We safeguard assets and information

We ensure transparency and accurate books, records and reporting

We maintain a robust system of internal controls covering compliance, financial and non-financial reporting, and operational processes. Integrity and ethical practices are at the core of our control environment, supported by processes that help ensure individuals meet expected standards of conduct.

05 May 2026

We have implemented a comprehensive set of group-wide policies that employees are required to follow. Outokumpu applies segregation of duties and enforces the “four eyes principle” across the organization to ensure accountability and transparency in decision-making.

Employees shall never falsify, misstate, or conceal information. Any attempt to manipulate records, misrepresent data, or engage in fraudulent activity is strictly prohibited.

We comply applicable laws and regulations set for financial and non-financial reporting. The information in Outokumpu's financial and non-financial reporting must be timely, accurate, complete, reliable, and reflect our operational results.

All financial books, records, accounts, and sustainability data must accurately and truthfully represent transactions, events, and our environmental, social, and governance (ESG) impacts. They must also meet the requirements of applicable accounting and sustainability reporting standards, relevant laws and regulations, as well as Outokumpu’s internal controls.

We protect company assets

Outokumpu employees must treat company assets with care and use them responsibly. This includes safeguarding physical property, funds, equipment, intellectual property, and digital resources from loss, damage, misuse, or theft. Company assets may only be used for Outokumpu’s business purposes or for other uses explicitly approved by management.

Outokumpu has implemented controls and security measures to protect assets and maintain high standards of cyber and physical security. Every employee is responsible for ensuring these assets remain secure and are used appropriately.

We protect confidential information and personal data

Outokumpu employees must safeguard all confidential information and protect personal data. Business secrets and other non-public information must always be kept secure and shared only with authorized parties. Information and assets entrusted to us by our customers, suppliers, and other business partners must be treated with the same care as if they were our own.

Outokumpu is committed to solid data protection practices and complies with applicable data protection laws and regulations. We ensure that the personal data of our employees and other stakeholders is collected and processed only for legitimate, predetermined purposes and to the extent necessary. Outokumpu communicates openly about how personal data is used and applies appropriate safeguards to protect it. 

Disclosing or misusing insider information – whether intentionally or accidentally – can harm Outokumpu and is strictly prohibited. Employees may not use insider information to buy or sell shares or securities, or for any other personal gain. Using insider information when trading in publicly traded shares or securities is illegal. To prevent market abuse, Outokumpu enforces clear rules on trading in shares, disclosing information and handling insider information.

We communicate openly and accurately

Outokumpu builds trust and long-term relationships through transparent, accurate, and responsible communications and marketing. All employees must ensure that any information shared – whether in person, in writing, or online – is fair, truthful, and consistent with our policies and guidelines.

Outokumpu will always provide fair, accurate, and honest information to the public. To maintain professionalism and consistency, all media inquiries must be directed to Outokumpu Communications. When using social media, employees must act responsibly and avoid sharing confidential information, insider details, or content that could harm Outokumpu’s reputation. Personal opinions should be clearly identified as such and shall not be presented as official company statements.