3.3 Consumers and end-users

In this section, we provide further insight into the specific initiatives and measures we have taken to ensure the privacy of our consumers and end-users, while also promoting equal access to our products and services. By sharing these actions, we aim to strengthen trust, accountability, and engagement with our stakeholders, encouraging other organisations to place a stronger emphasis on social responsibility.

3.3.1 Our strategy

With help of our Double materiality assessment, we assessed and identified the most material sustainability matters, also those relating to consumers and end-users. For further information on how our material topics relate to our value chain, please see section Our value chain and material topics within the General disclosures. For more information on how we engage in a dialogue with consumers and end-users, please see section Interests and views of stakeholders within the General disclosures.

Identifying our most material impacts helps us to prioritise our actions to prevent and mitigate identified sustainability matters.

For consumers and end-users, we identified (potential) material impacts, risks or opportunities on the following topics:

• Privacy
• Access to products and services.

More on how we address these material topics can be found in Our policies and in Our performance later in this Consumers and end-users section.

Connection to our strategy

PostNL’s Parcels network is a critical delivery service in the Benelux. As the universal postal service provider in the Netherlands, PostNL ensures wide accessibility of its Mail network.

It invests in out-of-home channels, digital services, and enhanced accessibility for individuals with disabilities as part of its strategy to improve service quality, tracked through NPS KPIs. However, challenges such as rising labour costs and labour capacity constraints pose risks to the affordability, accessibility, and reliability of postal services.

We remain committed to our legally mandated USO, delivering mail by the next day, five days a week. However, PostNL supports modernising postal regulations, including adjustments to the USO, in line with changes seen across Europe. Ensuring the long-term sustainability of the Dutch postal service will require collaboration with the government.

PostNL prioritises consumer privacy, both for physical mail and digital data, and heavily invests in its digital channels to ensure compliance with GDPR. To mitigate risks of non-compliance or litigation, it keeps up to date with cybersecurity frameworks like NIS2 and conducts monthly maintenance to strengthen its privacy control systems.

For a more elaborate explanation on how we invest in our people, please see pages 25-35 in Our strategy chapter and pages 36-48 in the Customer value chapter.

The table on the previous page provides a detailed depiction of our material impacts and risks relating to consumers and end-users. PostNL’s business model does not expose consumers or end-users to increased harm, and no material negative impacts have been identified regarding consumers and end-users. The identified risks primarily apply to the MailNL network, where maintaining affordability, accessibility, and reliability remains a challenge.

3.3.2 Our governance

At PostNL, engaging with consumers and end-users is essential for providing a distinctive customer experience and achieving our ambition to remain the favourite delivery service. Our approach is divided into direct and indirect engagement whilst providing adequate grievance mechanisms.

These processes allow us to collect and analyse feedback, respond to concerns, and improve service delivery. We focus on positive material impacts through our state-of-the-art solutions, ensuring easy access to reliable postal and parcel logistics services. This includes customer and consumer proximity, secure, inclusive, and accessible digital services, and accessible and affordable pricing for mail services.

Engagement with our consumers and end-users

PostNL actively engages with consumers through direct and indirect channels to enhance service quality and meet evolving needs. Direct engagement includes gathering real-time feedback via surveys, digital platforms, and personalized customer care, ensuring targeted improvements and inclusivity. Indirect engagement involves structured dialogues with stakeholders and external experts to address broader consumer concerns, ensure compliance, and refine services.

Direct engagement

The direct engagement with consumers is essential to continuously improving our services through the variety of channels. This feedback informs our strategic decisions and enhances the customer experience across all stages of engagement. We engage with consumers and end-users through information, consultation, and participation. PostNL also conducts research, particularly with groups with digital and physical accessibility challenges, to understand their experiences on both physical and digital platforms. Consumers also actively influence service improvements through real-time feedback on these platforms. Groups with physical accessibility challenges such as individuals with disabilities, the elderly, and those with limited mobility, are a key focus of this research, as these consumers often face specific challenges in accessing our services. We use the feedback besides identifying the service/customer issues, also for evaluating the effectiveness of the solution. Through ongoing review, we identify further improvements to ensure our services remain responsive to consumer needs.

PostNL is committed to improving accessibility, particularly for people with disabilities. We are enhancing the accessibility of our digital channels, including the PostNL app and Track & Trace, through collaboration with external experts. These efforts are guided by the European Accessibility Act (EAA) and the Web Content Accessibility Guidelines (WCAG), ensuring that barriers for users with visual, hearing, or motor impairments are identified and addressed. Specialised training is provided to our customer care teams to assist consumers with digital accessibility challenges, including offering verbal support for visually impaired individuals and flexible delivery options for those with mobility challenges. Additionally, PostNL retail points are designed with physical accessibility in mind, ensuring locations are wheelchair-friendly and easily accessible by public transport.

NPS survey

The NPS survey is an important method for gathering insights into service elements such as accessibility, affordability, and reliability. This structured feedback informs our mitigation strategies, helping us identify areas for improvement and take targeted actions. NPS surveys are conducted after service interactions, providing ongoing data to assess service effectiveness and make necessary adjustments.

Data collection
Data is collected at various intervals, from biannual surveys to continuous feedback, ensuring immediate and long-term improvements through direct and structural changes. Important metrics include the NPS outcome, trend analysis, and the NPS participation rate (percentage of customers participating). Feedback from NPS surveys and social media monitoring helps address recurring issues and enhance accessibility. Our NPS improvement plan includes a goal to enhance proactive communication with consumers, especially in cases of service disruption such as delayed deliveries.

PostNL app

The app personalises the interaction with our consumers using thumbs-up or thumbs-down feedback system and functionalities such as re-routing deliveries and delivery preferences, giving consumers greater control over their interactions with PostNL. To measure the effectiveness of these engagement strategies, we track several key metrics, including the number of times the feedback button is used.

Customer Care department

The Customer Care department includes both the customer service team and Chatbot Daan, which provides 24/7 automated support and feedback collection to identify common consumer issues and adjust processes proactively. Chatbot Daan is being further developed with AI to evolve into a more advanced conversational platform. The customer service team offers personalised support via chat, phone, and letter during regular business hours, ensuring human assistance when needed.

Feedback from these interactions helps refine processes and enhance satisfaction. Important metrics, such as the problem-solving capabilities of Chatbot Daan and the customer care contact ratio, support continuous improvement. PostNL provides ongoing staff training to ensure consumers with digital and physical accessibility challenges receive the care they need, reflecting our commitment to inclusivity and accessibility across all operations.

Social media platforms

We actively monitor social media platforms, allowing us to engage with consumers in real time. Feedback gathered from social media interactions helps us quickly address any emerging concerns, ensuring that we stay connected with our users and make timely service improvements. This ongoing monitoring complements other feedback channels, giving us a comprehensive view of consumer sentiment and service quality to measure the effectiveness of these engagement strategies, we track several key metrics, including the statistics from social media platforms, including qualitative interactions.

Indirect engagement

At PostNL, indirect engagement is a key element of our strategy to ensure that consumer needs and concerns are considered at all stages of service development and improvement. Our Public Affairs department collect indirect feedback from credible proxies through structured dialogues. These processes help us maintain compliance, gather diverse perspectives, and ensure our services are accessible and consumer-focused. 

ACM and Geschillencommisie

PostNL's Data Governance Board ensures compliance with GDPR and PostNL’s privacy policy, providing an additional layer of governance over data usage and privacy. PostNL’s Public Affairs department collaborates and communicates with external mechanisms, including VNO-NCW and Thuiswinkel.org. The Consumentenbond and the Geschillencommissie also provide an independent review mechanism, further reinforcing transparency and fair complaint handling.

These engagements inform our mitigation strategies and help refine service offerings to meet evolving consumer needs. Additionally, PostNL ensures compliance with laws and regulations, which are monitored by the Dutch Authority for Consumers and Markets (ACM).

PostNL has engaged in communications with the Consumentenbond. However, following their withdrawal from joint creation of General Terms, we are now exploring alternative ways to involve the consumer perspective in setting general terms with the Geschillencommissie. These engagements inform our mitigation strategies and support the refinement of service offerings to address evolving consumer needs.

External experts

PostNL also collaborates with external experts to assess and improve the accessibility of our digital services. This collaboration enables PostNL to comply with international accessibility standards and continually improve the user experience. Consumers and external experts participate in testing new products and services, which ensures our offerings are user-friendly and compliant with accessibility standards. PostNL collaborates with independent external parties for periodic reviews of our complaints management and remediation processes. These reviews, including ISO certification audits, validate the effectiveness of our engagement strategies and provide critical input for refining our approach to service management. We monitor the outcomes of these audits and specific accessibility improvements based on feedback from external experts. We do not have metrics to track effectiveness with this stakeholder collaboration.

Grievance mechanisms and channels to raise concerns

At PostNL, our structured processes ensure that we address negative impacts promptly, with a continued focus on service quality and trust. Complaints are handled by our Customer Care department, which tracks every issue from submission to resolution. We maintain strict confidentiality and provide protections against retaliation, in line with the Dutch Whistleblower Protection Act. Our internal policies safeguard individuals who raise concerns. Our remediation processes and grievance channels align with our broader strategy of minimizing negative impacts while improving service offerings.

PostNL offers multiple accessible grievance mechanisms, including its website, app, phone service, and social media platforms. Complaints are managed internally, ensuring consistency and reliability, with escalation protocols for serious issues. Feedback is analysed to identify improvement opportunities. To ensure centralised complaint management, our business partners, including retailers and parcel deliverers, are required to direct complaints through our formal channels to ensure centralized management.

Providing remedy

Remediation at PostNL is based on thorough investigations and may include financial compensation through the sender, corrective measures, or actions to prevent recurrence. In cases with material impacts, we involve affected individuals in designing the remediation process. We track complaints from submission to resolution, ensuring a comprehensive and responsive approach to remediation. Stakeholders are engaged through surveys and feedback mechanisms to improve our processes. External audits and reviews, along with our internal evaluations, ensure our practices align with the UN Guiding Principles on Business and Human Rights, the OECD Guidelines for Multinational Enterprises, and PostNL's cybersecurity protocols. These practices help us maintain transparency and integrity in data handling during remediation efforts.

Transparent communication

At PostNL, we prioritise clear communication, keeping consumers informed throughout the entire process, including any remedy steps taken. All grievances are handled confidentially, and personal data is managed in compliance with GDPR and our Group Policy on Privacy. We use a central SIEM system to quickly detect and address potential data breaches, with oversight from the Data Governance Board ensuring privacy and security across all operations.

Consumer concerns
Consumers can raise concerns anonymously through third-party representation, with data protected according to regulations. In cases of suspected misuse, such as fraud, personal data may be used for investigation, including reviewing video footage, and shared with third parties like delivery partners to resolve complaints.

We review the effectiveness of our communication and complaint processes, using feedback to improve services. Data is securely stored and breaches are promptly reported to the Dutch Data Protection Authority (AP). All employees are bound by non-disclosure agreements, ensuring ongoing privacy protection.

Assessing the effectiveness of remedy

At PostNL, we systematically evaluate the effectiveness of our remediation processes by tracking key performance indicators such as customer satisfaction, complaint resolution times, and the recurrence of similar issues. These assessments are integrated into our ongoing improvement programs, ensuring that lessons learned from customer feedback are used to enhance service quality and prevent future negative impacts.

Calibration session with customer service employees allows us to measure the impact of our training programs on customer satisfaction and ensure that our employees are equipped to handle complaints efficiently and empathetically. The external audits, along with external feedback from stakeholders, provide an additional layer of oversight, ensuring that our systems remain effective, transparent, and aligned with consumer rights.

Operational-level grievance mechanism

PostNL operates a structured complaint management system, for example Chatbot Daan, that allows consumers and end-users to submit complaints through the various accessible channels. This system reduces waiting times and ensures that customers are directed to the appropriate department for swift resolution. All complaints are centrally registered by our Customer Care team, ensuring consistency and transparency.

PostNL evaluates complaints based on severity, with routine issues such as lost or damaged parcels being resolved promptly through established processes. We escalate serious issues, such as fraud or privacy breaches, to senior management or dedicated teams for further investigation. The senior management monitors the escalation process to guarantee swift and effect action. Our cybersecurity measures, including central monitoring and incident response systems, ensure that personal data involved in these investigations remains protected.

PostNL's Data Governance Board ensures compliance with GDPR and PostNL’s privacy policy, providing an additional layer of governance over data usage and privacy. PostNL’s Public Affairs department collaborates with external mechanisms, including VNO-NCW and Thuiswinkel.org, the Consumentenbond and the Geschillencommissie to offer an independent review mechanism, reinforcing transparency and fair complaint handling.

PostNL continuously assesses its complaint management system through key performance indicators, such as resolution times and customer feedback. Reports track complaints by volume and resolution times to ensure recurring issues are addressed promptly. In addition to internal reviews, we collaborate with external partners to audit and evaluate the complaints management system, ensuring that our processes are effective and continuously improving.

Safeguarding trust and protection

PostNL ensures all grievances are confidential and compliant with privacy laws. Individuals using grievance channels are protected from retaliation, as outlined in our human rights policy and whistleblowing procedure. Confidence in these processes is assessed through surveys, enabling refinements. Grievances are handled with respect for privacy, and individuals may raise concerns anonymously or through third-party representation if they prefer. Our policies guarantee the confidentiality and protection of personal data.

PostNL encourages all stakeholders to report any suspected misconduct, with the assurance of protection from retaliation. Reports are handled confidentially, without public exposure unless legally required. Any form of reprisal, such as demotion, harassment, or discrimination, is not tolerated. Should retaliation occur, immediate reporting to the Director of Audit & Security is mandated. Respecting privacy remains a priority, especially in incident reporting, ensuring sensitive information is protected through secure data protocols, as outlined in our Privacy Policy. By continuously analysing feedback, PostNL ensures that its grievance mechanisms remain accessible and trusted by all stakeholders.

Monitoring

The most senior roles overseeing the engagement processes are: Directeur Customer Care, Directeur CX Insights & Quality Management, Directeur Consumer and Directeur CX Transformation. We are enhancing the accessibility of its digital channels. These efforts are guided by the European Accessibility Act (EAA) and Web Content Accessibility Guidelines (WCAG), ensuring that barriers for users with visual, hearing, or motor impairments are identified and addressed.

3.3.3 Our policies

We have identified two material topics related to consumers and end-users: privacy and access to products and services. PostNL places great importance on handling the personal data of its customers and consumers with the utmost care, adhering to all applicable laws and regulations, such as the General Data Protection Regulation (GDPR) and GDPR Implementation Act. To this end, we have established a Group Policy on Privacy, which outlines the fundamental principles we follow regarding the use of personal data. While PostNL does not have a specific group policy on 'Access to Products and Services', relevant information is integrated across various policy documents.

Privacy policy

At PostNL, we prioritise safeguarding personal data, treating it with the same care as physical mail. Privacy protection is embedded in our operations, with our approach governed by the PostNL group policy on privacy and our business principles. Our measures ensure compliance with privacy laws, including the GDPR and the General Data Protection Regulation Implementation Act.

Our privacy policy provides clear guidelines for the secure handling of personal data, supporting stakeholder collaboration. These privacy standards apply across the entire company, ensuring full legal compliance in all regions and business units where we operate. The group policy on privacy covers personal data management throughout the entire value chain, without exceptions. It is managed by the privacy office and overseen by the Board of Management, with responsibilities delegated to the CFO and CPO. Our Privacy policy covers the material topic privacy.

The privacy office works closely with Group Legal, Audit & Security, and IT to monitor legal developments and ensure up-to-date privacy controls. Our structured approach follows the Plan-Do-Check-Act (PDCA) cycle, ensuring continuous improvement and compliance across all business activities.

Policies relating to access to products and services

There are three main policies linked to access to products and services: the business principles, the human rights policy, and the cybersecurity policy. These policies manage PostNL's material impacts, risks and opportunities related to consumers and/or end-users. They are designed to address all consumers and end-users, ensuring that the needs and rights of specific groups, as well as the broader consumer base, are considered.

Our policies, including our business principles and human rights policy (which covers only those items that relate to fundamental rights), guide our approach to ensuring that the needs of specific groups, as well as the broader consumer base, are met. This comprehensive approach allows us to mitigate risks and leverage opportunities, ensuring PostNL remains a reliable and secure service provider for all.

Business principles

The business principles are central to ensuring that our products and services remain accessible, reliable, and inclusive. They emphasise our commitment to consumer proximity and maintaining affordable prices, particularly for mail services. PostNL is committed to safeguarding personal data, as reflected in our principle.

More Information regarding our business principles can be found on pages 131-133 in the Business principles, policies and procedures section of the Corporate governance chapter.

Human rights policy

At PostNL, our human rights policy is a pillar of our commitment to providing secure, inclusive, and accessible services that positively impact our customers and the communities we serve. As a critical player within the international, parcels, and mail networks, we recognise our responsibility in society. More Information on our human rights policy can be found in Our policies within the Own workforce section.

Cybersecurity policy

Cybersecurity is essential to safeguarding our services and protecting customer data. The policy aims to manage and protect PostNL assets and data from cyber security incidents by implementing a baseline of security measures to reduce risks to an acceptable level. Our cybersecurity policy covers the material topic access to products and services. Our cybersecurity policy aligns with business principles and external standards, including ISO/IEC 27001 and the NIST Cybersecurity Framework, ensuring a structured approach to managing IT risks. Under the leadership of the chief information officer (CIO) and chief information security officer (CISO), the policy is applied across all large and medium-sized entities within PostNL, specifically those based in the Netherlands, focusing on compliance, baseline security, risk assessments, and governance.

The Plan-Do-Check-Act (PDCA) cycle supports continuous improvement, with updates planned for 2025 to incorporate stakeholder input and align with ISO 27005 standards. Our commitment to cybersecurity strengthens trust in our services.

3.3.4 Our performance

In 2024, we implemented a range of initiatives aimed at addressing the key material impacts, risks and opportunities on our consumers and end-users. These initiatives are designed to help us manage material impacts and risks while also exploring new opportunities. Additionally, we have established robust processes to monitor and assess the effectiveness of these actions, ensuring continuous improvement and alignment with our strategic objectives.

Two key actions have significantly contributed to safeguarding the privacy of our consumers and end-users:

Further implementation and enhancement of the privacy framework

The privacy control framework was updated in August 2023 and was implemented and refined throughout 2024. This ongoing effort ensures compliance with privacy regulations and addresses emerging challenges in the privacy landscape, reinforcing PostNL’s commitment to protecting sensitive information.

Update of the privacy statement

The process to revise the privacy statement began in the second quarter of 2024, culminating in its publication on PostNL's website on 1 November 2024. This regularly reviewed initiative underscores our dedication to maintaining transparency and ensuring alignment with evolving privacy requirements.

Privacy

Actions

At PostNL, the protection of personal data is integral to both our operational integrity and the innovation of our services. To ensure robust data protection, we have embedded several frameworks within our risk management system, including a dedicated privacy framework. This framework helps achieve policy goals by lowering the risk of legal issues and non-compliance through active privacy management. It protects customer privacy, which builds trust and loyalty, and checks ensure PostNL stays compliant, safeguarding its reputation and supporting its goal to be a trusted brand.

In 2023, we undertook a comprehensive review of the state and effectiveness of our privacy control framework, building on our earlier GDPR implementation. This framework was further enhanced throughout 2024 to address emerging privacy challenges and ensure ongoing compliance. Collaboration between the privacy office (second line) and business departments (first line) is central to this initiative.

Implementation of comprehensive privacy governance and control framework

PostNL has implemented several frameworks within its risk management system, including a dedicated privacy framework. In 2023, we performed an integral review of the current status and adequacy of our privacy control framework as a follow-up on the earlier GDPR implementation. This framework was further implemented and refined throughout 2024 to address emerging privacy challenges and ensure ongoing compliance. The privacy office and business departments collaborate on this initiative. The GDPR is an EU regulation (Algemene verordening gegevensbescherming - AVG) that aims to protect all EU citizens from privacy and data breaches in today’s data-driven world.

Main elements of the privacy control framework include:

• Governance and accountability: Reviews of governance and processes to uphold accountability in personal data protection.
• Processing register: Keeping a detailed record of data processing activities in OneTrust, which is audited twice a year. The check on controls by the business itself should take place quarterly.
• Data protection impact assessments (DPIA): Conducting DPIAs to identify and mitigate potential privacy risks, with processes reviewed during audits.
• Data breach reporting: Developing and following a process for reporting and managing data breaches, which are also subject to audit reviews.
• Data processing agreements: Ensuring all data processing agreements with third-party vendors comply with GDPR, checked twice a year in audits and quarterly by the business itself.

This framework is updated yearly and reviewed whenever a new service is introduced. In February 2024, a new dashboard was developed to monitor the processing register and data protection impact assessments, ensuring comprehensive oversight. We aim to include all privacy-related matters in self-assessments and audits to stay 'in control'. By maintaining up-to-date records and conducting audits, the framework supports continuous compliance and adaptation to new privacy challenges. This comprehensive approach helps mitigate litigation and non-compliance risks, safeguards consumers' and end-users' privacy, prevents reputational damage, and ultimately fosters trust and loyalty among consumers and end-users.

Framework's scope

The framework's scope encompasses all PostNL group companies, affecting consumers and end-users across all countries. This annual and ongoing initiative, where the privacy control framework is implemented and executed by 31 December 2024, addresses risks related to litigation, non-compliance, and reputational damage due to data privacy breaches. PostNL believes that it is vital to handle the personal data of its customers and consumers with due care and adhere to all applicable laws and regulations, thereby enhancing trust and loyalty among consumers and end-users. The framework reduces negative impacts on consumers, ensures compliance with GDPR, and supports continuous compliance and adaptation to new privacy challenges.

Measuring effectiveness

The effectiveness of the privacy control framework is measured through practical implementation of privacy safeguards, with self-assessments and audits.

Update of privacy statement

PostNL is committed to protecting personal data and complying with relevant laws and regulations. On 1 November 2024, we updated the privacy statement for our Dutch entities to reflect the use of personal data for all (new) services, ensuring compliance with GDPR requirements and transparency for consumers. This update helps mitigate risks of non-compliance and potential fines.

The privacy statement is yearly reviewed to stay current with service changes, with effectiveness monitored through consumer feedback and privacy-related complaints. Collaboration between the privacy office and business departments ensures accurate content, maintaining trust and safeguarding privacy. Our proactive approach reduces risks of GDPR non-compliance, litigation, and reputational damage, supporting long-term business sustainability.

Targets

At PostNL, we have not established specific strategic or corporate-level targets regarding the privacy control framework and privacy statement. However, we continuously monitor the effectiveness of our privacy policies and related actions through alternative mechanisms. These actions remain process-driven, focusing on ensuring adherence to relevant standards and regulations. Our primary focus is on internal performance metrics to ensure compliance and safeguard operational integrity. While no external targets are currently in place, we continue to closely monitor the implementation of our initiatives.

Privacy control framework 

Each year, we ensure the 100% ‘effective’ implementation of three critical controls within the privacy control framework. These controls include:

• Registration of all processing activities and the performance of data protection impact assessments (DPIAs)
• Notification and incident management, including the registration of data breaches
• Management of data processing agreements.

In June 2024, we conducted a comprehensive review of our privacy controls, identifying areas that require further improvement. While several controls were deemed effective, it was clear that the privacy framework has not yet reached its intended level of maturity. Progress continues to be assessed against the baseline set in 2023, with the aim of achieving full effectiveness in the implementation of privacy controls.

PostNL has not established external targets for privacy controls, as the privacy control framework is embedded within the broader organisation and is an integral part of our overarching risk management framework, specifically following the Three Lines Model. Throughout 2023, we focused on the implementation of this model across the 10 key compliance domains. Clear roles and responsibilities have been defined with Executive Committee members, explicitly outlining the first, second, and third lines of defence for each compliance domain. This comprehensive internal structure ensures that privacy controls are effectively managed, rendering external targets unnecessary.

Privacy statement

PostNL tracks the effectiveness of its privacy statement updates through alternative processes. Our 2024 approach included updating the privacy statement to ensure it accurately reflects how PostNL handles personal data and provides complete information on all personal data used for services, thereby avoiding GDPR fines. The privacy statement is published on the PostNL website, is publicly accessible, and has a clearly indicated revision date. The statement applies to all businesses and services featuring the PostNL logo and was last modified on 1 November 2024.

Key indicators of the effectiveness of these updates include:

• Yearly updates: The privacy statement is reviewed and updated yearly to reflect current practices and ensure accurate descriptions of all personal data used for all new services, avoiding fines under GDPR for incomplete information.
• Public accessibility: The privacy statement is published on the PostNL website, including a revision date, ensuring transparency.
• Revision date: The latest revision date, 1 November 2024, is clearly indicated.

These indicators ensure that our privacy practices remain up-to-date, publicly accessible, and compliant with GDPR requirements. The defined level of ambition for PostNL is to ensure that the privacy statement is accurately updated, reflecting current data handling practices and providing complete information on personal data usage for all services to avoid GDPR fines.

Access to products and services

Actions

As part of our double materiality assessment, we have identified four focus areas within the topic of 'Access to products and services':

• Digital accessibility
• Physical accessibility
• Affordability of Mail in the Netherlands
• Cybersecurity.

This section outlines the measures we have taken to address material impacts on consumers and end-users as well as our strategies to mitigate material risks and leverage opportunities that directly affect our consumers and end-users. Furthermore, we evaluate the effectiveness of these initiatives in each of the four areas.

Digital accessibility

In 2024, we focused on two major initiatives to maintain and enhance our digital accessibility and branding: the formalisation of policies and procedures in compliance with the European Accessibility Act (EAA) 2025, and the implementation of new branding across all digital communication channels. These initiatives were supported by a comprehensive investigation into the accessibility of our digital consumer channels and biannual research focused on user groups with digital accessibility challenges, such as those with low literacy, ensuring our efforts were thorough and inclusive.

The Digital Channels and Interactions (DC&I) department, with a dedicated DC&I team, is responsible for leading efforts to comply with the EAA 2025. This includes the formalisation of policies and procedures, as well as the implementation of new branding strategies to ensure all digital communication channels are accessible. Furthermore, monthly customer research is conducted, focusing on the accessibility of digital channels for user groups with digital accessibility challenges. This research helps PostNL track the effectiveness of its accessibility initiatives and make the necessary improvements.

Formalisation of policies and procedures in compliance with the European Accessibility Act (EAA) 2025

In 2024, we launched an initiative to formalise policies ensuring compliance with the EAA by 2025. This initiative focuses on embedding accessibility in our digital development processes, covering digital services for all PostNL business units and directly impacting our downstream value chain, including consumers and business customers.

In July 2024, we engaged an external consultant to assess the accessibility of all digital consumer channels, ensuring compliance with WCAG and EAA requirements. By the end of 2024, investigations were completed for most channels, with the remaining assessments scheduled for completion in the first half of 2025. The findings have been incorporated into our action plan, and identified issues are being actively addressed by dedicated teams.

Additionally, we launched a biannual research programme to evaluate accessibility for groups with digital accessibility challenges, including individuals with low literacy. This initiative strengthens our commitment to improving both digital and physical accessibility, promoting inclusivity, and ensuring compliance across all services.

Implementation of new branding in digital communication

The second major initiative in 2024 was the implementation of a new branding strategy across all digital communication channels. This initiative involved updating our visual identity and design elements to ensure consistency and accessibility across all digital interfaces. The scope of these actions also covered our digital services for all PostNL business units and impacted the downstream value chain, particularly focusing on consumers and end-users who interact with our digital platforms.

Ensuring compliance with the WCAG and the EAA was a key priority throughout this process, reinforced by insights from the investigation into our digital consumer channels. By incorporating these accessibility findings into our brand updates, we have ensured that our digital platforms not only adhere to our refreshed brand guidelines but also meet the highest accessibility standards.

The main findings from our accessibility investigations include:

1. Form accessibility issues, such as missing form labels and unclear error messages, making up for approximately 35% of identified issues. This affects people with a variety of disabilities, including visual impairments.
2. Content structure problems including inconsistent heading hierarchies and improper table markup, representing 25% of findings.
3. Navigation barriers for people with visual and motor impairments, accounting for 20% of cases.

These findings are being addressed through:

• A priority-based roadmap for resolving the issues following our agile way of working
• Integration of a design system with built-in accessibility features
• Mandatory accessibility acceptance criteria.

The biannual research on user groups with digital accessibility challenges played a supportive role in this branding initiative as well. By continuously assessing the accessibility needs of diverse user groups, we were able to refine our digital branding to be more inclusive and user-friendly. This approach not only reinforced our commitment to social inclusion but also helped us provide a consistent, reliable, and accessible experience for all users across our digital platforms.

Fraud prevention

To strengthen the security of our digital services and safeguard consumer data, we introduced two important initiatives in 2024. These initiatives included the integration of an anti-phishing code in our email communications and the launch of the PostNL eID system. These measures were essential in protecting customer information, reducing the risk of unauthorised access, and reinforcing trust in our services.

Implementation of anti-phishing code in our e-mail communication

In 2024, we implemented an anti-phishing code across all customer email communications to enhance security and protect consumer data. By enabling PostNL user accounts to set up a personal anti-phishing code, we provide consumers with a trusted and secure digital environment. This action supports our broader goals of offering secure, inclusive, and accessible digital services. It addresses reputational, compliance, and financial risks related to meeting affordability, accessibility, and reliability standards in our digital postal services. The anti-phishing code, available to all PostNL accounts worldwide, is a valuable component of our strategy to manage cybersecurity threats and ensure data protection.

The initiative started in 2022 and was fully implemented in 2024, positively impacting consumers and end-users throughout our value chain. The Digital & BIT Digital department is responsible for this action, with a dedicated team contributing to enhancing the overall security of our operations. By completing this initiative within a short time frame, we have strengthened our risk management strategy, ensuring that we continue to meet the evolving needs of our consumers and end-users while safeguarding their data. We track the effectiveness of this measure by monitoring the number of user accounts that have activated the anti-phishing functionality, which helps us maintain the integrity and trustworthiness of our digital services.

Introduction of validated ID-account (PostNL eID)

In 2024, we introduced PostNL eID in the Netherlands and Belgium, a secure digital identity system to enhance protection for consumers managing services like delivery preferences, parcel rerouting, and accessing Mijn PostNL. This initiative strengthens our commitment to data security, safeguarding consumer information, and ensuring trust in our services. By using secure methods such as transaction data and iDIN verification, we reduce the risk of unauthorised access, addressing key reputational and compliance risks.

PostNL eID is integral to our broader goal of providing secure, inclusive, and accessible digital services across the value chain. Led by our Digital & BIT Digital department, this initiative has strengthened our risk management and reinforced consumer trust. As we continue to monitor and refine this system, our focus remains on delivering secure, user-friendly solutions.

We have seen positive results, including increased trust, reduced phishing, and improved user experience, especially for groups with digital accessibility challenges. The implementation of EAA-compliant policies, along with refreshed branding, supports our aim to ensure accessibility for all users. Ongoing monitoring through monthly customer research and tracking key metrics ensures our services remain secure, inclusive, and compliant.

Physical accessibility

In 2024, PostNL allocated resources to enhance physical accessibility and ensure the affordability, accessibility, and reliability of our postal and parcel services. Two key initiatives focused on expanding the number of PostNL retail points in Belgium and increasing the availability of automated parcel lockers (APLs) in the Netherlands. These efforts, supported by ongoing financial and operational resources, played an important role in improving service accessibility and reliability for customers.

The cost-savings programme represents another pivotal area of resource allocation. This initiative prioritises investments in process automation, digitalisation, and enhancements to operational efficiency, all designed to preserve the affordability of postal services. These efforts, combined with investments in infrastructure, support PostNL’s overarching strategy of addressing customer needs while managing reputational, compliance, and financial risks. By year end, significant progress had been achieved, with these initiatives continuing to align with our dedication to fostering social inclusion and delivering high-quality services to consumers and end-users.

Expansion PostNL retail points in Belgium

By the end of 2024, we operated 1,150 locations, a year-on-year decline that was caused by the challenging retail market. Despite this, we remain committed to reaching 1,350 locations by the end of 2025, ensuring our services stay accessible and reliable for all consumers and end-users. This initiative, a critical step in our service development within PostNL Belgium, involves reconfiguring our PostNL retail location network to enhance the physical accessibility of our services.

By increasing the number of PostNL points, we aim to meet and exceed the expected standards of accessibility, while mitigating potential reputational, compliance, and financial risks associated with failing to meet these standards. The broader scope of this action impacted our retail operations, customers, delivery partners, and employees, particularly in Belgium, with a medium-term project completion expected by the end of 2025. Our proactive approach in expanding PostNL points ensure that we continue to provide high-quality, accessible services that meet the evolving needs of consumers and business customers alike.

Expansion of automated parcel lockers (APLs) in the Netherlands

In 2024, PostNL expanded its network of APLs by 25% compared to 2023, aiming for a 50% increase by the end of 2025. This expansion improves the physical accessibility of our services, enabling consumers to choose when and where to collect or send parcels, benefiting those not at home during the day. By the end of 2024, we had installed 1,083 APLs in the Netherlands.

From March 2024, we opened our APL network to third-party carriers, starting with GLS Netherlands. This shared network, available 24/7, is a sustainable and economical solution, benefiting consumers, SMEs, and e-tailers.

This expansion aligned with our strategic focus on improving access to products and services, ensuring our offerings remained flexible, secure, and reliable. The scope of this action impacted the downstream value chain, particularly consumers, delivery partners, and retailers, with full implementation expected by the end of 2025. This initiative supported our commitment to physical proximity and convenience, enhancing service accessibility and convenience for all consumers and end-users, while also addressing potential reputational, compliance, and financial risks related to failing to meet expected standards of affordability, accessibility, and reliability.

The effectiveness of these measures is assessed through indicators such as customer satisfaction rates and successful implementation of expansion targets. This ensures that we continue to meet regulatory requirements while providing reliable, high-quality services to consumers and end-users. Success is measured by achieving expansion targets, gathering customer feedback, and evaluating financial impacts, ensuring that we continue to provide physically accessible, reliable services.

Affordability Mail in the Netherlands

In response to the challenges posed by declining mail volumes and rising operational costs, we launched three initiatives in 2024 to maintain the accessibility and affordability of our services. These included the reduction of our public mailbox network, the implementation of a comprehensive cost-savings programme, and adjustments to postal service frameworks for business mail. These actions are critical to ensuring the continued affordability, reliability, and accessibility of our services, while mitigating potential reputational, compliance, and financial risks.

Reduction of the mailbox network

In 2024, we continued to implement our strategy to streamline the public mailbox network, aiming for a reduction of approximately 10% by mid-2025. By the end of 2024, we had reached 50% of our target, and full implementation remains on track according to our timetable.

This initiative ensures continued accessibility for all citizens, including those with limited mobility, while adapting to the ongoing decline in mail volumes. In accordance with the Postal Act, mailbox locations were optimised to meet statutory distance requirements—1,000 metres in urban areas and 2,500 metres in regions with fewer than 5,000 inhabitants. A key enhancement in this process was the introduction of combined parcel and letter lockers (PBA), designed to improve customer convenience. At the same time, the availability of lowered and medical mailboxes was safeguarded to accommodate diverse user needs.

Cost-savings programme

Our cost-savings programme, which has evolved over two decades, is a critical component of our strategy to keep mail services affordable. This programme focuses on automating, digitalising, and optimising processes across Mail in the Netherlands, enabling us to control costs despite the ongoing volume decline. Important advancements were made in 2023, including the centralisation of sorting locations and the introduction of new sorting machines. 

Extending the programme

While the programme is well-established, key components have been extended into 2025 and the years there after to ensure long-term affordability, accessibility, and reliability of postal services. These efforts are essential in addressing the evolving needs of our customers while ensuring the financial sustainability of our operations. Progress is on track, with cost savings aligning with our expectations, despite challenges in the digital mail initiative. The scope of this programme impacted various segments of our value chain, particularly in customer service and delivery, affecting consumers, end-users, and employees.

The Transformation Office focuses on implementing key actions within the cost-savings programme to ensure PostNL remains financially sustainable. These actions aim to control costs while keeping services affordable, especially in light of the ongoing volume decline. Key components include:

1. Automating and digitalising processes: The programme continues to increase automation and digitalisation across operations. This includes optimising sorting processes, the introduction of new sorting machines, and further digitalisation of services. These measures reduce reliance on manual labour, driving efficiencies across the mail handling process.
2. Redesigning products: Certain products, such as the number of mailboxes and delivery frequency of non-USO products, are being redesigned to better align with demand and reduce unnecessary operational costs. This ensures services remain accessible while managing costs.
3. Optimising sorting and delivery processes: The centralisation of sorting locations and the introduction of advanced sorting machines were key milestones in 2023. These measures help streamline mail processing and ensure a more efficient and cost-effective delivery system.
4. Management operating system changes: Adjustments to the management operating system are being implemented to enhance monitoring and control of costs, providing more flexibility to respond to changing needs and optimising resource allocation.

Outcome and alignment

The expected outcome of this programme is to ensure that PostNL continues to provide reliable, affordable postal services to consumers and end-users. The ongoing focus on automation, digitalisation, and process optimisation directly addresses the risk of failing to meet affordability, accessibility, and reliability standards.

These actions also align with PostNL's policy objectives by:

1. Maintaining affordability: Ensuring postal services remain financially accessible to all consumers
2. Enhancing service reliability: Improving operational efficiency, which helps maintain high service standards
3. Mitigating reputational and compliance risks: By meeting regulatory requirements and customer expectations, the programme reduces reputational and compliance risks.

This ongoing programme will help us continue to meet customer needs, ensuring PostNL remains sustainable and resilient in the long term.

Adjustment of postal services

To ensure the affordability and sustainability of postal services in the future, we are engaged in ongoing discussions with the Dutch government to make the necessary adjustments to the Postal Act. This adjustment is vital to maintain the financial viability of the USO amidst the ongoing annual decline in mail volumes and increasing labour costs. More information on this, including PostNL’s request for temporary government financial support under the Dutch General Administrative Law Act to cover net USO costs for 2025 and 2026, can be found in the Future of Mail box in the Our operating context chapter.

PostNL is committed to maintaining physical accessibility, ensuring regulatory compliance, and providing reliable, high-quality services to consumers and end-users. These efforts are actively steered and monitored by our transformation office, with success measured through the achievement of expansion targets, collection of customer feedback, and assessment of financial impacts. Through these actions, PostNL continues to deliver physically accessible, reliable postal services, meeting the evolving demands of our customers and the regulatory landscape.

Cybersecurity

In 2024, as part of our commitment to secure and reliable service access, we focused on strengthening several components of our cybersecurity programme in all PostNL business units. This included the implementation of an information security management system (ISMS), the integration of a risk management framework within ISMS, the enhancement of third-party risk management (TPRM) processes, and the establishment of strong security fundamentals for our operational technology (OT) systems. These efforts are essential to maintaining the security and accessibility of our products and services, benefiting consumers and end-users alike.

In 2024, we laid the groundwork for this cybersecurity programme as part of our internal control framework (ICFR), using a risk-based approach to identify and address cybersecurity threats. The security management system introduced in 2024 helps us anticipate, prioritise, manage, and monitor these risks. In 2025, we will build upon these initial measures to further strengthen our defences.

Implementation of information security management system (ISMS)

As part of the cyber security programme, in 2024 PostNL initiated the implementation of a comprehensive information security management system (ISMS). This system is integral to our broader strategy aimed at managing and mitigating risks to our information assets. It involves establishing and enforcing control frameworks, policies, and procedures critical to our information security governance. The ISMS ensures that we maintain robust security standards, particularly in safeguarding consumer data and reinforcing the trust that our customers and end-users place in us. This action is directly relevant to consumers and end-users, as it impacts the accessibility to PostNL’s products and services.

The primary objective of the ISMS is to reduce the risk of IT and cybersecurity breaches, which could disrupt essential PostNL services. Such breaches carry substantial risks, including operational interruptions, financial losses, potential claims, and reputational damage. By implementing and maintaining the ISMS, PostNL aims to ensure continuous, secure access to our services for consumers and end-users, supporting our commitment to social inclusion and reliable service delivery.

Integration of risk management framework within ISMS

In 2024, PostNL further strengthened its cybersecurity efforts by integrating a risk management framework within the ISMS. This framework is a critical component of our broader cybersecurity strategy, designed to assess, analyse, and address risks associated with information and operational technologies. By embedding this framework within the ISMS, we aim to enhance our ability to identify and mitigate cyber risks, ensuring that our information assets are protected and that our services remain secure and reliable for consumers and end-users.

The implementation of this risk management framework is vital in reducing the likelihood of business disruptions caused by IT and cybersecurity breaches. Such breaches could impact consumer access to essential PostNL services, leading to operational interruptions, financial losses, and potential damage to our reputation. Through this initiative, PostNL seeks to ensure continuous service availability, minimise costs, protect our reputation, and reduce potential claims, all while supporting our commitment to social inclusion and reliable service delivery.

Enhancement and optimisation of third-party risk management (TPRM) processes

In 2024, PostNL initiated the enhancement and optimisation of our TPRM processes as part of the cyber security programme. This effort focuses on revising and improving the tools and questionnaires used to assess and manage risks within PostNL’s supply chain. By strengthening these processes, we aim to reduce the likelihood of IT and cybersecurity breaches that could disrupt essential services for our consumers and end-users. This initiative supports our broader goal of maintaining secure and reliable services, which is critical for protecting our reputation, controlling costs, and minimising potential claims.

The enhancement of TPRM processes is crucial for mitigating the risks posed by third-party suppliers to PostNL’s operations. Effective risk management within our supply chain is vital if we are to ensure that our services remain secure and accessible, thereby safeguarding the trust of our consumers and end-users. This action aligns with our commitment to ensuring that consumer access to products and services is uninterrupted, even in the face of cybersecurity threats.

Establishing robust security fundamentals in OT systems

In 2024, PostNL strengthened the security of its operational technology (OT) systems as part of our cyber security programme, aimed at protecting OT infrastructure from cyber threats and ensuring uninterrupted service. This initiative is crucial for mitigating risks tied to our consumer impacts and dependencies, maintaining service reliability, and safeguarding our reputation.

The cyber security programme, including the ISMS, risk management framework, TPRM processes, and OT security, impacts all business units across the value chain. The ISMS has been implemented for the NIS-2 / ICFR scope of applications, with further expansion planned for 2025. This marks the completion of the first version of the ISMS. TPRM will follow in 2025, and OT security by mid-2026. Key milestones have been met, aligning with ISO27005 standards.

Effectiveness is monitored through evaluations and progress tracking, ensuring secure and reliable services while maintaining customer trust and satisfaction.

Targets

In 2024, we set a target for affordability. No targets have been defined for the actions relating to digital accessibility, physical accessibility and cybersecurity. These actions remain process-driven, focusing on ensuring adherence to relevant standards and regulations. Our primary focus is on internal performance metrics to ensure compliance and safeguard operational integrity. However, we continuously monitor the effectiveness of our policies and related actions through alternative mechanisms.

Digital accessibility

Preparations for EAA 2025 compliance

In line with PostNL's commitment to the European Accessibility Act (EAA), our Digital Channels and Interaction (DC&I) department is steering efforts to ensure compliance by 2025. Although no formal strategic or corporate targets have been set for this objective, PostNL is actively monitoring progress through a structured, management-led approach. Monthly alignment meetings, along with comprehensive documentation, support the tracking of actions to enhance digital accessibility. We also have audits and customer surveys, with a specific focus on individuals with dyslexia—marking the first research conducted among groups with digital accessibility challenges. The base year for tracking improvements has been set at 2024, as part of our ongoing commitment to enhance digital accessibility and reduce risks related to non-compliance. Our ambition is focused on achieving compliance with the EAA by adhering to WCAG 2.1 standards, ensuring secure, inclusive, and accessible services for all users.

Fraud prevention

The Digital department is responsible for overseeing the adoption and effectiveness of cybersecurity measures within PostNL. While no formal targets have been set, the department employs an alternative process to monitor progress. Specifically, we track the adoption rate of the anti-phishing code among user accounts and the number of validated PostNL eID accounts, as well as the frequency of validation checks. These figures are reviewed on a regular basis to measure progress from the baseline set in 2024.

We use quantitative indicators, including the number of user accounts that have activated the anti-phishing code and the number of validated PostNL eID accounts, to assess this progress. The base period for these measurements is the year 2024. Our ambition is to strengthen our cybersecurity framework by encouraging broad user adoption and validation of PostNL e-D accounts, ensuring the trust of our customers remains high.

Physical accessibility

Our Retail departments in the Netherlands and Belgium are responsible for driving the expansion of PostNL points and APLs. Although no formal targets have been established, we monitor progress through an alternative tracking process. This includes the use of quantitative indicators, such as the number of PostNL locations and the percentage of national coverage. The base period for tracking was set in 2024.

Our ambition is to sustain and improve the national coverage percentage of PostNL locations, ensuring this growth aligns with PostNL’s broader strategic objectives.

Affordability Mail in the Netherlands

Given the ongoing decline in mail volumes and rising cost pressures, particularly those related to labour, PostNL has identified the need for continuous cost-saving measures. To ensure the postal network remains affordable, we set a target to realise approximately €40 million in cost savings in 2024. These savings are critical to offset the impact of declining mail volumes, further exacerbated by increasing labour costs. Our approach is focused on enhancing the efficiency of our sorting and delivery processes, ensuring that we continue to provide reliable and accessible postal services across the Netherlands.

Alignment with our objectives

This target supports our goal of maintaining a sustainable postal network by addressing volume decline through cost savings and moderate pricing, aligning with the USO to serve all Dutch citizens efficiently and affordably. As stated, "we aim to mitigate volume decline through a moderate pricing policy and cost-savings initiatives, by further improving its sorting and delivery processes" (see press release Q4 2023 for more information).

Target specifics and baseline

The 2024 target of approximately €40 million in additional savings builds on the €39 million saved in 2023, establishing 2023 as the baseline year for progress. "For 2024, we assume to achieve around €40 million in cost savings, based on further adjustments of processes in the current business model that is built to meet the USO requirements" (see press release Q4 2023 for more information). Each year, a new cost-saving target is established; however, no specific target has yet been set for 2025. Potential savings could arise from measures such as the removal of letterboxes, enhanced efficiency through organisational restructuring, and other strategic initiatives.

Scope of the target

The target focuses on Mail in the Netherlands within the Dutch market, aiming to sustain postal services by impacting both upstream (labour and logistics) and downstream (customer services) value chains.

Methodology and interim milestones

The target is grounded in the scenario of an ongoing volume decline in the Dutch mail market, projected at 7%-9% for 2024. This projection considers historical data from 2023 and 2022, where cost savings were €39 million and €27 million, respectively. The data is derived from internal operational metrics and market analysis.

PostNL directly engages with its workforce and their representatives in setting targets through discussions at the executive committee (EC) and management team (MT) levels, where input from department directors, who represent their teams, is considered. This inclusive approach ensures that the targets reflect the needs and expectations of the workforce, contributing to a more cohesive and supportive work environment. The progress is monitored monthly by the Transformation Office, with results reviewed at the EC and MT levels, where department directors provide feedback based on their teams' performance. Quarterly updates from the CEO and CFO further enhance transparency, allowing employees to see how their input has shaped the targets and the company’s strategic direction. This ongoing engagement ensures that the workforce remains informed and involved in monitoring progress, enabling timely adjustments if necessary. Through annual collaboration with department directors and reviews by the EC and MT, PostNL ensures alignment with company goals and the continued involvement of stakeholders in the target-setting process.

The transition to a new service level, such as delivering standard mail within two to three days, aligns with similar regulatory adjustments seen in other European countries, reflecting a broader trend towards optimizing postal services in a sustainable manner.

Performance and monitoring

In 2024, we achieved approximately €40 million in cost savings through targeted adjustments to processes in our current business model. These initiatives are essential as we adapt to changing market dynamics while ensuring a sustainable and customer-focused mail delivery service.

Continuous improvement

We are committed to ongoing improvement through workforce feedback and quarterly briefings by the CEO and CFO. By focusing on operational efficiency and ongoing engagement with our stakeholders, we remain confident in our ability to meet our goals and continue delivering value across our network. As highlighted in our Q4 2023 press release, “PostNL set a clear direction to keep postal service in the Netherlands sustainable.”

Cybersecurity

PostNL has not set strategic or corporate-level targets for cybersecurity. Instead, we track the effectiveness of our cybersecurity measures through alternative processes, ensuring vigilant protection of our operations and services. Our information security management system (ISMS) and enhanced risk management processes allow continuous monitoring, reporting, and mitigation of cybersecurity risks, preventing breaches that could disrupt services and harm our reputation.

We have assessed the compliance score for all business units within the scope of NIS-2. This assessment determines the extent to which the IT assets in scope for each business unit meet the fundamental requirements of NIS-2. The resulting scores range from 31% to 76%. Progress is tracked using qualitative and quantitative indicators, such as incident counts, compliance with cybersecurity management controls, and information security assessment outcomes. These are reviewed quarterly by our business information security officer (BISO), who documents improvements and monitors follow-up actions. In June 2024, PostNL’s management conducted an assessment of our cybersecurity controls. While most controls were found to be effective, the assessment highlighted areas requiring further development to achieve the desired level of maturity in our cybersecurity framework. Progress is measured from a baseline set in 2023, with the goal of achieving full effectiveness in implementing cybersecurity controls by the end of 2024.

Integrated cybersecurity management

Cybersecurity controls are fully integrated into our overarching risk management framework, making external targets unnecessary. The Three Lines Model ensures comprehensive management:

• First line: BIT directors manage cybersecurity threats in their areas according to PostNL’s risk-based approach.
• Second line: Continuous monitoring and risk mitigation are overseen by the ISMS and related frameworks, with effectiveness tracked by the BISO.
• Third line: Internal Audit conducts independent reviews to verify compliance with internal and external requirements.

This integrated approach guarantees the continuous protection of PostNL’s assets and data, maintaining secure and reliable services for our consumers and end-users.

Each of our actions is aligned with PostNL’s broader risk management framework to address material risks. This report specifies how each action manages these risks within a comprehensive approach:

• Cybersecurity: The ISMS and TPRM are integral to managing operational and reputational risks. These initiatives help prevent disruptions in essential services and protect customer data, aligning with PostNL’s overall risk strategy.
• Digital and physical accessibility: Actions, such as EAA compliance and expanding physical service points, mitigate reputational, financial, and compliance risks related to service accessibility for all customer segments. This alignment supports our commitment to meeting regulatory and societal expectations.
• Affordability of MailNL: Our cost-savings programme and adjustments to postal service frameworks are central to managing financial and reputational risks, particularly in light of rising labour costs and decreasing mail volumes.

Metrics

PostNL Customer value performance indicators as indicated
2023 - 2024

Download spreadsheet

We have kept our average number one position in relevant markets. Monthly tracking NPS of our most important journey and of our touchpoints allows us to focus on enhancing customer experience, leading to actionable insights and improvements. For example, we have worked on improving important customer journeys such as I receive a package (for consumers), I get updated about my shipments (for business customers), and I become a customer. We are also continuously working on improving our digital channels such as the app and the business portal. We help SMEs to realize their full potential, and we ensure a seamless interaction with PostNL for consumers and customers.

In 2024, delivery quality for Parcels in the Netherlands reached 97%, aligning with our expected target range for the year. Throughout the year, we successfully implemented a first-in, first-out (FIFO) strategy to manage our unsorted stock efficiently. At the start of the third quarter, we temporarily scaled down total network capacity as a cost-saving measure, anticipating lower parcel volumes during the summer holiday period. However, during certain weeks, volumes exceeded expectations, leading to delays.

In the fourth quarter, we observed a surge in parcel volumes at the start of the week, surpassing our network capacity. Our peak season, which started at the end of November, was challenging this year. Because of the short period of time between Black Friday and Sinterklaas, we had to process a high number of parcels in a short period. Nevertheless, our FIFO strategy enabled us to limit most delays to a maximum of one day. Overall, we believe this performance reflects the effectiveness of our strategy in 2024. For 2025, we aim to maintain at least the same level of delivery quality by carefully balancing network capacity, customer satisfaction, and cost efficiency. Delivery quality at Mail in the Netherlands faced challenges in 2024, primarily due to staffing shortages at PostNL, higher levels of sick leave, and a strained labour market. For more information on delivery quality at Mail in the Netherlands, please see the Future mail box on page 16 in the Our operating context chapter or the performance summary of the delivery quality of Mail in the Netherlands on pages 38-39 in the Customer value chapter.

Additionally, necessary adjustments to our processes and organisational structure had a temporary negative impact on operational quality. Parcel volumes grew by 7% in 2024, with domestic volumes increasing by 1.4%, while our market share remained broadly stable. International parcel volumes continued to grow significantly, rising by 33% year-on-year. However, the volume growth was accompanied by mix effects—both in customer segments and product types—that were less favourable than anticipated, leading to increased client concentration.