G1-1 – Corporate Culture and Policies for Business Conduct

Vonovia defines corporate governance as responsible, sustainability-driven business conduct and oversight based on trust and transparency encompassing all areas of the company. The Management Board and the Supervisory Board have made a comprehensive commitment to the principles of corporate governance as set out in the German Corporate Governance Code.

These principles are the basis for the sustainable success of the company and serve as guidelines for conduct in the company’s daily management and business. Good corporate governance strengthens the trust of our shareholders, business associates, employees, customers and the general public, boosts corporate transparency and strengthens our Group’s credibility. With balanced corporate governance, the Management Board and the Supervisory Board want to secure Vonovia’s competitiveness, strengthen the trust of the capital market and the general public in the company and sustainably increase the company’s value.

Our comprehensive set of policies and measures aimed at preventing compliance violations in connection with corporate governance is consolidated within our Compliance Management System (CMS). The CMS at Vonovia encompasses all policies, regulations and works agreements. The CMS is based on three pillars: prevention, detection and response. Individual aspects of the CMS are reviewed by Vonovia’s Internal Audit department at regular intervals, generally every three years. At the top of our internal compliance framework is the Group Compliance Policy, which serves as a binding framework linking all policies and regulations to create a unified compliance structure. The Compliance Policy is supplemented by other Group policies, such as those on anti-corruption and whistleblowing.

The CMS applies across the Group and ensures that all transactions and processes comply with all legal and internal requirements. Whenever legislation in Austria or Sweden conflicts with Group-wide rules, a different rule is adopted for the subgroup in the form of a national guideline. The ultimate responsibility for this lies with the respective managing directors.

Vonovia implements the policies described below to address the material impacts and promote its corporate culture. Since the measures to implement the policies that are also outlined below are part of a continuous process and are always adapted to current (legal) circumstances, there is generally no specific timeline for their completion, unless a timeline has been defined for individual measures.

Operational responsibility for the implementation, monitoring and further development of the policies relating to corporate culture, bribery and corruption is shared between the Human Resources, Legal, Compliance and Data Protection, Corporate Communications and Internal Audit departments. Ultimate responsibility lies with the Management Board. The Chief Compliance Officer, who leads the Compliance and Data Protection department, is responsible for identifying compliance risks as well as implementing appropriate preventive and risk minimization measures.

Corporate Culture

Our approach to promoting corporate culture is outlined in our Code of Conduct. On the basis of the Code of Conduct, we define the ethical and legal framework within which we act, ensure commercial success and aim to achieve positive impacts on our employees through a positive working atmosphere and a trusting, constructive management style. It reflects our corporate values and applies to all employees at Vonovia. The focus is on dealing fairly with each other, in particular with our customers, business partners and investors. That is also why we place such an emphasis on compliance with applicable legislation, without exception. Adhering to the legal framework conditions and regulations does not just apply to our own employees but also for the suppliers and service providers we work with.

We also communicate in our Declaration of Respect for Human Rights, which has the same status as a Group policy and which applies throughout the Group, our clear conviction for a pluralistic democratic society and zero tolerance of human rights violations as well as our commitment to respect human rights in all aspects of our business. We adhere to the core labor standards of the International Labour Organization (ILO), the UN Guiding Principles on Business and Human Rights, the OECD Guidelines for Multinational Enterprises and the principles of the UN Global Compact, which we committed to in 2020. Our Code of Conduct also takes account of our stance regarding respect for human rights.

Through our policy of “Positive impacts on employees through the Code of Conduct and the development of a corresponding corporate culture,” Vonovia aims to foster a corporate culture that supports continuous development and individual potential, promotes diversity, and helps us attract and retain talent. Our corporate culture ensures fair wages and considers principles such as respect and diversity as fundamental. We are also committed to creating a future-oriented, attractive and safe working environment that provides the foundation for our joint success and contributes to the satisfaction of our employees.

Our corporate culture is founded on transparent reporting and corporate communications, on corporate governance aimed at the interests of all stakeholders, on fair and open dealings between the Management Board, the Supervisory Board and employees as well as on compliance with the law. Employees are regularly trained on diversity topics (see S1-4 for details) to raise awareness of inclusion and equality of opportunity, with dedicated programs such as the Women’s Network, Female Leadership Forum, and mentorship initiatives for high-potential female employees (see S1-4 for details).

Another key measure for the promotion of corporate culture is the Business Partner Code, which outlines our expectations and requirements for suppliers, who are required to sign it. These requirements relate to compliance with human rights – from legal conformity and the fulfillment of legal standards for working conditions to an assurance of freedom of association and the exclusion of child labor, forced labor and discrimination. Minerals, and particularly conflict minerals, are also to be procured responsibly in accordance with OECD guidelines. We also expect our business partners to subject their own business partners at all stages in their supply chain to the obligation to comply with the same standards and principles. As part of the needs-based evaluation of our major suppliers and contractors via our partner portal, we strive to ensure that the criteria stated in the Business Partner Code are complied with. In the event of incidents and breaches, a structured management of measures is activated, which – once all other resources have been exhausted – may result in blocks on orders or the blocking of a particular supplier. Long-term cooperation with contractual partners is the responsibility of the Procurement department, enabling any misconduct to be addressed. In Germany and Austria, contractual conclusion is preceded by an automatic check against relevant sanctions lists, with the Compliance and Data Protection department informed immediately in the event of a hit. In Austria, the Procurement department reviews all new creditors and regularly reviews existing ones on a half-yearly basis as part of a compliance check that also includes an inspection of sanctions lists (via KSV1870). Vonovia’s Business Partner Code of Conduct applies across the entire Group. However, local adaptations are permitted within the subsidiaries in Austria and Sweden if required by country-specific or operational considerations.

Corporate culture is a multifaceted topic that cannot be fully captured through singular or multiple quantitative targets, which is why we have not set measurable, outcome-oriented targets.

Nevertheless, two quantitative indicators of “employee satisfaction” and the “proportion of women in leadership roles” (both of which are sub-indicators of the SPI) serve as reference points for evaluating the effectiveness of our corporate culture policies and actions. Our corporate culture and Code of Conduct make a significant contribution to high levels of employee satisfaction. A large proportion of women in management positions points to a corporate culture that promotes diversity and helps the company to retain talent. 

We are aiming to achieve the target of at least 77% employee satisfaction by 2030. The Management Board proposes these targets as part of the LTIP planning process, with validation by the Supervisory Board. Similarly, our target for the proportion of women in leadership roles (first and second levels below the Management Board) is to reach at least 30% by 2030. Additional details can be found in S1-5.

Four compliance questions were included in the employee satisfaction survey in 2025 for the first time in order to establish a compliance KPI. The specific results are to be used as an opportunity to draw conclusions as to the level of awareness, accessibility of the reporting options and trust in the compliance function. If necessary, appropriate actions are to be taken in 2026 to further develop the three criteria referred to above.

The Compliance Committee also meets quarterly to discuss topics including corporate culture, the current status of the Compliance Management System (CMS) and any necessary adjustments. New policies and measures are developed as needed.

Bribery and Corruption

Vonovia addresses the material negative impact “Violations of applicable bribery and corruption regulations undermine the confidence that relevant stakeholders place in the company’s integrity” through the Code of Conduct, the Human Rights Policy, the Compliance Guidelines, the Whistleblowing Policy, the Anti-Money Laundering & Terrorist Financing Prevention Policy and the Group Anti-Corruption Policy. These policies apply across the Group and are reviewed by Internal Audit as part of a risk-based approach, with local adjustments being made in Austria and Sweden.

The aim is to prevent and combat bribery and corruption to avoid any negative impacts such as bad press, damage to the company’s image and employer brand, rating downgrades, stakeholder trust erosion, and increased costs for Vonovia’s customers, employees and business partners, and to prevent any violations of the law.

Our policies align with IDW (Institute of Public Auditors in Germany) standard PS 980 (September 2022) “Principles of proper auditing of compliance management systems,” which largely corresponds to the United Nations Convention against Corruption. Our objective of preventing and combating bribery and corruption, as well as avoiding related incidents, is pursued through the quantitative indicators of the “number of convictions and the amount of fines for violation of anti-bribery and anti-corruption laws” and the “total number of confirmed cases of corruption and bribery,” covering both our employees and business partners (for details, see G1-4).

Vonovia has implemented several measures to support its anti-bribery and corruption objectives, including:

• implementing an annual analysis of compliance risks which analyzes bribery and corruption among many other potential risk areas,
• an extensive complaints management/whistleblowing system (see G1-3) and
• extensive training programs, particularly for functions-at-risk.

The compliance risk analysis, which explicitly covers bribery and corruption risks, has been conducted every year (previously every two years) since the 2024 fiscal year. In addition to a horizontal analysis, this process also includes a root cause analysis and vertical analysis of potential compliance risks for the Group. An analysis and evaluation of compliance risks in the Swedish and Austrian companies is also scheduled on a recurring basis, usually every three years. A decentralized compliance structure with local contacts enables direct, easy-to-access support in the various business areas. The Compliance and Data Protection department provides these individuals with ongoing training and support.

Vonovia also established a comprehensive complaints management system that allows employees and externals, such as customers and business partners, to report corruption, bribery and other forms of misconduct. Reports are processed by a specially trained, independent team. Details are outlined in Disclosure Requirement G1-3.

Regular Group-wide training sessions are the cornerstone for preventing misconduct before it happens. A comprehensive catalog of regular and mandatory training events is firmly established and has been adapted to suit internal target groups.

In Germany, all employees (including part-time employees) with access to a company digital device must complete an annual 60-minute training session covering the Code of Conduct (basic compliance knowledge) as a matter of principle. Employees without such devices receive the Code of Conduct as an annex to their employment contract. In Austria and Sweden, all employees are given training on compliance issues (including the Code of Conduct and bribery and corruption) when they join the company and then every year in a 45 to 60-minute refresher session.

In addition to training on the prevention of corruption and bribery, Vonovia also provides its employees in Germany with training on other topics every two years, such as anti-money laundering, data protection, whistleblower protection and the policy for handling inducements and donations/sponsorship arrangements. In addition, the Sales departments in Austria receive two one-hour training sessions a year on preventing money laundering and terrorist financing, and also complete a 45 to 60-minute online training course on preventing corruption.

Further details regarding the anti-corruption and anti-bribery training conducted in the fiscal year can be found under disclosure requirement G1-3.

Functions-at-risk at Vonovia, with regard to the risk of corruption and bribery, include all managers.