Supply chain and third parties The appropriate due diligence procedures must be completed before any We seek to work with third parties that share our values and new third party will be authorized to work with GXO and performed regularly commitment to doing business the right way. We hold our depending on the level of risk as defined in the policy. All suppliers are suppliers, partners and other third parties to the same high subject to standard due diligence, with enhanced due diligence based on risk standards that we hold ourselves. assessment. Approvals for certain higher-risk third parties require management and Board review. GXO’s Third Party Due Diligence process is designed To support implementation of the policy, team members receive training related to detect and prevent risks, including those related to to managing third-party risks tailored to role and responsibilities, as outlined in anticorruption and trade compliance. This process applies our broader risk management framework and processes. to any relationship with a third party, which includes but is not limited to vendors, customers, agents, contractors and Looking forward, we are seeking new opportunities to engage our suppliers to consultants. The policy is managed by the Chief Compliance work toward shared ESG priorities and goals. For example, we are expanding and ESG Officer with oversight from the Audit Committee our Supplier Code of Conduct, which clearly communicates the expectations and support of diverse executive committees, including the we have of our suppliers and subcontractors regarding, among other issues, Global Risk Committee. The Ethics and Compliance team human rights, working conditions, health and safety, the environment, trade monitors compliance with this process, which is subject to compliance, anticorruption and business ethics. review by internal audit. GXO’s due diligence process is risk-based and is informed of our suppliers are by the expectations of applicable regulatory authorities By the numbers subject to standard and internal risk assessments and mapping. For example, 100% third-party due diligence we mapped specific risks across our supply chain as part our Duty of Vigilance Plan, required under French law. This included identifying the main risks not only within our operations and wider industry, but also those of our suppliers. Learn more about how we do what we do We’ve developed several due diligence initiatives related Code of Conflict of to this commitment, which vary according to a number of Business Ethics Interest Policy risk factors, including the country in which, for example, suppliers provide goods and services to GXO, and according to the categories of partners. We pay particular attention to Third-Party Read our countries exposed to elevated levels of potential corruption Due Diligence policies and to the agency partners who supply certain of our workers, among other factors. 7474 || 2200221 E1 ESG RSG Reeppoorrtt ©©2200222 G2 GXXO LO Looggiissiittccss, I, Inncc.. HOME E S G HOME E S G