Conducting our business with integrity
Trust, responsibility, and ethical behavior define how we operate across our value chain.
Our business is built on the foundation of trust. Our Code of Conduct expresses our personal commitment to earn this trust every day, in all of our business activities and in every country where we operate. It reflects our values through clear and simple direction for all of our employees and business partners and defines the principles of ethical and compliant business practices.
In March 2022 we were named for the fifth consecutive year (2018-2022) and the sixth time overall as one of the World’s Most Ethical Companies® by Ethisphere and were one of five winners in the telecommunications industry and the only Finnish company to be honored. In 2022, 136 honorees were recognized spanning 22 countries and 45 industries.
Code of Conduct
Our Code of Conduct is applicable to all our employees, directors and management, and is available in 23 languages here. We also have a Code of Ethics applicable to the President and CEO, Chief Financial Officer and Corporate Controller.
Leadership involvement and oversight on ethics and compliance are provided by the Board of Directors via the Audit Committee. Compliance management is further supported by both global and regional compliance committees.
Nokia also has a dedicated Third-Party Code of Conduct to address the unique needs of the relationship with third parties and is available in eight different languages (Arabic, Chinese, English, German, Japanese, Korean, Russian and Spanish).
Robust investigation process
Nokia has a vibrant speak-up culture and robust process for investigating concerns raised to our Ethics Helpline.
Our compliance corner
Explore more about our ethics and compliance activities through blogs and opinion pieces by our Chief Compliance Officer & Deputy CLO and other experts.
Ethics and compliance - what we do
Nokia has created and maintains an Anti-Corruption policy and related standard operating procedures. Our Anti-Corruption Center of Excellence reviews hundreds of transactions, third parties, and requests to give or receive gifts, travel and entertainment, to name just some of the work happening every day.
All Nokia employees are prohibited from offering, giving, or receiving improper payments. Any agent acting on behalf of Nokia must meet the same standards.
Dealing with government officials
Giving to a third party “anything of value” that is intended to influence a business action may be considered bribery. Nokia employees are expected to exercise extraordinary caution when dealing with government officials which can include employees of a state-owned customer enterprise.
Nokia’s Ombuds program is designed to champion a speak-up culture that empowers employees to raise and discuss compliance questions and concerns. The vast network of local ombuds leaders promotes the program and serves as confidential and neutral resource for any compliance questions, concerns and requests for guidance.
Nokia’s compliance training portfolio consists of online mandatory and targeted training and live sessions. To supplement our annual mandatory Ethical Business Training, we also deploy online microlearning modules on high-risk topics to specific target audiences based on location and/or job function.
Conflict of interest
Nokia has a Conflict of Interest (COI) policy which provides important information and guidance to help employees understand, recognize, disclose and resolve conflicts of interest. Consistent with the COI policy, all employees are required to disclose conflicts of interest using the confidential web-based COI disclosure tool.
All Nokia employees are empowered to raise concerns and speak up about potential violations of our Code of Conduct. Retaliation of any kind is not permitted, and we take seriously all allegations regarding any form of reprisal and investigate such concerns thoroughly.
How we protect the data of our customers, employees and other sensitive data is critical to our business and reputation. With the growth in the deployment of new technologies towards a world where everything and everyone are connected and interconnected, data privacy and security issues are also on the increase.
Providing the tools to enable a speak-up culture
All employees are empowered to raise concerns and speak up about potential violations of our Code of Conduct. Retaliation of any kind is not permitted, and we take seriously all allegations regarding any form of reprisal and investigate such concerns thoroughly.
Our commitment to compliance with all relevant laws and regulations and to building and maintaining trust and credibility with all stakeholders is unwavering. We ensure the tools and means are available for any employee or other stakeholder to raise a concern and bring an issue to the attention of the compliance team. Whichever way the individual chooses to report a concern, it is handled confidentially by a diverse team of compliance professionals. Reporting of concerns can be done anonymously. We offer email, website and call options as well as an expanding network of ombuds individuals who can be approached personally for advice and support.
The Nokia Business Ethics Helpline is managed by an independent supplier and is available 24 hours a day, 7 days a week. Calls and conversations are entirely confidential, and a reporter may remain anonymous. The Helpline enables persons to report concerns in more than 23 different languages. In addition to the Nokia Business Ethics Helpline and ombuds representatives, concerns may always be raised with line managers, HR personnel, and Legal and Compliance members.
Our global Ombuds Program
At the end of 2021, we had 220 local Ombuds leaders around the world, and 90 percent of our employees work in locations with an onsite Ombuds leader. Ombuds provide a safe and strictly confidential space to speak up. They remain completely neutral, impartial, and non-judgmental. Over 2000 questions and concerns have been raised to the Ombuds network over the past four years.
We are committed to respect and support the Human Rights principles and values laid out in the International Bill of Human Rights (consisting of the Universal Declaration of Human Rights and its related covenants), the International Labor Organization’s Declaration on Fundamental Principles and Rights at Work, Organization for the Economic Co-Operation and Development (OECD) guidelines for Multinational Enterprises and the United Nations Guiding Principles on Business and Human Rights.
We fundamentally believe that connectivity and the technologies we provide are a social good that can support human rights by enabling free expression, exchange of ideas, education and economic development. Simply put, our technology allows billions of people around the world to communicate and access information and we are proud of this.
While we embrace fully our technological advancements, we are humbled by the responsibility that comes with this and acknowledge the risks.
The most salient human rights risks related to our company and business involve the potential misuse of the technology we provide to infringe on the right to freedom of expression and right to privacy. Particularly in relation to lawful interception capabilities and activities by governments that relate to the network infrastructure equipment that we design, produce and support for telecom operators and other customers. As with any large enterprise, Human Rights risks also exist across our entire operations from our supply chain to our own operations. We have processes and policies in place for those.
Human rights across our business
For more information on Human Rights across aspects of our business visit the pages below.
Human Rights Due Diligence
The Nokia Human Rights Due Diligence (HRDD) process is a non-commercial cross company investigative process covering sales as well as R&D. This process is pre-emptive and rigorous. It is used to identify the potential risk level of human rights violations through the misuse of our technology before any sale is done or a solution is developed, while also attempting to identify ways to mitigate these risks to ensure compliance to our Human Rights Policy.
Of the HRDD cases investigated in 2021, 73% were resolved as Go, 26% as No go and 1% as Go with conditions.
HRDD is centrally managed by a full-time Head of Human Rights who reports to a senior manager, using a global process to ensure accountability, reportability and consistent practices across Nokia. The Head of Human Rights function is part of the Sustainability team in Corporate Affairs and works across the entire business ecosystem from business groups to sales to ensure adherence to the Human Rights Policy. The Human Rights Panel, chaired by the Head of Human Rights, is a cross functional senior group including technical, legal, marketing and communications senior experts that is called upon when needed to analyze cases from all angles in terms of potential risk to Human Rights. In addition, the Human Rights Governance Council consists of senior executives who review cases where agreement could not be reached earlier, with the final decision being made by the Nokia President and CEO.
Training and transparency
Training is a key aspect of ensuring our commitments to Human Rights are upheld. Training, tracking results, communication of Human Rights Due Diligence findings, checkpoints are reviewed and, where needed, improved on an ongoing basis.
Nokia communicates more on its commitment to transparency in our annual People and Planet Sustainability report. Anonymized Human Rights Due Diligence case outcomes are also published in this report. Nokia was the first telco equipment vendor to publish these.
We aim to be transparent and active by working with key industry stakeholders including, amongst others, through membership in the Global Network Initiative (GNI). GNI is a unique multi-stakeholder group involving leading ICT companies, investors, academics and civil society groups.
In April 2020 the public version of our first ever GNI human rights assessment conducted by the independent assessor Foley Hoag LLP was released. We are honoured to report that the GNI Board found Nokia has made good faith efforts over time to implement the GNI Principles on freedom of expression and privacy. We began the process of our second assessment in late 2021.
Responsible supply chain
Our supply chain is an important but complex part of our business and our reputation. Despite its complexity and depth, we endeavor to enable continual improvement in both transparency and ethical practices. We also work to ensure our supply chain is well-managed in terms of social and environmental issues. The image below provides an overview of our supplier management approach, activities and process.
Our supply chain approach
Our supply chain approach
We have robust procedures and processes in place and we continually improve them where necessary. These are supported by clear, well communicated policies. We identify and understand the risks associated with our supply chain and build and implement the programs and actions that help mitigate those risks. We employ a variety of audits and assessments to verify the integrity of our supply chain. We engage and increase supplier capabilities through learning and where necessary instigate remediation activities. We maintain a Corporate Responsibility risk map of our suppliers which we update regularly.
In 2021, we had business with around 11 000 suppliers, and 80% of our total supplier spend was distributed across around 300 suppliers. Our suppliers fall into four broad categories: hardware suppliers for product materials; services suppliers who support the provision of services to our customers such as in installation and construction of the networks we sell; IT suppliers; and indirect suppliers for everyday goods and services we need to run our business such as consulting, legal and marketing. Our manufacturing suppliers are mainly based in Asia and services suppliers are based around the world.
Climate and our supply chain
We have set new supply chain related climate targets as part of our recalibrated overall science based targets. Our suppliers are expected to cut their emissions by 50% by 2030. That rises to 100% for final assembly suppliers from a 2019 baseline. We are also working with transportation suppliers to help us to bring our logistics emissions down by 73% by 2030.
We have set up an annual process of supplier engagement that embraces awareness, raising and good practice sharing, climate data collection and reporting, performance evaluation and, recognizing and rewarding great results. This is how we are working together with suppliers to deliver change.
Awareness raising and good practice sharing
Every year, we host the Nokia Supplier Climate webinar where we share our expectations, 2030 targets and good practices coming from different stakeholders within Nokia such as R&D, Logistics, Travel and Fleet and Real Estate. This is a great example of how our environmental experts from different business units are engaging, summarizing and sharing their insights and learning. The aim is to cultivate good practices across our supplier networks and find inspiring new angles for our suppliers to work on each year.
Climate data collection and reporting
We send out an annual climate assessment questionnaire via CDP to nearly 600 suppliers, supported by practical guidance and sessions on how to measure CO2 and how to fill out the required information. In case you’re unfamiliar with CDP (Carbon Disclosure Project), this global not-for-profit organization helps cities and companies like ours disclose their environmental impact, with the aim of making environmental reporting and risk management a business norm for us all. Following these assessment rounds, results are communicated with suppliers and tailored advice is shared with the next steps, based on their performance. When it comes to our final assembly suppliers, data collection and monitoring take place on a much more stringent monthly basis. Performance and reduction projects track and benchmark impact within our own factories.
Integrating results into performance evaluation
Supplier performance results are embedded into our Supplier Performance Evaluation process. Our suppliers receive scores for sustainability/carbon reduction alongside those for quality, business delivery, relationship, and innovation performance.
Rewarding and recognizing best examples
Recognizing great practice is as important as penalizing the bad so Nokia has embedded sustainability/carbon reduction into our Nokia Procurement Diamond Awards which are hosted by our top leadership team.
Modern slavery and forced labor
We do not tolerate slavery, servitude, trafficking in persons, and forced or compulsory labor in our own operations or in our supply chain. Labor and working conditions are an integral part of our monitoring, assessment and onsite auditing in our supply chain. We have also increased our vigilance and follow up on the issue of potential mistreatment of ethnic and other minorities in supply chains globally. Our supplier training, communication, and workshops emphasize the importance of this issue and our non-tolerance. We have also set new KPIs for follow up and reporting.
Materials traceability and conflict minerals
Potential risks remain related to the mining, extraction and trade of metals industry that provide key minerals in electronic components. These risks include but are not limited to military conflict, potential human and labor rights abuses, and environmental damage. Our due-diligence approach is aligned with the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals.
Water in our supply chain
We address supplier categories where water may be a material risk through a water assessment program. In 2021, 273 (275 in 2020) of our manufacturing suppliers completed the CDP Water Security assessment, representing 49% of our total supplier spend (51% in 2020). Out of the participating suppliers, 71% (97% in 2020) had undertaken a water-related risk assessment for their direct operations and identified actual water-related risks in their operations such as flooding or increased water stress or scarcity, potentially resulting in the reduction or disruption in production capacity or increased operating costs. 53% of suppliers had structured targets (57% in 2020) related to water consumption, discharge or withdrawals. Targets were mostly related to internal efficiencies rather than being contextual (for example, basin facing high risk or shared water challenges). Refer to the supplier water risk map relevant to our manufacturing location.
Supplier learning and Capability building
On top of the effort we spend on auditing and assessing our supplier performance across ESG topics, we also put significant effort into our supplier capability building in collaboration with a range of partners (see partners section) as well as directly. Our sustainable supply chain team has hundreds of follow up sessions with suppliers around their performance improvement. We also conduct and deliver training webinars online and onsite including topics such as diversity and inclusion, modern slavery, responsible minerals sourcing, climate change, health and safety, and ethical business practices. In 2021, we held in total 21 different online workshops with our suppliers.
Recognizing supplier achievements
Sustainability is one category in our annual Supplier Diamond Awards alongside the Quality Award and the Innovation Award. The Supplier Diamond Awards are Nokia’s annual recognition program to reward supplier excellence across several categories including sustainability. Suppliers present their cases in front of expert juries and are recognized at our annual supplier event, in the presence of Nokia top leadership.
The winning supplier of the 2021 award demonstrated excellent energy efficiency improvements in their own operations as well as product innovation contributing to reductions in the CO2 footprint of printed wiring board.
While Nokia is very active in various industry forums around sustainability issues, below is a list of organizations that we collaborate with around responsible sourcing and supply chain topics.
Responsible Business Alliance
Nokia is a member of the RBA, a coalition of the world’s leading companies working together to improve efficiency and social, ethical, and environmental responsibility in the global supply chain. As a member we endorse the role that industry collaboration plays in improving challenging issues. We participate in various networks and working groups within RBA, such as the Responsible Minerals Initiative. We support the mission of the Alliance and have adopted the RBA Code of Conduct as the basis for the requirements we place on our suppliers, further supplemented by Nokia own supplier requirements.
Sourcing and supply chain issues are ever more complex and we believe can be addressed more effectively via industry collaboration and shared efforts that are built on common working groups and understanding. We also look forward to contributing with our years of experience in sustainability and responsible sourcing issues worldwide.
CDP (Climate and Water)
Collaboration on annual assessment of supplier climate emissions and supplier learning and capability building on this topic.
Collaboration on supplier assessment, improvement, and training across sustainability portfolio including labour, environment, ethics and supply chain.
World Economic Forum´s First Movers Coalition
Nokia is a founding member of this network aimed to create a new market and spur growth by leveraging collective demand and purchasing commitments for zero-emissions goods and services by 2030. It is working across eight key sectors: steel, cement, aluminium, chemicals, shipping, aviation, trucking and direct air capture. The coalition is made up of leading companies that recognize accelerating innovation is critical to keep our climate goals alive. The initiative is a partnership between the US Office of the Special Presidential Envoy for Climate John Kerry and the World Economic Forum.
Responsible Minerals Initiative
Nokia is one of the founders of Responsible Minerals Initiative, a sub-initiative of Responsible Business Alliance.
Public-Private Alliance for Responsible Minerals Trade - RESOLVE
For upstream engagement around responsible minerals trade we have continued our work with the Public-Private Alliance, contributing to the development of in-region programs for responsible minerals trade.
Data Privacy & Security
Protecting customer, employee, and other sensitive data is critical to our business and reputation. It underpins the trust our stakeholders put in us as a company, in our technology and in our people every day.
Products with built-in trust
Design for Security Society’s increasing dependence on newer and safer technologies is a market concern. We aim to develop products and services that meet or surpass the applicable security standards. Hence, we build privacy and security into the design of our products and services and employ appropriate safeguards to protect data against unauthorized use or disclosure.
Secure coding and secure hardening as well as systematic security testing are at the core of our design for security. We comply with our customers’ legal and regulatory requirements by enhancing continuously our products to meet the latest industry standards such as 3GPP SECAM/GSMA NESAS and Country Legal and Regulatory Requirements for the Telecommunications sector. We offer a comprehensive security products portfolio for telco cyber security and defence.
For more information, please visit https://www.nokia.com/networks/cyber-security/
Contributing and driving security standards
We take an active role in security standards such as GSMA SECAG which defined NESAS (security assurance scheme for networks), GSMA Fraud and Security group, 3GPP SA3 (defining security standards for 5G), in ETSI and others. The development and maintenance of our products and services are sustained by a company-wide Information Security Framework to reduce business risks by protecting and managing information in a consistent way, protecting Nokia’s customer data, and enabling transparency and accountability with respect to the handling of all information:
Our security controls and processes follow the ISO/IEC 27001 standard and NIST Cybersecurity Framework to ensure we identify and detect security threats and risks to our systems
A critical information protection program protects Nokia’s and its customers’ information
Our security awareness program drives cultural knowledge of security best practices and avoids potential threats to Nokia’s information
A Third-party Security Risk Management process for Nokia suppliers ensures supply chain security and complies with legal and regulatory requirements
Continuous internal and external auditing and external and internal simulated attacks activities validate the security implementation
ISO/IEC 27001 certifications for selected sites assure security compliance is attained. The scope of the certification is continuously expanded.
Incident and breach management
Security is an ever-growing concern within the telecommunications industry. We are firmly dedicated to protecting next-generation networks from attacks and are seen as a leader in the provision of network security solutions. Nevertheless, we and our products may be subject to cybersecurity incidents including those resulting from hacking, viruses, malicious software, unauthorized modifications, or other activities that may cause potential security risks and other harm to us, our customers or other end-users of our products and services. Therefore we have a comprehensive incident and breach management framework that spans our products and services, our own information systems as well as support to our Customers in security emergencies.