Terms and policies

Learn more about Chainguard policies and our legal documents.

CHAINGUARD VENDOR CODE OF CONDUCT

Effective Date: March 3, 2026

Introduction

Chainguard, Inc. and its affiliates (collectively “Chainguard”) are committed to conducting business ethically and responsibly across all our global operations. This Vendor Code of Conduct (the "Code") outlines the minimum standards we expect from all vendors, suppliers, contractors, and service providers ("Vendors") who do business with us.

This Code applies to all Vendors regardless of location. By providing goods or services to Chainguard, Vendors agree to comply with this Code and to ensure that their subcontractors and suppliers do the same.

1. Legal and Regulatory Compliance

Vendors must comply with all applicable laws, regulations, and standards in the jurisdictions where they operate, including laws related to labor, health and safety, the environment, data protection, trade controls, and anti-corruption.

Where local law and this Code address the same issue, the more stringent requirement applies.

2. Business Ethics and Integrity

Anti-Corruption and Bribery. Vendors must not engage in any form of bribery, corruption, kickbacks, or improper payments in violation of any applicable anti-corruption laws, including the U.S. Foreign Corrupt Practices Act, the UK Bribery Act 2010, and equivalent laws in other jurisdictions.

Conflicts of Interest. Vendors must avoid situations that create or appear to create conflicts of interest in their dealings with Chainguard. Vendors must promptly disclose any actual or potential conflicts to Chainguard.

Fair Dealing. Vendors must comply with all applicable antitrust and competition laws and must not engage in unfair business practices.

Accurate Records. Vendors must maintain accurate books and records that reflect their business activities and must not engage in fraudulent, deceptive, or misleading accounting practices.

3. Labor Standards and Human Rights

Freely Chosen Employment. Vendors must not use forced, bonded, indentured, or involuntary labor of any kind. All work must be voluntary, and workers must be free to terminate employment with reasonable notice and in accordance with applicable labor laws. Vendors must comply with applicable modern slavery and human trafficking laws, including the UK Modern Slavery Act 2015, the Australian Modern Slavery Act 2018, and Canada's Fighting Against Forced Labour and Child Labour in Supply Chains Act.

No Child Labor. Vendors must not employ anyone under the age of 15, the minimum legal age for employment, or the age for completing compulsory education, whichever is greatest.

Fair Compensation and Working Hours. Vendors must comply with all applicable laws regarding wages, benefits, and working hours, including minimum wage, overtime, and legally mandated benefits. Workers must not be required to work excessive hours.

Non-Discrimination. Vendors must provide equal employment opportunities and must not discriminate based on race, color, national origin, religion, sex, gender identity, sexual orientation, age, disability, marital status, or any other protected characteristic under applicable law.

Freedom of Association. Vendors must respect workers' rights to associate freely and bargain collectively in accordance with applicable law.

Respectful Treatment. Vendors must treat all workers with dignity and respect. Harassment, abuse, corporal punishment, and intimidation are prohibited.

Diversity, Equity and Inclusion: Chainguard values diversity, equity, and inclusion and expects Vendors to foster inclusive workplaces free from discrimination, harassment, and retaliation. Vendors are encouraged to implement policies and practices that promote equitable treatment, inclusive leadership, and equal access to opportunity. Where feasible and appropriate to the size and nature of their business, Vendors are encouraged to support diverse-owned businesses within their supply chains and promote diversity within their workforce and leadership.

4. Health and Safety

Vendors must provide a safe and healthy work environment that complies with all applicable health and safety laws. Vendors should take proactive measures to prevent workplace hazards, provide appropriate training, and maintain emergency preparedness procedures.

5. Data Protection and Security

Vendors must comply with all applicable data privacy and protection laws, including GDPR, CCPA, and other relevant data protection regulations. Vendors with access to Chainguard data, systems, or information must:

  • Implement appropriate technical and organizational security measures to protect Chainguard data and information.

  • Use Chainguard data and  information only as authorized and for its intended purpose.

  • Maintain confidentiality of proprietary and sensitive information.

  • Promptly notify Chainguard of any data security incidents.

  • Comply with all applicable AI regulations, including the EU AI Act and equivalent laws in other jurisdictions, to ensure transparency and the appropriate safeguarding of Chainguard data and information. 

  • Prohibit the use of Chainguard data and information for training, retraining, or improving AI models without prior express written consent from Chainguard.

6. Risk Management

Vendors must maintain risk management and business continuity processes appropriate to the nature, size, and risk profile of their operations. Vendors are expected to identify, assess, and mitigate operational, cybersecurity, supply chain, and other material risks that could affect their ability to provide goods or services to Chainguard. Vendors should maintain reasonable business continuity and disaster recovery plans and periodically test such plans where appropriate.

7. Intellectual Property, Confidentiality, and Publicity

Vendors must respect Chainguard's intellectual property rights and maintain the confidentiality of all proprietary information. Vendors must not disclose or use confidential information except as necessary to perform services for Chainguard or as expressly authorized.

Vendors may not use Chainguard's name, logo, trademarks, or other branding in any marketing, press releases, customer references, or public communications without prior written consent from Chainguard in each instance. Where a separate written agreement grants specific usage rights, those terms govern.

8. Environmental Responsibility

Vendors must comply with all applicable environmental laws and regulations, including requirements for waste management, emissions, and hazardous materials. Vendors are encouraged to adopt practices that minimize environmental impact and promote sustainability.

9. Sanctions & Trade Compliance

Vendors must comply with all applicable sanctions (targeted or comprehensive), import, export, and trade compliance laws, including export controls and anti-boycott regulations of Canada, the European Union, the United Kingdom, the United States of America, and any other country with jurisdiction over activities undertaken in connection with their engagement with Chainguard. Vendors must not be incorporated, headquartered, or have personnel ordinarily resident of any territory that is or becomes subject to U.S. or Canadian sanctions.

10. Supply Chain Responsibility

Vendors are responsible for ensuring that their own suppliers and subcontractors also adhere to the standards set forth in this Code.

11. Reporting Concerns

Vendors should report any known or suspected violations of this Code or applicable law to Legal@chainguard.dev. Chainguard prohibits retaliation against anyone who reports a concern in good faith.

12. Compliance and Enforcement

Vendors are expected to self-monitor compliance with this Code and provide evidence of compliance upon reasonable request. Chainguard may verify compliance through questionnaires, audits, or other reasonable means. Failure to comply with this Code may result in termination of the business relationship. Vendors must cooperate fully and in good faith with any Chainguard investigation relating to potential violations of this Code or applicable law, including by providing timely access to relevant information and personnel, subject to applicable legal restrictions.

13. Updates

Chainguard reserves the right to update this Code as needed.