Actions and resources for business conduct (G1-3)

Our Group Compliance function is responsible for the design and roll out of compliance programs, including risk identification, policies, training, and digital tools, to manage compliance risks in all countries where we conduct business. This setup ensures an effective control structure within areas such as anti-corruption, third-party due diligence, anti-trust, trade compliance, and data privacy. To ensure comprehensive coverage, in-house lawyers and Regional Compliance Officers support entities with advice on corruption laws and regulations.

Throughout 2025, our primary focus has been on implementing and further developing our compliance programs and raising awareness through training, actions that is planned to continue. There is no significant CapEx or OpEx for these actions, resources are included as an integrated part of the relevant functions budgets.

Prevention and detection of corruption and bribery

As a global company, Epiroc must follow the anti-bribery and anti-corruption laws and regulations of every country in which we operate, such as the US Foreign Corrupt Practices Act (FCPA), the French Sapin II law, and the UK Bribery Act. We are an active member of the Swedish chapter of Transparency International. We have zero tolerance for corruption and bribery. This is stated in our CoC and Business Partner CoC. All our business partners are required to confirm compliance with the BP CoC. Firm actions will be taken on any violation.

The investigation process for allegations or incidents related to corruption and bribery is designed to ensure independence from the management chain involved in the matter. This independence is facilitated by the anonymity provided by the Speak Up system. Additionally, we have Regional Compliance Officers who are empowered to conduct compliance investigations. Furthermore, our Group Internal Audit and Assurance function has the autonomy to initiate any investigations they deem necessary, ensuring an unbiased and thorough examination of the issues.

Regional Compliance Officers monitor anti-bribery and anti-corruption compliance, report risks, incidents and breaches to local management and VP Group Compliance. VP Group Compliance then reports material risks, incidents and breaches to SVP General Counsel, a member of Group Management.

Responsible sourcing is important to Epiroc, and we use a risk-based approach. For our significant suppliers, we track compliance with our BP CoC. Our supplier evaluation process includes examination of our business partners’ record of governance, ethics and stance against corruption. In addition, our indirect sales (IDS) channels are vetted in a due diligence process. We also have a responsible sales assessment process. Its purpose is to better understand and identify mitigation measures for potential risks with regards to human rights, corruption, and environment in markets, where Epiroc is present. See more about our due diligence processes on suppliers and other business partners in S2 Workers in the value chain and S3 Affected communities.

Training and awareness

Our key actions to ensure CoC compliance and promote ethical behaviors is a continuous focus on training and raising awareness throughout our decentralized organization. Each employee is responsible for familiarizing themselves with and adhering to the CoC. Translations, questions and answers, and other relevant materials are developed to support employees in understanding and adhering to our CoC. During 2025, the mandatory CoC E-learning was assigned to all employees. The training includes all areas in the CoC with ethical dilemmas, some inspired by actual situations in Epiroc, to deepen our employees´ understanding and allow them to practice how to solve challenging situations. As part of completing the training, employees must also certify compliance with our CoC. Managers hold employees accountable for completing CoC training requirements. In addition to the CoC training, risk- based in-depth trainings e.g. on trade compliance, anti-trust, anti-bribery and data privacy was provided to relevant roles such as individuals in management, sales, and sourcing positions. 

In 2024, mandatory global digital anti-bribery and anti-corruption training was rolled out for identified high-risk groups, including Group Management and all managers, sales staff, and sourcing teams. All high-risk functions are covered by the enhanced training, it aims to ensure that key personnel can identify and mitigate bribery risks in their daily operations and will take place every other year. In 2026 a new version of the training will be rolled out. In addition to the digital training, our Regional Compliance Officers are responsible for providing region-specific guidance and conducting anti-bribery and anti-corruption training. These officers work closely with local teams to address entity-specific risks and ensure compliance with both global policies and local legal requirements.

During 2026 an up-date of the CoC training is planned to further strengthen awareness and better meet the needs of the company.