Explore our ESG Policy

ESG Policy (version updated in 2025)

Download the ESG Policy Update PDF file size : 8 MB

Our Governance priorities

Priority G | Foster a diverse and accountable governance

Priority six

Objective 11 |

Maintain best-in-class corporate governance

Capgemini current management and governance structure, in place since 2020, enables us to write the next chapter in our history with passion, energy, and a continued focus on responsible and multicultural global leadership.

  • The Board of Directors

    The Board of Directors determines Capgemini’s strategies and decides on major issues related to the functioning and future of our organization.

    It takes appropriate measures to nurture a constructive dialogue with shareholders and other stakeholders, and it has the responsibility of monitoring and safeguarding our assets by managing the Group risks, including ESG risks. It appoints the Executive Corporate Officers responsible for implementing this strategy, approves the financial statements, convenes the Shareholders’ meeting, and proposes the annual dividend. It sets the Chief Executive Officer’s compensation aligned with best practices and determined according to clear and quantifiable criteria. This reflects our strategic focus on long-term sustainable growth, with variable and long-term compensation linked in part to CSR criteria.

  • The Group Executive Board

    The Group Executive Board facilitates the conduct of the Group’s operations and takes the necessary measures, notably with regard to the setting of quantitative objectives and appointing and assessing the performance of executives with a wide range of responsibilities.

    The GEB defines the broad strategies and actions to be submitted to the Group Executive Committee for approval and ensures their implementation by the major business units.

  • The Group Executive Committee

    The Group Executive Committee helps define Capgemini’s principal direction. It sets major strategic priorities, and the associated action plans. It ensures that these plans are effectively implemented at the operational level. We progressively increase the female and international representation and the Group’s long-term objective is to achieve the same percentage of women in the Executive Committee as in the Group’s headcount.

    We foster responsible behaviors in our daily business practices with specific policies and programs covering:

    • the fight against corruption and money laundering in line with our commitment to zero tolerance of corruption. The Group Anti-Corruption Policy also reiterates our long-standing rule that strictly prohibits contributions to political organizations,
    • fair competition,
    • compliance with export and import trade control laws, including sanctions and embargoes, in all countries in which we operate, and
    • a responsible, reasonable and coherent approach to our tax obligations, suited to our activities.

    We have defined clear guidelines and responsibilities. These are supported by oversight and risk management systems.

 

 

Priority H |  Value responsible business practices across the value chain

Objective 12 |

By 2030, suppliers covering 80% of the purchase amount of the previous year will have committed to our ESG standards

Since 2015, we have built a robust supplier base and strengthened long-term relations with strategic trading partners to create value.

The Supplier Relationship Management program enables Capgemini and its strategic suppliers to align their roadmaps, optimize operational performance, encourage co-innovation, positively affect the total cost of ownership and keep risks under control, including ethical risks. This requires organization, clear communication plans and regular performance reviews covering all aspects of the commercial relationship to be fully aligned. It fosters trust at decision-making level and ensures better cooperation in achieving shared objectives.

Following the ESG Risk Mapping exercise conducted in 2023, Capgemini started in 2024 to assess and monitor its top suppliers’ ESG performance via a third-party supplier ESG assessment. This will allow Capgemini to identify potential weaknesses and discuss action plans with suppliers, to ensure our supply chain ESG risk mitigation performance is optimized, and its impacts minimized.

Our Supplier Standards of Conduct sets the minimum commitment Capgemini expects from its suppliers with regards to ESG challenges, including environment, human rights, labor rights and modern-day slavery, and compliance with international, national and local law. It also outlines the obligation of our suppliers to conduct their business with the highest standards of integrity, avoiding all forms of corruption, bribery, extortion or embezzlement, and unfair business practices.

  • All Capgemini suppliers are expected to adhere to our Supplier Standards of Conduct with no exception, and regardless of the type and value of the business we do together.
  • In 2023, Capgemini introduced the Capgemini Supply Chain ESG Pledge which is a joint commitment, both for Capgemini and its suppliers. The Pledge aims at creating strong supplier engagement and to support the achievement of Capgemini ESG targets to tackle climate change and other ESG challenges. In this joint commitment, ESG fundamentals are defined, and the suppliers can also define their own voluntary targets, plans and strategies to drive change in their businesses and supply chains to accomplish those objectives. It also encourages suppliers to go beyond assessment and reporting, to transformations that generate value in the process.
  • Over time, the Pledge will address each and every ESG challenge where transformation of the supply chain is needed. It requires suppliers to commit to achieving targets that have become de facto industry standards and that offer suppliers the opportunity to voluntarily commit to those additional tangible and measurable results.

 

 

Priority I | Protect and secure data, infrastructure and identity

Priority eight

Objective 13 |

Embed data protection into our culture, operations and clients’ delivery

Objective 14 |

Be recognized as a front leader on cybersecurity

As a leader in the digital industry, we take seriously our responsibility to create a trusted environment across our entire ecosystem. We believe that a comprehensive and constantly improving cybersecurity and data protection model will foster an increasingly valuable, yet elusive, asset: digital trust.

Hence, we have adopted Binding Corporate Rules (BCR) as our global data protection policy. Capgemini EU Binding Corporate Rules (EU BCR) for Controller & Processor activities were initially approved by the European Data Protection Authorities in March 2016. They were subsequently updated in January 2019 to comply with the General Data Protection Regulation (GDPR) and in April 2023 in light of the so-called Schrems II decision. BCR are updated from time to time to comply with any new requirement from the Data Protection Authorities.

  • These BCR apply to all personal data processed within Capgemini, where Capgemini is acting as Controller or as Processor.
    In practice,

    • acting as Controller, Capgemini mainly processes the personal data of its employees and business contacts. The purposes of such processing are related to human resources, internal and external communication, marketing, compliance, etc.
    • acting as processor, Capgemini processes personal data on behalf of its clients acting as controllers and according to their instructions while delivering a wide array of services to its clients.

    Since it is essential to continuously train employees in data protection to build digital confidence, our data protection training is mandatory for all employees upon their onboarding, and they are required to take it again at regular intervals.

    These BCR are implemented by a robust network of certified Data Protection Officers across the countries and regions where we operate.

    Capgemini’s privacy by design approach has helped the Group ensure full transparency on how we process personal data. This also enables further monitoring and ensures that Capgemini does not process personal data for purposes other than those for which it initially collected the data, without having a valid legal basis and informing data subjects accordingly. Self-assessment and independent controls are managed at different levels and are designed to assess the different dimensions of our activities both as Controllers and Processors. Capgemini also rolls out an extensive audit campaign.

    We are also committed to protecting all data entrusted to us and defending our business against cyberattacks.

    Our board-sponsored cybersecurity strategy, in place since 2014, is focused on: managing internal and external threats; establishing trust mechanisms within our ecosystem and across our organization; and complying with legal requirements and security standards (with ISO 27001 as a baseline).

    Our cybersecurity and data protection teams enforce data breach and security incident management policies and ensure effective implementation of data, infrastructure, and identity protection obligations. This includes mandatory training programs for colleagues on how preventing and responding to data breaches and incidents.

    Internal cybersecurity and data protection communities are a critical component of our operating model that work together on protecting our company, employees, and clients. The cybersecurity community includes the Group Cybersecurity Officer and team, and Chief Information Security Officers in all global business lines, business units, and countries.

    Our Computer Emergency Response Team (CERT) collaborates with our Security Operations Center (SOC) teams to establish detection rules, and coordinate responses in line with an established framework.

 

 

Related Documents

Foster a diverse and accountable governance

Value responsible business practices across the value chain

Protect and secure data, infrastructure, and identity