Supplier Code of Conduct

LAST REVISED NOVEMBER 13, 2025

1. Introduction

Claroty is a worldwide leader in developing and providing cybersecurity solutions to corporate enterprises around the world. Claroty is committed to the highest standards of integrity, ethical business and conduct practices, safe working conditions, and social responsibility. It is Claroty’s policy to comply with all applicable laws and regulations of the countries and regions in which we operate and to conduct our business activities in an honest and ethical manner, and we hold our Suppliers to the same high ethical standards. Claroty expects its Suppliers to conduct business responsibly, with integrity, honesty, and transparency, and to adhere to the principles included in this Supplier Code of Conduct ("Code"). This Code outlines our expectations regarding ethics, data privacy, inclusion, human rights, safety, and environmental sustainability. Suppliers must comply with this Code and all applicable laws and regulations in their operating regions. Suppliers must also ensure that their own suppliers, subcontractors, and agents adhere to equivalent standards.

2. Standards, Ethics, and Integrity

Claroty expects Suppliers to uphold the highest ethical standards in all business dealings and act with integrity, honesty, transparency and open communication.

2.1. Business Integrity

Suppliers shall not practice or tolerate any forms of corruption, extortion or embezzlement. Suppliers are obligated to implement monitoring and enforcement procedures to ensure conformance. Suppliers must comply with all applicable anti-bribery and anti-corruption laws, including but not limited to the U.S. Foreign Corrupt Practices Act and the UK Bribery Act. Bribes. Suppliers must conduct business with integrity, honesty, and transparency. They must not engage in any deceptive, fraudulent, or unethical practices. All business dealings should be transparently performed and accurately reflected on Supplier's business books and records.

2.2. Anti-Bribery and Anti-Corruption

All suppliers, employees, and individuals representing Claroty have a strict responsibility to avoid bribery and corruption. They must never promise, offer, authorize, direct, give, or accept anything of value, directly or indirectly (including through associates), to obtain or retain business, direct business, or secure any improper benefit. This encompasses items such as gifts, gratuities, favors, entertainment, and travel. Offering or receiving kickbacks and making facilitation payments are also strictly forbidden. This rule applies to interactions with government officials, political organizations, state-controlled entities, and personnel of commercial customers or suppliers. Suppliers are prohibited from offering or accepting any gift, favor, or hospitality intended to gain an unfair business advantage. Additionally, no gifts or courtesies may be accepted by Claroty employees from Supplier seeking our business. Notwithstanding the foregoing, Claroty employees may accept a marketing item of nominal value (less than $25) displaying the Supplier's trademark or logo (e.g., cups, pens, t-shirts) under specific circumstances. These circumstances are that the employee is not primarily responsible for sourcing, procurement, or contracting the related goods or services. Furthermore, reasonable customer appreciation business events are also permitted, provided they do not take place while a contract is being negotiated or renewed.

2.3. Compliance with Laws

Suppliers must comply with all applicable state, national, and international laws, rules, and regulations in the countries where they operate. This includes, but is not limited to, laws relating to labor, health and safety, environmental protection, anti-corruption, data protection, and fair competition. Where local laws are less restrictive than this Code, suppliers must adhere to the Code, even if their conduct would otherwise be legal. On the other hand, where the applicable law is more restrictive than the principles outlined in this Code, the applicable legal standard shall apply. Suppliers are expected to maintain awareness of and comply with all applicable laws and regulations. Supplier is required to comply with all applicable import and export laws and regulations or any international trade laws.

2.4. Fair Business, Advertising and Competition

Suppliers shall uphold all standards of fair business, advertising, and competition, complying with all applicable laws and regulations, including antitrust and competition laws. Any conduct that may harm competition and fair trading, such as price-fixing, bid-rigging, or other anti-competitive practices, must be avoided. All advertising should be legal, truthful, and not misleading.

2.5. Conflict of Interest

Suppliers must avoid any conflicts of interest and perform services for the sole benefit of our organization. Suppliers are expected to disclose any potential conflicts of interest, whether actual or perceived, to our organization in a timely manner. This includes any situation where a supplier's personal or financial interests may influence their ability to act in the best interest of our organization.

2.6. Fraud and Money Laundering

Supplier shall act in accordance with all applicable international standards and laws on fraud and money laundering. Suppliers must have controls in place to detect and prevent fraud, and must not participate in any activities that facilitate money laundering.

2.7. Disclosure of Information

Suppliers must disclose information regarding their business activities, structure, financial situation, and performance in accordance with applicable laws and regulations. Falsification of records or misrepresentation of conditions or practices are unacceptable. Suppliers must maintain accurate and complete records.

3. Data Privacy and Security

Claroty requires its Suppliers to ensure the confidentiality, and security of all data.

Supplier must abide by applicable data privacy laws and regulations in relation to the collection, processing, use, and storage of Personal Data. Supplier shall keep any Personal Data strictly confidential and shall share it only with those who have a legal right or legitimate business need to know. "Personal Data" means any data or information that relates to a living individual who can be identified from that data.

Supplier that has responded to Claroty’s Information Security questionnaire represents and warrants that all provided answers will remain valid and in effect throughout its engagement with Claroty. Suppliers shall remain informed of these regulations and standards updates and adapt their practices accordingly. The Supplier shall be fully liable to Claroty for any breach of this representation and warranty. Supplier must implement technical and organizational measures to ensure data security and prevent unauthorized access or data breaches. The supplier shall notify Claroty of any personal data breach without undue delay.

4. Artificial Intelligence

4.1. Artificial Intelligence Innovation

Suppliers are embracing Artificial Intelligence (AI) to transform how they develop products, streamline operations, and engage with their customers, including Claroty. While AI offers exciting opportunities to augment human capabilities and drive innovation, Supplier has a responsibility to Act with Integrity and to foster a culture that ensures the use of AI within Claroty is aligned to our core values and upholds our principles. Therefore, it is essential to verify any AI-generated outcomes independently and not rely solely on automated results . This way, you play your part in preventing harmful or unfair outcomes, and that decisions made with human intervention and oversight. Transparency and accountability are fundamental to our responsible AI practices

4.2. Prohibited Use of AI

Supplier shall have no right to, and shall not, either itself or through any third party: (1) make any of Claroty’s confidential information and data available in any other way, or through any other company or third party applications, except as specifically authorized by Claroty in writing; (2) alter, warehouse, or store Claroty confidential information and/or data except as explicitly authorized by Claroty in writing; (3) use any part of the Claroty confidential information and/or data or any derivatives or residuals thereof in or with third party generative artificial intelligence technology (such as, but not limited to, ChatGPT and Gemini for Google Workspace), including, without limitation, to train, ground, prompt, or tune large language models (LLMs), foundation models or other generative artificial intelligence technology.

5. Confidentiality and Intellectual Property

5.1. Proprietary Information

Suppliers and their personnel or representatives are obligated to respect any proprietary rights they may encounter and shall not utilize them beyond the provision of services to Claroty.

5.2. Confidentiality and Information Protection

Suppliers must maintain the confidentiality of all information belonging to our organization and its partners, including but not limited to proprietary information, trade secrets, business plans, customer data, and financial information. Suppliers must establish and maintain reasonable and appropriate security measures to safeguard this information and prevent its unauthorized access, use, or disclosure. Any disclosure must be properly authorized, in connection with a clearly defined legitimate business need, and subject to a written confidentiality agreement.

5.3. Intellectual Property

Suppliers shall respect intellectual property rights, including patents, trademarks, copyrights, and trade secrets. Unauthorized use, reproduction, or distribution of intellectual property is prohibited. Transfer of technology and know-how must protect intellectual property rights. Suppliers shall acknowledge that they are the rightful owners of the proprietary and intellectual property rights related to the services rendered by them to Claroty.

6. Labor and Human Rights

6.1. Employment Standards

Suppliers must comply with all applicable wage and hour laws and regulations, including those related to minimum wage, overtime pay, and working hours. Suppliers should ensure humane and productive working conditions, including reasonable working hours and overtime, and provide employees with all legally required benefits.

6.2. Child Labor

Suppliers must not use any form of child labor and must comply with all child labor laws. The minimum age for employment shall be 15 years, or the applicable legal age, or the age of completion of compulsory education, whichever is higher. Suppliers must have robust age verification mechanisms in place. Suppliers must comply with these standards, all applicable laws and regulations, and all relevant International Labor Organization (ILO) standards. Following ILO guidance, suppliers shall never allow younger workers to perform hazardous work or work that could interfere with their education or vocational training.

6.3. Forced Labor

Suppliers shall not use forced, indentured, involuntary, or slave labor, or engage in human trafficking. Suppliers must ensure that all work is voluntary, and that employees are free to leave their employment at any time. Suppliers must not hold employees’ identity documents, and workers should not be required to pay fees or make deposits as a condition of employment.

6.4. Non-Discrimination and Equal Opportunity

Suppliers must provide equal opportunities and treatment to all employees, regardless of race, color, gender, religion, nationality, sexual orientation, age, disability, or any other protected status. Discrimination or harassment of any kind, whether verbal, physical, or otherwise, is prohibited.

6.5. Fair Treatment

Suppliers must treat employees fairly, with respect to wages, working hours, and benefits. Harsh or inhumane treatment, including any form of abuse, corporal punishment, or harassment, is prohibited

6.6. Freedom of Association

Suppliers shall allow employees to associate with others, form or join organizations of their choice, and bargain collectively without interference or harassment, in accordance with local laws.

6.7. Anti-Harassment and Abuse

Supplier shall commit to a workplace free of harassment and abuse. Supplier shall not threaten workers with, or subject them to, harsh or inhumane treatment, including but not limited to, verbal abuse and harassment, mental and physical correction and sexual harassment. We take allegations of harassment and abusive behavior very seriously and take severe actions against anyone harassing another in the workplace.

6.8. Violence Free

Claroty has a zero-tolerance policy for threats or violence of any kind, including physical violence, intimidation, or coercion. Weapons are also strictly prohibited for anyone conducting Claroty business, regardless of location (onsite, off-site, or while traveling).

6.9. Whistleblower Protection and Anonymous Complaints

Suppliers shall maintain an anonymous mechanism for managers and workers to report workplace grievances. Furthermore, the Supplier is obligated to protect the confidentiality of individuals who report concerns (whistleblowers) and must prohibit any form of retaliation against them.

7. Health and Safety

7.1. Health and Safety

Suppliers must provide a safe and healthy working environment for their employees, visitors, and anyone who may be affected by their operations. Suppliers should promote best practices in occupational health and safety and continuously work to improve safety performance.

7.2. Emergency Preparedness

Supplier shall identify and assess potential emergency situations. For each situation, Supplier shall develop and implement emergency plans and response procedures that minimize harm to life, environment, and property.

7.3. Occupational Injury or Illness

Procedures and systems are to be in place to prevent, manage, track and report occupational injury and illness, including provisions to: a) encourage worker reporting; b) classify and record injury and illness cases; c) provide necessary medical treatment; d) investigate cases and implement corrective actions to eliminate their causes; and e) facilitate return of workers to work.

7.4. Industrial Hygiene

Worker exposure to chemical, biological and physical agents is to be identified, evaluated, and controlled. Engineering or administrative controls must be used to control overexposures. When hazards cannot be adequately controlled by such means, worker health is to be protected by appropriate personal protective equipment programs

7.5. Sanitation, Food, and Housing

Supplier shall provide workers with reasonably accessible and clean toilet facilities and potable water. Supplier shall provide sanitary dining, food preparation, and storage facilities.

7.6. Physically Demanding Work

Supplier should have in place procedures and systems to identify, evaluate and control worker exposure to the hazards of physically demanding tasks.

7.7. Machine Safeguarding

Production and other machinery shall be evaluated for safety hazards. Where machinery presents an injury hazard to workers, measures must be taken to install safety precautions on the equipment. This equipment must be properly monitored and maintained.

8. Environment

8.1. Environmental Protection

Suppliers are expected to conduct their operations in a way that minimizes the impact on natural resources and protects the environment. Suppliers must comply with all environmental laws and regulations related to air emissions, water discharges, toxic substances, hazardous waste disposal, and other environmental matters. Suppliers should strive to reduce their environmental footprint, conserve resources, and promote sustainability.

8.2. Environment Permits and Reporting

Supplier shall obtain, keep current, and comply with all required environmental permits, approvals, licenses and registrations required by applicable laws and regulations. Supplier shall comply with the reporting requirements of applicable permits and regulations.

8.3. Pollution Prevention and Resource Reduction

Supplier shall reduce energy, water, and natural resource consumption and waste by implementing conservation and substitution measures. Supplier shall minimize the use and consumption of hazardous substances by implementing reduction and substitution measures.

8.4. Hazardous Substance Management

Suppliers are responsible for implementing a systematic approach to identify, manage, reduce, and ensure the responsible disposal or recycling of hazardous substances. Furthermore, any chemicals or materials that could pose an environmental hazard if released must be identified and managed to ensure their safe handling, movement, storage, recycling or reuse, and environmentally sound disposal.

8.5. Materials Restrictions

Supplier must adhere and comply with all applicable laws, regulations and customer requirements regarding prohibition or restriction of specific substances, including labeling and recycling and disposal.

9. Responsible Sourcing of Materials

9.1. Conflict-Free Minerals

Suppliers are required to eliminate the use of conflict minerals. Suppliers must exercise due diligence on the source and chain of custody of minerals, particularly tin, tantalum, tungsten, and gold, to ensure they do not directly or indirectly finance or benefit armed groups in conflict-affected and high-risk areas, as defined in applicable laws, including the Dodd-Frank Act. Suppliers are expected to provide reports and declarations on the sourcing of materials, and cooperate with our organization's efforts to ensure a conflict-free supply chain.

10. Monitoring and Enforcement

10.1. Compliance and Monitoring

Suppliers are responsible for self-monitoring their compliance with this Code and all applicable laws. Claroty reserves the right to audit and monitor the supplier's compliance with this Code, including conducting on-site inspections, reviewing records, and interviewing employees. Suppliers are expected to cooperate fully with any such audits.

10.2. Reporting Concerns

Suppliers must provide accessible and confidential channels, such as a hotline or email address, for workers to report workplace grievances, violations of this Code, or illegal or unethical conduct. Suppliers shall protect whistleblower confidentiality and prohibit any form of retaliation against those who report concerns in good faith. Suppliers are required to promptly investigate and address any reported concerns, and to take corrective action as necessary.

10.3. Consequences of Non-Compliance

Violation of this Code may result in remedial action, up to and including termination of the business relationship. Claroty reserves the right to terminate any agreement and/or contracts with a Supplier who fails to comply with this Code, or who fails to take corrective action to address any noncompliance.

10.4. Risk Assessment and Management

Supplier shall develop and maintain a process to identify labor and human rights, health and safety, environmental, business ethics and legal compliance risks associated with its activities, and implement appropriate procedures to control the identified risks.

11. Management Commitment and Continuous Improvement

11.1. Management Commitment

Suppliers must demonstrate a commitment to the principles of this Code by establishing and maintaining an effective management system to ensure compliance. This includes assigning responsibility for compliance, providing adequate resources, and training employees on the Code and related policies.

11.2. Continuous Improvement

Suppliers are expected to continuously improve their performance with respect to the standards outlined in this Code. This includes setting goals, tracking progress, and implementing corrective and preventive actions to address any deficiencies.

11.3. Documentation and Records

Supplier shall have processes and controls to ensure accurate books and records, and creation and maintenance of documents and records to ensure regulatory compliance and conformity to company requirements and this Supplier Code along with appropriate confidentiality to protect privacy.

11.4. Reasonable Assistance and Cooperation

Supplier must complete all Supplier due diligence activities when requested, and provide reasonable assistance to any investigation.

12. Contact Information for Reporting/Raising Claims

For proper disclosure, reporting, and consultation regarding any inquiries related to the Suppliers’ Code of Conduct, please direct your communications to tim.h@claroty.com. Alternatively, you may contact our Legal Department, at legal@claroty.com. Claroty is dedicated to preserving the confidentiality of individuals and will offer protection and support, within reasonable limits, to any person who, in good faith, reports a violation of applicable laws, regulations, or Claroty's standards, or who seeks guidance.