ESRS G1 Business Conduct[G1] Business conduct
Disclosure requirement |
|
Title with reference |
|---|---|---|
G1 GOV-1 |
|
The role of the administrative, management, and supervisory bodies |
G1 IRO-1 |
|
Description of the process to identify and assess material impacts, risks, and opportunities |
G1 SBM-3 |
|
Material impacts, risks, and opportunities and their interaction with strategy and business model |
G1-1 |
|
|
G1-2 |
|
Management of relationships with suppliers (not material) |
G1-3 |
|
|
G1-4 |
|
|
G1-5 |
|
|
G1-6 |
|
Payment practices (not material) |
Impacts, risks, and opportunities [G1 SBM-3] Material impacts, risks, and opportunities and their interaction with strategy and business model
Impacts, risks, and opportunities
Within the scope of the materiality analysis, Fresenius has identified a material impact and material risks related to Business conduct:
Sub-sub-topic |
|
Type of IRO |
|
Value chain |
|
Time horizon |
|
Description |
|---|---|---|---|---|---|---|---|---|
Corporate culture |
||||||||
n / a |
|
Risk |
|
Own operations |
|
Long-term |
|
Reduced investment due to poor corporate culture [#39] |
n / a |
|
Risk |
|
Own operations |
|
Long-term |
|
Legal sanctions from unethical business conduct [#40] |
Political engagement and lobbying activities |
||||||||
n / a |
|
Potential positive impact |
|
Own operations |
|
Mid-term |
|
Improved access to medicines through responsible advocacy [#41] |
n / a |
|
Risk |
|
Own operations |
|
Long-term |
|
Long-term financial damage from unethical market behavior [#42] |
Corruption and bribery |
||||||||
Prevention and detection including training; Incidents |
|
Risk |
|
Own operations |
|
Long-term |
|
Financial losses from corruption and bribery incidents [#43] |
Entitiy specific: Compliance in global supply chains |
||||||||
n / a |
|
Risk |
|
Own operations |
|
Short-term |
|
Risks to supply security and compliance in global healthcare markets [#44] |
Approach
Business conduct policies and corporate culture [G1-1] Business conduct policies and corporate culture
During the reporting period, a new Fresenius Code of Conduct was introduced. This Code applies to all Fresenius Group employees, managers, and bodies worldwide. The Code is a key component of corporate governance, reflecting the company’s values, principles, and ethical standards. It serves as a moral compass in everyday work, helping employees act ethically and legally, even in complex situations. Based on the Fresenius Principles, the Code addresses key sustainability issues, including human rights, patient safety, corruption prevention, data protection, the responsible use of artificial intelligence, and environmental responsibility.
The content was developed in collaboration with the Operating Companies and relevant specialist functions, taking into account the interests of key stakeholders. During this process, care was taken to ensure that all Fresenius business models were considered and that current developments, such as those in digital technology, were incorporated.
The Code of Conduct was approved by the Management Board. Responsibility for its implementation and further development lies with the Group function Group Risk & Integrity. Managers must ensure compliance and foster an environment where ethical issues can be openly discussed. The compliance function and other departments provides support for implementation and monitoring of issues relevant to them.
Guidelines, organizational directives, and process descriptions in the Operating Companies supplement and further define the rules of the Code of Conduct for everyday operations. Violations are not to be tolerated. The Code of Conduct is the basis for all employment contracts and available to the employees. The Group Code of Conduct has been published on the Fresenius website www.fresenius.com.
Fresenius’ ethical principles go beyond legal requirements. It is important to act not only in accordance with the law, but also in accordance with applicable industry codes and Fresenius principles.
The Fresenius Principles reflect the strong corporate culture of the Group. They are critical to the company’s success: They embody what Fresenius stands for and what it means to work for Fresenius. As joint maxims, they guide the Group’s actions and provide orientation on the path to becoming one of the market-leading healthcare companies that people trust – because Fresenius combines cutting-edge technology and human care to shape next-level therapies.
In developing the Fresenius Principles, the company included various internal and external reflections. The feedback from employees was an essential input: In an intranet survey conducted at the end of 2023, they frequently mentioned terms such as commitment, courage, responsibility, and innovation culture, among other items. These core values were given special consideration when drafting the Fresenius Principles. In addition, the content of existing initiatives was taken into account during the development process.
The Management Board has decided to use the Principles as the basis for the whole Group and adapt or replace existing elements or initiatives. During the reporting year, the implementation of the Fresenius Principles was systematically supported by the Group-wide communication initiative, Fresenius Principles in Action. As part of this initiative, workshops were held throughout the company to promote an understanding of, and adherence to, the principles among employees, as well as to integrate them into daily activities.
The Fresenius Principles
Acting according to these principles helps to ensure that stakeholders can rely on Fresenius as a trustworthy partner. As a signatory to the UN Global Compact (since October 2024), the Group simultaneously guided by the following internationally recognized principles:
Universal Declaration of Human Rights
United Nations Guiding Principles on Business and Human Rights (UNGPs)
International Labour Organization (ILO) Declaration on Fundamental Principles and Rights at Work
OECD Guidelines for Multinational Enterprises
German Corporate Governance Code
As a registered company in the EU Transparency Register, Fresenius SE & Co. KGaA is also committed to applying the EU Transparency Register Code of Conduct.
If a violation of the rules and principles is detected, Fresenius performs an investigation, initiates the necessary remediation measures, and imposes sanctions if applicable. In addition, the Group uses incidents as an opportunity to sharpen the compliance programs and prevention mechanisms.
Compliance management system
The fundamental principles and values of the corporate culture, as defined in the Fresenius Code of Conduct, are implemented through the Group-wide, risk-oriented compliance management system. The system is built on the three pillars of prevention, detection, and response, aiming to embed a living compliance culture across all levels of the organization. The key ambition is to prevent corruption and bribery in the business environment. Beyond that, prohibiting violations of antitrust law, data protection, trade restrictions, and anti-money-laundering laws, preventing the financing of terrorism, and protecting human rights are also key areas, which Fresenius addresses with dedicated compliance measures.
The design and implementation of the Group’s compliance management system is based on international regulations and guidelines, such as the ISO standards on the setup of compliance management systems and applicable audit standards of the Institute of Public Auditors in Germany, Incorporated Association IDW (PS 980 n.F., as of 09 / 2022). When implementing improvements, Fresenius takes into account the respective national or international legal frameworks. In 2024, the Management Board commissioned an auditing firm to evaluate the compliance management system (CMS) in Corporate / Other, Fresenius Kabi and Fresenius Helios in accordance with IDW PS 980 n.F. (as of 09 / 2022). The first phase – a gap analysis – was completed in 2024 and recommendations for the further improvement of the compliance management were defined. In the second phase, which took place during the reporting year, 22 projects were developed based and implemented on these recommendations and in line with the elements of the auditing standard. The aim is to further strengthen the effectiveness and governance structure of the system and to ensure compliance with legal and ethical requirements within the Fresenius Group. The evaluation of appropriateness of the CMS, as commissioned in 2024, was finalized.
Risk management and internal control system
The compliance management system is embedded in the internal control system and the risk management system. By using standardized methods, Fresenius regularly records, analyzes, and evaluates compliance risks for the entire Group. As part of integrated risk reporting via the risk management tool, defined core compliance risk subgroups are regularly reported and assessed, including, for example, bribery, corruption, and antitrust law. The compliance representatives exchange information on key findings from the respective risk assessments, which may result in additional compliance risk subgroups to reflect new risk areas or risk clusters. Fresenius adapted the Group-wide integrated risk management tool as well as the risk methodology to implement applicable regulatory requirements and to further improve the reporting quality of risks. Risk entries are validated by subject matter experts, i.e. the Compliance function or / and other relevant functions, in order to ensure the consistency and quality of these entries. Risk mitigation plans are tracked and monitored to ensure a steady mitigation impact.
Concerns regarding possible unlawful behavior or violations of internal guidelines are raised by internal or external stakeholders via the existing reporting systems and are documented and investigated accordingly in Compliance Case Management. If necessary, internal investigations are initiated as described in this topical standard in the Whistleblower reporting system section. If relevant risks are identified in the process, they are documented and assessed in the risk management tool.
At the same time, the internal control system is an important part of Fresenius’ risk management. In addition to internal controls regarding the financial reporting, it includes control objectives for important non-financial processes, such as quality management and patient safety, cybersecurity, inventory, supply chain management and data protection, and sustainability.
Fresenius has documented relevant critical control objectives in a Group-wide framework, integrating the various management systems into the internal control system in a holistic manner.
The effectiveness of compliance activities is measured and evaluated in the internal control system on the basis of internal control objectives. These include the areas of anti-corruption, trade compliance, anti-money laundering, and antitrust law.
Responsibilities and controls at Group level
Overall, within the Management Board, the Sustainability Board member is responsible for corporate governance principles, compliance, and compliance risk management approaches. Within the management functions of the Operating Companies, the responsibility for implementing compliance is regulated by business allocation plans. The Operating Companies have also established their own compliance organizations, which reflect the requirements of the business organization, regulatory requirements, and the associated internal controls. The Group function Group Risk & Integrity1 advises the Group functions, develops minimum standards for the compliance management system Group-wide, and manages the Group-wide compliance reporting.
Group Risk & Integrity Organizational Structure
The Risk Steering Committee (RSC) – under the management of the Sustainability Board member – discusses internal and external developments regarding the risk management and internal control system as an advisory body. This includes, for example, developments relevant for the compliance management system. In addition, the RSC advises on significant risks and prepares decision proposals for the Management Board. The meetings of the RSC are scheduled regularly, at least once per quarter. The members of the RSC are managers with functional responsibility within Group functions and representatives of the Operating Companies.
In addition to the updates in the RSC, the Group Chief Compliance Officer of Fresenius SE & Co. KGaA regularly provides the Management Board with comprehensive information on all Group-wide compliance initiatives and policies. The Management Board informs the Supervisory Boards of Fresenius SE & Co. KGaA and Fresenius Management SE about the progress of the compliance measures at least once a year, most recently in October 2025. The Supervisory Board is informed (indirectly via the Chair of the Audit Committee) two times a year about compliance.
Fresenius takes the interests of patients into account through the procedures described in topical standard S4 Consumers and end-users, Health and safety section, S4-2 Engaging with patients.
1 In 2026, the organizational structure will be adjusted. Further information is provided in standard ESRS 2.
Whistleblower reporting system
The grievance and whistleblower mechanisms and procedures for investigating reports are central components of Fresenius’ approach to preventing and combating violations of compliance or human rights. The grievance and whistleblower systems are designed to allow for barrier-free submissions of reports without any local or temporal restrictions. This applies regardless of whether these are employees – including those of service providers – or suppliers, customers, patients, residents of one of the Fresenius-locations, or other potentially affected parties. If Fresenius employees suspect misconduct, e.g. violations of laws, regulations, internal guidelines, or standards, they can report the potential compliance incident to their supervisors or the responsible compliance officers. In addition, employees and third parties – e.g. workers in the value chain – can report potential compliance or human rights incidents anonymously, where legally permitted or required, e.g. by telephone in more than 30 languages, online via whistleblower systems available in up to 27 languages, via email addresses set up specifically for this purpose, or through an ombudsperson. The employees can find relevant contact persons, the grievance channel or whistleblower system, additional information, and the procedure description on their intranet, which applies to the respective Operating Company. Fresenius informs third parties, including business partners, about the availability of the whistleblower systems and the various reporting channels via the Human Rights Statement or the Code of Conduct for Business Partners, e.g., on the website www.fresenius.com. Teams can be trained by specially qualified Case Management & Investigation Officers.
Incoming reports are treated confidentially as described in the respective guidelines to protect the individuals who report them. Fresenius takes all potential compliance violations seriously. An initial assessment focuses on the plausibility and possible severity level of the reported incident. For this purpose, the Case Management & Investigation Officers, who together form the Group-wide Case Management & Investigation Office, are deployed in all Operating Companies. The Case Management & Investigation Officers, whose responsibilities depend on the Operating Company, carry out preliminary assessments of reports received and initiate risk-appropriate investigations on a case-by-case basis. The severity of the compliance violation determines who is responsible for further investigation. If necessary, a dedicated team takes over the investigation, which may include internal experts, but can also comprise external support. The responsible management implements the necessary remedies in a timely manner and in close cooperation with the compliance officers. Depending on the type and severity of the misconduct, disciplinary sanctions or remedies under civil or criminal law may be imposed. After completion, Fresenius uses the results of internal reviews and reports to review the business processes.
The Group implements corrective or improvement measures where necessary to prevent similar misconduct in the future.
Fresenius is subject to EU Directive 2019 / 1937 on whistleblower protection and implements it accordingly. The company ensures the protection of the rights and freedoms of natural persons whose personal data is processed through the established reporting channels and procedures. In particular, appropriate technical and organizational precautions are implemented to ensure compliance with legal, contractual, and internal company requirements. Neither the platform operator nor third parties can access the reports. This applies to all compliance reporting platforms. Only responsible members of the Fresenius Compliance function and of the Operating Companies have access, and handle the reports confidentially. In the Fresenius Code of Conduct and the Group-wide process descriptions, it is laid out that no discrimination, e.g., retaliation will be tolerated against employees who in good faith report possible or actual violations or assist in clarifying the facts and support investigations. This protection is also served by the precautions to maintain confidentiality (e.g. need-to-know principle) and strict rules for dealing with conflicts of interest. In the case of external reporters, the Group strives to achieve a comparable level of protection. The Operating Companies have formulated corresponding expectations, e.g., in their Codes of Conduct for Business Partners.
Compliance reports – among them incidents relating to corporate governance and corruption and bribery – are evaluated based on Group-wide guidelines as well as the respective guidelines of the Operating Companies, which are aligned with the Group-wide guidelines. Processing is carried out in compliance with the deadlines stipulated in the Whistleblower Protection Directive. The Group Chief Compliance Officer informs the Sustainability Board member immediately about compliance cases that could lead to a potential high impact, based on an internal assessment. The Management Board as well as the Audit Committee of the Supervisory Board also receive a regular overview of reported cases by category and Operating Company from the Group Chief Compliance Officer and is informed in detail about the investigations relevant to the Group.
The results of the internal investigations and the findings on potential target groups are incorporated into the further development of the grievance and whistleblowing procedures (compliance case management) and the processing of reports. Based on the findings, Fresenius reviews the effectiveness of the procedure defined in guidelines on a regular basis or more frequently if required. If necessary, the Group will make appropriate adjustments and changes with regard to the accessibility and process of the procedure. Fresenius wants to continuously improve.
Fresenius complies with the statutory reporting requirements for compliance reports at all times. This publication is always anonymous. Further details on compliance reports can be found in the Metrics section of this topical standard.
Policy for handling compliance incidents
Since 2023, a new policy for handling compliance incidents has been in effect across the Group. Standard Operating Procedures (SOPs) define the associated documentation for case management, such as templates for investigation plans and reports. In 2024, the policy was updated to include, among other things, the possibility of assigning incidents to a possible reference to human rights. This enables more detailed recording of possible human rights violations as part of an overarching compliance incident. The SOPs are updated as needed to meet legal changes and to further improve the quality and consistency of case management work worldwide. The principles of the policy for handling compliance incidents apply to the entire Group, i.e. to all activities, geographical areas as well as stakeholder groups. The principles also take into account reports that are submitted to Fresenius from the upstream or downstream value chain.
Antitrust policy
Since 2025, the Fresenius anti-trust policy has supplemented the comprehensive catalog of policies under the Code of Conduct. It defines binding principles for compliance with antitrust regulations. For example, the policy sets out rules for dealing with competitors, participating in industry associations, and handling competitively confidential information. Violations will be consistently investigated in accordance with the processes described previously and sanctioned depending on the facts and severity of the offense. In the reporting year, a new training program was rolled out in all Operating Companies.
Compliance training
To effectively implement the aforementioned compliance concepts, it is essential to thoroughly train employees. This is why employees are offered training on compliance issues via various formats, e.g. such as in-house training, live webinars, or on-demand video training. This training covers basic topics such as the Code of Conduct as well as corporate guidelines. Depending on the employee group, more specific topics such as anti-corruption, antitrust law, anti-money-laundering, data protection, and information security are also included – especially for exposed areas. It is also important to raise awareness among employees and managers about the protection of whistleblowers, as documented in the respective guidelines.
Participation in basic training, such as on the Code of Conduct, is mandatory and takes place at regular intervals, which are determined depending on the training course. Mandatory e-learnings are distributed to all employees, e.g. a defined target group. In the reporting year, Fresenius began rolling out mandatory training for all employees following the publication of the new Code of Conduct. This activity will continue in 2026. The goal is for employees to be able to identify and prevent non-compliant behavior at an early stage. Employees are prompted and reminded to participate in mandatory training courses. To promote a risk-conscious and value-oriented corporate culture, Fresenius also trains executives using a dialogue-based approach.
The principles and content conveyed in the training programs are a key component of the compliance culture. They are continuously adapted based on needs, designed to be practical, and implemented effectively.
To support the development of the Fresenius compliance program, focus training topics were set in 2025: The Compliance departments of all Operating Companies have trained particularly exposed employee groups in the area of anti-corruption. In addition, the Group function Group Risk & Integrity has successfully rolled out an onboarding program for all newly appointed compliance officers in the Group. This also includes the training on antitrust law. In 2025, Fresenius again assigned all new employees of Fresenius SE & Co. KGaA to mandatory training on the Code of Conduct.
For functions which are more exposed to specific risks such as corruption and bribery, specialized compliance training content is developed and provided. In the hospital sector, this training may address procurement teams or individuals in sales who interact with healthcare professionals. The assessment of the risks to which a function is exposed is carried out in consultation with the segment managers as required.
The compliance trainings are based on the existing guidelines issued for the respective functions. For example, Fresenius Helios’ Company Transparency Regulation, applicable in Germany, clearly states that only employees of the Purchasing & Logistics division are authorized to negotiate with relevant business partners. Direct sales of products in the hospitals by field staff, e.g. medical technical companies, are not allowed.
Processes for the prevention and detection of corruption and bribery [G1-3] Prevention and detection of corruption and bribery
Detecting and preventing corruption and bribery is part of the compliance management system and risk management. A system to detect and prevent corruption and bribery was set up in 2025 for the former Vamed business unit HES, now Fresenius Health Services, which is consolidated after being transferred to Fresenius. This system is intended to prevent, detect, investigate, and prosecute allegations of corruption and bribery or cases of corruption and bribery. The system also provides for the targeted training of employees. Compliance contract clauses also obligate the business partners to adhere to ethical business practices. Further concepts regarding corruption and bribery among the Groups’ business partners are explained in this topical standard, section Resilience and compliance in global supply chains. The Corporate Audit Group function conducts independent and risk-oriented audits to continuously improve the effectiveness of compliance and anti-corruption. If weaknesses are identified, the function monitors the implementation of remediation actions defined by the respective management through systematic follow-up reviews. In 2025, 7 internal audits with audit reference corruption and 2 audits relating to the compliance management system were conducted at the operating sites of the Operating Companies. The audit engagement results were analyzed by the compliance organizations and incorporated into the continuous improvement of existing processes. Structural changes to the processes related to the compliance organizations were not required.
Financial transactions
Closely related to the policies of detecting and preventing corruption and bribery are the controls for cash transactions and banking transactions. These should meet the current requirements and risks, which is why Fresenius regularly reviews them as part of the internal controls system and adjusts them, if required.
Money laundering
Fresenius has established appropriate mechanisms to address money-laundering risks. These include internal control requirements, such as the prohibition of certain cash payments, as well as risk analysis and review processes for relevant business partners and transactions. The Group reports suspicious transactions to the authorities. The controls implemented are embedded in policies and appropriate training is provided.
Dealing with conflicts of interest
Fresenius strives to avoid potential conflicts of interest and to ensure that the patients receive appropriate treatment options. In this context, integrity also means that employees clearly separate private interest from that of the company. They make decisions for Fresenius based on objective criteria. Employees are obliged to make potential conflicts of interest transparent to their supervisors as soon as they have identified the conflict and before the business action is taken. The affected employee and their supervisor have to discuss the exact circumstances. Depending on this, the supervisor will initiate the appropriate steps.
In the reporting year, Fresenius issued a Group Standard Operating Procedure (gSOP) on dealing with conflicts of interest. Fresenius plans to roll out a group-wide tool in 2026 that will enable employees to report potential conflicts of interest with low barriers to entry. In this way, Fresenius supports its employees in dealing responsibly with conflicts of interest by defining clear requirements and providing guidance. Fresenius also plans to provide answers to the most frequent questions on the intranet. Training and regular updates of information will complement the activities at the Group level and within the Operating Companies. The compliance and HR departments are also available as a contact partner for all related questions.
Management of contributions
Fresenius’ guidelines govern interactions with business partners and customers, as well as the handling of donations. They state that Fresenius donates for scientific or charitable purposes and without expecting any consideration, on a voluntary basis only. The Group prohibits political contributions in its Code of Conduct. Should any financial or in-kind contributions occur, an investigation will be conducted to determine if they constitute a violation of the Code of Conduct. If a violation is confirmed, it will be communicated, investigated, documented, and assessed as a compliance report through appropriate systems and processes. For example, Fresenius Helios prohibits unilateral monetary allocations by the industry for the financing of medical training in Germany. It also restricts such contributions to the communication of independent scientific content, among other things.
Functional reporting lines in the compliance organization
In addition to the aforementioned guidelines, controls, and processes, functional reporting lines of the compliance management system are intended to contribute to the effective prevention and detection of corruption and bribery. Accordingly, since 2023 the compliance officers of the Operating Companies are reporting to the respective Heads of Compliance of their Operating Company; they report functionally to the Group Chief Compliance Officer. The Group Chief Compliance Officer, the Chief Compliance Officers, or the Heads of Compliance of each Operating Company, the Head of Group Reporting and Monitoring, and the new role of Chief Customs and Trade Compliance Officer created in 2024 form the Group Compliance Management Team (GCMT). This management team meets on a monthly basis, sets the governance standards for compliance at Fresenius and supports the effective implementation of the compliance management system. The GCMT regularly examines the results of the compliance risk analysis, the compliance figures, the further development of the compliance management system, and the results of monitoring measures.
The management of the Operating Companies receive regular reports on compliance from their Chief Compliance Officers or Heads of Compliance.
Combating corruption and bribery
Fresenius strictly rejects any form of corruption or bribery. To prevent such behavior, the company carries out risk-based due diligence checks, establishes clear guidelines, and provides targeted training for all employees. Employees are regularly provided with information – e.g., on the website, on the intranet or via newsletters – on the processes to detect, prevent, and address (suspected) incidents of corruption and bribery.
All Operating Companies provide training programs tailored to their specific risk profiles. The training courses cover both the basic principles of corruption and bribery prevention and practical scenarios. The content includes the legal framework, internal guidelines, and specific instructions for dealing with critical situations in an ethically correct manner. The risk profile determines the obligation to participate in the training. This applies in particular to employees who have contact with public officials or budget responsibility, and who can influence award decisions. The Operating Companies themselves determine which employees or employee groups belong to high-risk functions and require specific training. Participation and completion rates are monitored by a designated function, e.g. supervisors or Compliance teams.
The Management and Supervisory Boards are advised on detection and prevention of corruption and bribery during regular meetings.
Resilience and compliance in global supply chains [MDR-P] G1-Company-specific
Global supply chains in the healthcare industry are primarily characterized by high product quality and safety requirements and the application of regulatory requirements. At the same time, cultural values, working practices, and national legal regulations can create challenges, but also enrich the industry. Supply bottlenecks carry the risk of cost increases and can jeopardize security of supply. In order to maintain flexibility and responsiveness, it is also important to avoid dependencies on individual suppliers and to prevent misconduct by business partners. Fresenius addresses the identified potential risks through a comprehensive compliance and risk management system, Group guidelines, and the governance structure described in this topical standard. In addition, suppliers and business partners are carefully selected and monitored.
Codes of conduct
Compliance with applicable laws and standards as well as ethical conduct is an integral principle for Fresenius in its relationships with business partners and suppliers. Accordingly, the Code of Conduct and related guidelines for Fresenius Group employees also regulate the relations with business partners and suppliers. When dealing with healthcare professionals, it is essential, e.g., that all price negotiations, marketing materials, event participations, or sponsorships activities are clearly regulated. Fresenius expects business partners to comply with ethical standards of conduct in daily business as specified in the Operating Companies’ Codes of Conducts for Business Partners. Potential risks related to the supply chain and impacts on sustainability aspects shall be addressed through these provisions. Among other topics, the codes explicitly prohibit corruption and bribery and oblige partners to comply with relevant and applicable national and international anti-corruption laws. Furthermore, the Codes of Conduct for Business Partners contain requirements regarding respect for human rights. Fresenius is committed to conducting all business relationships with integrity, fairness, and respect, including with regard to payment practices. Further details can be found in the general terms and conditions of the Operating Companies, negotiated contracts, and written cooperation agreements.
Fresenius informs business partners about these requirements before entering a business relationship and perform risk-based business partner due diligence. The Codes of Conduct of the Group are publicly accessible on the Fresenius website. An overview of the most relevant stakeholder groups is provided in the standard ESRS 2 General disclosures, section SBM-2 Stakeholders and partnerships.
Business partner and investment due diligence
Fresenius works with a large number of business partners to avoid dependencies on individual suppliers. To avoid risks arising from misconduct by business partners, Fresenius conducts risk-based due diligence checks before entering into a business relationship. The business partners to be screened are selected with a risk-based method according to defined criteria. Ecological or social criteria can also be taken into account. This is within the responsibility of the respective Operating Companies. In the reporting year, Fresenius adopted a Group-wide guideline for the screening of business partners. Based on the risk profile, Fresenius provides for specific human rights or environmental clauses in supplier contracts which define concrete provisions for cooperation and information obligations in case of potential or actual human rights violations. In addition, human rights risk analyses are carried out annually and on an ad hoc basis in all Operating Companies, in which a human rights risk value is determined for suppliers on the basis of country and industry data. This forms the basis for further specific steps to be taken.
Accordingly, the compliance contract clauses are based on the partner’s risk profile to prevent corrupt actions. Furthermore, in contracts with business partners, Fresenius reserves the right to terminate the contract in the event of misconduct.
The Group performs regular checks of all business partners against the applicable significant sanctioned party lists. In the reporting year, Fresenius introduced a Group-wide list of restricted business partners. This ensures that no Operating Company enters into contracts with restricted business partners. The process stipulates that the GCMT decides on the inclusion, retention, and removal of restricted business partners after thorough review.
Whenever Fresenius decides on potential acquisitions and investments, the company takes compliance risks into account in due diligence measures, among other methods via the Investment Council (IC), which reviewed planned acquisitions and investments in a defined process for the Operating Companies and Fresenius SE & Co. KGaA. Every investment proposal submitted to the Management Board had first been discussed, reviewed, and evaluated by the IC. If necessary, Fresenius initiates safeguarding measures and includes, e.g., compliance declarations and guarantees in the contracts. Following an acquisition the new company is integrated into the compliance management system as quickly as possible.
Trade restrictions
To provide people worldwide with access to lifesaving medicine and medical equipment, Fresenius also supplies products to countries that are subject to trade restrictions. This also involves risks for Fresenius due to additional necessary inspections and possible authorization requirements. However, appropriate sanction mechanisms typically provide exemptions for such deliveries of medical products in order to ensure security of supply. Fresenius expects that the scope of such exemptions will remain unchanged. It is particularly important to the Group to comply with all currently applicable legal provisions, e.g., with regard to sanctions or export controls. To this end, Fresenius has introduced various processes, such as special IT system checks for deliveries that are subject to import or export restrictions. In the responsible central Group function and in the Operating Companies, there are dedicated experts for trade compliance, as well as a trade compliance program at Fresenius Kabi. A Group-wide trade compliance program is still being developed.
In order to be able to react appropriately to the rapidly changing sanctions situation, the Management Board has implemented additional monitoring and approval processes to ensure that trade compliance approvals and the review of all involved business partners are mandatory for each delivery into specific countries affected by sanctions. In addition, automated IT-based checks for each transaction at Fresenius Kabi are an integral part of the trade compliance program. In 2024, the Chief Customs and Trade Compliance Officer function was established. The function supports and controls the aforementioned policies on Group level.
Regulatory requirements
For Fresenius, the early assessment and application of new or amended regulatory requirements is essential in order to support existing resilience in business relationships and procurement processes. This applies to all material issues within the Group. The focus here is on a qualitative classification of the regulatory framework in relation to Fresenius’ business model and markets. Details can be found in the respective topical standards, e.g., on quality requirements in topical standard S4 Consumers and end-users, section Health and safety.
In terms of sustainability, Fresenius addressed the implications of the EU Deforestation Regulation (EUDR), the EU Carbon Border Adjustment Mechanism (CBAM), and the Directive on empowerting consumers for the green transition (EmpCo Directive) in the 2025 reporting year, among other things, and used various exchange formats within the company or initiated specific projects for this purpose. The aim is to inform the operating units at an early stage about the possible effects of new regulatory requirements in the area of sustainability and to support them in responding to these requirements operationally and strategically. This includes, e.g., reviewing existing business processes or developing and publishing communication formats, such as internal guidelines.
Further information on risks in operating activities can be found in the risk report, which is part of the Combined Management Report.
Actions [MDR-A] Actions and resources in relation to material sustainability matters
In the reporting year, Fresenius did not adopt any central guidelines for measures and corresponding resources for addressing identified material impacts and risks relating to the governance approach. Projects and activities for the ongoing implementation and further develop of management approaches were carried out, as described in section Business conduct policies and corporate culture. These activities are not part of an action plan to which significant operating expenditures (OpEx) and capital expenditures (CapEx) are allocated.
In addition, Fresenius created the organizational requirements for a Group-wide trade compliance organization. This is currently being set up. Other key activities focus on the ongoing application and implementation of the new central governance approach in the Operating Companies enabling short-, medium-, and long-term impacts to be effectively managed, opportunities to be exploited, and risks to be addressed. Throughout these developments, Fresenius continuously monitors changes in key areas. Should new requirements or risks arise that necessitate the adaptation or introduction of specific guidelines, the Group will take the appropriate measures.
Goals and ambitions [MDR-T] Tracking effectiveness of policies and actions through targets
The aspiration is to integrate the comprehensive understanding of compliance into daily business. The aim is to prevent violations, continuously improve the compliance management system, and to further evolve a living compliance culture, especially among the employees and the stakeholders Fresenius interacts with. Exchange on best practices between Fresenius’ Operating Companies plays a key role here. The Operating Companies develop operational goals and programs on an annual basis to continuously strengthen the compliance management system.
Incentives, e.g. compensation-related targets, can promote the implementation of supplementary implementation steps in the compliance functions and are defined individually as required. Training measures are also carried out. Compliance-violations can lead to sanctions, including dismissal in the event of serious misconduct. In addition, Fresenius aims to ensure to comply with all applicable sanctions and requirements for export controls, even in the event of short-term changes in legislation. The Group has no evidence that it has not complied with applicable sanctions and export control requirements.
To measure the effectiveness of the concepts and processes, Fresenius identifies and visualizes key performance indicators (KPIs) in the current development of the digital compliance monitoring process. In connection with the main impacts and risks, the number of received compliance reports, e.g., is a relevant element for monitoring that is regularly evaluated. All Chief Compliance Officers and Heads of Compliance have access to these evaluations. By continuously expanding this compliance monitoring, Fresenius is working to steadily improve the current overview of relevant compliance matters.
Since 2024, the Compliance function has been conducting regular Compliance Reviews to assess the effectiveness of the Group’s Compliance Management System. These reviews were also carried out in 2025 and will be further expanded going forward.
Metrics
Training [G1-3] Prevention and detection of corruption and bribery
As explained in section G1-1 Approach, Compliance training, Fresenius considers employee training to be essential in order to promote fair and ethical business conduct and to adequately address impacts, risks, and opportunities through well-trained employees. As the data collection processes matured, the scope of applicable employees at Fresenius Helios in Spain was narrowed. After assuming all employees in 2024, a smaller population, focused on functions with respective risk-relevance defined in the reporting year 2025, was included in the calculation of the key figure. This changed scope will serve as basis for the metric calculation going forward and improves the significance of the metric. The value from Fresenius Helios in Spain, which contributes to the consolidated Group figure, is therefore not comparable with the previous year, leading to non-comparability of the overall Group figure.1
In the reporting year, 94.0% of employees who are exposed to particular risks due to their work or role received training (2024: 81.2%). The Operating Companies themselves determine which employees or employee groups belong to the at-risk functions and require training.
1 This information is based on ESRS 2 BP-2.13a-c, which is based on ESRS 1 Section 7.4, as specified in BP-2 in ESRS 2.
Incidents of corruption or bribery [G1-4] Incidents of corruption or bribery
In the reporting year 2025, there were no convictions and no fines of Fresenius for violations of corruption and bribery regulations.
|
|
2025 |
|
2024 |
|---|---|---|---|---|
Number of convictions |
|
– |
|
– |
Amount of fines, in € Mio |
|
– |
|
– |
Fresenius continuously works on strengthening the governance structures to effectively prevent, detect, and address incidents. Supporting employees and stakeholders in appropriately responding to suspected cases of corruption and bribery plays a central role in this effort. In addition, preventive measures are an integral part of the compliance management system and serve to identify risks at an early stage and prevent violations. The compliance reviews conducted since 2024 are another step toward effectively preventing, detecting, and addressing deviations or violations.
Political influence and lobbying activities [G1-5] Political influence and lobbying activities
Fresenius’ government relations activity is managed by a dedicated Political Affairs department. This reports directly to the Chairmen of the Management Board of Fresenius. The Groups’ representative office in Berlin and an EU Relations Office in Brussels are available as contact points for politicians and the representatives. The primary task of the department is to advise policy makers on policy initiatives that require expertise in medicine and the healthcare industry. Any political activity by Fresenius’ employees and representatives is governed by the Code of Conduct, as well as by the applicable legal standards regarding the relations with external partners and the public. Information on lobbying expenditures is published as required by law in the Operating Companies and countries concerned.
In the 2025 reporting year, Fresenius did neither make any direct nor indirect political contributions in the form of cash or in-kind political contributions, including intermediary organizations. In addition, no financial or in-kind donations were made to politicians (2024: 0 €). The amounts recorded in the EU transparency register include, among other things, the costs for personnel required for communication activities.
Fresenius’ government relations and lobbying activities are aimed at opportunities to improve access to medicine and healthcare. To achieve this, the company participates in direct discussions and meetings with policymakers, draft written statements, and takes part in hearings and consultations. Additionally, Fresenius builds networks and coalitions with other relevant stakeholders, exchanges ideas with experts, and promotes relevant research projects.
Fresenius primarily focuses on the following industry-specific topics: improving the legal and economic framework conditions for businesses, promoting the (industrial) healthcare sector, ensuring the financial sustainability of healthcare systems, and guaranteeing high-quality healthcare in the own facilities. Promoting economic growth and practical perspectives in political discussions to develop actionable solutions are also part of the activities. Additionally, the engagement extends to the own business activities, as Fresenius also advocates for the improvement of working conditions for employees.
Given the societal significance of the topics addressed, it is particularly important for Fresenius to conduct political engagement and lobbying activities responsibly and transparently, thereby addressing impacts and mitigating short- and long-term risks related to reputational damage, rating assessments, and credit conditions.
Fresenius is registered in the lobby register for advocacy towards the German Bundestag and the Federal Government (registration number R001428). Fresenius is listed in the EU transparency register under number 047428334069.
No person from management or supervisory bodies held a comparable position in public administration (including regulatory authorities) in the two years prior to their appointment during the current reporting period.
Compliance reports [MDR-M] G1-Company-specific
In the reporting year, no incidents related to business conduct or other categories that could have significantly impacted the reputation or financial position of Fresenius were reported through the established reporting channels.
|
|
2025 |
|
2024 |
||||
|---|---|---|---|---|---|---|---|---|
Business Integrity |
|
104 |
|
98 |
||||
Data Protection |
|
33 |
|
21 |
||||
Accounting / Reporting |
|
3 |
|
14 |
||||
Misuse of Company Assets |
|
217 |
|
220 |
||||
Environment / Health / Safety |
|
22 |
|
52 |
||||
HR / Workplace |
|
330 |
|
317 |
||||
Other |
|
725 |
|
528 |
||||
Total1 |
|
1,434 |
|
1,250 |
||||
|
||||||||
In 2025, a total of 1,434 compliance reports (2024: 1,250) were received via the incident databases at Fresenius SE & Co. KGaA and the Operating Companies. They were recorded via various reporting paths. After completing an investigation, we determine whether the allegations were substantiated or unsubstantiated. An allegation is considered substantiated if the accusations described therein could be proven in whole or in part. In the reporting year, the substantiation rate was 31.3%.
The majority of reports were in the overarching categories of Human Resources (HR) / Workplace, Other and Misuse of Company Assets. The increase in reports received is partly due to the intensified use of the automated whistleblowing systems and internal communication, which initiatives have proven to be effective. An additional factor contributing to the overall increase was the group-wide rollout of the new code of conduct, including mandatory training for all employees, which also covered the existing reporting channels. The majority of this increase relates to patient complaints from Fresenius Helios in Spain that have not reached the threshold of a compliance violation.
The compliance reports published annually in the annual report are recorded and managed using IT systems. The underlying methods and procedures are defined in the Group-wide gSOP Case Management. This corporate regulation is binding for all operational units and has been implemented globally. As described in this topical standard, Whistleblower reporting system section, potential compliance cases are captured through various grievance mechanisms.
In the reporting year 2025, the received reports were categorized thematically into subcategories, if applicable, a relation to human rights was indicated, and they were consolidated into seven main categories in the final report.