Impact, Risk and Opportunity Management
S4-1 – Policies related to consumers and end-users
To prevent or mitigate any form of risks or negative impacts on consumers and end-users concerning privacy, health and safety, and responsible marketing practices, we have several policies in place. We have established mechanisms to ensure all our policies are regularly revisited and updated as necessary.
Policies1 |
|
Content |
|
Scope |
|
Senior level responsible |
|
Third-party standards/ initiatives |
|
Stakeholder consideration |
|
Availability |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Global Privacy Management Policy |
|
Outlines adidas’ privacy ambition, principles, and framework and includes adidas’ approach to deleting personal data. It also sets expectations for third-party suppliers on managing personal information for adidas. |
|
Downstream |
|
Global Privacy Officer |
|
n.a. |
|
n.a. |
|
Available for all employees |
||||||||||
Information Security Policy |
|
Defines adidas’ strategy to maintain moderate security risk and regulatory compliance, ensuring the confidentiality, integrity, and availability of assets, including information, data and services, through established standards and practices. |
|
Downstream |
|
Chief Information Officer (CIO) |
|
n.a. |
|
n.a. |
|
Available for all employees |
||||||||||
Information Classification Policy |
|
Outlines the protection of adidas’ information assets by employees or contractors through classifying information based on sensitivity and value, applying suitable security controls for each level. |
|
Downstream |
|
Chief Information Officer (CIO) |
|
n.a. |
|
n.a. |
|
Available for all employees |
||||||||||
Access Control Standard |
|
Defines the requirements of access related controls (as specified in NIST SP 800-53 Rev. 5) for employees, contractors or consultants in the context of adidas. |
|
Downstream |
|
Chief Information Officer (CIO) |
|
National Institute of Standards and Technology (NIST SP 800-53 Rev. 5) |
|
n.a. |
|
Available for all employees |
||||||||||
adidas Policy for the Control and Monitoring of Hazardous Substances |
|
Defines clear requirements, handling and process flow for informing, testing, and certifying compliance regarding possibly existing critical hazardous substances in adidas products and materials. |
|
Downstream |
|
SVP Product Development & Sourcing, General Counsel |
|
WFSGI, IUCN, ILO, AFIRM |
|
n.a. |
|
Accessible on corporate website |
||||||||||
Sustainable Ingredient Definition SOP |
|
Sets the framework for sustainable ingredients for adidas products, detailing the lifecycle and roles and responsibilities. |
|
Entire value chain |
|
SVP Product Development & Sourcing |
|
Preferred Fiber and Materials Matrix from Textile Exchange |
|
n.a. |
|
Available for all employees |
||||||||||
Brand Partnerships Policy |
|
Provides information about processes and guidelines within sports marketing, culture marketing and product collaborations. |
|
Downstream |
|
SVP Brand Partnerships |
|
n.a. |
|
n.a. |
|
Available for all employees |
||||||||||
Brand Partnership Escalation Process |
|
Outlines the process for addressing critical partner behavior while avoiding subjective judgments. |
|
Downstream |
|
SVP Brand Partnerships |
|
n.a. |
|
n.a. |
|
Available for all brand partnerships |
||||||||||
Sports Marketing Contracts Policy |
|
Establishes best practice in respect of the drafting, negotiation, approval, and management of sports marketing contracts involving any of the adidas brands and sports marketing assets. |
|
Downstream |
|
General Counsel |
|
n.a. |
|
n.a. |
|
Available for all employees |
||||||||||
Fair Play Code of Conduct |
|
Stipulates that every employee and our business partners shall act ethically in compliance with the laws and regulations of the legal systems where they conduct company business and provides guidance on issues including anti-corruption, anti-bribery, and whistleblowing. Promotes a respectful, equitable and inclusive work environment. |
|
Entire value chain |
|
Executive Board |
|
n.a. |
|
adidas AG Executive Board and Supervisory Board, Works Council |
|
Accessible on corporate website |
||||||||||
|
||||||||||||||||||||||
With regard to privacy, adidas has policies, standards and blueprints (such as processes, procedures, guidelines, and manuals) in place, which apply to adidas entities around the globe. In these documents, adidas has defined an information security management system (ISMS) for the development, introduction, operation, and further enhancements of adidas information security capabilities. This risk-based approach ensures that relevant security objectives are met. The ISMS is built on the principles of Govern, Identify, Protect, Detect, Respond, and Recover (in accordance with the NIST SP 800-53 Rev. 5 framework) to ensure performance measurement and continual improvement.
Furthermore, adidas is committed to respecting and promoting adherence to human rights throughout the entire value chain and for its consumers. Human rights are fundamental rights and freedoms for everyone based on dignity, fairness, equality, and respect. We operationalize this commitment toward our consumers through our Fair Play Code of Conduct, which establishes high ethical standards to be adhered to by our employees and partners in all their activities. The Fair Play Code of Conduct includes, among others, our zero-tolerance against discrimination and harassment.
S4-2 – Processes for engaging with consumers and end-users about impacts
The adidas Brand Insights department plays a crucial role in streamlining insights across markets, categories, consumers, and competitors by monitoring, surveying, and tracking consumer behavior. This department comprises the following teams:
Consumer Insights, which focuses on understanding broad consumer behavior through bespoke consumer research with leading agencies in the respective fields, and with the usage of social intelligence tools,
Category Insights, which formulates insights based on the specific needs of our product categories, e.g., Football, Running,
Brand Insights, responsible for delivering insights on marketing effectiveness and overall brand health by conducting regular brand funnel market studies surveys which gather comprehensive consumer data.
To gain consumer insights, we mostly use three types of data sources:
Quantitative (structured) consumer survey data gathered for us from third-party providers (agencies, software-as-a-service (SaaS) providers). We work with agencies in the field that conduct a brand perception and brand health survey in various countries every year. This type of data is collected continuously throughout the year, based on a rigid sampling plan.
Behavioral data from digital data sources from social media platforms and search engines used by our target consumer, such as Instagram, TikTok, Google – this data is sourced via SaaS partners who provide platform access and raw data (dashboards, files, API access). This type of data is always accessible.
Qualitative consumer feedback on products, concepts, ideas, looks, and styles from focus groups, workshops, and in-depth interviews. This data is gathered on an ad hoc basis, depending on the requirements.
We gather data from consumers who buy technical sports products, branded sportswear, and streetwear, with a focus on the Gen Z demographic as well as avid athletes and key opinion leaders in their area of expertise, e.g., outdoor athletes for discussions on trail running shoes, fitness instructors to discuss gym wear.
This multifaceted approach to insights helps us gain diverse and credible perspectives that inform our decisions and activities aimed at managing the impact of our responsible marketing practices on our consumers. These activities are being managed by our Brand Insights team reporting into the SVP Brand Development.
Furthermore, our Brand Partnership Insights department leverages insights through online platforms and panel questionnaires to understand how our partners, such as clubs, athletes, and celebrities are perceived by consumers. We use digital tools and collaborate with agencies that conduct consumer surveys and collect specific data. This allows us to measure various aspects of our partners, including social media performance and brand fit. Additionally, we generate ad hoc reports for specific or special occasions. This comprehensive approach helps us understand the broader impact of our brand partnerships on consumer perception. All insights related to our partners are being managed by the Brand Partnerships Operations, Insights and History Management team reporting into the SVP Brand Partnerships.
Our organization employs a comprehensive approach to assess the effectiveness of our engagement with consumers and end-users. This process includes evaluating brand heat, consumer demand, and other relevant metrics to ensure that our strategies are aligned with consumer expectations and preferences.
In partnership marketing, we follow a structured yearly planning process to determine our development strategies with all our partners. This process involves making informed decisions about (dis)continuing preexisting partnerships or initiating new ones based on a potential partner’s alignment with our brand values and objectives.
The outcomes of our assessments and engagements are documented and reviewed to guide future strategies and decisions. This iterative process helps ensure that our engagement with consumers and end-users remains effective and aligned with our organizational goals.
S4-3 – Processes to remediate negative impacts and channels for consumers and end-users to raise concerns
In general, consumers can lodge complaints about any issues they want to address through various accessible and responsive channels. These channels include:
Contacts provided by national adidas websites, as also detailed by the EU’s General Product Safety Regulation (GPSR)
Direct communication with our Customer Service team and store staff
Specific adidas websites that are open for questions of any kind
adidas complaint system (the customer complaint system adiComp tracks all consumer complaints at point of sales)
adidas Key Account Management (potential consumer complaints on adidas products addressed to our wholesalers are channeled back via the respective account management)
Fair Play webform and hotline (whistleblowing system) – details can be found here: see ESRS G1-1 – Business conduct policies and corporate culture
We track and monitor issues raised and addressed through these various systems to ensure the effectiveness of our channels. This includes our customer service and the adidas complaint system (adiComp), which tracks, captures, and handles 100% of incoming consumer complaints and resolutions. For privacy cases, we use an automated individual rights request tool with KPIs and periodic reporting to monitor and assess its effectiveness. Customer service is tracked by customer service systems and processes, while emails to Global Privacy are handled by the Global Privacy team. Our customer service provider is contractually obligated to handle consumer complaints and requests, with an internal due diligence process overseen by business stakeholders to ensure compliance and effectiveness.
The fact that our consumers actively use these channels and reach out to us directly for support demonstrates their trust in our services. Information on how we protect individuals from retaliation when they use our processes is presented in ESRS G1 – Business Conduct. see ESRS G1-1 – Business conduct policies and corporate culture
Additionally, our Government Affairs team is responsible for handling cases brought forward by NGOs. The team aims to ensure that we engage with stakeholders effectively and address their concerns promptly.
As for our business relationships, we support and require the availability of complaint and feedback channels by focusing on relationship management and accessibility, specifically for key accounts and online communities. This ensures that our partners are equipped to handle consumer complaints and feedback effectively.
By maintaining multiple open channels of communication and continuously improving our processes, we strive to provide effective remedies and uphold our commitment to responsible marketing practices as well as consumer satisfaction and safety. Details on our actions are presented in the following section.
S4-4 – Taking action on material impacts on consumers and end-users, and approaches to managing material risks and pursuing material opportunities related to consumers and end-users, and effectiveness of those actions
The involved departments and teams managing the material impacts and risks in relation to consumers and end-users are mentioned in detail in the section S4-2 – Processes for engaging with consumers and end-users about impacts.
Approaches to manage the privacy risk
To mitigate the risk, we have integrated robust privacy management systems into our business practices. This includes employee training, implementing privacy requirements, adopting security technologies to protect consumer data, as well as conducting audits. By respecting privacy, we not only comply with legal standards but also build consumer trust, which is essential for our long-term success.
Furthermore, privacy-related risks are fully considered in the adidas enterprise risk and opportunity assessment, which sets a standardized approach to identify, evaluate, and handle all relevant risks. To manage such risks, we identify the needed actions by carrying out dedicated impact assessments on projects processing consumer data – in addition to our data protection impact assessment as required by Art. 35 EU GDPR. We furthermore consult applicable local legal requirements. More details can be found in the Risk and Opportunity Report. SEE RISK AND OPPORTUNITY REPORT
Based on the outcome of our assessments, we implement necessary measures to ensure risk mitigation. If we determine that the risks remain high and cannot be mitigated, we do not proceed with the processing to ensure minimal risk exposure. To mitigate our risk, we conduct the above-mentioned data protection impact assessments and implement necessary compliance measures.
We have restrictive system and data access controls in place to ensure that our employees and suppliers access our systems and data only on a need-to-know basis. In addition, we have internal supplier due diligence processes in place to mitigate any negative consumer experiences that may result from our data processing supply chains. We conduct periodic spot checks to determine whether the measures in place remain sufficient, especially if there are changes in the level of risk that could increase the impact on individuals.
The Information Security team, in collaboration with other teams, such as Tech, has dedicated global programs in place – in addition to its regular services – to implement the aforementioned security controls, thereby minimizing the privacy risk:
Cloud Security: The objective of this program and related actions is to implement proactive security measures to identify and mitigate issues before these materialize into a risk event, minimizing business disruption. We aim to develop scalable solutions to manage vulnerabilities and secure our cloud environment. These measures support the implementation of the control framework defined in the Information Security Policy, its supporting standards, and blueprints.
Data Security: The objective is to further develop our framework and governance model for data security, which will lead to improved decision making and the implementation of the required actions to meet control and regulatory requirements, overall aiming at reducing data-related risks. This supports the implementation of the data security controls defined in the Information Security Policy, its supporting standards, and blueprints.
Ransomware Readiness: This project aims at improving current assessments for the most critical assets in order to limit operational damage, loss of revenue, legal or regulatory sanctions and reputational damage to adidas against ransomware extortion. The approach is to further develop technical solutions for immutable backups and a process to restore/recover. The project supports the backup and recovery domain of the control framework as defined in the Information Security Policy, its supporting standards, and blueprints.
Control Assessment: This is an ongoing service to regularly validate the status of the control maturity from both the enterprise and system perspectives. Through this activity, we are able to identify improvement areas for the implemented adidas controls, enabling us to prioritize and implement the needed controls across the organization.
When a personal data breach is reported to the Cyber Security Incident Response team, it is categorized as either a confidentiality breach (unauthorized access, use, or disclosure of confidential information), an integrity breach (unauthorized modification – intentional or unintentional – of information), or an availability breach (accidental loss of access to, or destruction of, information). An analysis is then conducted to determine if the breach is likely to impact personal data and adversely affect individuals, such as consumers. If a potential adverse effect is identified, we take appropriate steps to involve relevant stakeholders and report the breach to authorities, as applicable. We identify corrective actions to address significant compromises or vulnerabilities. These actions are executed by respective stakeholders, such as business or tech teams, to remediate the issues. Follow-up actions are conducted for successful closure and validation, and lessons learned assessments are organized to incorporate learnings to prevent such incidents in the future.
While human error cannot be entirely avoided, we take measures to prevent personal data breaches caused by such errors. We strictly enforce our Fair Play Code of Conduct and our Global Privacy Management Policy, as well as provide continuous training of our employees. Additionally, we conduct quality control of our suppliers to ensure that all adidas employees and representatives process consumers’ personal data appropriately. Furthermore, we continuously improve our data collection and storage processes to ensure data quality and prevent the fraudulent use of personal data. To minimize technical errors, we monitor and control our systems through global and local tests of our information security controls by our Information Security team. These tests validate the effectiveness of our security controls. Moreover, vulnerability assessments, penetration testing, log monitoring, threat intelligence, and security architecture consulting are regularly performed.
Our Data Protection Officer (DPO) reports findings to the Executive Board and necessary stakeholders on a regular basis. The Privacy team also provides input to Internal Audit, which verifies and audits the privacy implementation and its corresponding effects on consumers. In the reporting year, no severe human rights issues or incidents in relation to consumers’ and/or end-users’ privacy rights were reported.
Approaches to manage the health and safety risk
Ensuring compliance with legal requirements and standards for product safety and quality is imperative. Selling defective products or those that fail to meet safety standards can result in consumer injury, recalls, penalties, reputational damage, and loss of market access. The increasing regulatory requirements, particularly in regions like the EU and US, pose additional challenges. These include restrictions on the use of certain chemicals, import regulations, and stringent sustainability claims. To mitigate these risks, we apply company-wide product safety policies and standards that ensure compliance with physical and chemical safety requirements. These policies, developed collaboratively by the Legal and Product Development & Sourcing departments, are regularly updated and supported by training, with compliance monitored and enforced by our sourcing organization.
Our approach is anchored by the adidas Policy for the Control and Monitoring of Hazardous Substances, introduced in 1998. It incorporates strict local requirements and best practices as recommended by consumer organizations. Updated annually and published internally and externally, the policy is mandatory for all business partners and informed by ongoing dialogue with scientific organizations. Compliance is ensured through continuous material testing in our own laboratories and external institutes. Materials that fail to meet our standards and specifications are rejected.
In addition, over the last years, we reinforced our product safety network to monitor compliance across business units, developed safety policies and procedures with a strong focus on business entities that market product safety-sensitive products and launched an internal guidance portal for recall management. Moreover, in 2025 we started the update of our product compliance database, which houses mandatory product documentation such as Certificates of Compliance (COC). This proactive approach ensures that we can respond promptly to regulatory requests and maintain market access for our products.
Finally, our Legal, Social & Environmental Affairs and Government Affairs teams are regularly involved in advocacy efforts. We actively contribute to industry initiatives, such as the AFIRM’s Restricted Substances List, and support the development of best practice tools. In 2025, we strengthened our engagement in public stakeholder consultations with the European Commission and US legislative bodies to help shape practical regulations. To address increasing US state legislation, including EPA requirements for PFAS, we enhanced status sharing with retailers, expanded supplier outreach, and improved tracking functionality.
By ensuring we stay updated about regulatory requirements and maintain the needed framework for the implementation of the adidas Policy for the Control and Monitoring of Hazardous Substances, we ensure that our business remains resilient and responsive to evolving consumer expectations and regulatory demands. As a result of these ongoing efforts, we recorded no product recalls related to health and safety in 2025 (excluding licensed products).
Taking action on the responsible marketing practices impacts
As outlined earlier in this chapter, our marketing practices are a crucial component of our commitment to responsible marketing. In our brand partnership marketing efforts, we strive to ensure that our collaborations and partnerships reflect our brand values and maintain consumer trust. To achieve this, we conduct thorough screenings of potential partners. We take appropriate and proactive measures to safeguard our brand, which may ultimately result in the termination of business relationships, if necessary.
We aim to prevent any negative impact on consumers from the outset through our marketing practices. To both prevent and respond to these impacts, we engage openly with our stakeholders. We provide multiple channels for consumers to lodge complaints or address issues, as presented in the previous section (S4-3 – Processes to remediate negative impacts and channels for consumers and end-users to raise concerns). However, if a negative impact occurs despite our preventive measures, we promptly seek to identify the actions needed to address the impact of our marketing practices, particularly in the areas of discriminative marketing and environmental claims.
In addition, through our Government Affairs team, we maintain relationships with legislative authorities and NGOs to ensure compliance with all relevant regulations and standards. Our diligent monitoring procedures allow us to integrate new requirements into our operations as soon as possible, often before they become legislated.
We take various measures to prevent and mitigate negative effects associated with discriminative marketing, particularly in the area of brand partnership marketing. These measures include:
Social media: We continuously monitor social media to track consumer sentiments and identify potential issues early.
Sentiment analysis: By analyzing consumer sentiments, we gain insights into how our brand and partners are perceived, allowing us to address any negative perceptions promptly.
Partner escalation process: We have established a partner escalation process to manage and resolve any issues that arise with our marketing partners, ensuring that any negative impacts are swiftly addressed.
If a negative impact occurs from brand partnership marketing despite our preventive measures, we tailor our approach to providing or enabling remedies to the specific circumstances of each case. We assess each situation individually to determine the most appropriate actions and measures. We commit to acting promptly and effectively as soon as a case arises, ensuring that we address our material negative impacts on consumers and end-users in a manner that is responsive to the unique circumstances of each situation. For example, in cases involving high-profile partnerships, we evaluate the specific impact and take swift action to address any issues that arise. This may involve direct engagement with the partners, issuing public statements, or implementing other remedial measures to mitigate the impact and uphold our brand integrity. The effectiveness of the implemented actions is monitored through the established channels for engaging with consumers, with insights captured through the use of the different data sources explained in S4-2 – Processes for engaging with consumers and end-users about impacts.
We are committed to addressing environmental claims responsibly and respecting existing and upcoming regulation. If, despite our measures and due diligence, an environmental claim does not meet our stringent standards or is perceived as ambiguous by our consumers, adidas will take corrective action by removing or adjusting the claim, such as revising product descriptions on e-commerce platforms to ensure accuracy and transparency.