Last updated
may 27, 2026
Transparency Act
Statement 2025
This statement is published pursuant to Section 5 (§ 5) of the Norwegian Transparency Act (2021) and covers the Group's entire Norwegian operations, including the wholly owned companies Porterbuddy Norge AS, Porter AS and Instabox Norway AS. This statement was approved by the Boards of Directors of Porterbuddy Norge AS, Porter AS and Instabox Norway AS on 27 May 2026, and covers the period 2025.01.01-2025.12.31.
Our Structure, Operations and Human Rights Management Systems
Instabee Group is a leading last-mile delivery provider, founded in 2022 through the consolidation of Budbee and Instabox, including its subsidiary Porterbuddy. We specialize in both home and parcel locker deliveries, with consumers across Europe and locations in Norway, Sweden, Finland, Denmark, and the Netherlands (Belgium serviced through the Dutch organization).
Within Norway, we operate under the brands of Instabox for parcel locker deliveries and Porterbuddy for home deliveries. Our deliveries are conducted by external courier companies. Our main distribution terminal is in Oslo with locations in Ostfold, Vestfold, Bergen, Stavanger, Trondheim and Kristiansand. We have a small office-based workforce based at our Oslo distribution terminal, whereby the tech team is employed in Porter AS and the rest in Instabox Norway AS.
Instabee Group is committed to assessing the human rights and sustainability implications of all our business decisions. We remain committed to respecting internationally recognized human rights, as set out in the 'International Bill of Human Rights' and in accordance with the 'UN Guiding Principles for Business and Human Rights'. Our business partner relationships are governed by our Code of Conduct for business partners. This includes specific references to respect for human rights and the prohibition of child and forced labor throughout any part of Instabee Group's own operations and business relationships. Furthermore, protections for non-discrimination, working conditions and occupational environment, health and safety are also included. Instabee Group maintains a right to information and audit to ensure compliance with the Code of Conduct and additionally maintains a right to terminate contracts with any business partner for violations of the Code of Conduct.
Instabee Group is committed to conducting human rights due diligence in accordance with the 'Norwegian Transparency Act' and 'OECD Guidelines for Multinational Enterprises'. This year's statement is based on the holistic assessment that was conducted in 2023, as well as interviews and analyses of improvements and changes since last year. We remain committed to continuous improvement across our own operations and throughout our business relationships.
Instabee Group’s Human Rights Due Diligence
In 2023, Instabee Group conducted a human rights saliency assessment for our Norwegian operations to identify our most salient human rights to focus our due diligence efforts. This assessment reviewed risks associated with the core operational areas of our Norwegian operations and took note of the review from the previous year.
Since the nature of our business is fundamentally the same, we have had no reason to adjust the focus areas of our human rights due diligence efforts and have not identified any specific negative human rights impacts. The main focus areas of the work will remain:
Health and safety
Wages and hours
Privacy rights
Forced/Child labor
Additionally, a high-level review of our supply chain was conducted, mainly related to the sourcing of our boxes and cages. There was no or little material purchased in 2025 related to our Norwegian business, only transfers of material from the group. We are continuously working to improve transparency. Where potential risks are identified, we will continue to work to reduce our exposure.
Priority Issues
For each priority issue, our aim is to stop or mitigate any actual or potential negative impact on people. We will regularly review our priority issues to ensure that we are tackling those most likely to severely negatively impact people.
Health and Safety Risk Management
Our delivery operations involve intrinsic risks which may adversely impact our drivers, including risks stemming from operating vehicles and ensuring driver protection and well-being. Throughout the year of 2025, our drivers were all employed by our courier partners. With the courier model, the drivers are employed by an AS contracted by Instabox Norway AS. All courier partners sign our Code of Conduct, meaning we get increased possibilities to audit working conditions, reimbursement levels and health and safety related aspects for the drivers. To ensure compliance we have conducted audits covering a portion of our external courier companies in 2025, and we will further tailor our audit framework to Norwegian market requirements. All couriers passed the audits and the audits resulted in an improved understanding of partner structures as the audits revealed several layers of subcontractors, increasing the complexity and the duration of the process. As a consequence we identified internal follow-up actions such as adding new contractual requirements. Social compliance will remain a focus for 2026.
In 2025, we further improved our internal health and safety management. All members of our Work Environment committee (AMU) in Norway have received training in Health and Safety Environment (HSE). AMU conducted four meetings in 2025, but did not identify any major occupational health risks worth mentioning in the context of this statement. All minor risks were evaluated and steps were taken to further improve safety. In 2025, we also continued a good collaboration with our occupational health service provider to support us in the above mentioned processes, and to take part in the AMU group's work.
Even though the above mentioned measures mainly target our own employees, we apply the same routines and principles when dealing with suppliers that perform work on our premises. When onboarding new colleagues employed by external partners, we give them access to basic training of our tools and processes. This training is continuously being improved.
Further, we conduct monthly employee pulse checks to follow-up on employee well-being related to e.g., satisfaction, stress, and psychological safety. We also perform more in-depth employee surveys quarterly to better understand these factors. All results are followed up on both local and global levels to ensure employees feel heard and that the workplace is improving.
Hours and Wages Risk Management
We expect all courier companies we work with to employ drivers in full compliance with applicable labour laws and regulations, including requirements related to minimum wages, working hours, and rest periods. To support this expectation, we carry out audits of selected courier partners. As part of these audits, a sample of employment contracts and payslips is reviewed to assess compliance with legal requirements and to help identify and address any potential risks related to labour conditions.
In our terminals, we have had a mix of employment forms; own employees and employees of the courier companies also contracted to conduct sorting activities for us. In 2025, approximately 10-20% of hours were from employees of Instabox Norway AS whereas 80-90% were performed by employees of the courier companies. We audit the hours paid to external workers as part of the audits described above. This is an area for further assessment in 2026.
All employees, internal and external, have access to a whistleblowing channel to anonymously report any breaches to the Code of Conduct or any other serious misconduct. This is easily accessible in the driver app that both drivers and terminal staff have.
Privacy and Information Security
Our operations as a delivery provider result in the handling of personal data, as defined under the General Data Protection Regulation (“GDPR”). The two main privacy risks arising from deliveries are: the use of drivers' data when performing routes, and the drivers' access to end-users' personal data. Said risks are relevant for all three Norwegian companies: Porterbuddy Norge AS, Porter AS and Instabox Norway AS.
Following Instabox and Budbee's combination, we launched a new unified driver app (i.e., the digital interface used by the drivers to perform deliveries) in Norway in May 2024. Drivers have access only to addresses and names of the end-users for home deliveries, whereas phone numbers are always hidden in the application. For locker deliveries, drivers only have access to the end-user's name in the application.
For home deliveries, we make sure that drivers only have access to the end-user's personal data for the routes they perform. They receive their routes' summary the same day and can only access the end-user's limited personal data when a route has started. Once a route is completed, they no longer have access to any personal data that may have been included in such a route.
Regarding the use of driver’s data when performing routes, we process delivery-related data via our mobile application to facilitate the fulfillment of orders and provide essential support either to our drivers, end-customers or merchants. Some of this data is shared with our independent courier partners to ensure compliance with service level agreements and operational standards. Throughout 2026, we will work on the implementation of the Platform Directive, as applicable and relevant. We intend to publish a summary of our findings in 2027.
Instabee Group is ISO 27001 certified since 2023 and our commitment to a systematic security approach was validated in May 2025 with a successful ISO/IEC 27001 re-certification audit, confirming our Information Security Management System (ISMS) meets the highest international standards. Maintaining this certification is key to our security governance. We have implemented policies and procedures to effectively manage and protect Instabee Group's information, i.e., to ensure confidentiality, integrity, and availability of our information. Every year we conduct onboarding and yearly refresher training for our employees. To further strengthen our focus on this, we appointed a group-level Chief Information Security Officer (CISO) in 2024.
While cybersecurity shields our infrastructure, our Privacy Program ensures the ethical and legal stewardship of the personal data within it. In 2025, Instabee Group continued to mature this program by systematically refining our processing activities and strengthening its internal governance frameworks.
Instabee Group maintains a dedicated focus on the integrity of personal data through a structured framework of risk assessments, specialized instructions, and the continuous monitoring of both internal processing and third-party vendors. During the past year, we placed a strategic emphasis on the evolution of our Privacy Risk Assessment methodologies. By enhancing both the structural framework and the execution of these assessments, the company ensures that all data processing remains strictly aligned with legal mandates while safeguarding the fundamental interests of data subjects.
To reinforce these standards, the company initiated the development of a modernized data protection curriculum in late 2025. This suite moves beyond generic instruction toward role-specific privacy training, tailored to the unique data risks present in daily workflows, such as those encountered by our customer service teams.
Oversight is maintained by a Group Data Protection Officer who verifies compliance with data protection legislation across all operating markets. To further institutionalize these efforts, privacy is now formally integrated into the company’s newly established Compliance, Privacy & Tech Legal department, ensuring a unified and proactive approach to data governance.
Forced/Child Labor Risk Management
Our operations maintain a certain degree of risk related to forced and child labour, although we have not identified any cases of this. The inability to fully monitor any additional individuals present in an external driver's vehicle or fully ensure that it is the registered external driver who is fulfilling the delivery may lead to other individuals (potentially minors) being used to complete deliveries, resulting in either child labor or forced labour. Furthermore, general forced labor risks within the transport industry may lead to abuses in our value chain. These risks are mainly relevant for Porterbuddy Norge AS and Instabox Norway AS.
However, the transition to a courier based model for drivers where all partner companies have signed our Code of Conduct, gives us better control over our value chain and puts us in a better position to set clear demands. In 2026, we plan to continue our work with audits of couriers to make sure our Code of Conduct is adhered to and achieve better transparency of our value chain.
Next Steps
No specific human rights violations were raised in the prior reporting period. Nevertheless, we remain committed to continuing to improve our policies and procedures as outlined above to continue to actively mitigate potential rights impacts and we want to audit majority of our couriers in 2026. If any adverse human rights issues are identified either in our own operations or across our value chain, we are committed to communicating these impacts, seeking appropriate remedies for affected stakeholders, and updating our policies and procedures to avoid future negative impacts. The country manager (or the closest higher-ranking person) at Instabee Group is primarily responsible for this oversight.
Having conducted a saliency assessment to identify our salient human rights issues during this reporting period, we will work towards enhancing policies and management practices in relation to these risk areas in the year ahead. Creating specific action plans for each of these four issue areas will allow us to better manage these human rights risks across our operations.
Requests for Information
Requests for information regarding this Transparency Act statement or Instabee Group's human rights due diligence policies and practices at large can be made to Erik Enfors, Country Manager Instabee Norway.
Signatories
Porterbuddy Norge AS Date: May 27, 2026
Porter AS Date: May 27, 2026
Instabox Norway AS Date: May 27, 2026