Good governance

As a major enterprise, with a significant role in Dutch society, NS attaches great value to a sound governance structure. NS is committed to conducting its business with integrity and transparency. As a state-owned company, we must also set a good example. NS aspires to be an organisation characterised by an open and safe corporate culture where professional integrity is a matter of course. We attach great importance to results-oriented working practices that are consistent with the norms and values to which we have committed ourselves.

The material theme 'Good governance' incorporates the sub-theme 'Organisational culture, integrity and compliance':

Material impacts, risks and opportunities		Value chain	Policy	Action plan
Sub-theme: Organisational culture, integrity and compliance
The impact of NS conducting its business with integrity and transparency on society	Positive and negative impact	Entire value chain	Code of Conduct Integrity Issues Reporting Scheme	E-learning Code of Conduct Integrity Desk Integrity Committee Confidential adviser External Stakeholder Desk

Organisational culture, integrity and compliance

Material impacts, risks and opportunities

Impact

NS has an impact on society through the way it operates within its organisation. Operating with integrity and transparency ensures trust, responsible use of resources, a fair market and a safe working environment. If organisational culture, integrity and compliance are not in order, there is a risk that stakeholder interests will not be adequately protected, or of an insufficient focus on sustainable long-term value creation.

Policy, actions, indicators and targets

Policy

Code of Conduct

Our Code of Conduct forms the basis for the professional conduct of all NS employees, helping them to make the right decisions and choices in a variety of situations. The Code of Conduct has been approved by the Executive Board and is available to employees on the intranet. Employees complete online training on the NS Code of Conduct at least once every three years.

The Code of Conduct also forms the basis for handling integrity reports and investigations. The Code is consistent with the relevant OECD guidelines and with the Dutch Corporate Governance Code. This means that there are also safeguards within NS for the protection of human rights. Based on the Code, we have policies on specific themes such as conflicts of interests, competition, information protection, the fight against corruption and fraud.

Integrity Issues Reporting Scheme

The Integrity Issues Reporting Scheme, including whistleblower reporting, ensures that:

NS employees can report any irregularities or suspected irregularities;
NS handles reports with due care and confidentiality;
employees are not adversely affected by having made a report.

Employees have several options for reporting integrity issues or abuses (anonymously or otherwise): via the Integrity Desk, via a special app, by email, by telephone or in a one-on-one conversation. An integrity violation report may result in a recommendation to the person who reported the issue, and to the managers involved, on any subsequent steps or measures. It may also be decided to ask NS Corporate Security to conduct an independent fact-finding investigation, with NS taking measures based on the outcomes.

On the Integrity Portal on the NS intranet, employees can find information about integrity and NS’s policy in this regard.

Actions

Organisational culture

The conduct of NS’s employees and the choices they make in their work are crucial to the integrity of the company. We promote a culture of openness and accountability and our awareness-raising activities in this area are ongoing. The topic has come up at several working meetings. Bystander training is also offered within NS.

As part of a continuous focus on undesirable behaviour, business units receive practical support for tailored activities in cooperation with HR: to respond effectively to undesirable behaviour as well as to systematically raise awareness of the issue as a preventive measure. The NS Code of Conduct serves as the guiding document for this programme. In addition, NS has a planning and control system in place that helps to ensure integrity and compliance risks and issues within the organisation remain visible and manageable.

Integrity

The operational departments within NS are responsible for ensuring ethical business practices. Our Integrity department supports efforts to encourage desired behaviour, regulatory compliance and observance of the NS Code of Conduct. Issues are submitted to confidential advisors within NS, if and to the extent permitted by confidentiality rules. The department has a direct line of escalation for integrity with the NS Chair and CEO and with the Supervisory Board.

NS has an Integrity Committee, whose members include the Directors of HR, Legal, Corporate Security and Risk & Compliance. This committee assesses new integrity policies and provides advice on integrity issues.

In 2025, the Integrity Issues Reporting Scheme underwent a review to assess implementation (internal functioning), social developments and legislation. No major changes emerged from this review, but mostly clarifications, honing and updates in response to organisational changes.

Compliance

NS has a company-wide vision for compliance, which lists the main challenges and priorities for compliant working. Fraud management was developed further in 2025 on the basis of this vision, with a risk-based approach to fraud cases. In addition, the tightened legislation on national and European security (Critical Entities Resilience Act, Cybersecurity Act) has a significant impact on NS. We are preparing for higher demands on physical security and cybersecurity and increased cooperation with the Ministry of Defence. In that context, an Integral Security Oversight Committee (I-SOC) has also been set up at administrative level. Action was also taken in response to the introduction of the new sustainability legislation (CSRD, CSDDD), with which NS is required to be fully compliant by 2027.

Primary responsibility for compliant working practices rests with the NS business units themselves. In this context, they are able to draw on the knowledge and advice of teams and departments that have extensive knowledge of compliance, such as NS Legal and QHSE. The Integrity, Risk & Compliance department supervises compliance at NS and reports on its findings to the Executive Board and the Supervisory Board.

NS Integrity, Risk & Compliance (IR&C) supports the Executive Board and management in achieving the company's objectives by:

providing insight into risks and compliance issues in relation to NS's strategy and operations;
advising on control and other measures to be taken;
promoting the ethical organisational culture and structure within NS, by dealing with reported integrity issues and providing the business with solicited and unsolicited advice on business integrity and behaviour.

IR&C is immediately subordinate to the Executive Board. The IR&C Director reports to the Finance & Risk Director. In addition, the IR&C Director has regular meetings with the Risk and Audit Committee chair. IR&C provides high-quality quarterly risk reports to the Executive Board and the RAC. The IR&C Director attends RAC meetings.

We ensure careful compliance with laws and regulations. NS is bound by a complex set of laws and regulations. For example, we must comply with external requirements imposed by national and European authorities. These range from the Railways Act and the main rail network concession to laws and regulations in many sub-areas. Examples include safety, customers, competition, working conditions, tendering procedures, IT, spatial planning and sustainability. In addition, we apply numerous internal rules and requirements such as the Collective Labour Agreement, Code of Conduct, terms and conditions of purchase and the train driver's manual.

Compliance management is also embedded in the regular business operations and processes. This involves the use of compliance standards and performance indicators, including for competition, tendering procedures, privacy and safety. We also provide training courses within the organisation to keep employees’ knowledge of legislation and regulations up to date.

To maintain an overview and enable us to take corrective measures, the Integrity, Risk & Compliance department draws up NS-wide compliance reports. These reports set out the main risks and challenges for NS, plus an overview of relevant KPIs.

Indicators and targets (integrity)

Indicator	Unit	Realisation in 2025	Realisation in 2024
Reported integrity issues (internal)	#	121	99
Reported integrity issues (external)	#	2	5
Support by confidential adviser	#	236	187
Questions to integrity department	#	290	291

A total of 121 integrity violation reports were received in 2025 (2024: 99). Of all finalised reports in 2025, 19% were wholly or partially upheld. Employees may seek support from one of NS’s confidential advisers if they want to report an integrity violation or for other reasons. This option was used 236 times in 2025 (2024: 187). External stakeholders can report issues to NS via a special desk. This option was used twice in 2025. Critical issues with potential company-wide impact are reported to the Executive Board quarterly by numbers and categories. There is also a line of escalation to the CEO.

Employees are welcome to submit concrete issues and dilemmas to the Integrity department. They can ask questions by email or by telephone. The department advises employees about possible solutions and actions. In 2025, the department answered 290 questions (2024: 291).