Responsible business
Being a responsible business means getting ahead of disease together in the right way.
We consider environmental, social and governance (ESG) impacts across everything we do, from the lab to the patient.
Our six priority areas to build trust
Responsible business is embedded in our strategy and supports our sustainable performance and long-term growth. It helps us build trust with and deliver returns to our stakeholders, reduce risk to our operations and deliver positive social impact.
We have six priority areas to build trust addressing what is most material to our business and the issues that matter the most to our stakeholders.
Our Responsible Business Performance Rating
Our Responsible Business Performance Rating measures the progress we are making on delivering against our Trust priority. The rating is one of our corporate KPIs and tracks progress against key metrics aligned to each of our six focus areas. In 2024, this included 22 metrics, which are summarised in our Responsible Business Performance Report.
The GSK Leadership Team (GLT) is accountable for delivering progress against the metrics and regularly reviews performance along with the Board’s Corporate Responsibility Committee (CRC). Each individual metric is assessed as either: on track (metric met or exceeded); on track with work to do (at least 80% of metric has been achieved); or off track (metric missed by more than 20%).
In addition, in order to calculate the overall Responsible Business Performance rating, performance across all metrics is aggregated to a single score to illustrate whether we are on track, on track with work to do, or off track.
In 2024, 91% of our Responsible Business Performance Rating metrics were met or exceeded.

Responsible Business Performance Report 2024
External ratings
We have maintained our acknowledged leadership in responsible business, and this continues to be a key driver in our goal to deliver health impact and shareholder returns. Detailed below is how we perform in key ESG ratings that we are frequently asked about by investors.
External benchmarking | Current rating |
Previous rating |
Comments |
---|---|---|---|
S&P Global's Corporate Sustainability Assessment | 78 | 80 | Current score updated September 2024 |
Access to Medicines Index | 3.72 | 4.06 | Second in the Index, updated bi-annually, current results from November 2024 |
Antimicrobial Resistance Benchmark | 84% | 86% | Led the benchmark since its inception in 2018; Current ranking updated November 2021 |
CDP Climate change | A | A- | Updated annually, current score updated February 2025 |
CDP Water security | A | A- | Updated annually, current score updated February 2025 |
CDP Forests (palm oil) | B | B | Updated annually, current score updated February 2025 |
CDP Forests (timber) | B | B | Updated annually, current score updated February 2025 |
CDP Supplier engagement rating | Leader | Leader | Current score updated March 2023 |
Sustainalytics | 15.0 | 15.4 | 1st percentile in pharma subindustry group; lower score represents lower risk. Current score as at December 2024 |
MSCI | AA | AA | Last rating action date: September 2023 |
Moody's ESG solutions | 62 | 61 | Current score updated August 2023 |
ISS Corporate Rating | B+ | B+ | Current score updated October 2024 |
FTSE4Good | Member | Member | Member since 2004, latest review in June 2024 |
ShareAction’s Workforce Disclosure Initiative | 79% | 77% | Current score updated January 2024 |
Updated April 2025

Governance
We are committed to operating at the highest standards of corporate governance. We believe our governance structure underpins our ability to deliver the Group's strategy to create long-term value and benefit for our shareholders and stakeholders.
Further information on how GSK is governed, including details on our Board and Management Committees, global compliance function and our codes and standards can be found in our company governance section.
Risk management
Our risk management and internal control framework
Our risk management and internal control framework is well embedded and provides the ability for the Board to evaluate and oversee how the company manages principal and emerging risks in line with our strategy and long-term priorities. This framework is aligned to industry standards and legal and regulatory requirements. Our company-wide policy sets out the requirements, roles and responsibilities for the management and governance of risks, controls and supporting guidance on the essential elements of our internal control framework. Our Code sets out the overarching expectations for our employees and complementary workers. We aim to do the right thing with integrity and care as part of our culture. Our risk management and internal control framework incorporates our culture and our Speak Up processes, enabling us to identify and mitigate risks effectively. We monitor our most important risks and take action to address issues. We embed business continuity planning into our framework so we can continue operations in the event of a crisis. We routinely evaluate our framework for improvements.
Our Risk Management and Internal Control Policy can be found in Codes and standards.
Board oversight
The Board oversees our system of risk management and internal control and establishes our risk appetite, supported by the Audit & Risk Committee (ARC). The Corporate Responsibility Committee (CRC) and Science Committee further assess the effectiveness of risk management strategies pertinent to their defined remits. Further information on the Board, its committees’ and their responsibilities can be found in our company governance section.
Our Risk Oversight & Compliance Council (ROCC) supports the ARC and CRC to oversee the risks, and the strategies used to address them. Risk management and compliance boards across the Group promote the ‘tone from the top’, establish our risk culture and oversee the effectiveness of risk management activities, while also communicating information about internal controls.
Management is accountable for delivering on its objectives in line with its established risk appetite. The Disclosure Committee has the responsibility for considering the materiality of information and determining the disclosure of this information in a timely way. An Enterprise Risk Owner is responsible for each principal risk, with oversight by a GLT member. Risk owners report risk and mitigation to ROCC and the appropriate Board committee each quarter. Legal and Compliance support these efforts by advising on our business strategies, activities, risks and controls. Audit & Assurance provides assessments of the adequacy and effectiveness of our framework.
Considering the likelihood, impact and timescale of risks
Our enterprise risk assessment methodology is the mechanism by which we assess all risk. Our risk assessment methodology considers the likelihood and impact of risks, and the timescale over which a risk could occur based on the most probable scenario and considering our existing internal controls. Our impact assessments include financial and nonfinancial considerations. We consider both current and emerging risks that could affect our ability to achieve our long-term priorities over the three-year horizon, in line with our viability statement. We also define risks in this way if we need to know more about how likely they are to materialise, or what impact they’d have if they did. We evaluate if additional investigation is required before classifying them as principal risks.
Risk management and compliance boards at all levels of the organisation identify emerging risks on an ongoing basis, and ROCC discusses emerging risks at each meeting. We also scan the risk horizon throughout the year to identify external trends that may be opportunities and/or emerging risks and monitor our business activities and internal environment for new, emerging and changing risks.
ROCC conducts an annual risk review to assess principal and emerging risks for the company. This review is supported by extensive analysis of external trends and insights, senior level interviews and recommendations from risk management and compliance boards and risk owners. ROCC shares this annual review with the ARC and Board for assessment and this forms the basis for the following year’s risk management focus.
2025 principal risks summary
We outline below the principal risks and uncertainties relevant to GSK’s business, financial condition and operations that may affect our performance and ability to achieve our objectives. These are the risks that we believe could cause our actual results to differ materially from expected and historical results. These are not listed in order of significance. Operating in the pharmaceutical sector carries various inherent risks and uncertainties that may affect our business.
Find more information in the sections on Risk management (page 62) and Principal risks and uncertainties (page 307) in our Annual Report. You can also explore our Code and all our policies:
