Supplier Code of Conduct

Version 1.0

Effective Date: March 11, 2026

Purpose

Hermeus is building the future of hypersonic flight with speed, integrity, and national-security focus. Hermeus expects the highest standards of integrity, compliance, and performance throughout its supply chain. This Supplier Code of Conduct establishes minimum requirements for all suppliers. Compliance with this Code is a condition of doing business with Hermeus. 

Business Integrity 

  • Suppliers must conduct business ethically and in compliance with applicable anti-corruption, anti-bribery, and anti-kickback laws. 

  • Suppliers must maintain accurate books and records, avoid conflicts of interest, and protect confidential and proprietary information. 

Legal & Regulatory Compliance 

  • Suppliers must comply with all applicable laws and regulations, including U.S. export control laws (International Trafficking in Arms Regulations (ITAR) andExport Administration Regulation (EAR), U.S. sanctions regulations, and applicable FAR and DFARS requirements. 

  • Suppliers must ensure required contractual flow-downs are implemented within their supply chain. 

Human Rights & Labor 

  • Suppliers must prohibit forced labor, human trafficking, and child labor. 

  • Suppliers must provide lawful wages and benefits, maintain reasonable working hours, and ensure a workplace free from discrimination, harassment, and retaliation. 

β€―Health, Safety & Environmental Responsibility 

  • Suppliers must maintain a safe and healthy workplace consistent with applicable Occupational Safety and Health Administration (OSHA) and safety regulations.

  • Suppliers must comply with environmental laws and responsibly manage hazardous materials, emissions, and waste. 

Quality & Product Integrity 

  • Suppliers must maintain a quality management system appropriate to the scope of work (AS9100 or ISO 9001 preferred). 

  • Suppliers must ensure product conformity, traceability, and certification as required. Suppliers must promptly disclose nonconformances, escapes, counterfeit parts risks, and any material changes affecting form, fit, function, safety, or compliance. 

Cybersecurity & Information Protection 

  • Suppliers handling Controlled Unclassified Information (CUI) must comply with NIST SP 800-171 and applicable DFARS cybersecurity requirements.

  • Suppliers must report cyber incidents affecting Hermeus data or covered defense information within required regulatory timeframes, including DFARS 252.204-7012 where applicable. 

Responsible Sourcing 

  • Suppliers must comply with applicable conflict minerals, country-of-origin, and supply chain transparency requirements, including DFARS specialty metals restrictions where applicable. 

Sub-Tier Oversight 

  • Suppliers are responsible for ensuring that applicable requirements of this Code and all contractual obligations are flowed down to sub-tier suppliers and subcontractors. 

Compliance & Audit 

  • Hermeus reserves the right to assess supplier compliance, including review of relevant documentation and facilities.

  • Suppliers must cooperate in investigations and corrective actions. Failure to comply may result in suspension or termination of contracts or other business. 

This Code is incorporated by reference into all purchase orders and contracts with Hermeus.