Corruption in global supply chains is rarely visible, but its consequences are far-reaching. It distorts competition, hides environmental and social violations, and undermines trust in the systems meant to ensure responsible production.
In the IT industry, where complex global networks and high-risk regions are common, preventing bribery is not just a matter of policies – it requires structured, verifiable systems that work in practice.
Executive Summary
TCO Certified has progressively strengthened its approach to anti-bribery management in the IT supply chain by introducing an evolving, independently verified Anti-Bribery Management System (ABMS) framework in 2018. Since then, this framework has shifted from basic policies to requiring a fully structured Anti-Bribery Management System (ABMS), aligned with ISO 37001. With TCO Certified, generation 10, full alignment with all 20 core requirements is required for all brand owners from 2026.
An analysis of 30 brand owners from 2021 to 2025 shows the following:
INTRODUCTION
Bribery in the IT supply chain: a hidden but costly risk
Bribery and corruption are risks that purchasers rarely see directly, but their consequences can affect the entire supply chain – disrupting fair competition, transparency and reputation.
Bribery can take many forms and occur throughout the process: distorting supplier selection, influencing audit outcomes, concealing labor violations, and undermining environmental compliance. In global manufacturing networks where production often takes place in regions with higher governance risks, these issues can be difficult to detect and even harder to control.
The limits of a policy-only approach
Before anti-bribery criteria were introduced in TCO Certified in 2018, most industry efforts focused on basic measures, such as policies, training, and whistleblowing hotlines. These isolated activities often lacked coordination, independent oversight, or clear accountability.
As a result, anti-bribery efforts varied widely between organizations. Some companies invested in stronger controls, while others relied on minimal compliance measures. Without a common baseline, corruption risks were not scrutinized equally across organizations, allowing weaker controls to persist in parts of the supply chain. This increased the likelihood that bribery would go undetected and exposed companies to reputational, legal and operational risks.
Building a structured framework
To close these gaps, TCO Certified introduced a framework of anti-bribery criteria and independent verification for all brand owners with certified products, beginning in 2018.
The framework is designed to evaluate and guide brand owners in implementing the essential elements of an effective anti-bribery system, including governance oversight, risk assessment, controls, reporting mechanisms, and independent review. At the same time, it provides a practical and credible way for organizations to demonstrate robust anti-bribery management while ensuring that systems are not static, but continuously reviewed and improved as risks evolve.
Requirements have strengthened progressively over three generations, moving the industry from basic policies to a fully structured anti-bribery management system (ABMS) aligned with internationally recognized standards:
OUTCOMES
Measuring progress among 30 IT brand owners, 2021–2025
To assess the impact of these requirements, we conducted an analysis of anti-bribery progress among 30 brand owners with products certified under TCO Certified. The analysis is based on the annual reviews completed between 2021 and 2025, assessing alignment and progress across the 20 core requirements of the ABMS.
Results are presented across three dimensions: areas with the highest levels of alignment, areas showing the greatest improvement, and areas where alignment remains lowest and requires further development.
Key Finding 1: Areas with the highest alignment
From the first annual review in 2021 through to 2025, the following requirements showed the highest levels of alignment among the 30 brand owners assessed.
These areas represent foundational elements of an anti-bribery management system that were largely in place from the outset.
Anti-Bribery Policy
A formally documented policy prohibiting bribery, applying across the organization and its controlled subsidiaries.
Roles and Responsibilities
Clearly defined and communicated responsibilities for the ABMS within the organization.
Awareness and Training
Structured anti-bribery training ensuring personnel understand bribery risks, their responsibilities, and the consequences of non-compliance.
Policy Communication
Proactive communication of the anti-bribery policy to relevant internal and external stakeholders.
Interpretation
These results indicate that most brand owners had already established the fundamental building blocks of an anti-bribery management system – including formal policies, defined responsibilities, and basic training and communication structures – before the stricter requirements of generation 10 came into effect. Improvements over time have been incremental, reflecting refinement rather than major structural change.
Key Finding 2: Areas with the greatest improvement
The following requirements showed the greatest improvement between the first annual review in 2021 and the latest in 2025, in the number of brand owners fully aligned.
These areas represent where brand owners have moved from partial or inconsistent implementation to more structured, mature anti-bribery management systems.
Governance Oversight
Independent oversight of the ABMS at governing body level, separate from day-to-day operational management.
Internal Audit
Independent internal audits of the ABMS at planned intervals to assess conformity and effective implementation.
Non-conformity and Corrective Action
Structured processes for responding to identified weaknesses in the ABMS, including corrective and preventive actions.
Business Partner Risk Classification
A structured process to identify and classify bribery risks posed by business partners, both prior to and during the business relationship.
Interpretation
These results highlight significant progress in embedding anti-bribery systems into core business operations. The greatest improvements are seen in areas that require ongoing management processes rather than one-time implementation, such as leadership oversight, internal audit, and corrective action mechanisms.
Notably, substantial gains in business partner risk classification indicate that more brand owners are increasing their focus on managing bribery risks within their supply chains. This reflects a shift from internal policy alignment toward more comprehensive, risk-based management of business relationships.
At the same time, despite great improvement, some of these areas have not yet reached full alignment across all brand owners. In particular, internal audit and business partner risk classification remain below full compliance, indicating that further effort is needed to achieve consistent implementation across all organizations ahead of the 2026 requirement.
Key Finding 3: Areas with the highest remaining gaps in alignment
The following requirements show the lowest levels of alignment in the most recent annual review (2025), highlighting where brand owners continue to face challenges and where further development is needed.
Due Diligence for High-Risk Roles
Appropriate screening of employees in roles with higher bribery risk, such as sales, procurement, and executive leadership.
Anti-Bribery Awareness and Training for Business Partners
Extending anti-bribery expectations and appropriate awareness or training to business partners acting on behalf of the organization.
Enhanced Due Diligence and Risk Mitigation
Applying proportionate controls and monitoring to business partners identified as posing an above-low bribery risk.
Interpretation
These results indicate that while progress has been made, these areas remain less consistently implemented across brand owners. The common challenge lies in extending anti-bribery controls beyond core internal structures to more complex and resource-intensive areas, such as enhanced due diligence and engagement with business partners.
This suggests that remaining gaps are primarily linked to operationalizing anti-bribery measures in higher-risk contexts, particularly within supply chain relationships. Continued focus on these areas will be essential to achieve full alignment ahead of the 2026 requirement.
Conclusion
Taken together, the results show a clear pattern of progress. Foundational elements – policies, defined responsibilities, training and communication – were largely in place from the outset and have been refined over time. The greatest gains have been made in areas requiring ongoing management, such as governance oversight, internal audit, and corrective action. Where gaps remain, they are concentrated in higher-risk, more resource-intensive areas that extend beyond internal structures into supply chain relationships.
This pattern reflects the nature of building an effective anti-bribery system: the structural foundations come first, followed by the harder work of operationalizing controls across complex, external relationships. The progress demonstrated over four years shows that the framework is working – and points clearly to where further effort is needed.
FUTURE
Greater accountability through annual independent reviews
A key feature of TCO Certified is that anti-bribery systems are not assessed once and then forgotten. Brand owners must undergo annual independent verification of their ABMS, both as they work toward full alignment and once full alignment has been achieved.
The annual review process ensures that:
This continuous process helps prevent anti-bribery management systems from becoming a checkbox exercise, and ensures accountability over time.
What this means for purchasers
For IT buyers, the anti-bribery requirements in TCO Certified provide additional assurance that brand owners with certified products are operating in line with an internationally recognized anti-bribery management system. This standardized approach supports fair competition, improves consistency in business practices, and strengthens accountability across the industry.
The annual independent review strengthens confidence that:
In practice, the structured requirements and independent verification built into TCO Certified ensure that participating brands operate anti-bribery systems that align with the systematic approach of ISO 37001, are independently reviewed on a recurring basis rather than self-declared, and demonstrate accountability over time.
Importantly, this system is already embedded in TCO Certified. By specifying certified products in procurement, IT buyers automatically activate these requirements, driving greater transparency and accountability in the supply chains of certified products. Together, these measures help reduce corruption risks and promote fair competition across the IT industry.
What’s next?
As a final step toward full alignment, TCO Certified has strengthened expectations to ensure that all remaining gaps are systematically addressed – not only to identify risks, but to prevent bribery before it occurs.
From 2026, full alignment with all 20 core requirements is required for all brand owners with products certified to TCO Certified, generation 10 – demonstrating not only implementation, but the effective operation and continuous improvement of their anti-bribery management systems.
This helps each brand owner ensure a fully aligned anti-bribery management system that includes:
End note
By establishing a clear common baseline, TCO Certified ensures that all brand owners are held to the same expectations for governance, risk assessment, controls, and monitoring. It removes ambiguity around what constitutes an adequate anti-bribery system, closes gaps where risks might otherwise go unmanaged, and creates a level playing field where responsible suppliers are not disadvantaged.
The progress demonstrated over the past four years shows that this approach is both achievable and effective. Through TCO Certified, anti-bribery management has moved from self-declaration to an independently verified practice – setting a new standard of accountability for the IT industry.
What is ISO 37001?
ISO 37001 is an international standard for an Anti-Bribery Management System (ABMS) that provides requirements and guidance for organizations to prevent, detect, and respond to bribery, promoting integrity and transparency across all sectors. It helps companies establish policies, controls, and processes to combat corruption, demonstrating ethical leadership and building stakeholder trust. The measures in ISO 37001 cover:
- Bribery by the organization, its personnel, or business associates.
- Bribery of the organization or its personnel.
- Direct and indirect bribery (through third parties).
