identify legal issues such as corruption, fraud, environmental damage and data protection violations at an early stage. Conversely, the lack of grievance mechanisms and whistleblower protection increases the risk of legal proceedings and financial penalties.

Management of relationships with suppliers, including transparent payment practices, is crucial for the stability of Vetropack’s supply chain. Ethical supplier management improves working conditions, supports environmental responsibility, enhances product quality, and strengthens competitiveness. Poor management and late payments, on the other hand, can harm suppliers’ financial stability. Non-compliance damages Vetropack’s reputation, erodes customer trust, and leads to financial risks.

Preventing and detecting corruption and bribery through training and incident management is crucial for business integrity. It contributes to an ethical culture and strengthens relationships with business partners. On the other hand, incidents can lead to legal action, financial penalties and reputational damage.

Policies related to business conduct

Compliance: corporate culture, protection of whistleblowers, corruption and bribery

(G1-1), (ESRS 2 MDR-P)

Vetropack’s corporate culture is based on fundamental ethical values such as integrity, reliability and transparency. Ethical business conduct, a strong corporate culture, the rejection of unlawful conduct, adherence to national and international law, and integrity in our own business activities and across the value chain are all key elements of our daily work.

The Code of Conduct sets out our values and stipulates compliance with regulations and policies throughout the entire Group. It defines ethical business principles, which include the prohibition of discrimination, ensuring fair competition, avoidance of bribery, and respect for human rights in accordance with the Universal Declaration of Human Rights and the International Labour Organization’s Core Conventions.

Our Business Ethics Policy is based on our Code of Conduct and Vetropack’s values and principles: ensuring accountability, navigating safely together, guaranteeing leadership in quality, anticipating change, generating trust and confidence, exercising environmental responsibility, and fostering integrity, reliability and transparency. The Business Ethics Policy requires all employees to conduct business in accordance with the following principles: compliance with applicable laws and regulations, fair competition and antitrust regulations, the prohibition of granting improper advantages, the prevention of corruption and bribery, and the avoidance of conflicts of interest. Further information on the Code of Conduct and the Business Ethics Policy is provided in section S1 Own workforce.

Vetropack’s Group Policy for Gifts, Hospitality and Entertainment (Gift Policy) sets standards for giving and receiving gifts and hospitality, preventing corruption, and mitigating related reputational and financial risks. It establishes specific approval processes for interactions with commercial parties and public officials, and defines principles for appropriate exchanges, legal compliance, record-keeping, and consequences of violations, thereby supporting transparency and integrity in business relationships.

Our Antitrust Policy requires stakeholders to adhere to applicable competition and antitrust laws, as mandated by Vetropack’s Code of Conduct and Business Ethics Policy. It prohibits price-fixing and market or customer allocation agreements with competitors. The Antitrust Policy establishes principles to ensure that all business activities within Vetropack uphold fair market practices and prevent anti-competitive behaviour. It also mandates prompt reporting and consultation in case of suspected violation. Our Antitrust Policy is based on EU antitrust rules and locally applicable antitrust law.

Another aspect of Vetropack’s ethical business conduct is data protection. The Data Protection Policy, based on the EU General Data Protection Regulation (GDPR), ensures lawful and transparent processing of data. Personal data is processed only as necessary, and such processing is documented, with strict confidentiality and security measures in place. Data subjects’ rights are respected, and any data breaches must be reported immediately. To support accountability and continuous improvement, compliance is monitored through audits by the local Data Protection Coordinators, the Group Data Protection Coordinator, the Group Director Legal and Compliance, and Group Internal Audit. Our processes and principles regarding data protection are in accordance with ISO 27001, the standard for information security management systems.

The above policies are approved by Vetropack’s CEO and are available in our internal document management system. The Code of Conduct is available on our website. Vetropack’s Group Director Legal and Compliance is the most senior executive accountable for the implementation of our compliance and business ethics principles. Our compliance policies apply to all employees and, where specified, also to the Board of Directors.

We involved internal stakeholders in the process of defining our business conduct policies. To ensure compliance, we provide regular training and implement sensitisation measures to raise awareness of ethical business conduct.

Management of relationships with suppliers

(G1-2), (ESRS 2 MDR-P)

Vetropack works with around 330 strategic suppliers, who are mostly based in Europe. They supply the entire Group with the most relevant goods and services, such as raw materials, cullet, machinery, equipment, tools and transport services.

Vetropack’s Supplier Code of Conduct defines the requirements for ethical and lawful business conduct throughout the supply chain. Suppliers must act according to all applicable laws and regulations; they must respect human rights, promote fair working conditions, and prevent discrimination or harassment. The Supplier Code of Conduct requires our suppliers to comply with the Universal Declaration of Human Rights and the Fundamental Principles of the International Labour Organization, and to avoid any form of child or forced labour. The Code also mandates environmental responsibility, with a focus on the efficient use of resources and the reduction of environmental impacts. New suppliers must accept and sign the Supplier Code of Conduct unless they can prove that they have their own Code of Conduct which is at least equivalent to our own Code. In case of updates to the Supplier Code of Conduct, all active suppliers are required to re-sign the revised version. The Supplier Code of Conduct covers suppliers, vendors, contractors, consultants, agents and other providers of goods and services who do business with Vetropack worldwide. Suppliers must guarantee that their subcontractors and agents throughout the supply chain acknowledge and comply with our Supplier Code of Conduct. Vetropack reserves the right to monitor compliance and take appropriate action in case of violation.

Alongside the Supplier Code of Conduct, Vetropack’s Procurement Policy also states that fair working conditions must be ensured and that human rights must be respected. Its aim is to guarantee secure, cost-effective, and sustainable sourcing across the Group. The Procurement Policy defines roles and processes in operative and strategic procurement, and it requires social and environmental criteria to be integrated in the procurement process. The policy applies across the entire Vetropack Group and covers all procurement activities for goods and services. It addresses risks such as supply chain disruption or cost volatility. Further information is provided in section E5 Resource use and circular economy.

The objectives of our Supply Chain Policy are to ensure that we meet our due diligence obligations in the supply chain when sourcing minerals or metals, and to avoid products and services involving child labour. The Supply Chain Policy defines the management system and risk management required to implement the provisions of the Swiss Code of Obligations and the Ordinance on Due Diligence and Transparency in relation to minerals and metals from conflict-affected areas and child labour (DDTrO). Responsibility for the operational implementation and control of the policy lies with the Group Procurement Manager, supported by Legal and Compliance and the Group Sustainability Manager. Potential risks related to conflict minerals and child labour are identified, assessed, and documented annually.

Vetropack’s Group Director Legal and Compliance and the Chief Supply Chain Officer are the most senior levels with accountability for policies related to the supply chain. While the Supplier Code of Conduct is publicly available, the Procurement Policy and the Supply Chain Policy are available on our internal document management system.

Actions related to business conduct

Compliance: corporate culture, protection of whistleblowers, corruption and bribery

(G1-1), (ESRS 2 MDR-A)

To identify, report and investigate concerns about unlawful behaviour or conduct that contravenes the Code of Conduct or other policies, Vetropack has established a SpeakUp system as part of its SpeakUp policy. Employees and external stakeholders can access the system via our website. It is available in various languages, and all notifications are treated confidentially. In accordance with the principles of proportionality, the Code of Conduct requires employees to report all known or suspected breaches of laws, regulations and/or internal policies immediately to the General Managers, the HR department, the Legal and Compliance department, or the CEO. Regular (online) compliance training familiarises employees with internal reporting and whistleblowing mechanisms.

Vetropack has defined processes to protect employees when using the whistleblowing mechanisms. The Code of Conduct ensures that employees do not suffer any negative consequences from acting in good faith when reporting a suspected breach of laws, regulations or policies. We encourage all employees to report suspected cases to their line manager or to the Legal and Compliance department. Any information provided through the whistleblowing system is investigated confidentially to protect personality rights and prevent any form of discrimination. When observations of misconduct are reported via the SpeakUp system, calls or messages remain anonymous unless the reporting person provides their contact details. Voice messages are automatically transcribed. Reported cases are handled by the Legal and Compliance department. To ensure that potential incidents relating to business conduct are investigated independently and objectively, they are analysed in depth with support from external advisors. An annual overview of business conduct incidents is submitted to the Management Board, and serious cases are reported to the Board of Directors immediately. Further information on the reporting systems are provided in section S1 Own workforce.

Upon recruitment, all new employees are required to complete Vetropack’s compliance training and to sign the Code of Conduct and other compliance policies, confirming that they have read and understood the principles, and will act in accordance with them. As part of the onboarding process, employees are familiarised with Vetropack’s whistleblower system (SpeakUp channel) and other reporting mechanisms. In addition, the Communications team and local compliance coordinators raise awareness. These measures ensure that all employees know how to report concerns and uphold our commitment to ethical and compliant business practices.

To implement the compliance policies, Vetropack provides comprehensive training through a combination of online courses and classroom training. Our internal learning platform offers mandatory online compliance courses for all employees with computer access. These courses must be completed once. To ensure understanding, incorrectly answered questions are repeated. After completing the training, employees confirm that they understand the policies and will act accordingly. These courses cover the content and application of our policies, including the Code of Conduct, the Business Ethics Policy, the Antitrust Policy, and the Group Policy for Gifts, Hospitality, and Entertainment. Participants are required to sign upon completion. In addition, our Group Director Legal and Compliance conducts annual classroom trainings for employees with higher exposure to compliance risks (such as Sales Managers) at our sites. Employees without computer access participate in tailored classroom trainings. Internal audits verify the correct implementation of business conduct and compliance requirements.

Prevention of corruption and bribery

(G1-1), (G1-3)

Corruption risks arise in connection with business activities in countries with higher levels of corruption as assessed by Transparency International’s Corruption Perceptions Index. The index classifies countries on a scale from 0 to 100, with scores closer to 0 indicating a higher risk, and scores closer to 100 indicating a low or very low risk of corruption. Vetropack’s sites in Romania, Croatia, Slovakia, Ukraine and Moldova have a higher risk. In our view, employees in key positions, such as procurement and sales, are subject to increased corruption risk and are therefore required to participate in specific training. In the year under review, 100 percent of functions at risk of corruption and bribery participated in training programmes. Each year, our Group Director Legal and Compliance delivers training to the Board of Directors and to the Board members of our subsidiaries, with a focus on insider trading and management transactions.

The Group Policy for Gifts, Hospitality and Entertainment sets out instructions intended to prevent any form of corruption and bribery. Our principles for preventing corruption and bribery are based on the OECD’s 1997 Convention on Combating Bribery of Foreign Public Officials in International Business Transactions and its 2021 Anti-Bribery Recommendation. Procedures for preventing, detecting, and addressing allegations or incidents of corruption and bribery focus on annual awareness-raising and training, ensuring that employees are familiar with legally compliant conduct. Mechanisms for preventing and detecting corruption and bribery are communicated to external stakeholders, such as business partners, through specific provisions in the Supplier Code of Conduct and via the whistleblowing system.

Vetropack’s internal auditor reports directly to the Board of Directors on matters relating to business conduct. Where necessary, external advisors are engaged to support investigations. The outcomes of processes relating to investigations into business conduct are reported to the CFO, the CEO and the Board of Directors.

We began implementing the Sanction Check Directive across the entire Group to replace previous local solutions. This directive sets out requirements for reviewing new contractual partners in order to prevent risks related to money laundering, corruption, or other legal issues. The process includes due diligence assessments, supports the identification of suspicious transactions, and mitigates other risks arising from business partners. Further improvements were made to the sanction check tool in the year under review.

Every three years, Vetropack conducts antitrust risk assessments to evaluate its internal processes and the external market environment. In the year under review, Vetropack implemented a new online training course on antitrust for all employees with computer access.

Management of relationships with suppliers

(G1-2), (ESRS 2 MDR-A)

Vetropack’s General Terms and Conditions of Purchase outline our approach to managing relationships with suppliers and demonstrate our commitment to responsible procurement, fair treatment of suppliers and the integration of sustainability criteria into supplier selection and management. The General Terms and Conditions of Purchase require suppliers to comply with all applicable laws and regulations, as well as internationally recognised fundamental standards relating to sustainability, including occupational health and safety, environmental protection, labour and human rights, and responsible corporate governance. Furthermore, we expect our suppliers to ensure that their subcontractors across all tiers adhere to these standards and we reserve the right to verify suppliers’ compliance. The General Terms and Conditions of Purchase also define payment terms and default interest. It is Vetropack’s policy to ensure timely payment to suppliers by specifying clear payment terms and consequences for late payment.

The payment process for suppliers, along with its monitoring, is managed by the Finance department. To ensure timely payment to suppliers, we rely on a digitalised invoicing process, which guarantees that the payment terms are met. The process may be delayed if a supplier has not signed the Supplier Code of Conduct. To further support our suppliers, we offer a Supply Chain Finance programme. This solution enables suppliers to receive their funds almost immediately after the invoice has been released for payment and the supplier requests early settlement. This provides flexibility and improved cash flow for our partners without affecting the agreed payment terms.

Vetropack applies a standardised vendor management process. The main objectives of supplier management are to establish a consistent process across all sites, define routines for handling deviations, support Group‑wide supplier‑related risk management processes, ensure that all suppliers comply with Vetropack’s standards, and build trust‑based relationships. Where remedial actions are required, they are determined on a case‑by‑case basis, taking into account the specific circumstances and context.

Vetropack does not specify a fixed frequency for supplier audits. Instead, audits are scheduled on the basis of a general supply risk assessment. In line with our Procurement Policy, each Lead Buyer conducts a defined number of audits per year. Social and environmental criteria are integrated into supplier selection through a structured, risk‑based approach.

The Vetropack supplier evaluation process is structured around three key steps:

• Vendor self‑assessment: An initial review based on the supplier’s own disclosures and publicly available information, using standardised forms and tailored questionnaires.
• Audit: The most comprehensive form of assessment, conducted where necessary and led by the Procurement team, with support from the Quality and Technical teams. It is based on standardised forms and supplemented by tailored questionnaires.
• Supplier evaluation and re-evaluation: An annual performance review of suppliers, supported by audits depending on strategic importance.

Every five years, Vetropack evaluates its 100 largest suppliers, based on purchasing volume, against a range of sustainability risks. The indicators used for this purpose include the sector and the geographical region. As a result of the evaluation, suppliers are assigned to a risk category. Classification in the ‘high‑risk’ category may lead to the termination of the business relationship following an in‑depth investigation.

As required by Swiss law, we undertake an annual risk analysis related to child labour and conflict minerals. The results of the 2025 assessment can be found in the section Due diligence and transparency.

Targets related to business conduct

(ESRS 2 MDR-T)

Vetropack sets the following targets related to business conduct. All targets were achieved.

• We aim for 100 percent of employees to participate in training on compliance, the Code of Conduct and the Business Ethics Policy.
• We aim for zero cases of corruption and bribery.
• We aim for zero breaches of respective applicable law across the entire Group.
• We aim for zero complaints regarding data protection and zero breaches of data protection laws.

Metrics related to business conduct

Corruption and bribery

(G1-4), (ESRS 2 MDR-M)

Reporting principles: Vetropack respects the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (1997), as well as the OECD Anti‑Bribery Recommendation of 2021, which together have formed the basis for relevant national legislation in many countries worldwide. The metrics related to corruption and bribery, as presented in the table above, relate to breaches of local or international law. Confirmed cases would be linked to court proceedings. Corruption is prohibited and defined as illegal behaviour. Violations of anti‑bribery and anti‑corruption laws may result in criminal fines and penalties. Suspected violations of law are analysed by Vetropack’s Group Director Legal and Compliance, the internal auditor and, where necessary, external legal advisors.

No violations of laws relating to corruption or bribery were recorded in either 2024 or 2025.

Management of relationships with suppliers

(G1-6), (ESRS 2 MDR-M)

Vetropack does not currently disclose the average number of days taken to pay an invoice from the date on which the contractual or statutory payment term begins. Nor does Vetropack disclose the percentage of payments made in line with standard payment terms. Vetropack’s standard payment terms are 60 days and, in some cases, 90 days. Payments are executed through the regular weekly payment run.

Non-ESRS metrics related to business conduct

Reporting principles: Mechanisms related to the whistleblowing system are described in the Actions section of this chapter. Of the 22 notifications submitted via the whistleblowing system in 2025, the vast majority originated from external stakeholders who mistakenly used the hotline to place orders or apply for jobs. The small number of remaining notifications received were appropriately addressed and resolved. In 2024, only notifications addressing legal issues were reported, which explains the significant increase in the year under review. Furthermore, Vetropack enhanced the accessibility of the whistleblowing system, leading to an increase in the number of notifications, including those not related to legal matters. Corruption risk assessments are conducted through visits by the internal audit function. Plants undergo a comprehensive assessment that also covers potential risks of fraud and corruption. Unlike the other plants, the Ukrainian plant was assessed through a written exchange in the year under review. The entire management team undergoes annual training on Vetropack’s procedures for preventing and combating corruption, ensuring that they are informed about legally compliant conduct in these areas.

In 2025, 100 percent of our employees (excluding those on long-term sick leave) were made aware of our compliance policies (Code of Conduct, Business Ethics Policy and Gift Policy) and/ or participated in training activities. All locations conducted training on antitrust-related topics.

In 2023, an antitrust investigation was launched into several glass packaging manufacturers in Italy, including Vetropack Italy. The authority extended the investigation period until the end of 2025 and subsequently closed the proceedings without bringing charges, concluding that there were no findings giving rise to a suspicion of a breach of antitrust law in the Italian glass packaging industry.

The percentage of suppliers that have signed Vetropack’s Supplier Code of Conduct is assessed based on data from the internal Enterprise Resource Planning system, covering the scope of the 5,000 most relevant direct suppliers.

In 2025, Vetropack conducted 12 supplier audits, all of which were carried out on‑site, using a Vetropack‑specific questionnaire that includes sustainability aspects.