In 2025, we have taken the following initiatives that underscore our commitment to promoting a culture of data ethics:

AI policy and governance: 

A group AI Policy was finalized in Q4 2025. The policy provides direction and clear principles for implementing AI systems at Grundfos, ensuring alignment with the EU AI Act and the company’s Code of Conduct. Apart from the AI Policy in 2025 Grundfos focused on its internal AI communication and training strategy which includes regular newsletters, webinars, articles, a central AI Academy knowledge portal, targeted workshops, structured onboarding and a “champion” network.

Code of Conduct Training: 

In 2025, the annual mandatory Code of Conduct training incorporated a dedicated section focused on data privacy. The training was introduced in Q3 and offered in twenty-two languages. Participation was required for both shopfloor and office employees to maintain consistent standards across the company. 

ISO/IEC 27001:2022:

In 2024 Grundfos achieved certification to ISO/IEC 27001:2022 for our Information Security Management System (ISMS), independently audited by SGS. The certification covers information security policy, standards and processes at our in-scope locations in Denmark, India and the Philippines and provides assurance that we manage information security risks and protect the confidentiality, integrity and availability of data in scope. This ISMS underpins our Data Ethics Policy by embedding governance, data privacy protection and continuous improvement in 2025 across our in-scope operations

NIS 2: 

In 2025 we continued to take the necessary actions to comply with NIS 2 requirements on operational cybersecurity measures and the registration of the relevant Grundfos entities in scope for NIS 2 with the authorities in Denmark, Finland and Italy, in addition to our registration in Hungary completed in 2024. The NIS 2 work will continue in 2026.