Setting the Standard: Lenovo’s Ethical Business Practices and Commitment to Responsible Innovation

Originally published in Lenovo's 2023/24 ESG Report

Lenovo’s Code mandates compliance with applicable laws in markets where it conducts business. Its policies strongly support ethical and responsible business practices, which include areas such as anti-bribery and corruption, data privacy, anti-competitive practices and fair competition, intellectual property and more.

Anti-bribery and corruption

Lenovo has zero tolerance for bribery and corruption. Lenovo complies with the anti-bribery and corruption laws in every jurisdiction where it conducts business. Lenovo’s Global Anti-Bribery and Corruption Policy along with Lenovo’s Global Gift, Entertainment, Corporate Hospitality, and Travel Policy reinforce provisions in the Code and provide additional guidance regarding compliance with global anti-bribery and corruption rules and laws. The policies stress that Lenovo will not directly or indirectly solicit, offer, promise, authorize, provide, or accept anything of value to any person, including government officials, to influence action, inaction, or to secure an improper advantage as defined by applicable laws.

To help employees understand these requirements, training on anti-bribery and corruption is provided. 99.9% of Lenovo’s computer-based employees¹, including senior management and executives, completed the anti-bribery and corruption mandatory eLearning course assigned in FY 2023/24. In addition, 48 facilitator-led sessions focused on anti-bribery and corruption basics and case studies were provided to over 17,000 China-based employees of Lenovo.

Lenovo also provides Code training to new employees, which includes anti-bribery and corruption topics. The Board of Directors and Senior Leadership Team are provided a facilitator-led training session on anti-bribery and corruption. Additionally, in FY 2023/24, Lenovo released an educational video in commemoration of International Anti-Corruption Day, urging all employees to participate in the global fight against corruption. The video garnered viewership from approximately 30,000 employees.

Bribery and corruption risks are also evaluated as part of Lenovo’s Enterprise Risk Management Program risk assessment to ensure Lenovo’s internal controls effectively address and mitigate bribery and corruption risk to the enterprise.

As Lenovo holds all employees to the highest ethical standards and requires compliance with applicable anti-bribery and corruption laws and regulations, it extends this obligation to its business partners. Lenovo’s business partners are expected to adhere to the same standards of integrity that Lenovo demands of itself. All business partners are subject to Lenovo’s Global Anti-Bribery and Corruption Policy, which includes the requirement to conduct anti-bribery and corruption due diligence on any business partner identified as presenting elevated bribery and corruption risks to the organization. Lenovo actively monitors these business partners to address any potential areas of concern or inquiries regarding bribery and corruption.

In FY 2023/24, Lenovo received the verdict for a legal case related to corruption, which was transferred to authorities as a result of Lenovo’s internal investigation into the alleged misconduct. Two former employees were sentenced for accepting kickbacks of RMB1 million and RMB2.7 million, respectively, in exchange for providing improper benefits to various sales channel partners. In addition to being required to forfeit the money received through kickbacks, both individuals were sentenced by authorities. One individual involved received a two-year prison sentence, three-year probation, and a RMB100,000 fine. Another received a three-year prison sentence and a RMB200,000 fine. Lenovo terminated the employment of these individuals and implemented additional internal control measures to prevent similar incidents. The impact of the case on Lenovo’s business was minor.

Anti-competitive practices and fair competition

Lenovo competes for business ethically and lawfully. The Code and Policy on anti-competitive practices and fair competition sets out fundamental principles to serve as guidelines for employees in complying with the competition laws in every jurisdiction where Lenovo operates. In particular, the policies strictly prohibit employees from engaging in anti-competitive practices, including entering into an agreement or discussion that would result in price-fixing, limitations on the availability of goods or services on the market, or agreements to boycott a customer or supplier.

Lenovo continues to communicate requirements of global antitrust and anti-competition laws and regulations to the workforce on a periodic basis. In FY 2023/24, over 10 dedicated training sessions were delivered globally to our employees including executive level management.

Intellectual property

Intellectual property is a valuable asset for Lenovo. Lenovo expects its employees to protect its intellectual property and respect the intellectual property rights of other companies and individuals. Intellectual property rights include patents, copyrights, trademarks, confidential information, and related contract rights.

Lenovo secures its own intellectual property using these and other applicable forms of legal protection. Therefore, Lenovo’s employees must each sign and abide by their agreement with Lenovo regarding confidential information and intellectual property. Lenovo also expects its employees to contribute to Lenovo’s innovation leadership. To this end, Lenovo’s employees should submit their inventions and ideas to Lenovo’s patent review board for prompt review and protection with the support of the Intellectual Property Law Department.

Lenovo respects the intellectual property rights of other companies and individuals, including their proprietary materials, confidential information, software, patents, trademarks, or trade secrets. Employees should work with Lenovo’s counsel in the Legal Department as appropriate to ensure all necessary rights and licenses are obtained before utilizing any non-Lenovo proprietary materials.

Privacy and data protection

Lenovo maintains a Global Privacy and Data Protection Program, which leads the organization’s commitment to responsibly using and protecting customer, consumer, employee, and partner identifiable information. The Lenovo Global Privacy and Data Protection Program develops and maintains policies, processes, training, and other mechanisms and resources to ensure that Lenovo complies with global privacy and related data protection laws and regulations. These policies and Lenovo’s commitments in this area are communicated to all employees via the Lenovo Privacy Basics course which new employees are required to take within 30 days of their employment with Lenovo, and on a recurring basis thereafter. It is the individual and collective responsibility of Lenovo’s employees and contractors to act in accordance with the requirements of Lenovo’s privacy and security policies and standards and to report privacy and security incidents or vulnerabilities in a timely manner. The Lenovo Global Privacy and Data Protection Program, Chief Security Office, Chief Infrastructure Security Office, and Lenovo’s product security teams maintain incident reporting mechanisms and work together to investigate, mitigate, and prevent privacy and security incidents that could impact Lenovo, its customers, users, or employees.

Individuals may learn more about Lenovo’s product and website privacy practices by visiting https://www.lenovo.com/us/en/privacy/. The Lenovo Privacy and Data Protection Program may be reached at privacy@lenovo.com (or privacy@motorola.com).

Lenovo recognizes the great importance of privacy to individuals everywhere – customers, website visitors, product users, employees – everyone. The responsible use and protection of personal and other information under Lenovo’s care is a core company value. To ensure adherence to its privacy policies, principles, and processes, Lenovo maintains a global Privacy and Data Protection Program led by the Legal Department. The Privacy & Data Protection Program reports its progress regularly to Lenovo’s Chief Legal & Corporate Responsibility Officer and Chief Security Officer. In addition, the Privacy & Data Protection Program coordinates a cross-functional Privacy Working Group (PWG) comprised of key partners drawn from Infrastructure Security, Product Security, Product Development, Marketing, E-Commerce, Service and Repair, Human Resources, and other groups. The PWG meets several times per year and discusses Lenovo’s privacy policies, processes, legal developments, industry developments, and more. Key elements of Lenovo’s approach to ensuring meaningful privacy and data protection include:

• Monitoring global privacy and data protection legal developments and regulatory trends, and improving Lenovo’s privacy practices and processes
• Harmonizing global privacy and data protection requirements into an organization-wide set of Lenovo Guiding Privacy Principles that drive how Lenovo handles personal information and certain other types of data, including developing and updating its privacy policies and procedures
• Providing contractual support to ensure that risks associated with supplier and partner agreements include appropriate privacy and security terms; including assistance to the Lenovo Legal Center of Excellence (COE) in its efforts to update contract templates, and improve privacy and security-focused contract addenda
• Providing early input to product and service development teams by incorporating privacy checkpoints into formal product development plans, including privacy impact assessments, and conducting pre-launch privacy compliance reviews of products, software, services, websites, marketing programs, internal systems, and supplier relationships
• Responding to requests from individuals to review, correct, amend and/or delete their personal information
• Coordinating Lenovo’s response to law enforcement and other government requests for applicable personal and user information
• Developing and delivering privacy and data protection-focused training programs and working closely with the Chief Security Office (CSO), Corporate Infrastructure Security Office (CISO), and product security teams to timely identify and respond to privacy and data protection incidents
• Maintaining an internal Privacy Program portal and other resources for employees to provide guidance, documents, contract templates, compliance checklists, and additional privacy and data protection resources for Lenovo
• Requiring all computer-based employees globally to complete Lenovo’s Privacy Basics and Security Essentials courses. 100% of all computer-based employees completed the Security Essentials and Privacy Basics training during FY 2023/24.

Ethical management of responsible Artificial Intelligence

Lenovo embraces Artificial Intelligence (“AI”) across its product lines, from client to edge to cloud and network. Throughout the computing ecosystem, breakthroughs in Large Language Models and AI generated content mark a major leap in AI development and capability and serve as catalysts and accelerators to boost the adoption of AI.

Over the next three years, Lenovo is making large investments in people and resources for AI that will focus on providing AI devices, AI-ready and AI-optimized computing infrastructure, and embedded AI capabilities in intelligent solutions to accelerate productivity and provide new, revolutionary experiences to Lenovo’s customers.

In FY 2023/24, Lenovo announced its vision of “Smarter AI for All” and is focused on unleashing the power of AI to drive intelligent transformation in every aspect of people’s lives and in every industry – providing technology, solutions, and services that empower industries, enterprises, and individuals around the world. With this ability to empower and influence positive change, arises a profound duty to develop, deploy, and use AI responsibly.

Lenovo reinforces its commitment to responsible AI by upholding the following principles and guidelines:

1. Lenovo will not use AI in ways that harm people or put them or their rights at risk.

• Lenovo prohibits AI systems that deploy subliminal or manipulative techniques, exploit a person’s vulnerabilities, classify people based on their social behavior, socio-economic status, or sensitive personal information, and more.
• AI systems that pose a risk to a person’s health, safety, and civil rights will be carefully evaluated and implemented with additional risk mitigation.

2. Lenovo will ensure that its AI is fair, transparent, explainable, and efficient.

• Lenovo encourages responsible stewardship of trustworthy AI systems in pursuit of beneficial outcomes for individuals whose data is processed by an AI system user, society, and the environment.
• Responsible AI pillars will serve as the basis for evaluating AI systems throughout Lenovo, including diversity and inclusion, accountability, reliability, explainability, transparency, environmental, and social impact.

3. Lenovo will ensure that there is proper human oversight throughout the lifecycle of an AI system.

• Lenovo firmly believes in the indispensable role of human oversight in the development and use of AI. It recognizes that AI systems, while powerful and transformative, remain tools to be used in support of human endeavor and must be guided by human judgment and ethical considerations.
• Lenovo establishes mechanisms for human intervention to ensure proper oversight, validity of AI outcomes, detection of potential biases, and human intervention when necessary to detect and rectify biases, errors, or unintended consequences.
• By ensuring proper human oversight, Lenovo strives to instill trust, accountability, and fairness in our AI systems, empowering us to make informed decisions that benefit its customers, users, employees, and society as a whole.

4. Lenovo will protect people’s privacy at all stages of the AI Lifecyle.

• AI systems will collect and retain data from individuals only where there is a legitimate purpose, and then only to the minimum extent needed to fulfill that purpose.
• AI systems will be designed to help users comply with privacy requirements, including providing to subjects the reasonable ability to review, correct, amend, or delete their personal data processed by an AI system.

5. Lenovo’s AI will be developed and used with robust security protections.

• Technical robustness and safety require that AI systems preemptively address risks including, but not limited to, the unpredictability of AI performance and cybersecurity.
• Lenovo will establish standards to be used in the review, development, and operation of AI systems to ensure they are safe and reliable.

6. Lenovo will ensure that its AI respects and protects its own and others’ confidential information and intellectual property.

• Intellectual property concerns arise at all phases of AI development and use, including data selection and acquisition, model training and development, and operations and output.
• Lenovo will own or have permission to use all data it uses to train or operate AI systems and ensure that its AI systems are not given inappropriate information or prompts including:

(1) third-party information in Lenovo’s control not authorized for such use,

(2) Lenovo’s confidential or restricted information, if the AI system is not approved for such use,

(3) personal information of Lenovo employees, customers, or others who have not explicitly consented to such use, or

(4) prompts or directions that would tend to create problematic, biased, or infringing results.

7. Lenovo’s AI will be developed and used in strict compliance with applicable laws and regulations.

• Lenovo is dedicated to the highest standards of legal compliance in all of our worldwide operations and complies with applicable laws and regulations in the jurisdictions where we conduct business.
• As a result of the enactment of China’s regulations concerning AI, Lenovo established a comprehensive compliance committee consisting of various internal stakeholders to ensure Lenovo is following regulatory compliance requirements and industry-leading best practices.
• Globally, Lenovo continues to monitor the AI regulatory environment and is unwavering in its commitment to developing, deploying, and utilizing AI in accordance with regulatory standards and industry-leading best practices.

In addition to these principles, Lenovo is further solidifying its dedication to responsible AI by expanding its external presence through partnerships with esteemed organizations dedicated to promoting responsible AI practices. Lenovo is one of just eight technology companies to sign the United Nations Educational, Scientific and Cultural Organization (UNESCO)’s Recommendation on the Ethics of Artificial Intelligence, and since 2021, Lenovo has been a signatory of the Cercle InterL Women & AI Charter for accountable and gender-fair AI systems.

Lenovo recognizes that the realization of its vision of “Smarter AI for All” hinges upon its steadfast adherence to principles that guarantee the responsible, ethical, and safe development, deployment, and utilization of AI. The principles outlined above not only underpin Lenovo’s vision, but also form the cornerstone of Lenovo’s mission to provide “Smarter Technology for All.”

Reporting Ethical Concerns

Lenovo is committed to fostering a speak up culture, where employees, contractors, and business partners are empowered to speak up on anything that appears unethical, illegal, or suspicious. Lenovo has established clear processes and various reporting channels to raise questions or report concerns.

Employees are encouraged to raise concerns to their managers, Human Resources, the ECO, Internal Audit, or the Legal Department about any potential issues including, but not limited to, those known about or suspected:

• Fraud by or against Lenovo
• Bribery or corruption
• Unethical business conduct
• Violation of legal or regulatory requirements
• Substantial and specific danger to health and safety
• Violation of Lenovo’s corporate policies and guidelines, particularly the Code of Conduct

Lenovo also provides formal, confidential ways to report concerns, ask questions, or request guidance in person, by email, or through the LenovoLine, a confidential reporting system that is accessible 24 hours a day, seven days a week by the secure website, mobile app or by telephone. Where allowed by law, employees may report concerns about business practices anonymously.

Lenovo takes all allegations and concerns seriously. Lenovo maintains a Whistleblowing and Investigations Policy outlining the process by which concerns can be raised, are reviewed and are investigated. Lenovo also has an oversight body, the Investigation Oversight Committee (IOC), to ensure concerns raised are appropriately investigated and addressed.

Lenovo actively issues training and periodic communications to provide employees with information on Lenovo’s internal investigations process and to encourage them to speak up without the fear of retaliation. Lenovo prohibits retaliation for reports made in good faith. 99.9% of all computer-based employees, including senior management and executives, completed Lenovo’s Whistleblowing and Investigations Policy mandatory eLearning course assigned in FY 2023/24. Additional communications include detailed information about the LenovoLine, quarterly notifications from the IOC with summaries of notable investigations with no identifying details, computer screen lock messaging, posters, and more.

Results from the 2023 Lenovo Listens survey found that 93% of all employees feel comfortable raising concerns about compliance or ethics with management.

In FY 2023/24, Lenovo transitioned to a new whistleblowing and hotline provider to enhance the experience for reporters raising concerns. New features of the reporting platform include the ability to raise concerns via mobile app (iOS or Android), instant translation into the reporter’s local language while communicating with investigators, and the ability to easily communicate with Lenovo’s investigators through a chat box feature, which allows anonymous reporters to communicate without compromising their anonymity.

With these enhancements and Lenovo’s continuous communications campaign, Lenovo has seen an increase in the number of concerns raised year over year. 44% of reporters disclosed that they learned about LenovoLine from Lenovo’s internal communications campaign. To evaluate this impact, Lenovo monitors the number of cases received. In FY 2023/24, Lenovo received 361 cases involving ethics and compliance concerns compared to 251 cases in FY 2022/232. 57% of the reporters identified themselves and 70% of the cases have been closed and addressed accordingly.

Read more

¹ Lenovo’s “computer-based employees” are employees who have access to the Grow@Lenovo eLearning system through their Company-provided assets.