Two people shaking hands, symbolizing business collaboration and trust
* This image was generated by AI.
LG's brand slogan 'Life's Good' and the LG logo displayed on the LG Hope Screen in a city center
LG code of ethics serves as the standard for proper conduct and value judgments that all employees must adhere to. Established in 1994, it consists of the preamble of the 'Code of Ethics'—a declarative ethical charter—and the 'Code of Ethics Implementation Guidelines' containing specific principles of conduct. To date, it has undergone seven revisions to continuously strengthen related regulations and subordinate implementation guidelines. It is distributed and shared with over 120 local subsidiaries to ensure all employees are fully informed.
We operate an anonymous reporting system that allows employees to report any violations of Jeong-Do Management, thereby enhancing transparency and accountability in business operations. All submissions are strictly confidential in accordance with the Internal whistleblower protection policy. Reports involving misconduct or corruption are thoroughly investigated, and when verified, appropriate disciplinary measures are taken based on the severity of the case.
Auunal status of violation reports. An infographic detailing violation reports data. Annual status: 225 cases in 2022, 169 in 2023, and 239 in 2024. Types of reported violations. A breakdown of the 239 cases in 2024 includes: Customer Complaints (146), Discrimination or Harassment (49), Corruption or Bribery (25), Conflicts of Interest (12), Money Laundering or Insider trading (6), and Customer Privacy Data (1).
• Two-track process: Establish a process enabling joint management by operational departments (accounts receivable, expenses, promotional costs, etc.) and diagnostic departments.
• Pre-emptive inspection processes and system operations: Strengthening preventive activities, establishing pre-emptive inspection processes and systems for vulnerable areas in overseas subsidiaries and developing the scenarios (21 cases) and systems for anomaly detection.
Horizontal bar chart titled “Status of self-diagnostic actions in 2024.” Minor discipline accounts for 54% (114 cases), severe discipline 41% (86 cases), and disciplinary dismissal or recommended resignation 5% (11 cases), totaling 211 cases (100%).
A man in a suit examining documents on a desk with a magnifying glass
* This image was generated by AI.
LG Electronics (LGE) has established 'LGE Compliance Policy' by a resolution of the Board of Directors in accordance with Article 40 of the enforcement decree of 'The Commercial Act of the Republic of Korea' and function as the basic principles of compliance management and the criteria for internal control, applicable to all executives and employees. Through this, LGE establishes the foundation for fair and transparent business execution and strengthens compliance awareness across the organization. Furthermore, LGE has acquired ISO 37301 certification and undergoes regular surveillance audits to verify that the system’s design, implementation, and operation are being properly executed. This objectively demonstrates the reliability and effectiveness of the company-wide compliance framework.
LG Electronics operates a program to effectively and systematically manage compliance risks. This program is structured across all stages, from proactive identification of legal and regulatory changes to training, monitoring, reporting, and follow-up management, and also addressing both risk prevention and measures to prevent recurrence. Additionally, regular reports on risk assessment results are submitted to top decision-making bodies, including the Board of Directors and the ESG Committee, thereby strengthening the company-wide management system.
An annual compliance self-assessment survey is conducted, covering a wide range of risk areas based on the Code of Conduct and internal policies, including bribery, collusion, discrimination, internal transactions, and false advertising. In 2024, 45,494 employees worldwide, representing 94.1% of the global workforce, participated in the survey. The results are utilized for various organizational management activities, such as analyzing risk awareness by department, improving training programs, and identifying key areas for focused inspections.
Five-step compliance management process diagram. Step 1 Identification/Assessment: Research on legal and regulatory trends, Monitoring of major violations and enforcement trends, Detection of new risks and management of the risk pool, and Evaluation of risk management maturity Step 2 Improvement: Online/offline compliance training, Improvement of business policies and processes, Provision of compliance advice and consulting, and Response to stakeholder requirements Step 3 Monitoring: Investigation of compliance and diagnosis, Monitoring risk prevention activities, Operation of key compliance performance indicators, and Employee self-assessments Step 4 Reporting: Board of Directors and ESG Committee, Compliance Committee, and Public disclosures Step 5 Follow-up management: Training to prevent recurrence and Monitoring recurrence prevention through compliance indicator management
LG Electronics has established the enhancement of employees’ risk sensitivity and the promotion of a culture of voluntary compliance as strategic priorities, and operates an integrated company-wide system for training and inspections. Provide customized ethics and compliance training tailored to job functions and positions at least once a year, enhancing voluntary dedication to compliance through the submission of a pledge of commitment after completing the training (online/offline).
- Target: All domestic and overseas employees
- Training content: Focuses on practical, job-related topics such as the Code of Ethics, Code of Conduct, anti-corruption, fair trade, sexual harassment prevention, and personal information protection.
- Training programs: Training on new team leader, overseas expatriate leadership training, new entrepreneur training, dispatch manager onboarding training, etc.
* Separately conduct role-specific training focused on fair trade risks for relevant personnel.
LG Electronics conducts all transactions based on the principle of free competition and ensuring equal opportunities for participation. Through transparent and fair dealings, it builds mutual trust and cooperative relationships, pursuing shared long-term development.
LG Electronics manages key risks in fair trade, including unfair trade practices, advertising and labeling, subcontracting, and collusion. Under its compliance program (CP), the company regularly conducts preemptive checks, training, and improvement activities. It also operates a management system to establish fair trading practices with partners. Through these efforts, LG Electronics proactively prevents legal risks, builds solid trust relationships with customers and partners, and strengthens its fair trade culture.
Four-step fair trade risk management process. Step 1 Risk selection: Unfair trade practices and misleading advertising, Unfair subcontracting practices, and Collusive behavior Step 2 Risk assessment: Detection of fair trade violations, Identification of key risk factors, and Assessment of violations by area Step 3 Risk management planning: Compilation of risk assessment results, Selection of key risks, and Development of risk management plans Step 4 Implementation of improvements: Causal analysis of violations, Derivation of improvement plans and prioritization, and Implementation and monitoring of improvement activities
A man in a suit and glasses standing with his arms crossed next to a glowing digital shield graphic
* This image was generated by AI.
• It handles practical security operations, including response to security incidents, compliance with global regulations, regular security inspections, and the establishment of internal management plans for personal data protection.
• The working-level organization strengthens rapid response to security risks and inter-organizational cooperation by discussing major policies and issues related to information and personal data protection through the working council for information security. When necessary, these matters are submitted to the information security committee for linkage with company-wide decision-making.
• Dedicated information security personnel consist of experts holding professional certifications such as CISSP, CISA, CPPG, ISO 27001, and ISMS-P Auditor.
• The company supports continuous capability enhancement by including information security competency development items in the personal KPIs (Key Performance Indicators) of employees.
Information security governance structure diagram. Enterprise management meeting and Board of Directors (organized by the Board Office, held semiannually); Enterprise Information Security Committee (organized by the CRO(Coordinator: Information Security Manager), held semiannually with key executives); and Enterprise Practical Affairs Council of Information Security (organized by the Information Security Division, held quarterly or as needed ad hoc with managers/leader from R&D, IT, Legal and other key departments), connected through a reporting structure.
An infographic detailing the four key areas of the Information Security Management System: Touchpoints channels, Assets to be protected, Management approach, and Areas of protection. Touchpoints channels: Includes Products/Devices, Apps/Web/Services, and Business systems, managed across Sales, Marketing, Customer Service, and System Operations. Assets to be protected: Covers Product, Manufacturing process, Personal information, and Trade secrets, involved in Planning, Development, Production, and Data protection/Management. Management approach: Based on Administrative security, it interconnects Technical security, Physical security, and Privacy protection compliance. Areas of protection: Covers Business sites, Overseas subsidiaries (Production/Sales/R&D), Service centers, Retail stores, Subsidiaries, and Suppliers.
| ① Administrative security | ② Technical security | ③ Physical security | ④ Privacy protection compliance |
|---|---|---|---|
| Info security system operation | Defense against hacking & malware | Physical security system operation | Privacy management system operation |
| Asset identification & management | Data leak prevention | Equipment checks & anomaly response | Personal data mapping & control |
| Incident response setup | Security policies & solutions | Security zones & access control | Risk impact assessment & safeguards |
| Employee training & awareness | Risk assessment & remediation | CCTV & critical facility management | Data subject rights & regulatory response |
• A data protection impact assessment (DPIA) is conducted when a major feature is changed or a new service is established, with the planning stage of services (such as products, systems, and apps) that process personal data being subject to inspection.
• The purpose of this assessment is to prevent risks by proactively identifying vulnerabilities in the personal data processing process before launch and applying appropriate protective measures based on these findings.
• The DPIA is performed using a checklist, which involves analyzing data items and flow across the entire processing lifecycle of personal data—including collection, storage, use, provision, transfer, cross-border transfer, and destruction—and inspecting the level of technical and managerial safeguards.
• The assessment is managed to ensure objectivity through a third-party audit (DPIAC) conducted by an external vendor.
An infographic detailing LG Electronics' product security management system and compliance with global security regulations. The top section lists four key areas: Policy: LG Electronics product security standard, LG Electronics product security guideline, LG Electronics product security evaluation, and Supplier security management policy Organization: Product software security teams (Company/Division), Regulatory, legal, and procurement teams, Product development teams, and Quality assurance teams Education: Security awareness training, Secure coding training, Cybersecurity engineering training, and Product security technique training Security incident response: Product security incident response process (LG PSRT), Product security event classification criteria, Security updates, Bug bounty program (LG Bug Bounty) The bottom section specifies Global security regulations compliance: United States: IoT Cyber Trust Mark, NIST Cybersecurity Framework, NIST IR 8425. Europe: EU Cyber Resilience Act, EU RED Delegated Act, UK PSTI Act and Regulations, ETSI EN 303 645. For automotive electronic products: UNECE UNR. 155 CSMS, ISO/SAE 21434.
1) US Cyber Trust Mark program: An IoT labeling program expected to be implemented by the U.S. government in 2025.
2) NIST Cybersecurity Framework: A cybersecurity improvement framework developed by the U.S. national institute of standards and technology (NIST).
3) NIST IR 8425: A cybersecurity standard for IoT products established by NIST.
4) EU Cyber Resilience Act: A regulation, expected to take effect in 2026, that imposes baseline cybersecurity requirements on all products with digital elements within the EU.
5) EU RED Delegated Act: A mandatory security regulation, effective from August 2025 in the EU, requiring protection of networks, privacy, and monetary transactions for wireless devices.
6) UK PSTI Act and Regulations: A product cybersecurity regulation applicable to network devices, in effect in the UK since April 2024.
7) ETSI EN 303 645: A security requirement standard for IoT products developed by the European Telecommunications Standards Institute (ETSI).
8) UNECE UNR. 155 CSMS: A regulation mandating cybersecurity engineering activities for manufacturers and suppliers, enforced in UNECE member countries.
9) ISO/SAE 21434: A vehicle cybersecurity engineering standard jointly developed by international organization for standardization (ISO) and society of automotive engineers (SAE).
• LG Electronics applies the 'LG Secure Development Lifecycle (LG-SDL)' to systematically manage security risks throughout the entire product development cycle.
• LG-SDL is a process that embeds product security from the initial design stage. It executes core security activities at each phase, including defining security requirements, threat modeling, code review, vulnerability remediation, and security testing.
• Specifically, for products involving sensitive functionalities such as cloud connectivity, IoT capabilities, biometrics, microphones, and cameras, the company strengthens protection measures based on threat scenarios tailored to each technology.
A circular infographic detailing 'LG-SDL' (Secure Development Lifecycle) process. It defines seven stages of security activities throughout the product development lifecycle: Preparation: Security training. Requirements: Security requirements analysis. Design: Security design review. Implementation: Secure coding and system hardening. Testing: Open-source vulnerability analysis, static analysis, functional security testing, fuzz testing, and penetration testing. Release: Final product security assessment based on LG Shield compliance. Response: Security incident response and security maintenance.
Two workers wearing hard hats and safety glasses pointing at and inspecting industrial equipment
* This image was generated by AI.
LG Electronics has established and operates a quality management system (QMS) based on ISO 9001, providing consistent quality to its customers. Through regular audits by third-party organizations, the company maintains a globally recognized quality management system. Building on its company-wide quality management system, LG Electronics standardizes quality processes across global manufacturing subsidiaries and major business sites, while also enhancing connectivity and operational efficiency. In addition, the company operates a strategic framework that enables proactive risk prevention and prompt response throughout the entire product lifecycle from development to after-sales service, continuously enhancing quality competitiveness and strengthening customer trust.
To assess the effectiveness of the quality management system and identify opportunities for continuous improvement, LG Electronics conducts regular internal audits. These audits evaluate the conformity to quality standards, process efficiency, and execution fidelity across global production subsidiaries and business divisions. Audit results are reported to senior management, and any identified issues or areas for improvement lead to immediate corrective actions and system enhancements, thereby continuously advancing overall quality levels.
LG Electronics operates its quality management system in accordance with the international quality standard ISO 9001, striving to improve the quality of its products and services. The company also ensures objectivity and credibility of its system through regular audits conducted by reputable external certification bodies, thereby demonstrating its capabilities in global quality management.
LG Electronics provides systematic quality training to all relevant employees across the entire product lifecycle, including design, procurement, manufacturing, and service. The training focuses on reinforcing a clear understanding of quality policies, standardized processes, quality management tools, and individual roles and responsibilities. Through this training, employees recognize the importance of adhering to high-quality standards, enabling LG Electronics to embed a culture of quality awareness and strengthen its overall quality competitiveness.
An infographic explaining LG Electronics' Quality management process, starting from customer requirements and leading to customer satisfaction. 'Customer requirements' on the left side leads into the central quality management cycle. The central system features a clockwise cycle of four key elements: Internal audit, Continuous improvement, Quality training, and Management responsibility, connected by red arrows. The process ultimately results in 'Customer satisfaction' highlighted in a large red circle on the right.
