Act on Corporate Due Diligence Obligations in Supply Chains (LkSG)

IBM has a long tradition as a company of operating responsibly. For decades, IBM has connected its economic goals with a commitment to nature and society. The recognition of and respect for human rights and the environment have always been of central importance.

This is commitment is reflected in the the IBM Principles on Human Rights:

“IBM is committed to high standards of corporate responsibility. Our definition of corporate responsibility includes environmental responsibility, as well as social concerns for our workforce, clients, business partners, and the communities where we operate. Underpinning our corporate responsibility standards and practices is our dedication to respect human rights. IBM’s stance on human rights is informed by international standards, including the UN Guiding Principles on Business and Human Rights, the ILO Declaration on Fundamental Principles and Rights at Work, and the UN Universal Declaration of Human Rights.“

Here are some highlights illustrating IBM's sustained efforts to protect human rights and the environment:

• 1953 IBM published the first equal opportunity policy letter is published, 11 years before the Civil Rights Act (1964)
• 1968 IBM established a supplier diversity program
• 1971 IBM formalized its first environmental policy
• 1993 Mercury prohibited from use in IBM parts or assemblies
• 2000 First CO2 emissions reduction goal set
• 2015 IBM voiced its support for the Paris Agreement and reaffirmed its support in 2017
• 2021 IBM committed to net zero greenhouse gas emissions by 2030

Long before the German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz, LkSG) came into force, IBM had already adopted corporate guidelines, such as the IBM Global Employment Standards and the IBM Global Environmental Affairs & Product Safety Policy, which focus on human and environmental rights, among others, such as:

• Freely chosen employment
• Prohibition child labor
• Fair wages and working hours
• Non-discrimination and harassment
• Freedom of association
• Health & safety
• Protection of the environment

These guidelines and other IBM Policies can be found here.

IBM's continuing commitment to the protection of human and environmental rights is also reflected in its Ecovadis rating. In 2022, IBM (Corporate - Group Level Rating) achieved a Gold rating, above the industry average.

This policy statement reflects IBM's enduring values as well as our responsibility under the LkSG.

Since January 1, 2023, the LkSG applies to IBM Central Holding GmbH and IBM Deutschland GmbH. As a subsidiary of IBM Deutschland GmbH, IBM Deutschland Research & Development GmbH has itself been a norm addressee of the LkSG since January 1, 2024.

This policy statement covers all of the aforementioned norm addressees of the LkSG jointly, which are expressly committed to the LkSG and the protection of human and environmental rights enshrined therein as well as the related due diligence obligations in their respective own business area and in their supply chain.

To fulfill the due diligence obligations under the LkSG, we consider the aforementioned norm addressees as well as their affiliated companies in Germany and abroad over which we exercise a decisive influence.

We understand the supply chain within the meaning of the LkSG to include all products and services of our company as well as the steps in Germany and abroad that are necessary for their production and provision. (That can begin with raw material procurement to final delivery to the end customer together with services such as the transportation or interim storage of goods.) This supply chain encompasses our own business activities, the activities of our direct suppliers and the activities of our indirect suppliers.

Our policy statement underpins the strict observance of human rights and environmental standards that already exist and continue to exist for IBM and shows how we comply with the due diligence obligations of the LkSG.

The IBM Business Conduct Guidelines, our code of conduct including the IBM corporate guidelines referenced therein, as well as the Responsible Business Alliance (RBA) Code of Conduct, a globally recognized code for social, ecological and ethical industry standards, are foundational components of this policy. From this foundation, we monitor the protective positions specified in the LkSG and listed below in our own business areas and at our suppliers, in particular:

1.    Prohibitions for the protection of human rights

• Prohibition of child labor and forced child labor
• Prohibition of forced labor and all forms of slavery
• Prohibition of disregard of health obligations and occupational safety
• Prohibition of disregard for freedom of association
• Prohibition of discrimination (unequal treatment, wage discrimination)
• Prohibition of withholding adequate wages
• Prohibition of causing harmful soil changes, water and air pollution, harmful noise emissions, excessive water consumption
• Prohibition of unlawful forced eviction/withdrawal from land, forests and waters
• Prohibition of hiring or using private or public security forces in violation of human rights

2.    Prohibition for the protection  of the environment:

• Prohibition on the production, use and treatment of mercury (Minamata Convention)
• Prohibition on the production and use of persistent organic pollutants (Stockholm Convention, POPs Convention)
• Prohibition of the unsafe handling, collection, storage and disposal of waste (POPs Convention)
• Prohibition of the export and import of hazardous waste (Basel Convention)

With reference to the above protective positions of the LkSG recognized by us, there are clear expectations towards our employees and our direct suppliers regarding the protection of human and environmental rights.

Expectations towards our employees:

• IBM is committed to principles of business ethics and lawful conduct. It is IBM's policy to act ethically and lawfully in all matters and to maintain IBM's high standards of business integrity. In 1986, IBM introduced its global Business Conduct Guidelines (BCGs). All IBM employees must annually certify these guidelines and must at all times comply with them. As stated in the BCGs:
  
  “No matter where your workplace is – whether you work with IBMers, clients, Business Partners, suppliers or other parties in person, over the phone, online or by any other means – follow our Values, the BCGs and other applicable IBM corporate directives, such as IBM policies, corporate instructions and guidelines (Corporate Directives). And comply with all laws and regulations that apply to IBM’s business.”
  
  You can find a link to the actual BCG here.
  
  Also, the BCGs instruct employees to adhere to mandatory global IBM corporate policies, which establish high standards for how we conduct business. Key policies include the IBM global employment standards, human rights principles, health and safety policy and corporate environmental policy.
  
  Excerpt from the BCG: “No matter where your workplace is – whether you work with IBMers, clients, Business Partners, suppliers or other parties in person, over the phone, online or by any other means – follow our Values, the BCGs and other applicable IBM corporate directives, such as IBM policies, corporate instructions and guidelines (Corporate Directives). And comply with all laws and regulations that apply to IBM’s business.”

• We inform our employees about the protected legal positions and due diligence obligations of the LkSG through our intranet, training, and cooperation with the Human Rights Officer.

Expectations toward our direct suppliers:

• In 2004, IBM became one of the founding members of the Responsible Business Alliance (RBA). The RBA Code of Conduct has evolved into a well-recognized code of social, environmental and ethical industry standards. It is regularly updated and adapted for changing legislation. You can find the current version of the RBA Code of Conduct here (link resides outside ibm.com).
  
  
• The RBA Code of Conduct has been a long-standing and integral part of IBM’s business relationships. Thus, depending on our risk assessment, we require our direct suppliers to establish and maintain a social and environmental management system that incorporates the RBA Code of Conduct, and to communicate the resulting requirements to our direct suppliers' own suppliers who perform work that is essential to the products, parts and/or services supplied to us, in addition to other and/or other relevant requirements as part of our IBM Procurement processes. The detailed requirements for this management system can be found here.

We take the following steps to comply with the due diligence obligations under the LkSG, in particular to identify, prevent, minimize or end human rights and environmental risks and legal violations.

1. Responsibilities

We have defined responsibilities in our risk management framework to ensure compliance with the due diligence obligations under the LkSG. As the highest management level, the respective management board of the aforementioned norm addressees of the LkSG is committed to the responsibility for the protection of human rights and environmental concerns of the LkSG and to the appropriate observance of due diligence obligations. In addition, the position of Human Rights Officer was created as a supervisory body for the implementation of the LkSG and the monitoring of risk management for compliance with the due diligence obligations under the LkSG for the aforementioned norm addressees. The Human Rights Officer reports to the management board at least once a year.

Several departments are involved in the operational implementation of human rights and environmental due diligence processes, such as Purchasing, Human Resources, Occupational Health and Safety, and Diversity and Inclusion.

2. Risk analysis

We carry out risk analyses at least once a year and on an ad hoc basis, both in our own business areas as with our direct suppliers.

Starting from an abstract analysis based on risk factors that considers the human rights and environmental risks of our own industry, the industries of our direct suppliers and the respective countries of operation or sourcing countries, the potential human rights and environmental risks are identified. The abstract risk analysis is carried out using an established software solution from a specialized provider of risk data; that software supports the analysis based on sources and other information about human rights and environmental risks.

When analyzing our direct suppliers, we initially take a broad view. If an abstract risk is identified, a more detailed review is carried out. Prioritization of risk is also carried out based on the following criteria, in particular: type and scope of business activity; the ability to exert influence; the typical and expected severity and probability of occurrence of a breach; and the contribution to causation. We also consider whether contractual relationships are permanent or non-recurring and whether services or products are purchased from the IBM Group (which are subject to high standards).

The risks identified in this way are divided into a risk scale that distinguishes between critical, strategic and moderate risk. Non-priority risks are deferred.

The results of the risk analyses in 2023 were communicated to the management of the aforementioned norm addressees and other relevant internal stakeholders, which provided guidance on the findings and future measures. The findings also form the basis for any necessary adjustments to our regulations or processes as well as trainings to meet our due diligence obligations.

The risk analysis of our direct suppliers did not reveal any indication of critical human rights or environmental risks. Based on the fields of activity of our direct suppliers, primarily services, and the countries of our direct suppliers, which have strict legal protections for human and environmental rights, our focus is in the areas of discrimination and occupational health and safety.

Regarding our indirect suppliers, there were no indications, complaints, or information at the time of the adoption of this declaration of principles that would prompt the performance of an event-driven risk analysis in accordance with the LkSG of our indirect suppliers.

3. Preventive measures

3.1 In our own business area

In accordance with the LkSG, we have taken the appropriate preventive measures in our own business area, including and among others:

• Implementation of the IBM Principles on Human Rights
• Compliance with our Business Conduct Guidelines and corporate guidelines as well as annual training of our employees in this regard
• Regular training on protection against discrimination
• Conducting surveys on occupational safety and psychological hazards in the workplace
• Adaptation of our purchasing process and procurement to reduce or avoid significant risks
• Implementation of LkSG-specific training in relevant areas of the company
• Risk-based control measures to check compliance with the duty of care in our own business area
• Cooperation with co-determination to identify risks

3.2 With our direct suppliers

We have been embedding human rights and environmental principles and expectations in our business relationships with our direct suppliers for many years. In particular, we take risk-based measures where appropriate:

• Consideration of human rights and environmental expectations when selecting our direct suppliers
• RBA Code of Conduct and social and environmental management system form the basis of our business relationships with our direct suppliers
• Risk-dependent agreement of special risk-based contractual clauses, e.g. for conducting audits, further risk evaluation and support in the implementation of measures to eliminate or mitigate risks
• Training on our expectations

3.3 With our indirect suppliers

If we obtain substantiated knowledge of a possible violation at an indirect supplier, we take the following measures, among others:

• Conducting risk analysis
• Concept development, implementation and monitoring to minimize and avoid the violated protected position
• Establishment of appropriate preventive measures

4. Remedial measures

If we determine that a violation of human rights or environmentally protected legal positions under the LkSG has occurred or is imminent in our own business area, we immediately take measures in inland that are appropriate and lead to the prevention or termination of the violation. For own business area abroad, we immediately take measures that are appropriate and generally lead to the prevention or termination of the infringement.

Measures may include the implementation of training courses, the amendment or adaptation of guidelines or processes, steps under local labor law and the cross-functional development of concepts.

In the case of direct suppliers, appropriate measures are taken - in cooperation with them - that are suitable for preventing, ending or minimizing the infringement. This includes the development of measures or action plans to end or minimize infringements, temporary suspension or termination of business relationships.

In the case of indirect suppliers, in the absence of contractual relationships, we will endeavor, also with the participation of the direct supplier, to define measures or action plans with the parties involved in order to achieve mitigation of the infringement or a termination.

5. Complaints procedure

Although we continuously strive to uphold human rights and environmental standards, we acknowledge that violations may still occur. Therefore, we believe that implementing grievance mechanisms is crucial. These mechanisms serve as both a means of identifying potential risks and a way to uncover actual violations, allowing us to take prompt corrective and preventive actions.

Anyone can report human rights and environmental risks, as well as violations of human rights or environmental obligations resulting from our business activities in our own business area or one of our direct or indirect suppliers, via the IBM Global Procurement Ombudsman procedure. For more information on this procedure and its rules, please visit our website.

We ensure the widest possible accessibility of the complaints procedure by providing several communication channels:

• E-mail: IBM.Ombudsman@ibm.com (Only the Ombudsman Complaints Office has access to this e-mail inbox)
• Telephone: +36-20-823-5681
• Postal address: IBM Hungary ISSC Kft , Szigony utca 26-32, 1083 Budapest, Hungary
• Contact an employee of the complaints office, who are listed here. 

The claimant will generally be contacted within 48 hours of submitting a concern (unless logged anonymously).

After receipt of a complaint and entry confirmation, the Ombudsman office will promptly investigate.  Subject to the respective allegation and within a reasonable timeframe: 

• facts will be collected, discussed, and reviewed;
• dedicated experts (always subject to confidentiality) will be involved;
• interviews and observations will take place;
• findings will be reviewed and discussed;
• claimant will be informed about the completion of investigations;
• subject to the outcome of the investigations reasonable measures will be taken.

The complain will always be approached with the intention to reasonably investigate the case and find a solution for all parties involved.

The persons entrusted with the Ombudsman Procedure will ensure the confidentiality of the claimant’s identity. In addition, IBM prohibits threats or acts of retaliation in any form in context with concerns made under the Ombudsman Procedure, including for reporting a concern based on reasonable grounds that lead the claimant to believe that the information on any violation reported was true at the time of reporting. This protection will not be limited to the claimant, but also to any facilitators, third persons such as colleagues or relatives and businesses that the claimant owns, works for or is otherwise connected with.

At all times, the Ombudsman office will ensure the confidentiality and protection of personal data relating to one’s concern.

Case documents are stored in the Ombudsman data repository for at least seven years.

6. Documentation and reporting

In addition to the information disclosed in the annual IBM Impact Report, which documents our ESG goals and performance can be found here, we comply locally with the documentation and reporting requirements under the LkSG. We also document the fulfillment of due diligence obligations internally on an ongoing basis and report annually on our human rights and environmental risk due diligence process as required by law.

The effectiveness of the preventive and remedial measures and the complaints procedure are reviewed annually and on an ad hoc basis (event driven). If necessary, measures are adapted, further developed or even repeated.

The world and our market environment are constantly changing. We therefore continuously review our risk assessment and measures.

Based on our risk assessments, our procedures, this policy statement and our communications, we regularly review our processes and adapt them as necessary to changing circumstances.

IBM is always focused on the challenges and complexities facing today’s world and we stand ready to collaborate with our clients, employees, partners, suppliers, public authorities and individuals to build a safer, more equitable and healthier environment.

Names of the managing directors

IBM Central Holding GmbH
Wolfgang Wendt
Dr. Andreas Buchelt
Dr. Frank Kohls

IBM Deutschland GmbH
Wolfgang Wendt
Dr. Andreas Buchelt
Christine Rupp
Dr. Frank Kohls

IBM Research & Development GmbH
David Faller

These below questions and answers provide an overview of how concerns in context with the above referred Act will be processed.

Who can report a concern?

The complaints procedure is open for every person who wants to report human rights and environment-related risks as well as violations of human rights-related or environment-related obligations that have arisen as a result of the economic actions of the IBM enterprise the Act on Corporate Due Diligence Obligations in Supply Chains applies to in its own business area or of any of its direct or indirect suppliers.

How can I report a concern?

Any human rights and environment-related concern according to the scope of the Act on Corporate Due Diligence Obligations in Supply Chains (Germany) may be reported to the IBM Procurement Ombudsman office.

A concern may be raised in person, email, by regular mail or by phone.

If you choose to submit your concern anonymously, please consider providing a means for us to contact you (for example an anonymous email account). Otherwise, we will not be able to provide you with feedback.

You can raise your concern via the below routes:

• E-mail: IBM.Ombudsman@ibm.com
      (The e-mail box has limited access for the Procurement Ombudsman office only.)
• Phone: +36-20-823-5681
• Regular Mail address: IBM Hungary ISSC Kft , Neumann Janos utca 1, 1117 Budapest, Hungary
• Any Ombudsman listed here

Why the Ombudsman office to report to?

For all concerns brought to the Ombudsman office, designated impartial persons bound to confidentiality will be entrusted with handling the concern.

The IBM Ombudsman office has been established in 1994 being the safeguard of the ethics and Integrity of IBM’s Supply Chain. The experts of Ombudsman office have decades of investigative experience and concern management practice.

The IBM Procurement Ombudsman office is an independent team within the Global Supply Chain Organization of IBM having the authority to investigate and resolve matters outside of the normal business channels.

The Ombudsman office is acting as an avenue to bring concerns and allegations to a neutral party.

Since its inception the office does not serve as an advocate for any person or organization, but rather an advocate for a fair outcome.

Will the claimant receive a response to its concern?

The claimant will generally be contacted within 48 hours of submitting a concern (unless lodged anonymously).

What are the steps of the complaints procedure?

After receipt of a complain and entry confirmation the Ombudsman office will promptly start the work in regard of the respective case.

Subject to the respective allegation, within reasonable time.

• facts will be collected, discussed, and reviewed,
• dedicated experts (always subject to confidentiality) will be involved,
• interviews and observations will take place,
• findings will be reviewed and discussed,
• claimant will be informed about the completion of investigations,
• subject to the outcome of the investigations reasonable measures will be taken.

It will be always acted with the intention to reasonably investigate the case and to find a for all parties involved reasonable solution.

Worried about raising a concern?

The persons entrusted with the Ombudsman procedure will take care about the confidentiality of claimant’s identity. In addition, IBM prohibits threats or acts of retaliation in any form in context with concerns made under the Ombudsman Procedure, including for reporting a concern based on reasonable grounds that lead the claimant to believe that the information on any violation reported was true at the time of reporting.

This protection will not be limited to the claimant, but also to any facilitators, third persons such as colleagues or relatives and businesses that the claimant owns, works for or is otherwise connected with.

At all times, the Ombudsman office will take care about confidentiality and protection of personal data relating to your concern.

Does a documentation exist?

Case documents are stored in Ombudsman data repository for at least seven years.

Will the effectiveness of the mentioned procedure be periodically reviewed?

Reviews of the procedure will take place at least once a year and on an ad hoc basis.