Business Conduct Policies and Corporate Culture

The following sections describe the processes and systematic procedures used in relation to business conduct and corporate culture. The goal of this procedure is to enhance the resilience of all business activities through responsible business conduct that takes a long-term focus. United   Internet is committed to observing the United Nations’ Universal Declaration on Human Rights and bases its activities on the UN Guiding Principles on Business and Human Rights. It has included principles designed to ensure respect for human rights in its Corporate Values and its own codes of conduct. This applies both to its internal Code of Conduct for employees and to its Code of Conduct for Business Partners. The Company’s Policy Statement describes its approach to implementing human rights and environmental due diligence under the German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG), and encompasses the human rights strategy and the expectations to be met by employees and business partners. The Guidelines for Implementing Supply Chain Due Diligence (SCDD) ensure appropriate and effective implementation of the due diligence requirements under the LkSG, describe the organizational structures and workflows for implementing the LkSG, and define the relevant governance structures at United   Internet.

Corporate Values and Leadership Principles

United   Internet’s corporate culture is a critical success factor that has a decisive effect on the working environment, increases employee satisfaction, and promotes productivity. It is constantly enhanced, e.g., through regular employee surveys, team-building activities, interdisciplinary projects, and conferences and networking events.

The Company considers it highly important to have a clear, common corporate culture that is based on its Corporate Values, goals, and ethical standards, and that is individually tailored to the Company’s segments. The result is fair, respectful, rules-based interaction within the Company. The Company defines its Corporate Values and Leadership Principles, and derives necessary skills, in coordination with the management level. Managers play a key role here since authentic leadership, a feedback culture, and their function as role models significantly influence the corporate culture. Workshops, feedback sessions, and employee surveys are used to continuously enhance the culture. Topics such as employee satisfaction, diversity, and ethical conduct are discussed in Supervisory Board meetings and also at regular intervals with the members of the divisional boards of management responsible for them. Topics include the following:  

• Transparency and openness: A culture that is based on trust and honest dialog


• Respect and diversity: Promotion of respectful dealings and the integration of multiple perspectives


• Sustainability and responsibility: Commitment to social and environmental responsibility


• Management-level support for corporate culture: Managers lead their employees by example and by clearly communicating their expectations. Managers are actively encouraged to obtain feedback


• Provision of training and e-learning courses (e.g., diversity e-learning course) to strengthen cultural skills


• Internal communications platforms (e.g., intranet, meetings) to share news and views on cultural topics

Compliance Management System (UI-CMS)

For United   Internet, compliance means observing all statutory requirements and internal guidelines, and acting in accordance with the Corporate Values.

United   Internet is aware that violations of statutory provisions and requirements do not just have legal consequences and run the risk of fines; they also entail a loss of trust placed in the Company by its shareholders, customers, business partners, and employees. United   Internet AG’s Management Board has established the Group-wide, risk-based UI-CMS to preserve this trust and ensure compliance with statutory requirements and internal guidelines.

The UI-CMS is described in the Compliance Guidelines. These binding Guidelines for the United   Internet Group’s Compliance Functions define the roles and responsibilities in the Group-wide, cross-segment Compliance organization. They are supplemented by a cooperation model, which is regularly updated and expanded to include new issues. Together, the Compliance Guidelines and the dynamic cooperation model comprise United   Internet’s compliance framework.

The overarching objective of all compliance activities is to prevent compliance violations. The aim is to achieve this by taking appropriate measures that are aligned with the Company’s risk position. The three levels of activity – “Prevent, Detect, and Respond” – are observed in all cases.

Corporate Compliance helps the segments conduct their business activities in line with the rules. The focus is on anti-corruption, policy management, establishing confidential reporting channels, and protecting whistleblowers.

Compliance Organization

The UI-CMS features decentralized Compliance units at segment level plus Corporate Compliance at the Corporate level. Segment compliance managers are responsible for the concrete design of the segment-related CMS and implement compliance measures at segment level.

The Group Compliance Committee serves as a platform for structured exchanges between Corporate Compliance and segment compliance units, and aims to enhance the UI-CMS in a harmonized manner and to shape compliance uniformly within the Group. The uniformity of Group Compliance is ensured among other things using Group-wide rules, common technical systems, and agreed reporting channels.

United   Internet’s segments are responsible in their own right for ensuring compliance with statutory provisions, with the Compliance Guidelines, and with the additional internal compliance guidelines in their respective segments. The Head of Corporate Compliance, representing the entire Group-wide Compliance organization, reports directly to United   Internet’s Group General Counsel, the Group CFO, and the Audit and Risk Committee established by United   Internet’s Supervisory Board.

Code of Conduct, Guidelines, and Statements

United   Internet’s defined Corporate Values, Leadership Principles, and Code of Conduct are at the heart of its day-to-day work.

Its Corporate Values – a commitment to success, agility, solidarity, fairness, openness, and responsibility – strengthen United   Internet’s sense of identity and are the basis for thinking and working together. They apply both when dealing with one another and in relation to customers and business partners. In this way, United   Internet promotes sustainable cooperation and value creation.

United   Internet’s Leadership Principles reinforce responsible conduct by managers and emphasize the latters’ importance as role models and the need for a team culture.

The Code of Conduct serves as a bridge between the Corporate Values and the internal guidelines. It gives a brief, concise overview of how United   Internet acts in accordance with its Corporate Values, the law, and its guidelines. Clear examples are given to illustrate the material principles, and concrete recommendations on how to behave are provided. This information is made available permanently on the intranet and in some cases also on the internet, so as to ensure transparency and easy access by all stakeholders. The contents of the Code of Conduct are broken down into greater detail and elaborated on in the operating segments. The Policy Statement describes the principles relating to respect for human rights and environmental due diligence and how they are embedded in the workflows in practice. Building on this, United   Internet has broken down its expectations of suppliers and service providers in greater detail in its Code of Conduct for Business Partners, and uses these as one element in its careful selection of its business partners.

Whistleblower System and Guidelines

United   Internet has implemented extensive mechanisms to identify, shed light on, and stop illegal behavior and violations of the Code of Conduct and internal guidelines at an early stage. These actions are designed to minimize the occurrence of material risks such as misconduct and irregularities.

Preventive Measures: Communication and Training

• Onboarding:  Communication about the confidential reporting channels is an integral part of onboarding new employees. In Germany, these confidential reporting channels are addressed as part of the virtual Welcome Days.


• Information platforms:  The Company provides its workers with extensive information about whistleblower protection and management. This includes the relevant guidelines, which are available on a dedicated guidelines portal on the intranet, a compliance wiki, and blog articles.


• An e-learning course on the Code of Conduct is used to teach the code’s content in an interactive, easily understandable way, and is an integral part of the onboarding process for new employees.

Detective Measures: Confidential Reporting Channels and Whistleblower Protection

• Confidential contacts:  Compliance managers and United   Internet Vertrauenspersonen (persons of trust) ¹ serve as in-person contacts outside of employees’ direct working environments.


• Electronic whistleblower system:  The whistleblower system enables internal and external stakeholders to submit reports anonymously. External whistleblowers can access the whistleblower system with a single click from the footer of the Company’s websites. With this “one click solution,” United   Internet makes it easy to access and use the whistleblower system. Whistleblowers need a case number and their case password to access their own, secure mailbox. Communication between whistleblowers and the Whistleblowing Office takes place solely via this secure, personal mailbox.


• Rules and protective measures:  The Whistleblower Protection Policy contains clear rules designed to ensure whistleblower protection. It describes the reporting channels for submitting confidential reports on compliance violations and complaints relating to human rights and environmental breaches.

Investigative and Support Measures

• Binding character and transparency:  United   Internet has drawn up binding Group-wide rules for dealing with reports of compliance violations, plus clear processes for investigating the issues involved.


• Confidentiality:  All recipients of whistleblower reports (compliance managers and United   Internet Vertrauenspersonen) have signed special non-disclosure agreements to ensure whistleblower protection.


• Training:  Compliance managers, United   Internet Vertrauenspersonen, and HR staff receive special training to enable them to provide whistleblowers with effective support and to promote a culture of openness.

United   Internet uses these measures to create a transparent, secure, and supportive environment that encourages employees to report potential violations and to contribute actively to the observance of compliance standards.

Dealing with Reports of Compliance Violations

The Company has established procedures to investigate incidents in connection with business conduct, including corruption and bribery, without undue delay, independently, and objectively. In the fiscal year 2024, United Internet implemented the Group Policy on Handling Reports of Compliance Violations and Conducting Internal Investigations . These aim to create binding, Group-wide rules and hence to set a high standard for dealing with reports of compliance violations, and to ensure fair and legally compliant internal investigations.

The guidelines set out requirements for plausibility checking initial suspicions, define circumstances that serve as triggers for internal investigations, and specify the responsibilities and the workflow for the latter. In addition, they set out the documentation requirements and determine the reporting channels to be used for the results of internal investigations. The guidelines give all employees involved in an internal investigation certainty on how to act, and legal certainty. In addition, the internal guidelines take the LkSG requirements with respect to grievance mechanisms into account.

The Whistleblowing Committee is a core element in ensuring that circumstances are investigated adequately. This internal, ad hoc advisory body assesses reports of potential major compliance violations that have passed the plausibility check. The Whistleblowing Committee makes recommendations on how to deal with reports, e.g., by performing an internal investigation. The Whistleblowing Committee must be convened within three days of receipt of the whistleblower report by the responsible Compliance Manager. The committee is composed of representatives from Corporate Compliance and the relevant segment Compliance unit(s), plus representatives from other functions (such as Corporate Audit or HR), where appropriate.

In fiscal year 2024, the Group-wide Compliance organization received 32 reports of potential compliance violations via internal Company channels. It performed a plausibility check on each of the reports so as to review their validity. Reports for which the location, timing, or behavior was not described in sufficiently concrete terms, and that could not be firmed up sufficiently even after the whistleblower was asked for further details, were not pursued further.

None of the total of 32 reports related to corruption or bribery.

*Reports that have been described in sufficiently concrete terms in terms of the location, timing, or behavior involved.

Training on Business Conduct

United   Internet’s Code of Conduct sets out guidance for responsible behavior and addresses human rights and environmental due diligence in its own operations. Information about corporate policies and guidelines is provided in comprehensive training programs. E-learning courses, such as the e-learning course on the Code of Conduct ¹ , are an integral part of the onboarding process and offer employees an interactive approach to their content.

The training policies can vary at segment level and depending on the topic. Data privacy training is repeated mandatorily for all employees every two years and evaluated using end-of-course tests. As a matter of principle, an e-learning format is used for training, which is also tailored by company and target group. Anti-phishing measures are performed ad hoc several times a year. Managers receive specific training in areas such as strategic management, team leadership, conflict solving, and change management. In fiscal year 2024, United   Internet introduced new training courses on the digital transformation so as to strengthen skills and knowledge in a changing environment.

Anti-corruption Training

In fiscal year 2024, United   Internet held a Group-wide e-learning course on anti-corruption ¹ . The training was mandatory for employees in at-risk functions. At-risk functions include the following: sales and purchasing, authorized company officers areas involved in approving and handling payments; areas in contact with officeholders or elected representatives, and areas with contacts to licensing and supervisory authorities. In addition to these at-risk functions, decision-makers (the Management Board, senior executive management, and managers), assistants, and functions involved in anti-corruption processes, are included in the mandatory e-learning course. The following overviews provide details of the training program and the number of employees affected:

¹ Number of employees as of December 31, 2024. The data records for the total number of employees at the Group companies home.pl and world 4 you were included as of December 31, 2024.

² The Business Access Segment is not included in the assessment.