In 2024, we have taken the following initiatives that underscore our commitment to promoting a culture of data ethics:

AI policy and governance:

In 2024, we have been developing a group AI policy and governance structure for all AI systems to ensure compliance with applicable laws and responsible use of AI, addressing ethical concerns like bias, transparency, and accountability. We expect that the AI policy and governance structure will be implemented in Grundfos in 2025.

Code of Conduct:

In January, we launched our new group Code of Conduct, which includes separate chapters on data privacy, confidential information (including trade secrets), and a new chapter on AI.

ISO 27001:

In 2024, we obtained ISO 27001 certification, which validates that we have implemented an effective Information Security Management System (ISMS) to oversee the development and maintenance of our digital products and solutions in certain of our sites.

NIS 2:

As a manufacturer of pumps for moving water, eight Grundfos production entities fall under the scope of the EU NIS 2 directive, either as already implemented or to be implemented in national law. Based on a gap analysis, we have taken the necessary actions to comply with NIS 2 requirements on operational cybersecurity measures. The NIS 2 project will continue in 2025.

Trainings:

In Q1, we conducted mandatory training on handling personal data for everyone with a Grundfos device. Annually, we provide mandatory training on our Code of Conduct. This year, the Q3 and Q4 Code of Conduct training covered topics, such as handling confidential information.