Deliberate. Measurable. Governed at Board.

Every A.I. system deployed by the Group, or by a portfolio company under our control, complies with the law of every jurisdiction in which it operates — including, where applicable, Regulation (EU) 2024/1689 (the EU AI Act), the United Kingdom's pro-innovation regulatory framework, and the U.S. NIST AI Risk Management Framework. No system shall be deployed for a purpose prohibited under Article 5 of the EU AI Act.

We commit to four operational disciplines that distinguish credible governance from rhetorical governance. First, an A.I. Use Register is maintained at portfolio level and consolidated at Group level. Second, an A.I. Ethics Review is undertaken before any system is deployed in a high-risk context, signed off in writing by the Chief Legal Officer. Third, third-party A.I. services are procured under written contract addressing intellectual property, data residency, training-data exclusion, indemnity, audit rights and exit. Fourth, no employee shall input personal data, regulated client data, material non-public information or counterparty-confidential data into any A.I. service that has not been approved for that purpose.

Decisions of legal or similarly significant effect upon a natural person — credit, employment, eligibility, material commercial terms — shall not be made solely by automated means without a documented mechanism for human review and the right to contest.

The Group treats personal data as held in trust, not in ownership. Our framework is anchored in the United Kingdom General Data Protection Regulation, the Data Protection Act 2018, Regulation (EU) 2016/679, the Privacy and Electronic Communications Regulations 2003, and the California Consumer Privacy Act of 2018 (as amended by the CPRA), together with the sectoral data-protection law of every jurisdiction in which a Group entity operates.

We maintain, at Group and portfolio level, an Article 30 record of processing, a Data Protection Impact Assessment regime, a Data Subject Rights operational procedure, a documented retention schedule, and a Personal Data Breach response plan that meets the seventy-two hour notification standard. The Group commits to SOC 2 Type II attestation within twelve months of the date of this Charter and ISO/IEC 27001 certification within eighteen.

The Group will not sell personal data, will not engage in cross-context behavioural advertising, will not deploy biometric identification in publicly accessible spaces save where lawfully permitted and proportionate, and will not develop A.I. systems whose principal function is the social scoring of natural persons.

Our ESG framework is aligned to the recommendations of the Task Force on Climate-related Financial Disclosures, to the standards of the International Sustainability Standards Board (IFRS S1 and IFRS S2), to the Sustainable Finance Disclosure Regulation where applicable, and to the United Nations Guiding Principles on Business and Human Rights.

Environmental. The Group commits to measuring, disclosing and progressively reducing Scope 1, Scope 2 and (where reasonably ascertainable) Scope 3 greenhouse-gas emissions across head-office operations and every controlled portfolio company, with a baseline established no later than the close of the first full financial year following acquisition, and a long-term ambition of a net-zero footprint across controlled operations by no later than 2040.

Social. Protection of human rights consistent with the Modern Slavery Act 2015; fair pay at no less than the relevant statutory minimum, with progress towards the Real Living Wage where commercially feasible; diversity of board and senior leadership composition, measured and reported; and safe, lawful, dignified working conditions across acquired entities.

Governance. The Group operates under a multi-committee structure — Executive, Investment, Audit & Risk, Nomination & Remuneration, ESG & A.I. Ethics, and Conflicts & Compliance — each governed by a written charter, and aligns its disclosures with the Wates Corporate Governance Principles for Large Private Companies.