Compliance

NORMA Group SE’s compliance organization seeks to prevent violations of laws and other rules, in particular by taking preventive measures. Nevertheless, if there is evidence of violations, these matters are investigated promptly and thoroughly and the necessary consequences are taken. Findings are used to take steps to reduce the risk of future violations. Concrete steps are defined, implemented and tracked annually in a “Compliance Action Plan.”

Group-wide compliance activities are managed by the Chief Compliance Officer of NORMA Group SE. The Chief Compliance Officer regularly reports to the Executive Vice President Integrity and is able to report directly to the Chairman of the Management Board if necessary. In addition to the Compliance department in place at the Group level, there are Compliance Delegates at the regional and individual company levels. The three regional Compliance Delegates for the EMEA, Americas and Asia-Pacific regions report to the Compliance department at NORMA Group. In addition, each operating Group company has its own local Compliance Delegate, who reports to the respective Regional Compliance Delegate. The Supervisory Board is responsible for monitoring the appropriateness of the Compliance Management System.

In the current fiscal year, by establishing the “Compliance Committee,” the company formalized a body for discussing current compliance matters and coordinating necessary measures. Permanent members of the Compliance Committee are representatives of Compliance, Legal and Internal Audit & Risk Management. As a rule, the Compliance Committee meets at least quarterly and, if necessary, outside of regular meetings. The compliance

organization conducts risk analyses together with the relevant units, functions and specialist departments, on the basis of which the compliance organization identifies the need for action and initiates appropriate measures.

Employee training courses are held regularly on selected risk areas and important current topics or developments. In addition to training on specific focus topics, all employees worldwide are trained on the basic compliance rules and important content of the compliance policies. Participation in these training courses is documented and monitored. The training courses of fundamental importance, which must be completed as basic training by all NORMA Group employees with a PC workstation, include the online training courses “Code of Conduct & Compliance Basics” and “Anti-Corruption.” Depending on the job profile, employees must attend specific focus training sessions (including ‘Antitrust law’). Refresher training courses are offered as required. In addition, all employees with a PC workstation must complete the “Data Protection” Integrity training course every year. Relevant employees are also assigned the “Information Security Basics” training course on an annual basis. In the 2024 fiscal year, all office employees were also assigned the “Speak up!” training course, which provides detailed information on whistleblowing. For production personnel, particularly those in manufacturing areas without regular computer access, the company provides compliance information in accessible formats such as Compliance Safety Cards and posters in relevant languages, ensuring essential compliance tenets are effectively communicated. The compliance organization also offers face-to-face training on an ad hoc basis, if necessary. Employees also receive relevant, up-to-date compliance information regularly and on an ad hoc basis via various information channels, the intranet, brochures, e-mails and notices. Key training figures are reported in the CR report.

The COMPLIANCE GUIDELINES of NORMA Group represent an important means of communicating to employees the Group’s understanding of compliance and demonstrating their ethical and legal obligations. All compliance documents undergo regular review and are updated as needed to reflect new legal or social requirements, ensuring they remain current at all times.

The compliance guidelines also include requirements in the area of HUMAN RIGHTS (including forced and child labor, freedom of association and anti-discrimination). A separate Code of Conduct (“Supplier Code of Conduct”) applies to suppliers. The Supplier Code of Conduct is intended to help ensure that laws and ethical rules are also observed within NORMA Group’s supply chain. The compliance guidelines are reviewed and updated regularly to assess the need for changes. By establishing the “Human Rights Committee” as a sub-committee of the Compliance Committee in the past fiscal year, the company created a dedicated forum for the targeted discussion and assessment of potential human rights violations. The Human Rights Committee’s permanent members include representatives from HR and Corporate Responsibility alongside members of the Compliance Committee. The Human Rights Committee usually meets every six months and also outside of regular meetings if required.

NORMA Group encourages its employees to report violations of regulations and internal policies – including across hierarchical levels if necessary. Employees have various reporting channels at their disposal for this purpose, including an electronic WHISTLEBLOWER SYSTEM. This whistleblower system allows internal and external whistleblowers to report suspicious cases to NORMA Group’s Compliance organization and, if necessary, to maintain their anonymity. Additionally, NORMA Group offers other appropriate reporting channels, such as personal reporting to NORMA Group Compliance. In addition to the central internal reporting channel (electronic or in-person), NORMA Group offers supplementary or alternative reporting channels at all locations where required by local laws In addition, any member of NORMA Group’s compliance organization can be contacted at any time regarding all questions and issues related to compliance.

The reporting system is regularly reviewed for both suitability and appropriateness, particularly in relation to the requirements of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019 on the protection of persons who report breaches of Union law (the ‘Whistleblower Protection Directive’)  and its implementing legislation in the member states. The system is adapted if necessary. NORMA Group is closely monitoring further developments with regard to the implementation in national laws by individual EU member states in which NORMA Group also operates reporting channels, which in some cases are not in compliance with the EU Directive. Necessary adjustments are made if required.

The members of the compliance organization investigate compliance violations. If violations of compliance rules are discovered or weaknesses in the organization are identified, the management initiates the necessary and appropriate measures in consultation with the compliance organization in a timely manner. These measures range, depending on the specific individual case, for example, from targeted training measures to changes in organizational procedures to disciplinary measures including termination of employment.