Governance

PFISTERER is committed to strong governance, integrity, and responsible corporate management. For more than 100 years, we have built trusted relationships with customers worldwide. Our Code of Conduct and compliance framework ensure adherence to legal and ethical standards. We apply a strict zero-tolerance policy toward bribery and are fully committed to compliance with antitrust and fair competition laws. We require business partners to comply with our Supplier Code of Conduct. Our Compliance Management System (CMS), aligned with IDW Standard 980, systematically addresses identified compliance risks and supports effective prevention, monitoring, and control mechanisms. Furthermore, PFISTERER’s compliance with the NIS-2 Directive demonstrates the advanced maturity of its cybersecurity measures.

Compliance

In 2025, PFISTERER further strengthened its commitment to responsible corporate governance and integrity by appointing a Global Compliance Officer. We focused on ensuring a consistent understanding of compliance across all locations and functions. Our global training and qualification framework covers key compliance risk areas, including anti-corruption, antitrust law, fair competition, and responsible interaction with business partners.

The company-wide Code of Conduct serves as a binding framework for all employees and managers and reflects applicable legal requirements, international standards, and our corporate values. In 2026, the Code will be supplemented with market-specific content. In addition, targeted training on insider regulations and ad hoc disclosure has already been provided to relevant employees and managers.

Our compliance organisation is structured both centrally and locally to ensure effective implementation, reporting, and monitoring. Clear policies and procedures, regular audits, and an established whistleblowing system support our zero-tolerance approach to bribery and breaches of competition law.

Potential violations can be reported confidentially via our whistleblowing system. In the 2025 reporting year, no confirmed cases of fraud or material compliance breaches were reported. Our managers worldwide are responsible for ensuring compliance with applicable requirements within their areas of responsibility and regularly confirm that no such breaches are known to them.

Tax Governance Principles

PFISTERER complies with all applicable tax and customs regulations in the countries where it operates, including corporate tax, payroll tax, VAT, duties, and excise taxes. We ensure timely filing and payment of all tax obligations and apply internationally recognised transfer pricing principles in intercompany transactions.

Information Security Management

PFISTERER has implemented a tailored Information Security Management System (ISMS) to meet industry and stakeholder requirements, including those of critical infrastructure (KRITIS) partners. Aligned with the NIS2 Directive, the ISMS ensures a robust and cyber-resilient supply chain. The NIS-2 Directive sets mandatory requirements to ensure a high common level of security for network and information systems within the European Union and has been established in PFISTERER’s ISMS as the standard guiding the IT security strategy. Cyber threats and risks are regularly assessed, with defined countermeasures and independent annual reviews to verify the effectiveness of security controls.

Actions

• Governance Committee: Appointment of a Global Compliance Officer and implementation of a Governance Committee to strengthen integrity, oversight, and governance processes through regular review of key initiatives.

• Compliance Management System: Further development and professionalisation of the CMS, including enhanced central and local compliance structures, optimised reporting and control processes, and strengthened global compliance roles, including the Global Compliance Officer.

• Code of Conduct: Comprehensive update of the company-wide Code of Conduct and integration into the mandatory training program.

• Compliance Training: Expansion of global training initiatives, including multilingual e-learning modules and targeted training for high-risk groups and selected business partners.

• Supplier Code of Conduct & Due Diligence: Strengthening of the Supplier Code of Conduct and expansion of risk-based due diligence processes, with intensified review of compliance within the supply chain.

• IT Security: Continued protection of IT systems through multi-factor authentication and 24/7 monitoring by a managed Security Operations Center (SOC), alongside further expansion of global IT resilience measures, including unified endpoint management, enhanced backup and recovery strategies, standardised hardening guidelines, and globally aligned technical and regulatory policies.

Targets and Key Figures

To protect the integrity of our business processes and uphold stakeholder trust, we set clear compliance targets and metrics. In the reporting year, compliance structures were strengthened and employee awareness improved, resulting in zero substantiated compliance breaches, consistent with previous years.