Germany Risk & Compliance Statistics
German Spotlight from State of Risk & Compliance Survey FindingsEffective January 2023, the German Supply Chain Due Diligence Act represented a major step forward in the country’s regulatory expectations for ethics and compliance that helped drive broader changes well beyond its borders. As German organizations evolve to meet these requirements and others, their cultures of compliance also evolve.
This white paper represents a special analysis of select respondent data representing Germany-based organizations from our 2025 State of Risk & Compliance Report survey. We hope this information will help R&C professionals from German organizations to better grasp where they stand compared to their peers, informing ways to improve.
State of Risk & Compliance Report survey methodology
The 2025 research was conducted online by The Harris Poll on behalf of NAVEX among 999 adults age 18+ who are nonacademic professionals (management/ non-management or higher) and knowledgeable about risk and compliance in the United States (n=458), United Kingdom (n=123), France (n=119), Germany (n=107), Japan (n=104) and other countries (n=88). The survey was conducted between April 23 – May 29, 2025.
Raw data are not weighted and are therefore only representative of the individuals who completed the survey.
Respondents for this survey were from a list of NAVEX customers or prospects (n=382) or selected from among those who have agreed to participate in our surveys (n=617). The sampling precision of Harris online polls is measured by using a Bayesian credible interval. For this study, the sample data is accurate to within +/- 3.1 percentage points using a 95% confidence level. This credible interval will be wider among subsets of the surveyed population of interest.
All sample surveys and polls, whether or not they use probability sampling, are subject to other multiple sources of error which are most often not possible to quantify or estimate, including, but not limited to coverage error, error associated with nonresponse, error associated with question wording and response options, and post-survey weighting and adjustments.
Key findings
Germany-based organizations closely track global program maturity
To help determine the state of programs in 2025, NAVEX asked respondents to self-report their risk and compliance (R&C) program maturity based on the Framework for Ethics & Compliance Program Excellence criteria from the Ethics and Compliance Initiative (ECI). This five-point scale begins at the least mature, “Underdeveloped,” and advances in maturity through the stages of “Defining,” “Adapting,” “Managing” and, finally, “Optimizing.” It is worthy of note that there is no “end” to the spectrum – even the most mature programs have room to refine their approach.
Fifty-seven percent of respondents representing organizations based in Germany said their R&C program was either Managing or Optimizing – the two most mature designations on the ECI scale. Twenty percent said it was Defining or Underdeveloped – the two least-mature designations. For Europe as a whole, 60% were said to be in the more mature designations, with 16% in the less mature designations. Globally, 57% of organizations were said to be at a top-two maturity level, and 18% in the lower two.
‘Privacy/cybersecurity breach’ tops compliance issues for German organizations
Consistent with previous polling, data privacy/cybersecurity breaches remain the top compliance issue respondents said their organizations experienced in the past three years. Still, nuances remain that may help readers better understand how they compare to regional peers.
Respondents from Germany-based organizations were more likely (37%) than those in Europe as a whole (30%) or globally (28%) to say their organization had experienced a privacy/cybersecurity breach in the past three years. Other incidents were also indicated to be relatively common for German organizations, including reputational damage due to executive misconduct (28%, compared to 18% for Europe) and substantiated employee litigation against the organization (26%, compared to 18% for Europe).
Like others, most German compliance investigation programs are centralized
Globally, most respondents (67%) said their organizations use a centralized approach in their day-to-day compliance investigations program. This was largely consistent with Germany-based organizations, where 68% of respondents said their organization uses a centralized investigations program. Generally, response rates for the Germany, Europe and globally were very similar.
German boards are less likely to have oversight of risk identification and management
It stands to reason that organizations where boards of directors are engaged in Compliance are more effective and resilient in R&C.
For Germany-based organizations, 17% of respondents knowledgeable about ethics and compliance said their board of directors has oversight of risk identification and management. This compares to 28% in Europe, and 33% globally. Twenty-six percent of respondents representing German organizations said their board has examined compliance data when expressing oversight, compared with 36% for Europe and 38% globally. Sixty percent said their board receives periodic reports on compliance matters, which was largely consistent with Europe and global response rates.
Compliance for German organizations more likely to be ‘very involved’ in guiding use of AI
As artificial intelligence plays an evolving role across different organizations, the role of Compliance in its implementation is also evolving.
For Germany-based organizations, a relatively large share of respondents (38%) said Compliance was “very involved” in decision making regarding the use of AI compared to Europe (31%) and across the globe (33%). Respondents said compliance was “not involved” at a rate of 7% for Germany, compared to 10% for Europe and 11% globally.
Only 37% of German organizations are said to have a hotline
NAVEX survey data continue to show a concerningly low rate of respondents globally indicating that their organization has an internal whistleblower hotline. This is despite the fact that a mechanism for individuals to report misconduct anonymously and/or without fear of retaliation is a core part of any compliance program.
For organizations based in Germany, 37% of respondents knowledgeable about ethics and compliance said the organization had a hotline or whistleblower internal reporting channel. This compares to 45% percent in Europe, and 53% globally.
The lack of indication of a process to detect retaliation is also notable, though it appeared respondents for German organizations were more likely to say such a process was in place. For German organizations, 35% were said to have a process to detect retaliation. For Europe, this was 28%, and globally, 29%.
Conclusion
Cultures of ethics and compliance continue to evolve for Germany-based organizations. The information in this white paper provides additional context to consider how these organizations compare to their peers.
The findings show in some cases that Germany-based organizations have some positive advantages, such as a greater share of respondents that indicated presence of a process to detect retaliation. In other cases, there is room to grow, where far fewer than half of organizations are said to have a whistleblower hotline. As always, we encourage readers to use these findings as an opportunity to discuss their program internally and seek support in ways to improve.
Meet the authors
Carrie Penman
Chief Risk & Compliance Officer
NAVEX
Eric Gneckow
Senior Content Marketing Manager
NAVEX
Isabella Oakes
Data Scientist Specialist
NAVEX
Anders Olson
Senior Manager, Data Science
NAVEX
You may also like:
Benchmark Reports
2025 Risk & Compliance Statistics | State of Risk & Compliance
Risk management and compliance statistics based on surveys from nearly 1,000 professionals globally, expertly curated to help you improve your compliance program benchmarks and risk management practices.
Learn more
Benchmark Reports
Small-to-Medium-Sized Business Risk & Compliance Statistics
Risk management and compliance statistics based on surveys from nearly 1,000 professionals globally, expertly curated to help you improve your compliance program benchmarks and risk management practices.
Learn more
Benchmark Reports
2025 Whistleblowing Statistics & Benchmarking
This NAVEX report shares whistleblowing statistics, key findings and recommendations from an analysis of the world’s largest whistleblowing reporting database.
Learn more
Benchmark Reports
2025 Regional Whistleblowing Statistics & Benchmarks
See the latest regional whistleblowing statistics, trends and recommendations - from 2.15 MM reports, 70 MM people and 4,000 organizations across the globe.
Learn more