Legal & Corporate

Code of Ethics

A framework of principles, rules of conduct and governance safeguards that guides UESE ITALIA S.p.A. and all persons acting in its interest, in Italy and in the international contexts where the Company delivers services or maintains professional relationships.

1. Nature, objectives and binding value

This Code of Ethics sets out the Company’s reference principles on integrity, lawfulness, professional independence, fair dealing, protection of people, information security and responsibility towards clients, institutions, partners, workers, candidates, suppliers and the communities affected by its activities. The Code forms an integral part of UESE’s internal control and risk management system and contributes to the implementation of its corporate governance, compliance and accountability framework.

The principles set out herein complement, and do not replace, obligations arising from applicable laws, regulations, contracts, internal procedures, company policies, operating instructions, certified management systems and professional standards. Any conduct consistent with this Code must also be lawful, documentable, proportionate, traceable and coherent with the role performed.

Framework references. This Code shall be interpreted consistently, among others, with Italian Legislative Decree No. 231 of 8 June 2001, Italian Legislative Decree No. 24 of 10 March 2023 on internal reporting and whistleblower protection, Regulation (EU) 2016/679, Directive (EU) 2019/1937, the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct.

2. Personal scope of application

This Code applies, without exception, to members of corporate bodies, executives, employees, collaborators, consultants, appointed professionals, commercial partners, suppliers, subcontractors and, more generally, any person acting in the name, on behalf or in the interest of UESE, irrespective of the legal form of the relationship and the country in which the activity is carried out.

UESE expects third parties that are material to its operating model to adopt substantially equivalent standards on integrity, respect for people, legal compliance, information protection, anti-bribery and cooperation with audits, due diligence reviews or internal investigations. In contractual relationships with third parties, the Company may introduce ethical clauses, verification rights, information obligations, corrective remedies and rights to suspend or terminate in the event of material breaches.

3. Core values

  • Substantive legality: act not only in formal compliance with the law, but also in a manner that avoids evasive, opaque or unjustifiable solutions.
  • Integrity: reject improper advantages, favouritism, undue pressure, undeclared conflicts and any conduct capable of compromising independence of judgment or corporate reputation.
  • Professional competence and diligence: operate with technical accuracy, continuous upskilling, documentary discipline and full awareness of the limits of one’s mandate.
  • Centrality of the person: promote dignity, inclusion, safety, listening, equal opportunity and protection against abuse, harassment, retaliation and discrimination.
  • Transparency and traceability: ensure clarity in decisions, approval workflows, reporting and preservation of evidence.
  • Responsibility and continuous improvement: prevent adverse impacts, manage non-conformities and complaints promptly, implement corrective actions and foster organisational learning.

4. Legality, corporate governance and entity liability

UESE carries out its activities through a governance model designed to prevent legal, reputational, operational, cyber and regulatory risks. Corporate functions are required to act in coordination, according to defined responsibilities and segregation of duties, in order to ensure compliance with the rules applicable to the services delivered, commercial activities, people management, dealings with public bodies, financial flows, occupational health and safety, personal data protection, intellectual property and information security.

Every addressee of the Code shall contribute to the effectiveness of internal controls, the quality of records, the truthfulness of documentation and the timely reporting of anomalies. No conduct aimed at concealing errors, falsifying evidence, altering documents, omitting material information, bypassing controls or circumventing approval levels is permitted.

5. Integrity in dealings with clients, prospects, partners and the market

UESE conducts its commercial and professional activities on the basis of fairness, clarity of offering, proportionality of commercial claims and transparency regarding the scope of services. Proposals, quotations, marketing materials, technical statements, references and claims about expertise, results, certifications or expected outcomes must be truthful, verifiable and not misleading.

The Company rejects aggressive, manipulative or deceptive commercial practices and requires every client relationship to be based on a correct representation of roles, deliverables, prerequisites, dependencies, scope exclusions, regulatory constraints and reciprocal responsibilities. In highly regulated or inspection-sensitive services, the personnel involved must preserve independence of judgment, methodological rigor and professional autonomy, avoiding any promise incompatible with the nature of the process or with the role of authorities, notified bodies, certification bodies or competent administrations.

6. Anti-bribery, gifts, sponsorships and dealings with the public sector

UESE adopts a zero-tolerance approach to bribery, extortion, unlawful influence, fraud, improper promises or offers of money, gifts, benefits, favours, facilitation payments or any other direct or indirect advantage, in any jurisdiction and regardless of local custom. It is prohibited to offer, promise, authorise, solicit or accept benefits capable of influencing, or appearing to influence, a professional or institutional decision.

Gifts, entertainment, hospitality, donations and sponsorships may be permitted only where lawful, occasional, proportionate, transparent, properly recorded, internally authorised and never intended to obtain favourable treatment or an improper advantage. Dealings with public officials, persons entrusted with public service, supervisory authorities, procurement bodies, regulators or inspectors must be managed exclusively by authorised persons, with professional language, full traceability and strict respect for public procurement, impartiality and good-faith cooperation requirements.

7. Conflicts of interest, independence and disclosure duty

Addressees must avoid situations in which personal, family, financial, professional or reputational interests may interfere, even potentially, with their ability to act in the interest of the Company or the client, in accordance with the law and applicable professional rules. Personal or economic relationships with counterparties, competitors, suppliers, certification bodies, assessment organisations, external consultants or public administrations that may affect impartiality must be disclosed without delay.

Where an actual, potential or perceived conflict arises, the matter must be escalated to the competent function so that suitable measures can be adopted, including abstention, segregation of duties, reassignment, restricted access to information or withdrawal from the engagement.

8. Human rights, decent work, inclusion and health and safety

UESE recognises the dignity, safety and fundamental rights of all individuals involved in its activities and value chain. The Company rejects forced labour, exploitation, child labour, degrading treatment, discrimination, violence, harassment, intimidation, retaliation and practices that undermine liberty, health, safety, privacy or equality of treatment.

People management must be based on objective criteria of competence, merit, reliability, fair remuneration, professional development, inclusion and organisational wellbeing. UESE promotes a safe and respectful working environment in which every person is required to behave responsibly, report hazards, incidents, near misses and non-conformities, and comply rigorously with applicable prevention and protection measures.

9. Confidentiality, data protection and information security

Personal data, confidential information, trade secrets, technical documentation, access credentials, digital assets, third-party information and know-how must be collected, processed, shared, retained and destroyed according to the principles of lawfulness, minimisation, integrity, availability, confidentiality and need-to-know. Every access must be justified, proportionate, traceable and consistent with the assigned role.

It is prohibited to use company systems, data or information for improper, personal or unauthorised purposes, as well as to export documents, datasets or sensitive content outside approved channels. Any breach, suspected cyber incident, loss of availability, unauthorised access, configuration error, lost device or personal data breach must be reported immediately in accordance with internal procedures. Information security is a shared responsibility and an essential requirement of the Company’s reliability.

10. Professional quality, documentary accuracy and technical reliability

Across consulting, audit, training, legal-technical support, IT services, compliance, cybersecurity, medical devices, regulatory registrations or managed services, UESE requires high standards of accuracy, verifiability, regulatory currency, source control, drafting clarity and traceability of decisions. Deliverables must be understandable, coherent with the mandate received, based on reliable evidence and, where needed, subject to internal quality review and approval.

It is not permitted to manipulate data, inflate outcomes, omit limitations, present debatable opinions as certainties, sign off unchecked documents, use outdated templates without critical review, reuse third-party content in breach of intellectual property rights or accept assignments in the absence of adequate skills, resources or safeguards.

11. Accounting, financial flows, taxation and documentation

Every economic or financial transaction must be lawful, authorised, properly classified, supported by adequate documentation and recorded in a timely and truthful manner. UESE does not tolerate off-the-books funds, parallel accounting, sham documentation, invoices for non-existent transactions, improper offsets, anomalous cash use, payments to unidentified parties or operations in high-risk countries or contexts without appropriate checks.

The Company promotes a tax compliance approach based on fairness, cooperation and transparency, rejecting artificial or opaque structures lacking adequate business justification. Those who manage purchase orders, procurement, payments, reimbursements, travel costs, advances or spending approvals are responsible for compliance with procedures, approval limits and reasonableness checks.

12. Selection, management and monitoring of suppliers, partners and third parties

The selection of suppliers, consultants, subcontractors, technology partners and external professionals must be based on quality, reliability, competence, reputation, economic sustainability, security, legal compliance and organisational capability. Qualification and award decisions may not be driven by favouritism, personal benefits or non-transparent arrangements.

UESE reserves the right to carry out documentary, reputational and compliance checks proportionate to the risk profile of the service or jurisdiction involved, with particular attention to integrity, anti-bribery, data protection, cybersecurity, respect for people’s rights, conflicts of interest and unauthorised subcontracting. Where material issues arise, the Company may impose remediation plans, suspend cooperation or terminate the relationship.

13. Fair competition, intellectual property and external communications

UESE competes in the market through quality, reputation, responsiveness, competence and organisation, in compliance with fair competition rules and without engaging in restrictive arrangements, improper exchanges of sensitive information, disparaging practices, misappropriation of third-party documents or content, unfair competition acts or intellectual property infringements.

External communications, including commercial, institutional, digital and social media communications, must be authorised where required, consistent with the role of the person communicating, accurate, not misleading and respectful of confidentiality obligations. No one may issue statements on behalf of the Company without authorisation or disseminate incomplete, inaccurate or market-misleading information.

14. Environment, sustainability and value-chain responsibility

UESE pursues a responsible development model aimed at integrating environmental, social and governance matters that are materially relevant to its activities into business decisions. The Company promotes efficient use of resources, prevention of adverse impacts, responsible procurement, dematerialisation where feasible, digital and physical process security and professional practices aligned with international responsible business conduct standards.

Within the limits of its size and sector, UESE encourages a proportionate due diligence approach to value-chain risks, with particular regard to integrity, human rights, labour, safety, environment, privacy and information security.

15. Reporting, internal investigations and non-retaliation

UESE encourages prompt good-faith reporting of conduct, acts or omissions contrary to law, this Code, internal procedures or applicable professional standards. Reports may concern, by way of example, breaches involving corruption, fraud, privacy, cybersecurity, health and safety, harassment, discrimination, document falsification, misuse of funds, unfair conduct or concealed conflicts of interest.

The Company ensures, within the limits established by applicable law and internal procedures, confidentiality of the reporting person’s identity, protection of persons concerned, impartial handling, traceability of verification activities and prohibition of retaliation or detriment against persons who submit reports based on reasonable grounds. Deliberate abuse of reporting channels remains prohibited.

16. Training, implementation, disciplinary consequences and improvement

The Code is communicated to addressees through means appropriate to their role and the risk profile of the activities performed. UESE promotes periodic training, awareness initiatives, policy updates, internal audits and monitoring of control effectiveness. Function heads are responsible for ensuring practical implementation of the Code in operational decisions, task allocation, team supervision and third-party management.

Breaches of the Code, established according to proportionality and procedural fairness, may lead to disciplinary, contractual, organisational or compensatory measures, up to termination of the relationship or referral to competent authorities. UESE also undertakes to manage every relevant event through remediation, corrective actions, process review and reinforcement of governance and control safeguards.

17. Review of the Code

This Code is subject to periodic review in order to remain aligned with legal, regulatory, technological, organisational and market developments, as well as with emerging risks connected to the services delivered by the Company. Any update is approved in accordance with internal governance processes and made available through the channels deemed appropriate.