Governance and compliance



Governance und Compliance
  • Establishment of a compliance management system for human rights
  • Easier access to the whistleblower system
  • Closer integration of risk management with sustainability opportunities and risks
  • More intensive supply chain risk management for raw materials

Responsible corporate governance and human rights

Strategy and management

As well as complying with the law and respecting human rights, the principles of business ethics involve respecting internal regulations and binding voluntary commitments. We strive to prevent compliance violations within Evonik as well as breaches of human rights by Evonik and in our supply chain. We therefore see fulfilling statutory regulations, for example, on fair competition and on fighting corruption and money laundering, as a minimum requirement.

We are also committed to observing internationally recognized standards and our own more far-reaching guidelines and principles of conduct. The starting point for responsible corporate management at Evonik is our code of conduct, together with our global social policy and our policy on the environment, safety, health, quality, and energy (ESHQE). In addition, the executive board has adopted a new version of its policy statement on human rights, which has been revised, in particular, in light of the German Act on Corporate Due Diligence Obligations in Supply Chains (LkSG). Human rights have been included in the code of conduct since 2018.

Voluntary commitments

Our code of conduct sets out Evonik’s most important principles and standards, which all employees must be aware of. It is valid throughout the Evonik Group and is an integral part of the employment contract between each individual employee and Evonik. Evonik has defined responsibility for the topics included in the code of conduct, along with key contacts. Violation of the code of conduct can damage Evonik’s reputation and result in substantial financial loss. In view of this, violations can have far-reaching consequences for the employee involved. We do not tolerate violations of our code of conduct. Evonik has issued a special code of conduct for suppliers, which sets out binding requirements.

Our global social policy sets out rules for social responsibility and business ethics in our relationship with our employees and their dealings with one another. As a member of the UN Global Compact, we have given an undertaking that, within our sphere of influence, we will actively respect and promote labor rights and human rights, avoid discrimination, protect people and the environment, and fight against corruption. In addition, we want to make a contribution to achieving the United Nations’ 17 Sustainable Development Goals (SDGs). We have therefore identified the SDGs that are most relevant for us.

As a signatory to the chemical industry’s Responsible Care® Global Charter, we have an obligation to continuously improve our performance in health protection, environmental protection, product stewardship, and safety. Our ESHQE positions are predicated on the protection of people and the environment. Together with more detailed policies and procedures, they form Evonik’s ESHQE regulations.

Human rights

Respecting human rights is a central element of corporate responsibility. We address the associated obligations throughout the company and along the value chain within our sphere of influence. Evonik has various tools, principles of conduct, and guidelines to support compliance with human rights obligations.

From 2023, Evonik comes within the scope of the German Act on Corporate Due Diligence Obligations in Supply Chains. This law set out companies’ obligation to make sure that their business activities do not contribute to breaches of human rights. It requires them to respect the core labor standards issued by the International Labour Organization (ILO) to prevent forced or compulsory labor and child labor, the right to freedom of association, the UN International Covenant on Civil and Political Rights, the UN International Covenant of Economic, Social and Cultural Rights, and the employment protection regulations applicable at the place of employment. In addition, the law requires compliance with three international environmental conventions, including the Minamata Convention.

Elements of the compliance management system for human rights


  • Policy statement on human rights
  • Code of conduct
  • Global social policy
  • ESHQE policy
  • Code of conduct for suppliers
  • General terms and conditions of purchasef

Prevention and awareness-raising measures

  • Human rights risk analysis (due diligence)
  • Supplier validation and evaluation
  • Business partner integrity checks
  • Whistleblower hotline


  • Sustainability report
  • Non-financial statement
  • Reporting in compliance with the UK Modern Slavery Act
  • Reporting in compliance with the California Transparency in Supply Chains Act
  • Website Sustainability
Our progress in 2022

We extended our compliance policy to include human rights in our House of Compliance and integrated this into the area of responsibility of the chief compliance officer. To support this, we are setting up a compliance management system for human rights. Its aims are timely identification of risks and the establishment of preventive and remedial action to avoid or mitigate breaches of human rights. We therefore consider that we are well-prepared with a view to future European and international requirements.

Evonik appointed its first group human rights officer effective July 1, 2022. His role includes implementing and continuously developing the compliance management system for human rights. He also chairs a cross-functional roundtable on human rights, which brings together representatives of the Procurement, ESHQ, HR, Marketing & Sales Excellence, and Sustainability functions.

Human rights risk analysis

In 2022, Evonik conducted its first human rights risk analysis. This also covered environment-related aspects in its own business area and at direct and indirect suppliers. The analysis is based on Evonik’s existing human rights risk map. The identified risks were validated, weighted, and prioritized on the basis of criteria such as the likelihood and severity (scope and remediability) of possible breaches of human rights. We will perform annual and ad-hoc risk analyses in the future. To this end, we developed an appropriate IT solution in the second half of the reporting period. Since the appointment of the human rights officer, risk analyses have been performed as part of the due diligence in M&A projects. We have also improved the management of the important interfaces between the Procurement, ESHQ, and HR functions.

Policy statement on human rights

The policy statement on human rights was revised in the reporting period on the basis of the risk analysis, the requirements of the German Act on Corporate Due Diligence Obligations in Supply Chains (LkSG), and the UN Guiding Principles on Business and Human Rights and adopted by the executive board.

Evonik’s procurement strategy includes criteria such as health, safety, human rights, labor rights, and environmental protection. A central focus of sustainable supply chain management is supplier validation, evaluation, and development, both before and during the business relationship. The code of conduct for suppliers, which we revised in the reporting period, sets out our expectations with regard to respecting human rights. We also expect our suppliers to require their suppliers to comply with the requirements set out in our code of conduct for suppliers.

Complaints procedure and reports of potential violations of human rights

Violations of human rights at or in connection with Evonik can be reported via internal channels and an electronic whistleblower system operated by an external service provider. Both employees and external stakeholders, such as business partners, suppliers, and local inhabitants in the vicinity of Evonik sites, can use this system, which is available in 20 languages, to report non-compliance or potential non-compliance to Evonik. The system has a separate category for human rights, and reports are channeled directly to the group human rights officer. Alongside the electronic whistleblower system, suspected violations of regulations can be reported to the responsible compliance office by phone, email, or letter. We are working continuously to improve the effectiveness of the complaints channels.

Corporate Governance

As a specialty chemicals company with a presence throughout the world, good corporate governance with a long-term focus is essential for Evonik. The executive board and supervisory board are explicitly committed to responsible corporate governance and identify with the goals of the German Corporate Governance Code. We see respecting and applying the principles of corporate governance as important management tasks. That starts with collaboration within the executive board and supervisory board and between these two boards. It also includes Evonik’s relationship with its shareholders and other people and organizations that have a business relationship with the company.

Opportunity and risk management

Since it operates globally, Evonik is exposed to a range of influences along the entire value chain that may be either opportunities or risks. Risk management at Evonik takes a multidisciplinary approach. Risk are identified when there is a deviation from the present business planning or the mid-term plan, which covers a three-year period. Early identification and evaluation of potential opportunities and risks is part of our extensive opportunity and risk management. This takes into account financial and non-financial opportunities and risks, for example, in relation to occupational safety, process safety, product stewardship, health protection, and climate change.

Risk management process

Our established risk management system systematically captures and monitors both quantifiable and non-quantifiable risks in the present fiscal year and the mid-term period. Risk reporting is the starting point and result of our continuous risk management process. Risk coordinators ensure that internal and external risks are identified and reported by their organizational unit (identification). Risk assessment uses clear and uniform criteria to allow classification and prioritization. The measures selected and implemented to manage risks are designed to limit the likely damage caused by the risk factors and/or their probability of occurrence (controlling). Progress with the measures implemented and the development of the risks over time are tracked (monitoring). Monitoring only becomes unnecessary when a risk actually occurs, becomes obsolete, or is reduced to an insignificant level. All units are required to update their opportunity and risk reports quarterly. Ad-hoc risks have to be reported without delay, even outside the defined reporting intervals (reporting).

Closer alignment between sustainability risks and conventional risk management

The identification of sustainability opportunities and risks within conventional risk management and monitoring of the measures taken are organized on a decentralized basis. Responsibility is assigned to the risk coordinators and risk officers in our management units: The risk coordinators in the divisions enter sustainability-related risks and opportunities, including their impacts and likelihood of occurrence, in the group-wide risk reporting system for the current year and the three-year mid-term period. The status of the relevant measures is also entered. We use our annual risk coordinator conference to raise the awareness of the relevant personnel of the increasing significance of sustainability-related opportunities and risks.

The sustainability analysis of our business is our core process for strategic management and ongoing development of the sustainability aspects of our portfolio. The analysis covers economic, ecological, and social aspects along the value chain. It assesses the strengths/opportunities and weaknesses/risks of established business activities and major research projects from the perspective of market-specific sustainability aspects in our four Sustainability Focus Areas. We are presently developing a concept to include the results of the sustainability analysis in group-wide risk reporting in the future.

Sustainability risks and opportunities beyond the mid-term period

Sustainability risks often have a far longer time horizon than the mid-term period used for conventional risk management. Such long-term risks are particularly relevant for Evonik because our production facilities are typically operated for decades, our products remain in the environment for a prolonged period, and our supply chains are exposed to long-term environmental and social risks. Therefore, we are currently working on an approach to identify long-term sustainability-related risks and opportunities so that we can define adequate targets and measures to address them. That will help us take such opportunities and risks into account directly in portfolio management, innovation management, and decision-making in the future.

Ethics and compliance

The compliance areas of specific relevance to Evonik are bundled in a House of Compliance. Each area defines and monitors relevant rules for its compliance-related issues and the voluntary commitments entered into by Evonik.

House of Compliance

Responsibility for the environment, safety, health, and quality is bundled in a corporate function with the same name.

Minimum group-wide standards have been defined for the compliance management systems for the areas covered by the House of Compliance, and we make sure that they are implemented in every area. Final responsibility for this rests with the executive board, which defines the key elements for the compliance management systems and monitors their observance. The supervisory board’s audit committee oversees the effectiveness of the system. The process of forming a consensus, sharing experience, and coordinating compliance activities takes place in the compliance committee, which is composed of the heads of the respective units, who have independent responsibility for their areas, and the head of Group Audit. Group Audit performs independent audits to support the executive board and subsequent management levels in the performance of their supervisory duties and continuous improvement of business processes. A key focus is auditing the internal control system and the risk management system.

The compliance management system is based on the values and targets adopted by the executive board. Its main aim is to avoid, or at least minimize, compliance violations and the associated risks. Compliance violations should be identified and sanctions imposed, depending on their severity. The heads of the compliance units work to make sure the compliance management system is appropriate and effective for the respective compliance issues.


Principle of prevention
Tools used to avoid potential compliance risks include risk analysis, training, raising awareness, and providing advice. We examine all sites, not just individual business locations, with a view to the topics covered by the House of Compliance such as corruption risks.

To identify potential risks as early as possible, every unit is required to perform regular risk analyses. Based on the results of its risk analysis, each organizational unit issues binding standards and processes for the precautions to be taken with regard to business activities where there are specific compliance risks. The topics forming the focus of the risk analysis and the action taken may vary over a given period. Substantial changes in the relevant risk situation are examined on a case-by-case basis. As soon as a topic is examined, the main risks are reported to the management and governance bodies at the company concerned, depending on their type and extent. A regular risk analysis is undertaken in the compliance areas fighting corruption, antitrust law, and preventing money laundering. The following risk analyses have been performed in recent years:

  • Antitrust law and fighting corruption (2015 to 2017)
  • Anti-money laundering (2017 to 2019)
  • Antitrust law, anti-money laundering, and fighting corruption, with a specific focus on procurement (2018 to 2020)

Taking the mitigating measures into account, these risk analyses did not identify any significant compliance risks.

Group-wide training concepts are available for all aspects bundled in the House of Compliance, and we continuously review them.

Principle of detection
All employees are required to report possible or actual violations of the code of conduct to the responsible department or compliance officer without delay, regardless of whether they relate to them personally or to their colleagues. In addition to internal reporting channels—in writing by email or letter, by phone, or orally to the responsible compliance officer— an electronic whistleblower system operated by an independent external provider is available group-wide for the detection of possible compliance violations. Both Evonik employees and external stakeholders such as business partners and their employees, local residents near our sites, and employees’ families can report suspected compliance violations via the whistle­blower hotline, which is available in 20 languages. Reports are possible on all key compliance issues and are automatically forwarded to the department at Evonik responsible for the relevant compliance topic. In the reporting period, access to the whistleblower system in both the intranet and the internet was improved.

Whistleblower system at Evonik

Evonik takes up all allegations and investigates them internally. Under the corporate policy on internal investigations, whistleblowers may not be placed at a disadvantage, provided that the reports are not deliberately incorrect or grossly negligent.

Principle of response
We initiate suitable measures to end the violation and minimize the risk. Depending on the severity of the case, the measures taken with regard to employees range from warnings or reprimands to termination of employment and claims for compensation. In addition, further action is taken to raise awareness, for example, through training. Possible sanctions against business partners are termination of the business relationship and blacklisting.

Our compliance reporting
Our annual compliance report mainly provides information on the compliance organization and issues specific to the compliance management system. The report on internal investigations presents the internal investigations conducted during the year. Both reports are prepared for the executive board, division heads, and the management board of Evonik Operations GmbH. They are also made available to the supervisory board’s audit committee. Furthermore, the audit committee and executive board are informed of relevant risks and developments—insofar as is deemed necessary in individual cases—both during the year and on an ad-hoc basis in urgent cases. This applies to all material risks and violations of regulations that are of overriding significance for the Evonik Group.

Cyber Security

Evonik regards cybersecurity and information security as vital preconditions for successful digitalization. The challenges in cyberspace are increasing exponentially. This is attributable to the further professionalization of cyber blackmail, the serious effects of ransomware attacks, the increasing diversity of malware programs and their mutations, and critical weaknesses in widely used software products. The growing importance of this topic is confirmed by our extensive new materiality analysis: For the first time, cybersecurity was ranked as a material topic. To heighten cybersecurity, we are focusing on the risks of a loss of intellectual property, combined with a loss of business, inadequate observance of regulatory and compliance requirements, and inadequate robustness of critical IT and operational technology systems. We are also focusing on inadequate technical equipment and speed in order to keep pace with digital business projects, risks for third parties such as the loss of customer data, reputational risks, and emerging technological risks.

Cybersecurity affects IT throughout the Evonik Group, including both office systems and IT for operational technology (OT). The chief financial officer bears overall responsibility for cybersecurity. The chief information officer (CIO), who reports directly to the CFO, is responsible for cybersecurity at an operational level. The CIO and chief IT security officer (CISO) report regularly to the CFO on the related tasks and risks, as well as the appropriateness and efficacy of the IT security management system. Our IT security organization includes a central cybersecurity operation center, which protects Evonik’s digital territory and brings together the important operational IT security functions. The cybersecurity operation center includes the cyber defense team, which is based in Germany and is responsible for identifying and dealing with IT security incidents.

We drive forward and monitor the implementation of our security measures for the operation and use of IT with the aid of an internal management system. In this way, we keep a constant eye on the present threats and align our security measures to them. Our cybersecurity performance is measured and evaluated by the external rating agencies BitSight and CyberVadis using their own parameters. Evonik’s current rating positions it in the top third of the manufacturing industry peer group. Evonik increasingly uses digital networking in its collaboration with suppliers, partners, and customers and develops special cybersecurity measures for this purpose.

Increasingly, our production plants are networked with each other. Originally designed as stand-alone solutions in many cases, they are increasingly being connected to the Office network and the internet. To mitigate the associated cyber risks, we constantly adapt the protection level for our plants by implementing our EMPOS program (Evonik Management Platform for OT Security). We use our Cyber Security Resilience Program—known as CRISP for short—to protect the Evonik Group against increasingly aggressive, state-motivated cyberattacks.

We regularly train our employees and use posters, training modules, video formats and interactive events such as the Evonik learning sessions to heighten awareness. We also carry out phishing tests. In the reporting period, we introduced mandatory online training for all system administrators to further enhance the risk awareness of this mission-critical group of employees. Timely information on current threats is posted on the intranet and via an app for mobile devices.

Responsibility within the supply chain

Strategy and management

Evonik has a significant influence on the environment and society through its procurement volume. By working closely with our suppliers, we want to help prevent breaches of human rights and environmental violations. We strive to counter a lack of transparency and inadequate traceability in the supply chain.

By selecting suppliers carefully, we do not simply secure and increase their sustainability standards, we also enhance the quality of the entire value chain. Our focus is on validating and evaluating suppliers. Suppliers of certain critical raw materials are subject to a special examination. We define critical raw materials as all raw materials that could potentially involve a supply risk or reputational risk, such as conflict minerals and renewable raw materials, including palm oil. We have established specific procurement strategies for these critical raw materials. The processes are integrated into a management system, where they are mapped. As well as monitoring suppliers of critical raw materials, we aim to examine all major raw material suppliers1 from sustainability perspectives through Together for Sustainability (TfS) assessments by 2025. At year-end 2022, we had validated around 66.4 percent of this group using the corresponding criteria.

Continuous dialogue with our suppliers is very important for us. In addition to direct contact to Evonik’s procurement organization, employees at supplier companies always have the option of reporting any issues or problems to our externally operated whistleblower hotline. All cases are examined promptly so that appropriate action can be taken. In 2022, we received one report of an issue relating to our suppliers.

The aim of our procurement organization is to guarantee long-term reliability of supply for the production of Evonik products and to secure competitive advantages for our operating businesses. Alongside economic requirements, our procurement strategy takes account of criteria such as health, quality, safety, social factors, and environmental protection. As a member of the UN Global Compact, we are committed to its principles. These requirements are documented in our code of conduct for suppliers, which is based on our corporate values, the principles of the UN Global Compact, the International Labor Standards issued by the International Labour Organization (ILO), and the topics addressed by the Responsible Care® initiative. The code of conduct for suppliers was updated in the reporting period to give greater prominence to the importance of respecting human rights by direct and indirect suppliers and to draw attention to the risks and consequences of failure to comply.

Together for Sustainability (TfS)

Harmonizing global standards in the supply chain creates transparency and makes it easier for both suppliers and customers to reliably assess and evaluate sustainability performance. The chemical industry set up the TfS initiative for this purpose in 2011. Evonik is one of the six founding members. More The aim of TfS is the joint development and implementation of a global assessment and audit program for responsible procurement of goods and services. It also provides webinars and training on sustainability. In this way, the initiative does not simply make environmental and social standards in supply chains measurable; it also contributes to a direct improvement.

As a member of the TfS initiative, we are also subject to TfS assessments. The EcoVadis rating agency once again awarded us platinum status in 2022. This award places us among the top 1 percent of the companies evaluated by EcoVadis in both the chemical industry and in other sectors. In previous years, EcoVadis awarded our specialty chemicals company gold status on six occasions.

Validation and evaluation of suppliers

We expect our suppliers to share our principles and act correctly in all respects, which means accepting responsibility towards their employees, business partners, society, and the environment. Validation is the first step in every new supply relationship. For this purpose, we use a validation process based on the values defined in our code of conduct for suppliers. Alongside quality, environmental protection, safety, health, and energy management, the assessment of potential risk factors includes corruption prevention, cybersecurity, labor and social standards (the right to freedom of association and collective bargaining), human rights (compulsory, forced, or child labor), conflict minerals, and responsibility within the supply chain. All details are entered online and evaluated using a validation matrix. The initial validation is a country-based process and does not include a separate review of the location of operations.

Successfully completed TfS assessments can also be used as evidence of validation. Overall, suppliers are evaluated using a method that identifies and quantifies risk factors as a basis for risk mitigation. This safeguards the supply of raw materials and technical goods to Evonik and enables us to gain access to new procurement markets and su

Supplier qualification and evaluation
Conflict minerals

The Dodd-Frank Act requires companies listed on the US stock market to disclose whether or not their products contain potential conflict minerals. These are mineral raw materials from the Democratic Republic of Congo and its neighboring countries that are often used to finance armed conflicts. In addition, human rights are often violated in the production of conflict minerals. Evonik is not listed on US stock exchanges and therefore has no legal obligation to comply with the reporting requirements of the US stock market regulator. Nevertheless, we believe we have a responsibility to check the origin of such substances sourced from established suppliers. The minerals checked include tin, tungsten, tantalum, gold, and cobalt. We continuously evaluate whether further critical raw materials should be included. Furthermore, we require new suppliers to provide evidence of origin in the validation process. In 2022, we screened 1,804 new suppliers and did not identify any use of conflict minerals.

Supply chain resilience in times of geopolitical change

As an overarching goal, our procurement strategy includes securing the availability of raw materials on the best possible terms. Restrictions on the availability of starting products and intermediates in the short- or intermediate-term represent potential risks. In addition to preparations to substitute suppliers in emergencies, we closely monitor the business situation of selected suppliers of key raw materials in order to anticipate bottlenecks and mitigate risks. At the same time, we identify the possible impacts of present and potential crises and geopolitical conflicts on Evonik’s supply situation and introduce timely and specific mitigation measures where possible. We do this, for instance, by weighting the country of origin of materials in our risk assessment and using scenario analyses to assess relevant events. This procedure proved effective for the supply risks resulting from the coronavirus pandemic and is currently being refined, especially in view of Russia’s invasion of Ukraine and the related disruption. In this way, we can largely maintain supply and avoid negative impacts despite production stoppages and logistics constraints.

back to top