Zhipu recently released its 2025 annual ESG report, marking the first time the company has disclosed its management framework and practical achievements in the environmental, social and governance domains in a relatively systematic way.

The report has been prepared in accordance with the Hong Kong Stock Exchange’s ESG Reporting Guide. In terms of structure, the report already features a fairly complete ESG framework. As a leading player in China’s general-purpose large model sector, Zhipu conducted an ESG materiality assessment in 2025 that took into account industry characteristics and the company’s development strategy, identifying 22 material topics covering privacy protection and data security, product and service quality, technology ethics and AI safety, technological innovation, risk management and more. Overall, the report demonstrates a good starting point in framework completeness and topic coverage, although there remains considerable room for improvement in data depth, target-setting and risk disclosure.

In the governance dimension, the report discloses that the company has established an ESG and Strategy Committee under the board of directors, plans to set up an ESG working group led by this committee, and intends to engage a professional external ESG advisor. Independent directors make up one-third of the board, which complies with requirements of the Securities and Futures Commission of Hong Kong, the Stock Exchange and relevant regulations. A “three lines of defence” risk management model has been put in place. During the reporting period, no litigation incidents involving commercial bribery or corruption were brought against the company.

On the environmental front, Zhipu has begun to build a sound climate-related risk and opportunity governance framework by referencing the Hong Kong Stock Exchange’s climate disclosure requirements, the ISSB (IFRS S1 and IFRS S2) and the TCFD framework. It plans progressively to integrate climate change risks into its enterprise-wide risk management system, but the actual depth of disclosure remains quite limited. As a large model company, Zhipu’s most central environmental issue is the high energy consumption involved in AI training and inference. While the report mentions green operations, climate change response and energy-saving management, and discloses Scope 2 greenhouse gas emissions data, water consumption, electricity consumption and their intensities, it does not disclose critical data such as data centre energy consumption, model training carbon emissions or power usage effectiveness (PUE), nor does it set out any clear emission reduction targets or a timeline roadmap.

The report candidly states that the company was listed in early 2026 and that, given the stage of its sustainable development journey and its existing resources and capabilities, it has yet to set targets for carbon emissions, energy consumption, water consumption and the like, and will progressively refine its climate-related disclosures going forward. While this acknowledgement is honest, it also means that the company remains at the “data-mapping” stage of environmental management, rather than being “target-driven”.

The social dimension is the longest and most narratively rich section of Zhipu’s ESG report, yet it is markedly characterised by more emphasis on “establishing systems” than on “validating outcomes”.

In technology ethics, Zhipu has put in place a technology ethics governance system, established a Technology Ethics (Review) Committee, and formulated management policies covering the entire algorithm lifecycle, including the Technology Ethics Review Policy, the Algorithm Safety Monitoring Policy and the Algorithm Safety Self-Assessment Policy. The company has also obtained ISO/IEC 42001:2023 certification for its artificial intelligence management system.

On information security, the report discloses that no information or data leakage incidents, nor any cybersecurity incidents, occurred in 2025. It obtained several authoritative information security certifications, including ISO/IEC 27001:2013 certification for its information security management system, a one-star rating under the Personal Information Protection Impact Assessment, DCMM (Data Management Capability Maturity Model) Level 2 certification, and ISO/IEC 27701:2019 certification for its privacy information management system. Notably, the report stresses the company’s commitment to “adhering to the principle of minimum necessity and strictly controlling the scope of data collection”. However, Zhipu Qingyan (version 2.9.6) was named by the National Network and Information Security Information Notification Centre in May 2025 for violations, on the grounds that “the personal information actually collected exceeded the scope authorised by users.”

On supply chain management, the report provides relatively detailed figures: 1,898 suppliers in total, a 30% signing rate for supplier integrity agreements, 60% of suppliers hold quality management system certifications, 36% hold environmental management system certifications, and 19% hold occupational health and safety management system certifications. These data points offer a basis for outsiders to assess the ESG risks in Zhipu’s supply chain. However, the low signing rate for integrity agreements and the fact that fewer than 40% of suppliers carry environmental certifications also indicate that Zhipu is still at a nascent stage in supply chain responsibility management.

Taken as a whole, for a debut ESG report, Zhipu shows a promising start in framework completeness, breadth of topic coverage, and technology ethics governance. That said, the report leans heavily towards “positive storytelling”, with a preponderance of qualitative descriptions and relatively limited quantitative indicators. It lacks deeper quantified data, more candid risk disclosures, longer-term strategic targets, and AI metrics that would allow more meaningful industry comparison.

Author：Qinger