GN has implemented several policies, actions, and targets for managing product safety and data privacy related risks. As data privacy and product safety are strictly regulated by international and local laws, targets are mainly determined based on these regulations. Given the compliance-based nature of IROs, GN has not directly engaged with consumers and end-users when setting targets, tracking performance, or when identifying lessons learnt.

We have set a target on deviation response time, which we measure as the time taken to initiate corrective actions if we have three consecutive months of underperformance against our response time KPI. The ongoing target and baseline value was 20 days which was formally defined in 2024. The average response time was 16 days in 2024, which was within the target value.

To set this target, we utilized a combination of quantitative analysis (e.g., incident data trends, KPI metrics) and qualitative assessment (e.g., internal audits, stakeholder feedback). Cross-functional teams including Quality, Regulatory Affairs, Risk Management, and Product Development are involved in defining, monitoring, and refining our KPIs. Feedback from regulatory bodies and industry partners informs our approach, particularly for adjusting compliance timelines and addressing emerging risks.