Business conduct
ESRS SBM-3
STRABAG, having defined the avoidance of corruption and anti-competitive behaviour as a material management responsibility, implemented an Ethics and Business Compliance System in 2008 and has been continuously developing the system ever since.
The great diversity of STRABAG’s activities, of the countries in which it operates, and of its suppliers and business partners results in a broad spectrum of risks for the company. It is therefore of utmost priority to address and counteract identifiable risks in order to prevent potential supplier defaults due to sanctions legislation and to avoid compliance violations and their consequences, such as fines and reputational damage. A holistic approach is used to identify country-specific risks as measured by the Corruption Perception Index (CPI) as well as risks specific to certain segments and business partners. The results also form the basis for the double materiality assessment that is carried out as part of the sustainability reporting.
Violations of the law must be prevented and incidents addressed with a forward-looking approach in order to uphold STRABAG’s ongoing ambition to remain a reliable business partner, contractor and employer. To this end, STRABAG promotes compliant behaviour, ethical conduct and a corporate culture based on partnership and trust through comprehensive ongoing actions. A comprehensive training concept as well as the public whistleblower platform play a central role in this regard.
Group-wide cooperation
As of 1 January 2025, the central staff division Business Compliance & Management Systems was transferred into a new Corporate Responsibility Office (CRO), which was tasked by Group management with implementing the Ethics and Business Compliance System. The head of the Corporate Responsibility Office also serves as Chief Compliance Officer of STRABAG SE and reports directly to the CEO.
The Chief Compliance Officer is supported in his tasks by Business Compliance Officers (BCOs), with another 50 Business Compliance Partners appointed to carry out simplified business partner reviews on a large scale. This system ensures that business compliance is not only managed centrally but is also embedded within the operational entities to address local risks. A strategic function within the Corporate Responsibility Office is carried out by the Business Compliance Committee, which consists of the heads of the central division Contract Management and Legal (CML) and of the central staff division Internal Audit along with the Chief Compliance Officer. The committee reviews proposals developed by the Business Compliance organisation for improving the Business Compliance Management System, investigates suspected cases of serious business compliance violations and ensures cooperation across the Group.
Policies
ESRS G1-1
The Ethics and Business Compliance System is firmly embedded within the company as a Group directive. As such, it has been approved by the Management Board of STRABAG SE. The full Management Board adopts all directives developed by the Corporate Responsibility Office, as well as the Code of Conduct and the Supplier Code of Conduct. Any amendments to these core documents must likewise be approved by the full Management Board.
The Ethics and Business Compliance System consists of the Business Compliance Management System (BCMS) and the Code of Conduct, which defines the Group’s ethical principles. The requirements set out in these documents are binding for all Group employees and are available on the intranet in all Group languages. A comprehensive training concept ensures that the contents are communicated to all employees. The figure below illustrates the structure of the Ethics and Business Compliance System.
STRABAG Ethics and Business Compliance System
The Code of Conduct applies to all STRABAG employees and equally considers the interests of other stakeholders such as supervisory and governmental authorities as well as shareholders. The document has been approved by the Management Board of STRABAG SE. The principles set out in the Code of Conduct are specified and defined in detail by the Business Compliance Management System and the BCMS management directives and are continuously monitored, reviewed and further developed by the Corporate Responsibility Office. The document is available on the intranet to all employees in all Group languages and, where legally possible, forms part of the employment contracts. New employees are informed about the contents of the Code of Conduct as part of a mandatory compliance training. The Code of Conduct describes STRABAG’s responsibility as a business partner as well as its responsibility towards employees and other stakeholders, based on corporate values such as partnership, trust, solidarity and sustainability. The Code of Conduct also makes reference to the whistleblower platform for reporting violations of the defined principles.
The STRABAG BCMS and its implementation across the Group comply with the requirements of ISO 37001 (Anti-Bribery Management Systems) and ISO 37301 (Compliance Management Systems). This also fulfils the key requirements of the UN Convention against Corruption, which defines best practices for businesses. STRABAG is the first globally operating Austrian company to have Group-wide certification to ISO 37001 and ISO 37301.
The STRABAG BCMS is an effective system to prevent business compliance risks such as corruption and bribery. The most important ongoing actions are described in this chapter. As these actions form integral components of the day-to-day business operations, it is not possible to say exactly which financial resources are allocated specifically to these actions.
The management directives serve as an annex to the STRABAG BCMS and define rules of conduct for the entire management and all Group employees. For clarity and practical application, they are divided into several thematic areas.
The management directive on the prevention of corruption and white-collar crime offences defines STRABAG’s policy on invitations and gifts, donations and sponsorships, as well as interactions with public officials. Together with additional BCMS rules and defined processes for reporting and internal investigations, the directive serves to prevent, detect and address corruption and bribery in order to avoid corrupt behaviour at an early stage, identify risks and respond appropriately.
The management directive on business partner due diligence sets out mandatory standards for screening business partners and reviewing business relationships based on the risk analysis. It also defines screening measures that can be carried out independently of a specific business relationship in order to apply an enhanced due diligence standard in individual cases where necessary. The Corporate Responsibility Office also initiates ad hoc actions when required. Following Russia’s invasion of Ukraine, the business partner review process was tightened further in March 2022 and a Group communication on sanctions list screening for business partners was sent to all division and central division managers. The policy stipulates that every business partner falling under the relevant parameters must be reviewed by Business Compliance Partners for sanctions list matches prior to contract conclusion.
The management directive on internal investigations was updated and put into effect in August 2025. It defines the standardised process for investigating suspected or actual misconduct. A key element of the directive is ensuring that compliance violations are assessed according to uniform principles and addressed with appropriate actions across the Group. Investigations are conducted independently and free from conflicts of interest by qualified personnel. Affected parties are involved in the investigation process in a transparent manner to ensure fair and comprehensible handling. Where violations occur, appropriate actions are recommended, with confidentiality of the results maintained at all times.
The management directive on antitrust and competition law describes appropriate conduct, defines review obligations for sensitive business relationships, addresses merger control and, where necessary, provides for the involvement of CML as an independent supervisory body as a way of safeguarding fair competition.
The handling of conflicts of interest is regulated in a separate management directive requiring all STRABAG employees to disclose potential conflicts of interest that they may have. In addition to avoiding conflicts of interest, transparent handling of unavoidable conflicts is a key priority as well.
ESRS G1-2
The Supplier Code of Conduct summarises STRABAG’s principles of responsible business conduct, compliance with which is also expected from suppliers and subcontractors. These principles cover topics relating to business compliance, human rights, employment conditions, social responsibility, environment and responsible procurement. The Supplier Code of Conduct is generally incorporated into the General Terms and Conditions. Further information on the Supplier Code of Conduct can be found in the chapter Workers in the value chain. STRABAG is currently developing a supplier engagement programme to reduce emissions in our upstream value chain together with our suppliers. In the future, social and environmental sustainability criteria are to be integrated into both project-specific and cross-project supplier evaluations.
ESRS G1-3
Close cooperation exists between several central staff divisions for the implementation and management of the BCMS. The central staff division Internal Audit supports the central staff division Corporate Responsibility Office in enforcing the business compliance rules. Compliance with BCMS requirements is a permanent audit component of the regular compliance and property audits. Outside the regular audit activities, Internal Audit also becomes involved in special audits in coordination with operational entities or the Corporate Responsibility Office to investigate suspected cases of non-compliance.
Suspicious invoices are forwarded to the Business Compliance unit within the Corporate Responsibility Office via a business compliance monitoring process set up by BRVZ in all countries that it administers.
Potential misconduct related to business compliance (suspected corruption, bribery, conflicts of interest and competition law violations), discrimination, human rights and employment conditions, occupational safety and health, environment and data privacy can be reported via the publicly accessible STRABAG online whistleblower platform or directly to a contact person within the Group. The whistleblower system is defined in both the BCMS and the Code of Conduct. The platform is accessible to internal and external persons and is available in all Group languages. Employees are informed about the whistleblower platform through the intranet and in training programmes.
The whistleblower system can be used to report information and incidents and to provide feedback on the system itself. Feedback may also be submitted to the ombudspersons or to the Human Rights Officer.
Incoming reports are reviewed by independent case handlers. Ombudspersons responsible for handling cases involving discrimination, human rights and employment conditions conclude an addendum to their employment contracts confirming that in their function as ombudspersons they are not bound by the instructions of their superiors.
The STRABAG whistleblower system meets the standards defined by the Whistleblower Protection Directive (EU) 2019/1937. Compliance by whistleblowers with the legal standards is specified in the management directive on internal investigations. Whistleblowers are not responsible for providing evidence to substantiate their claims. A detailed functional description of the whistleblower system and a set of FAQs explain how reports are handled and how maximum protection and anonymity of whistleblowers and affected persons is ensured. All information and data entered into the STRABAG whistleblower platform are encrypted and can only be viewed by the responsible STRABAG case handlers. Case workers are instructed to ensure the protection of whistleblower anonymity through system briefings and ad hoc training sessions. Information on the reported incidents is used and shared only to the extent required for the investigation in line with the need-to-know principle. Every report or complaint relating to business compliance (including but not limited to suspected corruption and bribery, conflicts of interest and competition law violations), discrimination, human rights and employment conditions, occupational safety and health, environment and data privacy is investigated. Within the BCMS, the processes for internal investigations apply uniformly and across topics to all reports in the various categories. Depending on the circumstances, the responsible management will take corrective actions or disciplinary measures – up to and including warnings or termination of employment – to respond appropriately to identified offences and prevent future violations.
The final report contains proposals for actions and, where appropriate, process improvements, including improvements within the Business Compliance Management System itself. Depending on the severity of the violation, the report submitted to the responsible organisational entity, the Management Board and/or the Supervisory Board.
The members of the Management Board are informed about material reports and cases through various reporting processes. This is primarily due to the fact that the whistleblower platform is administered by several specialist departments reporting to different members of the Management Board. As the whistleblower platform is also used by local communities to submit complaints regarding construction sites, incoming reports are also handled directly with the management of the operational entities. The Human Rights Officer conducts an annual review of the effectiveness of the human rights complaints procedure, including an assessment of the functionality and processes of the whistleblower platform. Within the Business Compliance Management System, the Management Board and Supervisory Board are informed annually about significant compliance cases. The report also includes relevant developments and measures for the prevention, detection and handling of violations.
Comprehensive training concept for all employees
Comprehensive employee training of appropriate conduct in day-to-day business dealings, the definition of review obligations in sensitive business relationships, and awareness of the potential consequences of non-compliant behaviour are essential prerequisites for safeguarding fair competition. STRABAG therefore introduced a comprehensive training concept in 2013 to communicate to employees the current directives and processes for combating corruption and anti-competitive behaviour. The training includes in-depth instruction in criminal anti-corruption law, covering offences such as embezzlement, fraud and bribery as well as interacting with public officials. Depending on risk exposure, the training also covers the topics of cartel prohibition, the prohibition on abusing dominant market positions, and merger control under competition law. The training concept is continuously adapted and improved based on feedback from participants and the experience gained from incident management.
All STRABAG employees receive instruction on the rules for safeguarding fair competition immediately upon joining the Group in the form of mandatory e-learning, which must be repeated every two years.
As STRABAG’s management (comprising business unit heads, subdivision heads and the heads of the divisions, central divisions and central staff divisions) plays an important role in the prevention of corruption and this group of persons must observe enhanced duties of care, its members are also required to attend special training courses on preventing corruption and competition law violations. Business unit heads and above must complete the basic training upon appointment to their position. In subsequent years, the training content is reinforced at greater depth through refresher courses. Both the initial training and the refresher courses are divided into a general section and a section on competition law. Members of management must complete the refresher courses every three years. As this risk frequently extends to group leaders, an advanced e-learning course for group leaders was introduced in August 2024. This course must be completed every two years.
The training concept, content and target groups are decided by the Management Board and reported to the Supervisory Board. The content is based on the core policy documents, which are likewise approved and reported. The risk areas and topics covered by the training are audited annually by independent auditors as part of the ISO 37001 and ISO 37301 audits, with the Management Board, as the highest governance body, also subject to the audit. Given the Management Board’s inherent duty to ensure compliance with both legal and self-imposed standards and to regulate these standards for all employees, no separate training is planned for the full Management Board.
The employee representatives on the Supervisory Board receive periodic training through STRABAG’s general training programme. The other members of the Supervisory Board are exclusively persons with many years of experience in executive management or management board functions at renowned companies. In addition, the Supervisory Board possesses legal expertise as well as professional experience in auditing and tax auditing. Each year, one member of the Supervisory Board is audited by external certifiers with regard to the applicable BCMS. For these reasons, separate training for the Supervisory Board has been deemed unnecessary.
Training statistics
Basic compliance training | Basic cartel law training | Refresher course | Group lead training | Business compliance training | |
Target group | Management (business unit, subdivision, division, central staff division and central division leads)1 | Group lead1 | Employees | ||
Training rates 2025 | |||||
Total to be trained | 1,511 | 1,511 | 1,400 | 4,232 | 35,890 |
Total receiving training | 1,431 | 1,424 | 1,284 | 4,041 | 32,801 |
Training coverage | 95% | 94% | 92% | 95% | 91% |
Training rates 2024 | |||||
Total to be trained | 1,444 | 1,444 | 1,303 | 3,779 | 34,705 |
Total receiving training | 1,345 | 1,332 | 981 | 3,496 | 31,648 |
Training coverage | 93% | 92% | 75% | 93% | 91% |
Delivery method and duration | |||||
Classroom training | 4 hours | 3 hours | 4 hours | ||
Risk-based online training | approx. 40 min | ||||
Online training | approx. 40 min | ||||
Frequency | |||||
After appointment as manager | After appointment as manager | Every three years after completing the basic training | Every two years | Every two years | |
Topics covered | |||||
Anti-corruption | x | x | x | x | |
Competition law | x | x | x | x | |
Management directives | x | x | x | x | x |
Incident management | x | x | x | x | |
1Function-at-risk
In addition to the training courses listed above, 35 special training courses were held during the reporting period. Special training courses are offered at the request of local management for all employees who are exposed to an increased risk due to their work. These courses are held irrespective of the employees’ hierarchical level.
The Corporate Responsibility Office also supports numerous internal conferences and events presenting general business compliance topics, anonymised incidents and lessons learned.
ESRS G1-4
The German competition authority imposed a fine of € 5.1 million on a STRABAG SE Group company for anti-competitive agreements. The Group company cooperated with the German competition authority under its leniency programme, allowing the proceedings to be concluded by way of settlement. The fine was paid at the beginning of 2025.
In 2006, the Slovak competition authority imposed a fine of € 12.2 million on a subsidiary of STRABAG SE in proceedings concerning anti-competitive agreements. Due to lengthy court proceedings regarding the legality of the ruling and enforcement of the fine, the penalty was not paid until 2025.
In 2024, the total amount of fines paid in connection with the cases reported in STRABAG’s 2024 Annual and Sustainability Report amounted to € 3.5 million. These violations were related to anti-competitive collusion.
On 11 March 2026, STRABAG AG (Austria), by means of a settlement, brought to a legally binding close the modification proceedings initiated by the Federal Competition Authority seeking judicial review of the final fine decision of 21 October 2021 for a € 45.37 million penalty. This case was reported in STRABAG’s 2022 and 2023 Annual and Sustainability Reports. Following a thorough assessment of the factual and legal situation, the company decided to enter into this settlement by accepting a € 100.63 million increase in the fine to avoid a further lengthy court procedure, thereby bringing the cartel proceedings to a close.
STRABAG is working intensively on the further development of its Business Compliance System and is now the first Austrian company operating internationally to obtain group-wide certification under ISO 37001 and ISO 37301. As part of the continuous improvement of internal processes and compliance actions, STRABAG implemented additional self-cleansing and reorganisation measures alongside the training concept described above. Beyond training, further structural and organisational actions were therefore taken in order to ensure lasting compliance with all relevant legal and ethical standards.
ESRS G1-5
STRABAG is active in various organisations to represent the interests of the construction industry in dialogue with stakeholders as a way to contribute to the development of sustainable, innovative and economically viable framework conditions for the industry. This includes membership in major national construction industry associations, such as the Federation of the German Construction Industry (Hauptverband der Deutschen Bauindustrie, HDB) and the Association of Industrial Construction Companies in Austria (Vereinigung Industrieller Bauunternehmungen Österreichs, VIBÖ), as well as regional and/or trade-specific associations.
In 2025, STRABAG once again participated in the European Forum Alpbach after publishing a policy paper on the circular economy at the 2024 event. STRABAG also is a member of Stiftung KlimaWirtschaft, a foundation active primarily in Germany to promote corporate climate action. In addition, we have supported the UN Global Compact as a participating organisation since 2021 and are committed to its ten principles in the areas of human rights, labour, environment and climate as well as anti-corruption.
Donations and sponsorships with links to political parties must, in accordance with Group directives, be approved by the full Management Board of STRABAG SE with the involvement of the Corporate Responsibility Office. In 2025, STRABAG made no direct political donations or sponsorships. STRABAG SE is registered in the EU Transparency Register under number 472996192561-86.
During the reporting period, no person was appointed to the Management Board or Supervisory Board who had held a comparable position in public administration or at a regulatory authority within the two years prior to their appointment.
The membership fees paid by STRABAG SE are presented below. Membership contributions paid include both compulsory memberships required by law or professional regulation as well as voluntary memberships. The membership contributions made are as follows:
Recipient | Unit | 2025 | 2024 |
Compulsory memberships | |||
Austrian Federal Economic Chamber (WKÖ) | T€ | 1,455 | 1,426 |
German Chamber of Commerce and Industry (DIHK) | T€ | 1,174 | 1,778 |
Voluntary memberships | |||
Federation of the German Construction Industry (HDB) | T€ | 5,041 | 4,730 |
German Concrete and Construction Technology Association (DBV) | T€ | 299 | 302 |
Swiss Contractors' Association (SBV) | T€ | 170 | 162 |
Other national construction industry associations and memberships of less than € 150,000 each | T€ | 352 | 547 |
Total membership contributions paid | T€ | 8,491 | 8,945 |
ESRS G1-6
Incoming invoices at STRABAG SE are forwarded via an electronic system or, in exceptional cases, in paper form to the respective cost centre managers, who review them for accuracy, in particular for completeness of the goods and services provided. Following operational approval by at least two persons, the invoice is released for payment in line with the relevant due date and is generally settled by BRVZ’s central accounting department in a weekly payment run. Due to the international and heterogeneous nature of the various business fields, no Group-wide requirements or processes exist for avoiding late payments. In the key countries of Germany and Austria, payment is generally made before the (net) due date in order to take advantage of cash discounts.
The average payment period, defined as the period between receipt of the invoice and payment of the invoice, is 21 days, while the median is 16 days.
Given the large number of suppliers in a wide range of different countries, along with the fragmented and heterogeneous nature of the services received, no standardised payment terms exist. Where STRABAG’s General Terms and Conditions apply to orders, they provide for a net payment term of 30 days. A total of 89% of payments made are settled within 30 days. There are no notable differences in payment periods or payment behaviour by type or size of supplier.
As of the reporting date, there were no pending proceedings for late payment.
Indicator | Unit | 2025 | 2024 |
Average payment period | days | 21 | 21 |
Mean payment period | days | 16 | 16 |
Percentage of payments made within the payment term (30 days) | % | 89 | 90 |
Pending proceedings for late payment | number | 0 | 0 |