Risk management

Framework

Our approach to risk management

Given the complexity of worldwide operations in various markets and jurisdictions, Corbion needs to ensure timely identification and effective management of all significant risks inherent to the execution of our strategy to support the realization of our objectives. Corbion has an enterprise-wide risk management (ERM) program in place to preserve our reputation, assets, competitive edge, and profits, including the impacts of climate change and other sustainability impacts. ERM is the process of systematically identifying, analyzing, evaluating, and addressing risks that may impact the achievement of Corbion’s objectives.

Our approach to risk management is to aim to achieve a reasonable level of comfort to realize our objectives, in line with the Enterprise Risk Management framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Our approach aims to embed risk awareness and risk management at all levels of Corbion to ensure that decisions are taken with due consideration of the inherent risks in relation to the risk appetite. Risk management is an integral part of running the business and therefore owned by line management (first line). Our risk management approach covers strategic, operations, compliance, and reporting risks.

The implementation of the main COSO framework elements is explained in the illustration.

Control environment

The control environment is the combination of standards, processes, culture, and structures that provide the basis for carrying out internal control across the organization. The Executive Committee sets the tone at the top as to the importance of internal control including expected standards of conduct. An important principle of the control environment is the commitment of the Executive Committee to integrity and ethical values, which is demonstrated by the programs mentioned below.

Business conduct and compliance

Business Conduct Program and Governance

Corbion’s Business Conduct Program combines the legal requirements of the countries where we operate and international standards, resulting in a framework that regulates how all Corbion employees interact with colleagues, business partners, governments, and communities. We translate these legal requirements and standards into our Code of Business Conduct, internal policies, and procedures to make them accessible to everyone. Often, we go beyond what is required by local legislation to create a single global integrity approach within Corbion.

The three lines model used in Corbion also applies to business conduct:

The Executive Committee has overall responsibility for the Business Conduct Program and oversees its execution. To this end, they drive awareness (tone at the top), establish an effective global business conduct governance framework to ensure compliance with applicable laws, our Code of Business Conduct and underlying policies across the entire company, and ensure allocation of appropriate resources for the upkeep and further development of the Business Conduct Program. The business (first line) is responsible for identifying and managing business conduct risks within their own areas. This includes implementing internal controls, adhering to policies and procedures, and ensuring compliance with regulatory requirements.

As the second line, Corbion’s Legal and Compliance department sets the strategic directions, develops policies, monitors, and supports the execution of the Business Conduct Program. The Legal and Compliance department works closely with other departments (e.g., Risk Management, Internal Audit, HR, Finance, Customer Service, Procurement, and Communications) and external stakeholders (e.g., law firms, consultants, and compliance software providers) to enable the proper rollout of the Business Conduct Program throughout the organization.

Internal audit (third line) provides independent assurance on specific business conduct aspects.

Each year, Corbion’s Compliance Officer reports to the Audit Committee of the Supervisory Board on the status of the Business Conduct Program. In the event of significant incidents, the Audit Committee is immediately informed by the Executive Committee.

Business Conduct Lifecycle

An effective business conduct program consists of several core elements that operate to prevent, detect, and correct misconduct. The Business Conduct Lifecycle is a process to continuously apply these core elements in order to further improve the Business Conduct Program.

The six-step framework outlined below has the advantage of integrating rules and controls into a larger whole that includes communications, awareness, training, and support.

These critical elements form the backbone of our comprehensive Business Conduct Program:

Risk assessment: Collaborating with business owners, we continuously monitor upcoming legislation that may impact our activities (e.g., artificial intelligence regulation, new sanctions as a result of a conflict). Our goal is to identify and address compliance risks most relevant to Corbion’s business.
Policies, procedures, and tools: We ensure that appropriate policies, manuals, procedures, templates, and software tools are in place, accessible, and up to date.
Business Conduct Network: We establish a network to support ongoing business conduct processes. Our Business Conduct Coordinators play a supporting role in embedding Corbion’s policies within the business and the regions.
Communication, information, and awareness: Working closely with management and Communications, we facilitate regular and transparent communication on Business Conduct initiatives. To promote awareness across our global workforce, all Corbion locations display Speak Up channel posters with QR codes to the Speak Up channel in high-traffic areas, ensuring the information is visible and available in locally spoken languages. We continuously update the Business Conduct and Privacy pages on our company intranet with relevant resources for employees and internal stakeholders. For external stakeholders, key information, such as access to the external Speak Up Platform and privacy policies, is readily accessible on our corporate website (new window).
Training and advice: We develop and roll out regular training sessions on business conduct matters to employees. We maintain various channels to ensure our colleagues, business partners, and other external stakeholders have easy communication channels with the business conduct function about various business conduct matters. We continuously support our colleagues with ongoing business conduct matters, including advice on contract negotiation, due diligence requirements, and impact assessments.
Monitoring, auditing, and trust in the channels for raising concerns: In collaboration with Internal Audit, Corbion audits specific high-risk processes and implements remediation measures where necessary. Regular ethics and compliance topics are reinforced through informal discussions during team meetings, supporting an open and transparent culture. Across our regions, Local Compliance Coordinators serve as trusted and accessible channels for raising concerns. Consistent and timely consequence management reinforces employees’ confidence that reported misconduct is addressed appropriately and in line with our policies.

Code of Business Conduct and underlying policies

At the heart of our Business Conduct Program is the Code of Business Conduct (new window). Our Code states the values and principles that guide our work at Corbion and sets out the expected standard of behavior for everyone working for Corbion. Our Code applies to all activities we perform on behalf of Corbion wherever they take place and to everyone working for our company.

Guided by the principles of the UN Global Compact and the OECD Guidelines for Multinational Enterprises, our Code of Business Conduct articulates the values that steer our actions at Corbion and outlines principles with respect to personal and business conduct, asset protection, employment standards, and our commitment to sustainability.

Our Code is available in the six most used languages within the company. Our Code serves as an umbrella for underlying policies. These policies address critical areas such as competition law, anti-bribery, anti-retaliation, conflicts of interest, privacy, economic sanctions, and insider trading.

To ensure effective implementation, Corbion maintains a network of regional Business Conduct Coordinators who help embed the Code of Business Conduct and the underlying policies into the business and the regions. Additionally, they serve as a local point of contact for management and employees.

Speak Up channels and Anti-Retaliation Policy

^{ⓘ This chapter includes disclosures related to}^{ESRS S1-3} (new window)^.

Under our Speak Up Policy (new window), which complies with the requirements of the EU Whistleblower Directive, Corbion employees – whether permanent staff, contingent workers, or interns – have multiple channels to report misconduct and (potential) violations of laws, the Code of Business Conduct, and underlying policies. They can reach out to their manager, local HR contact, or the regional Business Conduct Coordinator.

Additionally, the 24/7/365 Corbion Speak Up Platform enables direct reporting to the Business Conduct Committee. Anonymity is preserved for those who choose to report without identification. The Business Conduct Committee is composed of the Chief Human Resources Officer, the Head of Legal and Compliance, and the Senior Director Internal Audit. Our Speak Up Platform includes a toll-free phone number and a global web service, which are operated by an independent service provider to ensure the confidentiality of the report.

Our Speak Up Platform is also available to all external stakeholders, including customers, suppliers, communities, distributors, and agents, and can be used to raise concerns about (suspected) violations of the Corbion Code of Business Conduct, Corbion’s Supplier Code, Corbion’s Cane Sugar Code, or any applicable laws.

Reports from both internal and external Speak Up Platforms flow directly to the Business Conduct Committee. This Committee ensures that each report is properly investigated by qualified individuals (internal or external) and that the investigation process and any disciplinary measures are applied in accordance with applicable laws and in a consistent manner across the company.

Breaches of the Code of Business Conduct may result in disciplinary actions, including termination of employment. The outcome of the investigations as well as any disciplinary measures taken are documented and reported bi-annually to the Executive Committee and Audit Committee.

Corbion does not tolerate retaliation against those who report misconduct or support investigations into such behavior.

The effectiveness of our Speak Up Platform is reinforced through our Anti-Retaliation Policy, which aligns with the requirements of the EU Whistleblower Directive. The platform is accessible through multiple reporting channels, including web, phone, HR, Compliance Officer, and in-country Compliance Coordinators, and visible leadership support. Clear processes, consistent consequence management, and periodic reporting to the Audit Committee provide strong oversight and strengthen organizational trust in the system.

Stakeholders remain actively engaged through regular communication, training, and ongoing dialogue in team meetings, ensuring the Speak Up Platform is well‑understood and responsive to their needs. Annual reviews of the Speak Up process and related policies identify opportunities for continuous improvement, with action plans endorsed by the Audit Committee, thereby reinforcing a culture of accountability.

For metrics related to the Speak Up Platform, see Human capital - Incidents and complaints.

Code of Business Conduct training

Every year, all Corbion employees – including permanent staff, interns, and contingent workers with a contract of three or more months – are required to participate in a mandatory training on our Code of Business Conduct. Employees receive training in their local language through an e-learning course or by attending a live classroom session. Course materials are updated annually, considering the most relevant risks at the time of the release and the topics that were brought up in Speak Up reports in the previous year. Corbion has a strict policy on attendance to the Code of Business Conduct training.

In addition, selected groups of employees need to follow mandatory e-learning trainings every two years with respect to anti-corruption and competition law.

Compliance statement

Every year, during the annual Code of Business Conduct training, employees confirm their compliance with the Code and underlying policies by signing a compliance statement.

In terms of our onboarding program, our standard employment contracts contain a clause with respect to adherence to the Code of Business Conduct. New hires, including interns and contingency workers, are introduced to our Code as soon as they join Corbion and are required to complete the Code of Business Conduct training in the first six weeks of employment.

Conflict of Interest Policy

The purpose of our Conflict of Interest Policy is to provide guidance in identifying and handling potential, perceived, and actual conflicts of interest within Corbion. Conflicts of interest arise when our personal activities or relationships influence or appear to influence our business decisions on behalf of Corbion. Conflicts of interest endanger the relationship Corbion has with its business partners and other stakeholders; they could harm the credibility of Corbion, and even lead to loss of business and reputation.

In January of every year, the Supervisory Board, Executive Committee, and direct reports of the Executive Committee confirm their compliance with the Conflict of Interest Policy by signing a compliance statement. They also fill out a questionnaire with respect to related-party transactions.

Anti-bribery and anti-corruption

As a listed company operating worldwide, compliance with anti-bribery and anti-corruption laws is vital. Given its importance, compliance with our policy is overseen by the Executive Committee. Our policy with respect to anti-bribery and anti-corruption is laid down in our Gifts, Entertainment, and Third-Party Payments Policy. This policy is available in six languages and covers (i) the prohibition of offering, authorizing, or accepting bribes; (ii) rules on how to deal with giving and receiving gifts and entertainment; and (iii) rules on how to deal with third-party payments (e.g., agents and distributors, facilitation payments, sponsorships, or political contributions).

All Corbion colleagues as well as our agents, distributors, and other representatives are prohibited from offering, authorizing, or accepting bribes of any kind. Any gifts and entertainment must be for legitimate business purposes, of reasonable value, appropriate to the business relationship, and be given or accepted at an appropriate time. If the nominal value of a gift exceeds a certain threshold, prior approval of the employee’s manager is required. Prior management approval is always required for entertainment (with the exception of business meals), travel, and overnight accommodation.

Corbion has an anti-bribery and anti-corruption procedure in place to screen prospective agents and distributors, who are required to complete due-diligence questionnaires to be assessed by the Legal and Compliance department and, in some cases, by an external party. Furthermore, higher-management approval is required prior to engagement. The agent or distributor is required to sign an agency or distribution agreement and accept the Corbion anti-corruption and anti-bribery clauses contained therein.

Economic sanctions

Corbion is committed to complying with economic sanctions, laws, and regulations. According to the Corbion Economic Sanctions Policy, prior to onboarding, each prospective business partner is subject to screening against applicable lists of restricted parties and sanctioned countries to ensure compliance with economic sanctions laws and regulations.

Alongside this prescreening of business partners, Corbion employs appropriate tools to continuously screen all active business partners and to prevent shipment of our products to embargoed countries and regions. The list of embargoed countries and regions is reviewed every year and whenever a significant geopolitical event takes place.

Competition Law Policy

Corbion is committed to complying with competition laws. The Corbion Competition Law Policy provides an overview of the main competition rules and establishes procedures and guidelines that must be followed in dealings where competition laws may apply (e.g., contacts with competitors, either direct or through trade associations, and relationships with suppliers, distributors, and customers). The policy prohibits cartels, abuse of a dominant position, and the exchange of sensitive information with competitors.

Corbion has a procedure in place requiring sales colleagues to obtain prior approval from higher management and the Legal and Compliance department for exclusivity/non-compete agreements with customers and distributors.

Insider Trading Policy

As a listed company, compliance with insider trading laws is vital. Insider trading conflicts with the basic principle that everyone dealing on the stock exchange should simultaneously have access to the same information. The Corbion Insider Trading Policy contains rules to ensure that all Corbion employees as well as members of the Executive Committee and Supervisory Board comply with regulations with respect to insider trading. It prohibits trading, among others, in Corbion shares if one has so-called inside information and it contains an approval process before one can trade in Corbion shares.

Privacy and data protection

In light of the EU’s General Data Protection Regulation (GDPR), Corbion has created a robust privacy program in 2018. Following its initial implementation, Corbion has further developed and localized our privacy program to reflect newly enacted privacy regulations in the countries where we operate, such as the CCPA/CPRA in California, the LGPD in Brazil, the PDPA in Thailand, and the PIPL in China.

AI governance

Corbion is promoting a culture of innovation and collaboration, recognizing the potential of Generative Artificial Intelligence (GenAI) for enhancing business outcomes when used responsibly. In response to the recent technological developments in the field, creating an effective artificial intelligence governance framework is essential to navigate the complex legal and regulatory landscape of artificial intelligence.

Corbion has a Responsible AI Use Policy and an AI Responsible Deployment Policy. These policies aim to strike a balance between innovation and risk mitigation. These policies establish the governance and rules for the responsible use and deployment of AI Systems within the company with the purpose to protect Corbion’s (i) confidential information, including trade secrets (of business or technological nature), (ii) personal data, and (iii) commercially-sensitive information (collectively, Corbion’s data). In addition, Corbion offers an e-learning course titled "Responsible AI - Unveiling Generative AI," aimed at providing foundational knowledge about GenAI technologies and guiding the responsible use of public tools like ChatGPT and MidJourney for work purposes. This course is suitable for both beginners and those looking to refresh their understanding of GenAI's benefits and risks.

Enforcement actions

Corbion has not been the subject of any investigation into business conduct violations (e.g., competition, privacy, bribery) by relevant governmental authorities to date.

Risk appetite

Part of the control environment is defining the risk appetite of the company by the Executive Committee. Corbion operates in a multinational dynamic environment with changing customer needs, regulations, and market conditions. In addition, Corbion uses agricultural feedstock that can be subject to commodity price volatility. We balance the level of risk we are consciously accepting to achieve our strategic goals with prudent financial management, with a focus on long-term value creation. Especially in the food industry, reputation is of the utmost importance; we therefore have an adverse appetite for (food) safety issues. Our risk appetite can be summarized as follows:

Our risk appetite

A 1% change in net sales, costs, profit, or currency rates can have the following impact on EBITDA (in millions of euros).

million EUR	Changes	Approx. EBITDA impact
Net sales	+1%	5.9
Gross profit	+1%	3.9
Operating costs (= selling expenses + R&D costs + G&A expenses)	+1%	-1.9
USD¹	+1%	-2.4
JPY¹	+1%	-0.2
THB¹	+1%	0.6
BRL¹	+1%	0.1

1 +1% meaning 1% depreciation of currency against EURO

The average EUR/USD used rate for 2025 was 1.13 (2024: 1.08).

Risk assessment

As an integral part of the strategy review, the Executive Committee annually performs an entity-wide risk assessment to assess the strategic risks, with a mid-year update for significant changes. Furthermore, risk assessment is an integral part of the project stage-gate methodology applied at Corbion for strategic initiatives and related investments.

Based on the strategic risks, the Executive Committee selects a number of key management activities with an increased focus on further strengthening our control framework. This is discussed with the Audit Committee and the Supervisory Board.

Operations, reporting, and compliance risks are considered throughout the organization, with ownership lying with the business (first line). Risk committees have been established to monitor specific risks to stay within Corbion’s risk appetite (Treasury Risk Committee, Commodity Pricing Risk Committee, and Sustainability Reporting Committee).

The financial reporting risks are assessed on a regular basis and the outcome of these assessments forms the input for the Corbion internal control framework for financial reporting, see section Internal control systems. For more information on financial risk management and financial instruments, see Note 27 of the Financial statements.

Corbion top risks

The table that follows summarizes the top risks that have the focused attention of the Executive Committee to support the realization of the strategic targets. For each risk, the table lists the potential impact as well as a summary of mitigation measures taken to minimize the risk. There may be other risks currently unknown to Corbion, or currently believed not to be material, which could ultimately have a major impact on Corbion’s business, objectives, revenues, income, assets, liquidity, or capital resources.

Strategic risks

Risk event	Cause and potential impact	Mitigation actions
Geopolitical tension and macroeconomic developments	Geopolitical tension could result in less favorable market conditions (e.g., due to import tariffs) and high inflation, impacting sales and margins. The degree of sensitivity depends on the different markets Corbion serves. In addition, geopolitical tension could be a driver for increased supply disruption risk; see the Operations risk section for more details.	Corbion is diversified by being present in different regions and industries, having a strong position in both low-cost-in-use as well as premium solutions and investing in innovative solutions, to continuously meet our customers’ evolving needs. Corbion closely monitors market developments and strictly manages spend to protect margins. Corbion applies scenario analysis, for example in relation to tariffs, which we use as a basis for sales and operations planning decisions.
Competition	With global imbalances of lactic acid demand versus supply, the likelihood of new market entrants (in case of under capacity) or price competition (in case of overcapacity) increases.	By investing in R&D, Corbion intends to keep its competitive edge. The new circular lactic acid production technology underscores the innovative strength of Corbion. Corbion invested in the first industrial-scale plant using this new technology in Thailand, resulting in optimized production costs. Supported by R&D and application development, we focus on delivering sustainable solutions to customers and hence reducing the risk of competing on price only.
Inability to find, develop, and retain skilled talent	To execute the Advance 2025 strategy and investment program, Corbion requires a pool of skilled talent. In today’s international labor market, if Corbion is not able to attract and retain skilled talent, the execution of the strategy may be delayed.	Corbion has robust talent acquisition processes, promoting the company’s values and sustainability strategy, which is attractive to potential candidates. Corbion offers competitive compensation packages and has comprehensive talent management processes in place including performance management and succession planning to ensure a strong pool of talent for key positions.
Production capacity	Demand is inherently uncertain in specific markets Corbion is operating in, especially when in an early stage of development. Due to the time it takes to build or increase capacity, investment decisions have to be based on long-term volume forecasts. Mismatches between actual demand and supply could result in temporary short or excess capacity.	With sophisticated demand forecasting and sales and operations planning, Corbion optimizes the allocation of products to ensure we can meet our customers’ needs. Long-term sales and operations planning is used to support capacity decisions. Based on the strategic planning process, an investment program has been established to support our business growth. Corbion continuously reviews the (pace of the) investment program in light of market developments and cash flow. Our global footprint with multiple production locations enables us to optimize our supply and demand balance. In addition, contract manufacturers are used for temporary imbalances.
Climate change	Climate change presents a potential concern for Corbion across all areas of our business due to both transition and physical risks. Transitional risks include factors, such as carbon pricing, evolving consumer behavior, and changing regulations. Physical risks are characterized by increased intensity and frequency of extreme weather events, as well as chronic climate changes. While the immediate impact of climate risk on this year's financial statements is very limited, it has the potential to heighten the likelihood of several other risks in the future, including business continuity, raw material availability and price volatility, regulatory changes, and shifts in customer behavior.	Transitional risks are addressed through our strategy development process, using scenario analysis and monitoring developments, and emerging risks and opportunities. Physical risks are addressed through mitigating actions as mentioned in this table for the relevant risks affected by climate change.

Operational risks

Risk event	Cause and potential impact	Mitigation actions
Supply chain disruption	Due to the global footprint of Corbion, we are vulnerable to supply chain disruptions. The risk of disruption is elevated by geopolitical tension, for example in the Red Sea region and climate-related events such as flooding causing transportation routes to be blocked. In addition, climate-related events can have an impact on the supply of utilities, for example the water supply used in our production processes.	To improve assurance on availability, we have implemented a multiple-supplier sourcing policy for our most critical raw materials. Raw material risks are mitigated by actively taking longer-term contract positions where necessary, by sourcing key raw materials from different regions, and in the longer run, by considering alternative or second-generation feedstocks. We use the WRI Aqueduct Water Risk Atlas to identify the water stress and risk levels of our production locations and key (agricultural) raw materials, in addition to the use of scenario analysis in line with the TCFD recommendations.
Raw material, energy, and carbon price volatility	Failure to manage the price volatility risk of raw materials, chemicals, energy, and carbon, which cannot be directly passed on to customers due to market conditions or lack of contractual enforcement, may result in adversely impacted profitability and gross margins. The volatility is increased by geopolitical tension. Climate change-related events may cause more volatility in respect of our key raw material components (e.g., sugar and corn) and carbon pricing, in addition to a potential impact on water supply used in our production processes.	Our global procurement organization, with dedicated finance support, has developed adequate measures to secure contract positions and obtain financial instruments to minimize or delay exposure to cost fluctuations due to changing raw material prices that might negatively impact our profitability and margins. These measures include early warnings of possible impact on our organization and our customers. Decisions about positions are taken on Executive level by the Commodity Risk Committee. Also, the trade in and availability of CO2 emission rights are actively managed. Various measures are applied to actively manage our profitability and margins (e.g., through the inclusion of price formulas in sales contracts, most notably for the Lactic Acid to PLA sales).
Environment, health, and safety	Inherent health and safety hazards in our operations and insufficient awareness of unsafe operational conditions can lead to injuries, casualties, and potentially, a temporary plant shutdown.	Corbion fosters an open and transparent culture by encouraging all employees to report, among others, all near misses and events in order to continuously improve our safety and environmental performance. Safety is an integral part of new design and changes in production processes and product formulations. In 2025, the Safety Excellence Program continued to be rolled out to the sites, including a Process Safety Management System, a Behavior-Based Safety program, and full implementation of ISO 45001 safety standards for all sites. All Corbion’s significant sites are certified. The Safety Excellence Program is monitored monthly by the Safety Excellence Steering Committee, chaired by the CISCO, and quarterly by the Executive EHS Committee, chaired by the CEO.
Product safety	Product safety is of utmost importance to Corbion. Customers need to fully trust the safety of our products. Any issue can have a significant impact on the reputation of the company and result in significant costs (for example, in case of a major recall).	Corbion has comprehensive quality assurance and control processes in place in line with the ISO 22000 framework to ensure food safety and to track and trace our products in case of any issue. All food manufacturing sites are certified for food safety (BRC/ FSSC). Our pharma production sites comply with GMP (inspected by the local governmental health inspection agencies). Where possible, liability caps are included in contracts. Product liability insurance is in place to cover part of the risk.
Business interruption	An external hazardous event (e.g., flood or fire) or internal disruption (e.g., process breakdowns) may result in a significant period of plant shutdown or disruption and hence in delayed/non-delivery of our products to internal and/or external customers, ultimately leading to adverse financial and reputational consequences.	Business continuity and crisis management plans have been established for all our production locations, contract manufacturing, and logistics, including security of supply plans. These initiatives are part of an ongoing process that involves annual evaluation, incorporating assessment of any new credible high-impact incident (CHII) and further strengthening of measures for already identified CHIIs for each site. Climate change (e.g., extreme weather events) is considered in the CHII scenario analysis with the support of an external climate risk analysis tool. Furthermore, appropriate customer and supplier agreements are in place to limit exposure while leveraging supplies. For IT, a Disaster Recovery Plan is in place and tested annually. Finally, residual risks are adequately insured including assets and business continuity risks.
Cybersecurity breach	A breach of our information technology (IT) security might lead to loss of information, business disruption, or unauthorized access to or corruption of our data and systems. From time to time, our security infrastructure prevents cybersecurity attacks on our information technology systems, and the techniques used for such attacks are increasingly becoming more sophisticated.	We have implemented an IT governance structure including a dedicated Corporate Information Security department and an Information Security Governance Board chaired by the CFO. Corbion established the Security Control framework using ISO 27000 as a reference. On a frequent basis we perform penetration tests, helping us to identify and correct potential IT security weaknesses. The outcome of these tests helps us to further strengthen our IT security levels. In addition, we reduce our risk exposure by continuously raising IT security awareness with our people (e.g., through e-learning and communications). In 2025, our IT control environment remained strong, focusing on timely application of patches, system access through multi-factor authentication, running a Security Operating Center, implementing sophisticated endpoint detection and response software, and segmentation of Corbion’s IT network. Finally, residual risks are partly covered by a Cyber Risk insurance policy.

Compliance risks

Risk event	Cause and potential impact	Mitigation actions
Non-compliance with legislative and regulatory environment	Failure to comply with (changing) laws and regulations in the markets we operate in and/or lack of insight into and/or awareness of relevant laws and regulations and their requirements may result in suspension of activities, reputational damage, and exposure to criminal and financial lawsuits.	Global legal and regulatory compliance programs are in place, including related awareness training, and we monitor, review, and report on changes in laws and regulations. We seek the advice of external experts in compliance matters. Considering the importance of regulatory affairs, Corbion has a Global Regulatory Affairs department with regional presence in place ensuring compliance with (regional) regulations. Corbion implemented the SAP EHS Regulatory Compliance module, adding assurance on compliance to product documentation regulations. In 2025, we started implementing a Product Information System that will give additional assurance on regulatory compliance as the system will ensure adequate regulatory compliance assessment for all product-market combinations. The system will be operational in early 2026.
Other important compliance risks are related to environment, health, and safety and to product safety. These risks are a part of the day-to-day operations and therefore included under Operational risk. The operational frameworks will also cover the relevant compliance aspects.

Reporting risks

Risk event	Cause and potential impact	Mitigation actions
Financial and sustainability reporting	In addition to the top business risks, the external reporting risks remain important as misinformation to our stakeholders can have a significant impact on our reputation. For sustainability reporting, the number of new, existing, and emerging regulations concerning climate change and other sustainability-related disclosures increases. These regulations and initiatives can be either voluntary or obligatory and can be aimed at investors or required by governing bodies. This includes, but is not limited to the CSRD, EU Taxonomy, Task Force on Climate-Related Financial Disclosures, Taskforce on Nature-related Financial Disclosures, IFRS/ISSB, science-based targets, and CDP.	For financial reporting, we have a mature Internal Control Framework in place. For sustainability reporting, we are constantly monitoring developments in this field to anticipate upcoming regulations. Through timely integration of standards and collection of data we are able to keep up with the required disclosures and provide investors and other stakeholders with the information they need. In 2025, we continued the Sustainability Reporting Committee composed of cross-functional disciplines to actively address these developments.