3.1 General disclosures

3.1.1 Our impacts, risks and opportunities

In the table below, we disclose our material impacts, risks, and opportunities per topic, including their time horizon and where in the value chain they occur.

3.1.2 Our strategy

PostNL works to create positive social impact across its value chain by investing in an engaged, healthy and inclusive workforce, and by ensuring accessible products and services for all. Our people are central to long-term value creation, and we continue to build an empowered organisation where employees are heard, supported and able to thrive. Our approach covers S1 (own workforce), S2 (workers in the value chain) and S4 (consumers and end-users), ensuring consistency with our business model and strategy.

Our social strategy focuses on three priorities: fostering a safe, inclusive and supportive work environment; strengthening resilience and wellbeing; and unlocking opportunities for all through accessibility and development. These priorities are embedded in our policies, practices and culture, and informed by insights from our double materiality assessment. They are integrated into our operating model through clear governance (policy ownership, KPIs and targets), risk management (identification, mitigation and monitoring of salient social risks), and strategic programmes across the business. PostNL’s strategy may also create potential negative impacts for employees, delivery partners and consumers—such as workload, safety, labour‑standards, accessibility or privacy risks—which we aim to mitigate through preventive measures, clear standards, monitoring and investment in accessible and secure services.

In line with our strategy to achieve a positive impact in the value chain, we conducted a Human Rights Saliency Assessment in 2025. This assessment helps us determine which human rights issues are most relevant and serious for PostNL, focusing on risks to people rather than risks to the business. The analysis was carried out in accordance with the UN Guiding Principles on Business and Human Rights and the OECD Guidelines. All human rights issues were assessed for scale, scope, and remediability, with special attention to vulnerable groups and their position in the value chain. Based on this assessment, the most relevant issues were identified, which further refined our strategy. This approach enables us to concentrate efforts on the most significant risks and to prevent or mitigate potential negative impacts.

Integration into our business model

Own workforce

Our people are the foundation of PostNL’s service promise and the largest driver of operational quality. We aim to create fair, safe and rewarding working conditions across all roles and sites, and we focus on attracting, developing and retaining skilled people through competitive employment conditions, equal opportunities and a strong learning culture.

In the Dutch postal and parcels context, the material negative social impacts we identify are systemic in nature, reflecting broader sector dynamics such as workload and safety pressures, labour‑standard risks in flexible delivery networks, and accessibility and privacy considerations linked to digitalisation. The material social risks reflected in our strategy, such as workforce availability, safety, and the accessibility and security of our services, also carry potential financial implications and are therefore integrated into our policies, KPIs and risk‑management processes.

Health, safety and wellbeing remain top priorities, and we invest in preventive programmes, road-traffic-safety training and ergonomic workplace design. Mental wellbeing initiatives include coaching, awareness campaigns and flexible working arrangements to improve work–life balance. Diversity, equity and inclusion (DEI) are integral to our leadership and recruitment practices. We continue to expand opportunities for people with disabilities and under-represented groups, supported by internal targets and partnerships with social enterprises. We also embed learning and development in our performance cycle. We provide digital learning tools and leadership programmes to strengthen skills for a transforming logistics sector. We also maintain ongoing employee-engagement surveys, works council consultations and grievance mechanisms. Insights from these channels shape policy updates and local action plans.

Workers in the value chain

We rely on a mixed delivery model that includes contractors and delivery partners to provide flexible capacity across selected operations. We integrate value-chain labour standards into supplier selection, contracting and performance management. This includes minimum requirements on working time, health and safety, and measures against violence and harassment. We also maintain regular dialogue with delivery partners and their workers, including structured feedback sessions and access to reporting channels. These measures help safeguard service quality, protect people in our network and strengthen our long-term capacity.

Consumers and end-users

Our business model combines a nationwide postal network (including the USO) with a Parcels network across the Benelux, international coverage via Spring GDS and digital platforms. We focus on accessibility, affordability and reliability of services, alongside privacy and data protection. We continue to invest in our OOH network, for example through parcel lockers, and digital solutions to enhance convenience and inclusivity. We engage with policymakers on modernising postal regulation to ensure long-term accessibility and affordability.

These focus areas guide how we prevent and mitigate negative impacts, strengthen social resilience and create opportunities for all, helping to build a future-fit organisation that meets stakeholder expectations and broader societal needs.

3.1.3 Our governance

PostNL prioritises an engaged and empowered workforce, where employees have a voice in decision-making and access to safe, inclusive workplaces. Engagement is supported through structured feedback processes, regular consultation and open communication at all levels. Employee input is integrated into both strategic and operational decisions, with workplace wellbeing monitored on an ongoing basis. Accessible grievance mechanisms and reporting channels ensure concerns are addressed and ethical standards upheld. This section sets out our approach to engagement and grievance mechanisms not only for our own employees, but also for workers in our value chain and for consumers and end-users.

In 2025, our governance approach was reinforced through the Human Rights Saliency Assessment, guided by the Human Rights Working Group and validated by the Human Rights Committee. The findings have been embedded into decision-making and serve as a foundation for our due diligence processes. By combining saliency insights with internal dialogue, we established a clear prioritisation of human rights risks. This prioritisation strengthens engagement and grievance mechanisms and supports broader risk management through Enterprise Risk Management and CSRD reporting. Our governance framework goes beyond monitoring compliance to actively prevent and mitigate negative impacts within our operations and across the value chain.

Engagement

Engagement with own workforce

In 2025, we strengthened our approach to employee engagement as part of our due diligence on safe, inclusive workplaces. Engagement occurs at multiple stages, takes place through direct and indirect processes, overseen by senior leadership, including the Chief Human Resources Officer (CHRO) and Director of Human Resources (HR) People, to ensure employee voices are heard in decision-making. Special attention is given to marginalised groups, with their perspectives integrated via structured feedback, representation and leadership development. We also continue to monitor workforce wellbeing through monthly Executive Committee (EC) and Business Unit (BU) management meetings, using a ‘State of our People’ dashboard with key metrics and KPIs. BU management is also involved in target setting for absenteeism, together with HR. Employee engagement is centrally budgeted within HR People.

Daily interaction between employees and managers remains central, with feedback driving operational and leadership improvements. To measure employee engagement, we introduced two new tools: the Annual Team Survey and a Quarterly Work Experience Scan, providing more frequent insights into workplace experience. Results are shared with team managers and directors to support improvement. Specific outcomes are discussed in teams after an evaluation and feedback is integrated in decision-making when necessary. Yearly results are discussed in the Board once a year. With no set end date, we will continue to use these tools. For more information, refer to the Employee Engagement metric.

PostNL’s annual talent management and performance cycle supports engagement through regular check-ins and development discussions for employees from salary scale 5 and above. Leadership training remained mandatory for senior management. During the year, we launched the Connected Leadership programme, which replaces the EBC format. The programme combines informal sessions and structured interactions between senior management and the Executive Committee, and in September began building towards a consistent rhythm of five sessions a year, which will take effect from 2026. For more information, refer to Training and Skills development.

We also keep employees informed and engaged through town hall meetings, including PostNL ‘Praat je bij’ and local unit sessions, and other forms of internal communication, including newsletters, intranet updates and the ‘Dichtbij’ magazine. In 2025, we introduced the monthly, informal town hall meeting ‘PostNL plein’, which is designed to foster open dialogue and connection across business segments. The effectiveness of town hall meetings and local sessions are tracked through attendance and feedback. These sessions are ongoing and have no fixed end date.

Our ten works councils, including our European works council, remain key consultation partners, with feedback integrated into strategic processes such as the DMA. These councils, which meet monthly, cover all forms of engagement. Members receive financial compensation and are provided with training and the time to fulfil their roles in line with national legislation. Feedback from the works councils is recorded and integrated into decision-making by the Board of Management, and collaboration between works councils and the Board is reviewed informally, with both parties considering it constructive and effective.

PostNL gathers the perspectives of marginalised groups through DEI‑networks, works council representation, confidential reporting channels and targeted support programmes, ensuring their needs are structurally reflected in decision‑making. We also engage employees and workers’ representatives on potential impacts of our climate transition plan, such as restructuring, job creation, training, gender equity, and health and safety. No material negative impacts were identified on our own workforce related to the environmental transition plan.

Engagement with workers in the value chain

We aim for all who work with or for PostNL to feel safe and empowered to share their views. Engagement with delivery partners and insight into their workers’ conditions and satisfaction form a core element of our human rights due diligence and impact management.

A key part of our operations involves delivery partners, whose workers represent us daily. While responsibility for worker engagement rests with these partners, we ensure engagement to gain insights into all their workers’ conditions and satisfaction. To gather input and monitor satisfaction, we use our Collaboration Monitor. In 2025, we moved from an annual to a quarterly cycle, with dashboards by location and quarter. To reach a broader group of workers, we piloted new feedback channels, including QR codes, kiosks and on-site questionnaires. These are being evaluated for broader use in 2026. Delivery partners are contacted via e-mail and SMS and encouraged to participate.

Beyond consultation, we engage in regular dialogue with delivery partners. Structured conversations between sourcing specialists, depot or process managers and delivery partners continue in the Netherlands and Belgium, at least annually, ensuring local concerns are addressed. In 2025, we restructured our sourcing organisation in the Netherlands, giving delivery partners a single point of contact. This simplification supports stronger collaboration and ensures consistent follow-up on concerns.

Concerns and themes raised through the monitors, structured conversations and Sounding Board Group are followed up. For instance by implementing new policies, changing processes or extra dialogues between the delivery partner and dedicated sourcing specialist.

The effectiveness of engagement is assessed through participation rates and feedback quality of our monitor. Furthermore, post-meeting evaluations of the Sounding Board Group further helps foster a balanced and constructive dialogue among the participants.

In 2025, we launched the Delivery Partner Journey initiative in the Netherlands to better understand delivery partners’ growth, professionalisation and support needs, aiming to improve satisfaction and NPS scores in future collaboration monitors. Communication throughout the journey took place via e-mail, online meetings, and in‑person visits, including an ideation session and in‑depth discussions. A questionnaire was also distributed to all partners. This journey, which will continue in 2026, helps us move towards partnerships, where both sides benefit from stronger engagement and shared goals.

The directors of Sourcing Netherlands and Sourcing Belgium are responsible for ensuring that the above processes are carried out effectively and that outcomes inform our decision- making.

Engagement with consumers and end-users

PostNL engages both directly and indirectly with consumers and end-users to understand and manage actual and potential impacts. These processes are embedded in our ongoing due diligence and customer care practices and aim to ensure that our services remain accessible, inclusive, and aligned with consumer needs.

Consumers and end-users are engaged directly through:

• Customer Care channels – via live chat, phone, e-mail, written correspondence, and chatbot Daan (24/7)
• Digital platforms – the PostNL app includes direct feedback tools (thumbs up/down) and delivery preference settings
• Surveys – regular NPS surveys are conducted after interactions with PostNL
• Accessibility research – PostNL performs continuous user testing during product development, including with marginalised groups such as people with disabilities or low literacy, to improve both physical and digital services.

Feedback is analysed continuously and feeds into process improvements, complaint handling and service design. The Customer Care and CX departments manage this process and their senior management are responsible.

The PostNL app personalises the interaction with our consumers using thumbs-up or thumbs-down feedback system and functionalities such as re-routing deliveries and delivery preferences to safe place and out of home, giving consumers greater control over their interactions with PostNL. To measure the effectiveness of these engagement strategies, we track several key metrics, including App Store ratings and the number of times the feedback button is used.

We continue to actively monitor social media platforms, allowing us to engage with consumers in real time. Feedback gathered from social media interactions helps us quickly address any emerging concerns, ensuring that we stay connected with our users and make timely service improvements. This ongoing monitoring complements other feedback channels, giving us a comprehensive view of consumer sentiment and service quality. To measure the effectiveness of these engagement strategies, we track several key metrics, including the statistics from social media platforms, including qualitative interactions. 

Indirect engagement takes place via our public affairs department which engages with our external stakeholders. Engagement with elderly associations (ANBO, Unie KBO, PCOB) ensures the interests of elderly people are considered in our services. This includes consulting on the placement of postboxes, improving accessibility, and addressing digital barriers. These organisations provide valuable feedback that helps PostNL maintain an inclusive and user-friendly postal service for seniors.

For many years, PostNL has worked directly with the Consumentenbond to review and agree upon the General Terms and Conditions (T&C) for the universal service obligation (USO) (Algemene Voorwaarden voor de Universele Postdienst), ensuring they meet consumer expectations. From 2026, bilateral consultations with the Consumentenbond on USO terms will be replaced by an independent review committee under the Geschillencommissie. This new committee will oversee and assess the General T&C to ensure full compliance with consumer rights’ standards. We also work with digital accessibility experts to ensure compliance with standards such as EAA and WCAG.

Consumer perspectives are embedded into several stages of decision-making from research and development, to issue resolution and strategic planning. Inclusion of marginalised groups—such as older consumers and people with disabilities—is prioritised through tailored accessibility studies and specialised training for customer care staff. Effectiveness is measured via NPS trend and participation rate analysis, complaint resolution metrics and ratios, customer post-interaction satisfaction scores and internal and external audits of complaint and feedback processes.

Grievance and remedy

We are committed to a safe and respectful workplace and take responsibility when our actions cause or contribute to negative impacts. Remedy focuses on timely resolution, learning and prevention, anchored in our Human Rights and Integrity policies. For more information, see later in this chapter and the Our policies and Our actions sections in the Governance disclosures.

Multiple channels are available for raising concerns:

• Integrity Office – operational grievance mechanism available for any affected individual or their representative via e-mail, phone, and written correspondence, which allows for anonymous reporting, with central logging and tracking by the integrity and security office, as outlined in the group procedure on incident reporting
• Complaint form – employees with a PostNL account can file a complaint using the complaint form available on our web-based platform
• HR service desk – accessible for employees via e-mail, chat or phone, with complaints related to employee matters monitored and evaluated by the HR service organisation
• Line managers – encouraged as a first point of contact for any concerns of employees and value chain workers, supported by regular check-ins for an open dialogue
• Confidential advisors – internal or external, providing independent support and anonymised reporting on an annual basis for our employees, with a main focus on violence and harassment
• Sourcing specialists – are available for any concerns of value chain workers. In Belgium, a dedicated coordinator under the Parcel Delivery Act provides an additional channel for them
• Works councils and labour unions – which represents the interests of our employees and value chain workers, and holds an advisory role in organisational changes with the authority to propose initiatives and, in certain cases, approve or disapprove specific decisions, is intended for collective concerns on engagement, health and safety or undesirable behaviour
• Third-party representation – such as the Geschillencommissie, is available for consumers and end-users to submit their concerns anonymously
• Customer care channels – which include the PostNL app, chatbot Daan (24/7), our website, social media, phone and written correspondence can also be used by consumers and end-users to voice their concerns, retailers and delivery partners are required to redirect complaints to these formal channels to ensure consistency and traceability.

Collectively, these channels address all our material topics. Effectiveness of the above channels varies from feedback surveys to informal dialogue or as part of the appreciation programme. No effectiveness tracking is in place yet for the confidential advisors and there is currently no formal method to assess trust in these channels. Complaints are logged in a central system and are monitored for volume, type, resolution time, customer satisfaction after resolution and trends to identify recurring issues. We have no specific processes for Human Rights related questions or complaints.

All stakeholders are protected by our Whistleblowing procedure, which ensures that those raising concerns in good faith cannot face retaliation. PostNL protects individuals from retaliation in accordance with the Dutch Whistleblower Protection Act, its internal Human Rights Policy, and Group Procedure on Whistleblowing. For more information, refer to Our policies in the Governance disclosures.

In addition, all grievance and remediation processes are conducted in line with GDPR, the UN Guiding Principles on Business and Human Rights, the OECD Guidelines for Multinational Enterprises, and our Privacy Policy. Reports are handled confidentially, and any retaliation (e.g. demotion or harassment) is not tolerated and must be reported to the Director of Audit & Security. PostNL uses secure protocols to manage and store personal data and promptly reports any breaches to the Dutch Data Protection Authority (AP).

The PostNL Integrity E-learning training is mandatory for all management and staff personnel and includes a module on incident reporting. For more information, see the Group whistleblowing procedure paragraph, as well as the Promoting awareness of integrity-related policies and procedures paragraph in the Governance disclosures.

PostNL engages stakeholders through surveys and feedback mechanisms to evaluate trust and awareness of the grievance system. Effectiveness is further ensured through regular calibration sessions and audits. One-on-one sessions with employees are held every two weeks, as are team calibrations within PostNL. In addition, team calibrations with Yource and cross-location calibrations including PostNL occur monthly.

Our workforce

Remediation is tailored to each case, based on severity and context. Measures may include compensation, training, policy updates, or mediation. Health and safety incidents are addressed through our risk assessment cycle. Where appropriate, affected employees are involved in designing solutions. Effectiveness is monitored through follow-up and integrated into our health and safety management system. More information can be found on pages - in the Corporate Governance chapter, including the paragraphs Integrity Committee, Business conduct and integrity approach, and Prevention of fraud, bribery and corruption.

Value chain workers

We remain committed to human rights and fair labour practices across our value chain. We focus on grievance and remedy processes that are effective, accessible, and trusted by those who need them the most. There are no specific measures in place to raise awareness of the channels available for workers in the value chain, the same communication measures apply as for our own workforce.

Remediation is adapted to each case, based on severity and investigation outcomes, with severe breaches potentially leading to the termination of contracts and business relationships. Affected workers are involved in designing remediations where appropriate, in line with the approach for own workforce. Effectiveness is monitored through risk evaluation procedures and incident analysis.

Consumers and end-users

We apply structured processes to remediate negative impacts on consumers, particularly regarding privacy, data security and service quality. All complaints reported by consumer and end-users are centrally logged and tracked by Customer Care. Severe cases, such as fraud or privacy breaches, are escalated to senior management or specialist teams. Remedies may include compensation (via the sender), corrective actions or process improvements. For cases with material impact, PostNL engages with affected individuals in designing the resolution. Effectiveness is assessed through resolution times, customer satisfaction, trend analysis and internal and external audits.

All remediation efforts are aligned with GDPR, the UN Guiding Principles on Business and Human Rights, and the OECD Guidelines for Multinational Enterprises. Cybersecurity measures, such as a central SIEM system and privacy oversight by the Data Governance Board, ensure that personal data remains protected throughout the process. For more information on cybersecurity, refer to the Cybersecurity paragraph on page - of the Corporate governance chapter.

In 2025, PostNL continued collaborating with external mechanisms to ensure transparent and fair handling of complaints. Consultation with the Consumentenbond ended in 2025 and was replaced by a Review Committee under the Geschillencommissie, ensuring impartial oversight of our Universal Postal Service terms and conditions. We also collaborate with VNO-NCW and Thuiswinkel.org to further strengthen grievance mechanisms. These third-party mechanisms supplement internal grievance channels and provide consumers with an alternative and impartial route for resolution.

“We aim to provide a safe and respectful workplace and take responsibility when our actions cause or contribute to negative impacts”

3.1.4 Our policies

At PostNL, we continue to have the same key policies in place that protect human rights, fostering a diverse and inclusive working environment and promote a healthy and safe workplace for all our employees, contractors, suppliers, and other stakeholders.

Governance and oversight remain embedded in our organisation through dedicated teams, leadership accountability, and regular compliance reviews. These policies support the management of key social impacts and risks, including workplace safety, ethical conduct, and inclusion. Training programmes, clear reporting structures, and grievance mechanisms underpin their implementation.

The Board of Management is accountable for policy adoption and performance, while business segments are responsible for day-to-day implementation. Oversight is provided through the Supervisory Board and specialist committees. Together, the Human Rights Policy, Code of Conduct, Privacy Policy, and Group Policy on Information Security Management provide the relevant policy framework for managing the identified impacts, risk, and opportunities regarding consumers and end-users.

Human Rights Policy

In 2025, PostNL strengthened its human rights governance with the formal installation of a Human Rights Committee in addition to appointing our Human Rights Officer. Comprising eight members from across our Dutch and Belgian business segments, and our International branch, the committee meets twice per year to oversee due diligence processes, monitor risks, and advise on strategic developments. This structure enhances our ability to embed human rights into decision-making across the organisation.

Our Human Rights Policy explicitly prohibits discrimination on the grounds of racial and ethnic origin, sex, sexual orientation, disability, age, religion, as well as any other forms of discrimination covered by union regulation and national law. Our Policy indirectly prohibits discrimination on the grounds of colour, gender identity, political opinion, national extraction or social origin and other forms of discrimination covered by Union regulation and national law by prohibiting any form of unwanted behaviour including discrimination on any grounds. It also prohibits trafficking in human beings, forced or compulsory labour, and child labour across our operations and value chain, in line with ILO conventions and international standards. This commitment applies to all employees, value chain workers, and stakeholders.

Our Human Rights Policy is also dedicated to the responsible scheduling and management of working hours for all employees and temporary staffing workers, and we respect all relevant legislation on working hours and vacation. We aim to prevent the negative effects of excessive working hours, inadequate rest periods, and irregular or excessive night shifts. All employees of PostNL are entitled to sufficient time to rest and paid vacation.

We are committed to fostering inclusion and taking positive action for groups at particular risk of exclusion, including people with disabilities, those distanced from the labour market, and other underrepresented groups. Our Diversity, Equity & Inclusion Policy, which is integrated into our Human Rights Policy sets out targeted measures to promote equal opportunities and support the participation of all individuals in our workforce.

To ensure these goals are realised, we have established clear procedures for preventing, detecting, and addressing discrimination. This includes regular training for employees and managers, accessible reporting channels for incidents, prompt investigation and remediation of complaints, and ongoing monitoring of diversity and inclusion metrics. The Human Rights Committee oversees the effectiveness of these procedures and drives continuous improvement.

Our Human Rights Policy remained unchanged in 2025 and continues to align with international standards, including the UN Guiding Principles on Business and Human Rights, OECD Guidelines, and ILO conventions. The Policy applies to our own workforce—including non-employees such as temporary workers—, value chain workers—including delivery partners—and consumers and end-users in both the Netherlands and Belgium. Ultimate accountability for human rights compliance lies with our Board of Management. The CHRO holds the highest responsibility for implementing this Policy, supported by the Human Rights Committee. Our Human Rights Policy is publicly available for all stakeholders via our website and internally via our web-based platform.

Our Human Rights Policy covers all material social topics throughout the value chain with the exception of the material social topics training & skills development and the risks related to access to products and services.

Stakeholder engagement remains central to our approach. We continue to consult internal and external stakeholders to refine our actions. The Human Rights Policy also connects with related social policies, such as the Health & Safety Policy and the Diversity, Equity & Inclusion Policy, described later in this section. To avoid duplication, updates on workplace accident prevention, for example, are reported under the Health & Safety section in these disclosures.

Looking ahead, the Human Rights Committee will continue to guide our efforts and ensure alignment with evolving standards. Priorities include further integration of human rights into core business processes, expand training, and stronger alignment of actions and monitoring across the value chain. This supports our broader ESG ambition to create a safe, inclusive, and responsible work environment.

Code of Conduct

At PostNL, we place great importance on honesty, transparency, and integrity in both our business practices and the way we treat individuals inside and outside the organisation. As a large company with a diverse workforce, respectful behaviour is important to how we interact with each other and our partners. Our Code of Conduct, which during the course of 2025 replaced our business principles, outlines our core values and the standards of behaviour we expect from everyone working for or with PostNL. Our Code of Conduct is line with the OECD guidelines for responsible business conduct and covers the social material topics working time, health & safety, measures against violence and harassment, access to product and services and privacy. The Director Audit & Security is responsible for our code of conduct. For more information, refer to the Code of Conduct paragraph in the Governance disclosures.

Health and Safety Policy

Our Health & Safety Policy aims to prevent work-related injuries and illnesses, promote sustainable employability, and support overall wellbeing. It aligns with Dutch legislation, ISO 45001 and ILO guidelines. The Policy applies to all employees, including temporary workers and freelancers. Independent contractors and delivery partners are responsible for their own policies, but PostNL actively promotes safety standards across the value chain. Our Health and Safety strategy explicitly includes third-party involvement. Furthermore, PostNL provides a guideline for delivery partners in which health and safety considerations constitute a significant component, with which we aim to mitigate inadequate management of health and safety and failure to provide a safe and healthy work environment. It is governed by the Chief HR Officer and implemented through a three-lines model: operational teams, health and safety professionals, and internal audit. Our Health & Safety Policy, which is internally and publicly available on our website, covers the material topic health and safety (including road traffic safety). No significant changes were made in 2025.

Health and safety commitments are also embedded in our Human Rights Policy, which ensures a hazard-free workplace and protection against harassment. Traffic safety is a priority due to our logistics operations, and all drivers working on behalf of PostNL must comply with traffic laws and safe driving practices.

Diversity, Equity and Inclusion Policy

Our Diversity, Equity & Inclusion (DEI) Policy, which is integrated into our Human Rights Policy, encompasses all our own employees focusing on eliminating discrimination and harassment, promoting equal opportunities, and advancing diversity, equity and inclusion in various ways. Our DEI Policy covers the material topics diversity and inclusion and employment and inclusion of persons with disabilities. This Policy plays a central role in ensuring that all employees feel safe, accepted, included, and valued, contributing to an inclusive workplace. Our DEI Policy eliminates all forms of discrimination, including harassment, and ensures tailored support to individuals requiring additional guidance. The aim is to create safe access to the labour market, foster employability, and support full participation in society. Oversight and accountability of the DEI Policy lies with the Human Resources department and Chief HR Officer.

The effectiveness of this Policy is assessed through external benchmarks such as Talent to the Top and Workplace Pride, alongside PostNL’s own diversity index. This index was developed in collaboration with Ipsos, and measures how accepted and equally treated employees feel, regardless of gender identity, age, cultural background, sexual orientation, or disability. We made this tool available in 2022 to external organisations, so that other organisations can also actively work on inclusivity. To ensure compliance and track progress, PostNL actively participates in external evaluations such as the Dow Jones Sustainability Index, EcoVadis and the SER Diversity Portal. We also remain a signatory to the Diversity Charter, reaffirming our commitment to advancing diversity, equity and inclusion across society. In 2025, we maintained our focus on inclusive leadership, awareness-building, and transparent monitoring. No significant changes were made to the DEI Policy in 2025. The DEI Policy is publicly available for all stakeholders via our website and internally via our web-based platform.

Policies on measures against violence & harassment

PostNL is focused on providing a safe and respectful workplace for all employees and value chain workers. Our framework is guided by the Integrity Policy, the Code of Conduct, the Human Rights Policy, and the Group Procedure on (Un)desirable Behaviour. Together, these policies promote positive conduct, set clear behavioural standards, improve incident management and reporting, and ensure protection for anyone raising concerns.

For further details on the Integrity Policy and Code of Conduct, we refer to Our policies section in the Governance disclosures. For more information on the Human Rights Policy, refer to the Human Rights Policy paragraph earlier in this section.

Group Procedure on (Un)desirable Behaviour

PostNL’s policy commitments regarding (un)desirable behaviour are outlined in the Group Procedure on (Un)desirable Behaviour. We maintain a zero-tolerance policy towards any form of threat, violence, or harassment—whether physical or verbal. This includes, but is not limited to, bullying, sexual harassment, discrimination, aggression, and violence.

The group procedure, established in 2024, continues to provide the framework for preventing and addressing (un)desirable behaviour across the organisation. The Chief Human Resources Officer (CHRO) remains accountable for its implementation and ongoing application. The scope of this procedure applies to our entire workforce, including temporary workers and delivery partners involved in our operations—in short, all individuals working within the PostNL Group under an agreement. Our group procedure covers the material topic measures against violence & harassment in the workplace.

We expect everyone who works for or on behalf of PostNL to understand what constitutes (un)desirable behaviour, to actively prevent undesirable behaviour, and to recognise and take appropriate action should it occur. Additionally, we emphasise the importance of fostering and demonstrating desired behaviour in our daily interactions.

The aim of the procedure is to promote desirable behaviour while preventing and addressing undesirable conduct. It provides clear guidance for employees who experience or witness inappropriate behaviour in the workplace. We are committed to ensuring a safe and respectful working environment by protecting everyone who works with and for us from undesirable behaviour and its negative consequences.

PostNL fosters a culture in which employees are encouraged and empowered to speak up. In line with the procedure, management is required to report any (suspected) instances of undesirable behaviour in the workplace. These incidents must be documented using the incident registration tool or reported directly to our Integrity & Security Department. Further details on the procedure can be found in Our workforce and performance below.

Policies on training & skills development

PostNL does not yet have a formal policy on training and skills development. Currently, a group arrangement (concernregeling) under the Dutch CLA provides time and financial support for mandatory and performance-related training for all employees. This framework ensures compliance and supports essential skill development. Internal procedures will be introduced after evaluating training needs and resources to further strengthen career development opportunities.

Privacy Policy

PostNL manages privacy as part of our broader governance framework. Our group-wide Privacy Policy defines clear rules for handling personal data securely, in compliance with the General Data Protection Regulation (GDPR) and the GDPR Implementation Act. The Policy reflects our commitment to responsible business practices and international standards, including the OECD Guidelines. The Privacy Policy applies to all business segments and regions without exception and covers the material topic privacy.

The Policy is maintained by the Privacy Office and overseen by the Board of Management, with delegated responsibility to the CFO and CPO. A Data Protection Officer provides advice on compliance with the GDPR and the GDPR Implementation Act. Progress is monitored through a Plan Do Check Act (PDCA) cycle, with support from Group Legal, IT, and Audit & Security.

PostNL’s Privacy Policy is shared with relevant stakeholders and aligns with European data protection legislation. By embedding privacy management across all business segments, maintaining up-to-date governance, and regularly auditing processes, PostNL demonstrates responsible data management. This proactive approach builds trust with consumers and stakeholders, reduces the risk of privacy incidents, and ensures swift, structured responses to breaches.

Group Policy on Information Security Management

PostNL’s Group Policy on Information Security Management protects the confidentiality, integrity and availability of business data and systems, responding to growing cyber risks and the need for reliable consumer access to essential services. This Policy covers the material topic access to products and services. It applies to all PostNL Group companies and business segments and is relevant across the full value chain—internal operations, upstream suppliers, and downstream platforms. The Policy is built around six objectives: secure IT environments, incident management and continuity, personal data protection, awareness and compliance, continuous improvement, and adherence to laws and regulations.

“By embedding privacy management across all business segments, maintaining up-to-date governance, and regularly auditing processes, PostNL demonstrates responsible data management”

Implementation is monitored through risk assessments, control testing, audits and oversight by the CIO and CISO. In 2025, the PDCA cycle was fully embedded in the Information Security Management System, strengthening continuous improvement. The Policy is aligned with ISO/IEC 27001, the NIST Cybersecurity Framework and GDPR, and forms the foundation of PostNL’s Information Security Policy House, which integrates topic-specific policies such as access control, secure development, data protection and third-party cyber risk.

PostNL developed this Policy with input from internal experts and business leaders, and in response to stakeholder expectations around trust, privacy, and secure access to services. The Policy is shared internally through our web-based platform and externally reflected in supplier agreements and assessments. Alongside this, PostNL continues to apply core policies supporting equal and secure access to services: the Human Rights Policy and our Code of Conduct, which guide affordability, accessibility and reliability. Together, these policies ensure our services remain inclusive, secure and accessible, including for marginalised groups and digital users. For more information on these policies, refer to the Our policies section in the Governance disclosures.