# Artboard 1

Governance

Corporate governance as practiced by Knorr‑Bremse aims, without exception, to adhere to responsible business practices and principles. We believe that increasingly and continuously integrating aspects of sustainability into our organization and business processes drives innovation and is a critical factor for success. Our approach of applying predictive risk and opportunity management can yield information that is vital to the company’s future.

Responsible Corporate Governance

Knorr‑Bremse responds to industry trends such as connectivity, e-mobility and sustainability with innovative, long-term, system-based solutions. In doing so, we act as a driving force to help our global customers in the rail and commercial vehicle industries to develop their sustainable mobility solutions and achieve digital transformation. Our systems for the reliable, safe and efficient transportation of goods and passengers are designed to add value for our customers and make a positive contribution to society.

We take the responsibility associated with our entrepreneurial activities very seriously. We apply responsible corporate governance that observes laws, strengthens our image and creates trust in Knorr‑Bremse among our shareholders, the capital market, customers, business partners, employees and the general public. Each goal set and activity undertaken by Knorr‑Bremse must always reflect our company values: entrepreneurship, technological excellence, reliability, passion and responsibility. We believe that these company values are the foundation of long-term success.

Our governance structures support our commitment to responsible corporate governance and ensure transparency as well as clear leadership and responsibilities. They apply to the entire leadership and monitoring systems at the company and include Knorr‑Bremse’s organizational structures, business policy principles, guidelines and internal and external management and monitoring mechanisms. We adhere largely to the recommendations of the German Corporate Governance Code. More information about Knorr‑Bremse’s implementation of these recommendations can be found on our website (Corporate Governance) and in our Corporate Governance Statement.

Our commitment to sustainability is an integral part of our business activity. The Boost 2026 corporate strategy published in 2023 further underscored the importance of putting this commitment into practice. The sustainable direction for corporate governance has been firmly integrated into Knorr‑Bremse’s organizational structures as well as its allocation of responsibilities and business processes through sustainability management (Sustainability Management). The Executive Board has defined a set of key performance indicators that are designed to help plan and steer the sustainable direction of Knorr‑Bremse. A selection of KPIs are linked to the remuneration system for management levels 0 to 2 (Executive Board, senior management and heads of department) as ESG criteria. 20% of the short-term variable remuneration (short-term incentive) is linked to the achievement of sustainability targets on climate protection and occupational safety (Compensation Report). There are plans to extend this to other management levels in the medium term. In the long-term variable remuneration (long-term incentive), 20% of the achievement of targets from fiscal year 2024 onward is also tied to the achievement of specific sustainability targets (currently a reduction of Scope 1 and 2 CO2e emissions and an increase in employee satisfaction). This link between remuneration and ESG criteria embeds the spirit of sustainability throughout the company’s management team even more strongly and thus in the day-to-day conduct of the company’s managers and workforce as well.

Integrity and Compliance

Compliance management is guided by our aspiration of always complying with laws, internal regulations and voluntary commitments. This is because only as a reliable business partner will we gain the trust of employees, customers and business partners needed for sustainable growth and thus shareholder value. We therefore place great emphasis on dealing with our stakeholders with integrity and responsibility. Combating corruption and bribery is an important part of corporate responsibility and one of the key topics in compliance management at Knorr‑Bremse. We do not tolerate any form of corruption or other unfair business practices and expect the same of our business partners. Conflicts of interest, including and especially in dealing with our business partners, must be avoided. We have also established the respective compliance policies.

Our compliance requirements across the entire supply chain are set out in a Group-wide Code of Conduct. On the basis of Knorr‑Bremse’s corporate values and the principles of the UN Global Compact, the code defines the principles for Group-wide responsible business conduct, including a prohibition of corruption in any form. These principles of action and rules are binding for all the Group’s employees and are a component of the written employment contracts for new employees around the world. We have given concrete expression to these principles through further Group-wide compliance policies:

  • Dealing with Gifts and Invitations
  • Donations and Sponsoring
  • Corruption Prevention
  • Conflicts of Interest
  • Screening of Business Partners
  • Fair Competition

Moreover, we have developed compliance guidelines for our suppliers. Our mandatory Group-wide Code of Conduct for Suppliers defines our expectations regarding responsible working relationships with these suppliers. The code is a way to combat corruption and addresses a wide range of issues, including human rights and environmental protection (Sustainability in the Supply Chain).

Relevant compliance risks are compiled and assessed in the Compliance Management System (CMS). The CMS’s main goal is to effectively anchor compliance in business processes. For example, we want to ensure that employees comply with the law and internal regulations, prevent systematic misconduct and detect and remedy breaches.

Corruption prevention, ensuring fair competition and avoiding conflicts of interest are defined as the focus issues for Knorr‑Bremse’s CMS. The basis of this decision is a compliance risk analysis which is carried out each year and involves selected business areas and markets. As part of a worldwide compliance risk assessment, possible compliance risks were compiled and assessed on the basis of risk scenarios.

Establishing a Compliance Organization

The Chief Compliance Officer (CCO) is responsible for implementing the CMS, except in the area of antitrust and competition law, where the Legal department is responsible for the CMS. The CCO reports to the member of the Executive Board responsible for Integrity, Legal, IP, Data Protection and Human Resources. Compliance topics are also a regular agenda item at Executive Board meetings. The Supervisory Board and the Audit Committee are also regularly informed about the status of the CMS. Along with the global heads of Knorr‑Bremse’s Controlling, Human Resources, Accounting, Legal and Internal Audit departments, the CCO is a member of the Compliance Committee. The Compliance Committee advises on initiatives and strategies for developing the CMS, on current compliance topics, and on focuses of compliance activities. In the Knorr‑Bremse regions, regional compliance officers take on the role of advising and training employees, processing compliance cases and identifying local risks. The compliance organization’s headcount was even increased in 2023. Business activities in Brazil, China, India, South Africa, and the US are now supervised by full-time compliance officers. Local compliance officers are additionally assigned to nearly all Knorr‑Bremse companies and are involved in the local implementation of the Compliance Management System.

The internal Group audit department supports the Executive Board in its monitoring function through independent and objective audit procedures. These are geared toward improving business processes and uncovering any breaches of laws or internal rules or guidelines. The Internal Control System (ICS), which comprises compliance-specific controls, further serves to verify adherence to compliance guidelines. Knorr‑Bremse sites must also conduct spot checks to prove that they are effectively implementing the guideline requirements. In addition, the audit firm PwC was engaged to review the appropriateness and effectiveness of the CMS in accordance with IDW AuS 980 for the period from May 1 through October 31, 2023. An unqualified certification was issued for this review on March 7.

Well-Developed Complaint Management

Employees, business partners, and external individuals can report information on any possible compliance breach to the compliance organization by email, directly through the compliance organization or online through an independent and anonymous whistleblower system. This globally accessible portal operated by an external service provider allows for information on any compliance breaches to be reported in 31 different countries and in 20 languages (Knorr‑Bremse Compliance). The whistleblower system was extended in fiscal year 2023 by commissioning an external ombudsman service, which will serve as an additional point of contact for receiving information and complaints. The external ombudsman service will then pass the information and complaints on to us. Information about the system is communicated internally and during training events and via the Group-wide intranet. In addition, the Incident Notification and Alarm Services (INAS) system is used for non-anonymous reporting of time- and safety-critical events from the areas of compliance, data protection, information security and Group security. Events classifiable as critical reach the responsible area of the Group directly via the system.

  • Complaint
  • Initial review
  • Assessment
  • Internal investigation
  • Remediation and
    root cause analysis
  • Complaint
  • Whistleblowers gain knowledge of suspected reportable action

    Report is received via various reporting channels – including anonymously if desired

  • Initial review
    • Clarification of open points and consultation with the whistleblowers (where possible)
    • Clarification of whether a direct remedy is possible
    • Clarification of internal responsibilities

    Internal forwarding
    Complaint is forwarded to the relevant body within the Group

  • Assessment
  • Assessment by the relevant body
    • Assessment of the report’s subject matter and of potential damage
    • Consultation with the whistleblowers, where possible
    • Consultation with other parties involved
    • Proposal for next steps
    Decision on the investigation
    • Report is substantiated
    • The matter can be clarified using the available means in a legally compliant way
  • Internal investigation
  • Examination
    • Interviews, document review, site visits, etc.
    • Final report with recommendations for action

    The management decides on
    sanctions and remediation

  • Remediation and
    root cause analysis
  • Remediation, e.g.,
    • Disciplinary measures
    • Adjustment of processes
    • Training & communication
    • Compensation & reimbursement
    • Adjustment of risk analysis

    Implementation by the local management or relevant body

    Rules of procedure for dealing with whistleblower information and complaints have been agreed by the Executive Board and govern the process, responsibilities and the rights of whistleblowers and the individuals concerned. Key principles include the protection of whistleblowers from disadvantages, the fairness and confidentiality of the process, the independence of investigations and the safeguarding of data privacy. We follow up on every suspicious activity report or forward it on to the respective departments for further investigation. Where the initial suspicion is substantiated, investigations are carried out. When rules are found to be violated, the causes are remedied. Any proven misconduct is penalized.

    In the year under review, 112 reports were recorded in our Group-wide whistleblower system (2022: 90; 2021: 45). The number of reports thus rose compared to the previous year. We attribute this increase to greater employee awareness with regard to compliance and integrity. 44 reports (2022: 29; 2021: 10) concerned information on discrimination or other workplace-related topics (Due Diligence Process for Human Rights). Nine reports (2022: 9; 2021: 2) concerned allegations of corruption. The allegations were unable to be confirmed in four of the cases closed during the reporting period. Accordingly, no disciplinary actions were taken against employees regarding these. Internal investigations are still ongoing in the other five cases. There were no lawsuits, judgments or fines due to corruption offenses in the reporting period. There were no reports made in connection with child labor, forced labor, or modern slavery.

    Reports Made in 2023

    Category 2023
    Discrimination and harassment 32
    Other working conditions 12
    Conflicts of interest, theft, equipment misuse, fraud, embezzlement 28
    Corruption 9
    Data protection, IT security, trade secrets 6
    Child labor, forced labor, modern slavery 0
    Other 25
    Total 112

    Prevention through Training and Communication

    To prevent compliance breaches, Knorr‑Bremse relies on transparent communication and employee training. In the year under review, the Executive Board confirmed its commitment to integrity and communicated its expectations of managers and employees clearly on the intranet and at various manager events and employee meetings.

    A global e-learning module on our Code of Conduct is available in 13 languages and needs to be completed online every two years. Another e-learning course on the topic of preventing corruption is aimed at employees in purchasing or sales as well as managers. This training, too, must be repeated every two years. In December 2023, around 98% (2022: 96%; 2021: 98%) of the 17,385 employees with access to e-learning platforms (approximately 52% of the entire workforce) had a valid certificate for the training on the Code of Conduct. 5,396 employees were enrolled in anti-corruption training, of which 97% had obtained a valid certificate by the end of December 2023.

    In addition to e-learning, live training (face-to-face events and webinars) is held for employees on specific compliance content as well as on our guidelines and tools. 77 such compliance training courses were held globally in 2023 (2022: 64; 2021: 25).

    Talking to Staff about Integrity and Compliance

    Personal contact sticks in people’s minds, making it ideal for creating awareness – and compliance and integrity are no exception. Dr. Claudia Mayfeld, the Executive Board member responsible for this topic, regularly meets with employees to get to the bottom of the issue: How do our employees experience integrity and compliance at Knorr‑Bremse and how important is it to them? In February 2023, 72 employees from different regions, departments and levels of the organization took part in a joint workshop to evaluate how compliance and integrity are being embedded in day-to-day work and make suggestions for improvement. A second workshop was held in May 2023 and was attended by 51 employees. The fruitful discussion not only highlighted current strengths, but also showed compliance officers that more intensive communication and specific training for managers would be a welcome next step. Specific measures will be developed once the results have been evaluated.

    Management of Sustainability-Related Risks and Opportunities

    As an international corporate Group with global structures, Knorr‑Bremse encounters risks as well as opportunities in its business activities. The goal of risk management is to identify risks across the Group and minimize their potential impact on the Group’s anticipated business position. Equally, such risk management should proactively leverage opportunities to increase the company’s value.

    Risk Management

    Our risk management structures and procedures are aligned with our overall organizational structure and anchored in a corporate policy that includes clear definitions of responsibilities and reporting structures.

    An inventory of potential risks that involves all of the Group’s companies is conducted every quarter so that risks of major significance can be identified at an early juncture. A key component of regular risk reporting is a condensed Group Risk Report, which is submitted to the internal Risk Committee and the Executive Board. In addition to regular reporting periods, there is an internal ad hoc reporting process, whereby all employees are encouraged to proactively report risks.

    The risk management system established in the Group is subject to continuous refinement, which includes adjustments of internal and external requirements. New developments are periodically integrated into the risk management guidance on the topic of risk management, which is available to all employees on the intranet.

    Our risk management system comprises 14 specific risk categories based on the company’s value chain. Within the company’s departments, particular attention is paid to identifying sustainability-related risks – an area that will be expanded further going forward. The “sustainability” category encompasses risks in connection with environmental and climate protection and the protection of human rights. The risks relating to environmental and climate protection concern, for example, rising energy and material costs as a result of increased environmental regulations and the increasing taxation of carbon emissions as part of the journey to a decarbonized economy. In the future, meeting ESG requirements will have an increasing influence on the financing of the Knorr‑Bremse Group. In addition, climate change can disrupt supply chains and impact material properties that are relevant to product quality. The company deals with these risks at an early stage in order to be able to react to them adequately and with appropriate measures in all areas. We address the risks that could arise from the implementation of the German Supply Chain Due Diligence Act by integrating human rights due diligence into our operating processes even more strongly with the goal of minimizing human rights risks and preventing negative impacts on our business activities. To do this, we also use the results of the human rights risk analyses and associated information on potential human rights breaches (Due Diligence Processes for Human Rights).

    Descriptions of other risk categories as well as a detailed explanation of our risk management system can be found in our Report on Risks, Opportunities and Expected Developments.

    TCFD Reporting

    To provide transparent information about the climate risks and opportunities we face as a company, we have reported based on the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD) since 2021. The appendix contains a reference table reflecting the status of our climate-related reporting based on the areas of governance, strategy and risk management as well as key performance indicators and targets (TCFD table).

    Opportunity Management

    The opportunity management system at Knorr‑Bremse follows the processes used in the risk management system. In addition to regular management reviews, opportunities are reported in the quarterly report on risks and opportunities.

    Besides the megatrends of urbanization, digitalization and mobility, the megatrend of sustainability also unlocks important, strategic opportunities for Knorr‑Bremse.

    Knorr‑Bremse is benefiting from opportunities to expand rail transportation as cities, states and countries make growing efforts to combat climate change. Electrification and other energy-efficient and eco-friendly solutions are the result of a growing public awareness of the importance of energy efficiency, combined with intensified government energy initiatives such as stricter emission regulations. End-to-end eco-design in our products is helping to reduce carbon footprints and make transportation more energy-efficient.

    More information about our opportunity management system can be found in our Report on Risks, Opportunities and Expected Developments.

    Sustainable Company Financing

    As a player in the capital market, Knorr‑Bremse sees orientation toward ESG criteria as increasingly important. Financial market players measure corporate performance in the area of sustainability by means of ESG criteria and use the findings as the basis for investment decisions. Numerous conversations with investors and rating agencies (Stakeholder Management) in 2023 demonstrated that the capital market continues to show growing interest in sustainability issues at Knorr‑Bremse. Companies and institutions are also increasingly seeking to engage in an informative dialog with Knorr‑Bremse on sustainability-linked financing instruments. Knorr‑Bremse has already received many above-average ratings for its sustainability measures (Sustainability Ratings and Rankings).

    The link between our financing strategy and our sustainability targets underscores our ambitions in these areas. To position Knorr‑Bremse as a sustainable company for investments and obtain sustainability-linked capital, the company established a Sustainability-Linked Bond Framework and updated it during the reporting period. This framework ties Knorr‑Bremse’s decarbonization targets (Scopes 1, 2, and 3) in with the company’s financing strategy. These expanded targets were reassessed by an external party. A second party opinion issued by the credit rating agency S&P Global Ratings confirmed that the targets set by Knorr‑Bremse are consistent with the global goals for climate action set forth in the 2015 Paris Agreement. The framework also lays the foundations for current and future sustainability-linked financial instruments. Over one-third of Knorr‑Bremse’s financing arrangements are linked to sustainability criteria, increasing to around two-thirds for long-term capital market financial instruments.

    Currently, Knorr‑Bremse has linked three different financing initiatives to its sustainability performance. First, we signed syndicated financing with a credit line of € 750 million, the interest rate of which is linked to our sustainability rating by ISS Corporate Solutions. If Knorr‑Bremse’s rating improves due to progress being made from a sustainability perspective, we will be granted more favorable repayment terms. Because our rating improved to the prime status of “B-” in 2023, we will be able to draw on this regulation in the future and benefit from it.

    In addition, we issued the first sustainability-linked bond with a volume of € 700 million in 2022. We fulfilled the associated obligation to define a Scope 3 target validated by the Science Based Target initiative (SBTi) (Climate Protection). Moreover, we make use of incentive systems for our suppliers. The Sustainability-Linked Supply Chain Finance Program (SSCF), which was implemented in collaboration with Deutsche Bank, is now linked to the ESG rating of suppliers. The global SSCF serves as an important instrument that Knorr‑Bremse uses to foster stronger commitment to ESG among its suppliers. The program exemplifies our fundamental beliefs: We will only be able to achieve the sustainability-driven transformation when we resolutely foster ESG throughout the entire value chain. The entire SSCF process was designed by the bank to be very low threshold so that it would consciously appeal to smaller suppliers. The ESG link has been successively rolled out globally since 2023.

    66 %
    of the long-term capital market financing instruments used by Knorr‑Bremse are linked to sustainability criteria

     

     

    Suppliers Who Have a Good ESG Ranking Receive Better Financing Terms

    The Sustainability-Linked Supply Chain Finance Program that was introduced in collaboration with Deutsche Bank makes an ESG rating for suppliers particularly appealing. Under this program, they receive their money earlier, as the bank provides a line of credit for the time until Knorr‑Bremse pays their invoices at attractive interest rates. The financing costs for suppliers are based on the creditworthiness of Knorr‑Bremse, a feature that generally lowers suppliers’ financing costs. The inclusion of sustainability components in the program creates additional financial benefits for suppliers: Companies that do business more sustainably can reap dividends from improved financing terms. The result is a win-win situation: for our suppliers and for Knorr‑Bremse.

    EU Taxonomy

    A key step in the achievement of the EU climate and energy targets for 2030 and in the realization of the European Green Deal’s aims is the directing of capital flows toward sustainable projects and activities. This requires a shared language and consistent understanding of the activities that count as “environmentally sustainable.” Consequently, the EU’s Sustainable Finance action plan provides for the creation of a uniform classification system for sustainable economic activities, or an “EU Taxonomy.”

    The 2023 amendment of the climate taxonomy introduced additional economic activities that bring Knorr-Bremse into the scope of the EU Taxonomy to a greater extent than before. While the production of low-emission vehicles was already classified as taxonomy-eligible, this amendment also puts a stronger focus on the key role of suppliers in climate protection. You can find detailed reporting on the EU Taxonomy in the 2023 Annual Report.


    Data Protection and Information Security

    The processing of personal data is a core element of increasing digitalization. For Knorr‑Bremse, the protection of such sensitive data is an important requirement when developing new fields of business and interacting with our internal and external stakeholders. Numerous statutory requirements, like those in the EU General Data Protection Regulation in particular, provide the framework for our actions.

    For this reason, Knorr‑Bremse set up an organizational structure for data protection in 2018. It is headed by the Group data protection officer, who is supported by data protection managers in the divisions and at the locations around the world. Data protection coordinators in the central departments additionally act as points of contact and multipliers for data protection. The Data Protection Board installed in 2022 decides on the direction of the Knorr‑Bremse data protection management system and monitors its ongoing development. The Data Protection Board is made up of representatives of the Executive Board, divisional management, IT, and HR.

    Our Group data protection guideline is the foundation for all data protection measures in the company and imposes binding specifications and processes for implementation of the statutory requirements. Furthermore, the protection of personality rights and privacy of each individual is an important element of our internal Code of Conduct.

    Our Data Protection Measures

    • Our employees are made familiar with the requirements of data protection law through e-learning courses and face-to-face training and are given instructions on handling personal data carefully.
    • The processing of data is checked and documented by the data protection organizational structure using an IT tool that is available globally (list of processing activities).
    • A central Incident Notification and Alarm Services [INAS] system ensures that data protection incidents can be reported to the data protection organizational structure and addressed quickly and without any detours (Integrity and Compliance).
    • Anonymous or personalized reports of data breaches can be made by employees or external stakeholders at any time using the compliance whistleblower system. In these cases, the established process for clarifying situations is applied
      (Integrity and Compliance).

    Information Security

    The Information Security section at the Group ensures unfailing adherence to the three central information values of confidentiality, availability, and integrity for all our data. The section is headed by the corporate information security officer and controlled by a corporate security board.

    In addition to the responsible member of the Executive Board, this board also includes the managing directors of the two divisions as well as the Chief Information Officer.

    The maturity level of the control processes was significantly improved in recent years. Firstly, the Group-wide information security guideline was revised. This guideline is aligned with ISO/IEC 27001, the international standard for information and asset security, for which 26% of our locations are certified. On top of that, there are internal specifications to meet the statutory requirements of the respective location. Furthermore, we have introduced a new process for audits and risk management.

    For projects in operations, the primary focus is on the preventive protection of the IT infrastructure of Knorr‑Bremse via IT security solutions implemented throughout the Group.

    Protection with Multilevel Cybersecurity Architecture

    The security by design approach at the divisions is adapted to the requirements of the product platforms. It protects products against attacks or makes them resilient. The architecture underpinning the protective measures features a multilevel design (applying the “defense in depth” concept) because securing the outer defenses of the network is no longer close to sufficient. If hackers manage to breach one layer, there is another underneath it with a different structure. The cybersecurity architecture includes, among other things:

    • Conventional security products such as secure gateway (SGW), which secures gateways.
    • Public key infrastructure (PKI), which allocates digital security certificates to devices and software solutions that are equipped with chips and protects them against unauthorized modifications as a result.
    • In the RVS division, the threat detection solution (TDS). The TDS detects anomalies in incoming and outgoing data traffic much as an early warning system does and only allows authorized communication and devices in the network. Hackers are prevented from feeding harmful devices into the train networks.

    Protection of Digitalized Products

    Knorr‑Bremse’s products and services support our customers in the digital age and promote sustainable mobility. Examples of new, digitalized business fields include condition-based maintenance for rail vehicles as well as highly automated or autonomous driving in the Commercial Vehicle Systems division.

    As part of this portfolio development, data protection and information security (often referred to as “cybersecurity” in this context) are playing an increasingly important role. Accordingly, Knorr‑Bremse considers the requirements of data protection law from as early as the product development stages (privacy by design).

    With regard to information security, dedicated organizational units and teams in both divisions ensure that aspects of cybersecurity are firmly integrated into the processes in product development and customer projects.

    Both the RVS division with its Digital Products & Services department and the CVS division follow the security by design approach. It develops solutions for governance, risk management, and security checks that are adapted to the special requirements of each individual product platform. Rail or commercial vehicle hardware with security certification is thus combined with high-performing cybersecurity functions and tailor-made services for a comprehensive cybersecurity architecture. Digitalized products and systems, whether current or future ones, are protected against attacks or made resistant to them. The matrix-structured Digital Products & Services department (RVS division) is closely interconnected with the Knorr‑Bremse Cybersecurity Center of Competence (CoC). At the CVS division, the product cybersecurity team is an integrated part of the platform organization. The cybersecurity management system at CVS includes the development, production, and maintenance phases of a product and covers the entire life cycle. It meets all requirements under ISO 21434 (Road Vehicles – Cybersecurity engineering).

    Knorr‑Bremse maintains continuous efforts to uphold and improve cybersecurity. We align ourselves with international standards and use internal and external guidelines. In 2023, Knorr‑Bremse published a cross divisional traffic light protocol policy (for controlling information dissemination). Furthermore, both divisions strive to adhere to the forthcoming legal framework for cybersecurity, which includes the EU NIS 2 Directive and the Regulation on Horizontal Cybersecurity Requirements for Products with Digital Elements (EU Cyber Resilience Act), for example.

    Awareness of the subject of cybersecurity is strong within the Knorr‑Bremse workforce and is being raised further. The Product Cybersecurity Center of Competence (CoC) offers a variety of webinars and videos in the Rail Vehicle Systems division, for example, an “Introduction to Cybersecurity in Rail Products.” RVS is further expanding its internal training on topics such as cryptography, key lifecycle management and security controls. At the internal Global Cybersecurity Summit event, Knorr‑Bremse’s cybersecurity specialists in its management and engineering teams engaged in intensive dialog, while the center of competence demonstrated its presence in the industry by participating in international conventions on the subject of cybersecurity. At the CVS division, all CoCs can take advantage of a range of continuous awareness-raising training courses for cybersecurity. Knorr‑Bremse believes there are many opportunities that arise from industry-wide collaboration on cybersecurity and has an active role in various initiatives for its ongoing development. One example of this for rail vehicles is the UNIFE Cybersecurity working group. For commercial vehicles, Knorr‑Bremse has been active in the VDA ISO21434 working group since 2023, which is working on different recommendations for Automotive Cybersecurity.

    Assuring Quality: Collaboration with Bureau Veritas

    Rapid technological development exposes rail vehicles to an increased risk of cybercrime. Knorr‑Bremse responds to this risk with pioneering cybersecurity solutions for secure, digital vehicle communication. They are continuously adapted to the constantly developing industry requirements and regulatory standards. In this context, Knorr‑Bremse has signed a Global Cybersecurity Services Framework Agreement with Bureau Veritas, a globally leading provider of audit, inspection, and certification services. Besides cybersecurity risk assessments, the agreement includes a range of other important cybersecurity support services that are adapted specifically to Knorr‑Bremse’s special needs.

    Sustainability in the Supply Chain

    Taking responsibility along the value chain is part of our self-image as a sustainable company. Strategic procurement, including the selection of suppliers and materials, lays the foundation for Knorr‑Bremse’s sustainable, reliable and safe products.

    As a global Group, we work with a large number of predominantly local suppliers. We currently purchase products and services from approximately 30,000 suppliers from over 70 countries. They include roughly 7,000 partners for the manufacturing and production of parts, components, and materials for our products; just by themselves, they account for 74% of procurement spending. The ordered products primarily comprise metals, friction components, electronic components and plastics, with the proportion of raw materials purchased by us being low.

    Purchasing volume by region of origin

    We are aware that Knorr‑Bremse’s selection of suppliers has a significant impact on the environment and society in production countries. Working together with our suppliers, we want to improve sustainability in the supply chain and minimize risk.

    The Knorr‑Bremse strategy for sustainable procurement is embedded in purchasing processes across the Group. The purchasing managers for direct and indirect materials are responsible for implementing sustainable procurement. Compliance with and optimization of sustainability standards in the supply chain are supported by experts at Group level. The Sustainable Procurement Steering Committee discusses and decides on strategic and current sustainability topics several times a year. It consists of the heads of Knorr‑Bremse’s global purchasing units and the head of the Sustainability department.

    We provide process descriptions and guidance to implement our sustainability standards in internal procurement processes. These give an overview of the sustainability criteria and management approaches that we incorporate into the global purchasing processes. Internal guidelines specify the extent to which sustainability aspects are to be taken into account in purchasing decisions for various categories, including renewable energy, business travel, or energy-efficient products, equipment, and services. As part of our EcoDesign approach, we are working on implementing sustainability requirements in the material specifications of the products and components we acquire. The EcoDesign Standard on Hazardous Sub­stances in Products from the RVS division guides us in that
    (Environmental Product Design).

    Further information on climate protection and respect for human rights in the supply chain:

    The focus of purchasing: Scope 3

    In 2023, the focus of the purchasing department’s sustainability activities was again on its contribution to reducing CO2e. Continued efforts were undertaken to reduce emissions from purchased goods and services (Scope 3.1) (Climate Protection). In addition, a cross-functional and cross-divisional Scope 3 project team tackled the new Scope 3 target of cutting CO2 emissions by 25% by 2030. It develops action plans and decarbonization strategies for the supply chain. The core tasks in 2023 were to improve the data quality, analyze major emission drivers, and communicate directly with significant suppliers about possible reduction initiatives. Moreover, we worked on solutions for collecting primary CO2 data from suppliers. To do this, we ran a pilot project which collated the carbon balance and reduction efforts of suppliers of greatly varying characteristics in a carbon accounting tool. This helps us to increase transparency in the supply chain and obtain findings to align our future data collection processes.

    Direct and indirect procurement

    The purchasing organization at Knorr‑Bremse consists of global direct procurement, which is controlled by the respective division, and cross-divisional indirect procurement with global responsibility. Direct procurement acquires production materials (direct materials). This includes all externally sourced raw materials, items and components that are directly or indirectly delivered to our customers as part of our products. Indirect procurement handles the sourcing of non-production materials (indirect materials) and services that are not an integral part of Knorr‑Bremse products but that serve to support the internal organization indirectly.

    Sustainability in Supplier Relationships

    We rely on three pillars for the implementation and realization of sustainability standards in the supply chain: determination of our sustainability requirements, evaluation and assessment, and qualification of our suppliers and procurement specialists.

    Handling of Conflict Minerals

    As a manufacturer of brakes and other systems for rail and commercial vehicles, we are aware of our responsibility for the sustainable procurement of our raw materials. This applies above all to the procurement of minerals from conflict or high-risk areas, termed conflict minerals. Some of these are mined in conflict-ridden regions and used to finance armed conflicts. They include tin, tantalum, tungsten, and gold (“3TG”). In order to protect human rights in the area of conflict minerals, we have introduced a due diligence process. We create transparency in the procurement process for conflict minerals by heeding the recommendation of the Responsible Minerals Initiative. Key instruments for managing and reporting conflict minerals include the Group-wide binding Conflict Minerals Policy and supplier surveys. In an annual survey, we ask direct suppliers with 3TG relevance for information on the origin of the minerals used using the Conflict Minerals Reporting Template (CMRT). More than 70% of our purchasing volume was covered by the most recent survey. It identified 32 (2022: 24; 2021: 6) smelting plants that were classifiable as critical. These companies do not meet the requested requirements of the compliant smelters and refiners list, and we have instructed them to join through an independent audit of the Responsible Minerals Assurance Process (RMAP). RMAP audits demonstrate if a supplier’s business practices, management systems, and values correspond to the most important principles of responsible procurement. To ensure due diligence in the cobalt and mica supply chain, we collect relevant information with the aid of the Extended Minerals Reporting Template (EMRT). At the end of 2023, 2,160 suppliers were asked to answer the questionnaire by mid-2024.

    Climate Pledge of the industry initiative Railsponsible

    The Railsponsible initiative with its 15 members, including Knorr‑Bremse, is geared toward sustainable procurement practices in the rail industry. The Climate Pledge published by Railsponsible in 2023 is a voluntary commitment to decarbonization across the rail transportation supply chain by 2050. The signatory members want to play a leading role in sustainable procurement measures in order to mitigate climate change. Environmentally friendly and carbon-conscious business decisions, as well as close cooperation across the entire value chain, are intended to contribute to this. The signatories of the Climate Pledge commit, among other things, to reduce greenhouse gas (GHG) emissions with the aim of achieving the goal of net zero across the entire company, and to assess and publish GHG emissions in accordance with the Greenhouse Gas Protocol. The working group for responsible procurement, which Knorr‑Bremse is chairing once again, takes on important tasks as part of this. Knorr‑Bremse shares its well-founded knowledge with members and suppliers regarding sustainable procurement practices, transparent business processes and the further development of suppliers there.

    Reporting of Conflict Minerals1

    2023 2022 2021
    Suppliers invited to take the CMRT survey Number 2,160 2,301 2,449
    Response rate of the suppliers surveyed in % 49 51 62
    1
    The figure for 2022 relates to the percentage of suppliers who have provided us with information on the use and origin of conflict minerals in the June 2022–April 2023 reporting period. The figures for 2023 represent an interim status for the period from June 2023 to February 2024. The current data collection process will end in April 2024.