Compliance at UiPath

At UiPath, compliance is treated seriously. We make efforts every day to to make sure compliance is integrated into our processes and behaviours.

We strongly encourage our employees and our partners (customers, resellers, agents, suppliers, etc.) to act in compliance with the applicable legislation and with the UiPath Code of Conduct.


UiPath Internal Code of Conduct

The Internal Code of Conduct is applicable to all employees, freelancers, those employed by carriers or other contingent workers acting on behalf of UiPath or having access to UiPath systems including its subsidiaries and affiliates to ensure they act in good faith, with integrity and consistent with the Company’s values in order to maintain effective trust and credibility with our employees, customers, business partners and communities in which we operate.

The UiPath Internal Code of Conduct is available here.

Report Ethics & Compliance Concerns

Any breach of the UiPath Code of Conduct, UiPath policies or the law is taken seriously. Any such concerns should be reported at
If you wish to report anonymously you can use the following means:
Web app:
Mobile app: 
Hotline: There are dedicated lines for each country where UiPath has an entity. Access and select the country you are located in. This action will display you the hotline number for your country.


Global Partner Code of Conduct

This Global Partner Code of Conduct (the “Code”) sets out our expectations and defines the minimum standards of business conduct and business practices applicable to all UiPath clients, resellers, consulting partners, vendors, OEMs, suppliers, agents, entities and/or individuals who do business with or on behalf of UiPath (the “Partners”).


All Partners are expected to comply with this Code of Conduct.

The Global Partner Code of Conduct is available here.


Privacy & Security Compliance

ISO 27001: UiPath maintains an ISO/IEC 27001:2013 certification that covers our core product lines and main development locations. This attests to our commitment to maintaining and improving an information security management system (ISMS) that protects confidential information collected, processed, or otherwise impacted during the product development and maintenance lifecycle, covering the analysis, design, development and global delivery by UiPath on customer premise (on-prem), by using cloud service and/or acting as a cloud service provider. The scope of the ISMS includes the following UiPath product lines and we are working on adding new products to the list every year:


UiPath Core Platform
Studio Studio X Robot
Agent Desktop Orchestrator Activity Packs
UiPath Cloud Platform
Cloud Portal Cloud Services (Document Understanding, Computer Vision, Licensing, Orchestrator) Automation Hub




SOC 2 Type 1: UiPath, Automation Cloud has received its System and Organization Controls 2 (SOC 2) Type 1 certification. This certification, developed by the American Institute of Certified Public Accountants (AICPA), validates that UiPath securely manages customer data and demonstrates its commitment to enterprise-grade security for the Automation Cloud. To help organizations around the world use automation to become faster and more agile in the face of increased demand and rapidly changing environments, the UiPath Automation Cloud enables customers to start their RPA deployments instantly and scale up over time without compromising security or requiring high upfront costs.

Receiving SOC 2 certification meant UiPath demonstrated the achievement of service commitments and system requirements based on the security, confidentiality, and availability trust services criteria. UiPath partnered with CPA firm Schellman & Company, LLC to undertake this certification.

GDPR: UiPath has one of its main headquarters in the European Union, which makes UiPath subject to the GDPR, one of the strictest data protection laws around the world. Since UiPath is committed to respecting your privacy, we implement the GDPR principles in all UiPath entities. Please check here our global Privacy Policy.


Privacy Shield: UiPath is an active participant of the Privacy Shield Framework. The purpose of Privacy Shield is to ensure that when personal data is transferred from the European Union or Switzerland to the United States, the data protection legislation is observed and implemented. Please find here the details of UiPath’s participation to the Privacy Shield Framework.

When GDPR became effective, UiPath has signed Standard Contractual Clauses with its affiliates and has imposed GDPR policies and standards, globally, among its entities. Privacy Shield was used by UiPath as an additional transfer mechanism and not as the primary transfer mechanism, which is why the recent ruling of the European Court of Justice does not affect the protection or transfer of personal data of European customers. With its sub-processors, UiPath has concluded data processing agreements in accordance with GDPR, ensuring that any transfer mechanism used will be in compliance with the European legislation.

CCPA: UiPath complies with the California Consumer Privacy Act of 2018 (CCPA) by applying the common privacy principles of CCPA and GDPR to the more rigorous standard of the latter. UiPath does not sell customer data and only shares it with third parties acting as its service providers, who consequently process data solely on our behalf, in order to meet their contractual obligations. Otherwise, UiPath only shares data as directed by you or with your consent. As your service provider, UiPath only processes personal data used with UiPath cloud products for the purpose of providing you the service and product functionalities, as directed by you.


HIPAA: If you are a Covered Entity or a Business Associate under the Health Insurance Portability and Accountability Act, a US healthcare regulation, please use our products installed on premise. When using our on premise product, no customer data will be received, stored or processed by UiPath. This is important since UiPath does not wish to fall under HIPAA and thus, Protected Health Information cannot be used with UiPath cloud products.


Paris Call for Trust and Security in Cyber Space: UiPath joined a global call for Nation States, Companies and Civil Society to come together and face the increasing threats endangering citizens and infrastructure in cyberspace. It is based around nine common principles to secure cyberspace and the commitment to adopt responsible behavior. Discover the 9 principles here.


Contact us at for questions about our privacy and security compliance program.


Vendor Risk Management

We have a Vendor Risk Management Program in place to ensure we assess the security posture of critical providers and that all that all vendors and contractors that have access to UiPath data and/or systems attest to confidentiality and security requirements. All such providers are required contractually to implement a level of security as described in our Security standard, available here. Moreover, they are contractually required to comply with our internal security policies and procedures, as applicable to the nature of the service provided.


We retain the right to perform audits on our vendors and to request audit reports. Any findings that might pose a risk to UiPath’s data or systems will be subject of a remediation plan that the vendor is required to implement.


Anti-Bribery and Anti-Corruption Statement

UiPath adheres to a Zero Tolerance approach towards corruption and bribery. We do not bribe and cannot be bribed, and we do not engage in situations that might leave the impression of corrupt practices.


To make sure that these standards reach all our personnel, we created an Anti-Bribery program which consists of an Anti-Bribery Policy that is published and disseminated internally; an annual training for all personnel, making sure that Anti-Bribery provisions are always included in the agreements we undertake.


Our policy specifically references that all Gifts and Hospitalities must be modest, transparent, of low value and in accordance with the laws. UiPath prohibits the offering of anything, regardless of the value, with the corrupt intention to obtain an unfair advantage for UiPath.


Anti-Slavery and Anti-Human Trafficking Statement

UiPath recognises the seriousness and importance of combatting modern slavery and human trafficking. With respect to its employees and the operations of its business, UiPath is committed to ensuring the highest standards of welfare, safety and business practice, in accordance with all relevant legislation.


The Anti-Slavery and Anti-Human Trafficking Statement is available here.

Export Control

UiPath is keen on complying with export control regulations and therefore we expect every 3rd party we do business with to abide by all export control regulations as set forth by (i) the U.S. Department of Commerce Export Administration Regulations (EAR), U.S. Department of State International Traffic in Arms Regulations (ITAR) or other requirements of the U.S. Government; (ii) European Commission regulations; (iii) United Nations Security Council resolutions (the “Export Control Regulations”) regulating the export and reexport of the UiPath RPA Platform. We also expect our business partners not to be named on any Export Control Regulations list of restricted parties and not to be involved in dealings with entities and individuals that are sanctioned or that are located in countries subject to trade embargoes or economic sanctions.

Equal Opportunity Employer

UiPath is an equal opportunity employer and prohibits discrimination and harassment of any kind. We are committed and expect our Partners (i) to offer equal employment opportunity for all job applicants and employees, (ii) to provide all employees a work environment free of discrimination and harassment of any kind and (iii) to take all employment related decisions without regard to race, color, religion or belief, national, social or ethnic origin, sex, pregnancy, age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by any and all similar laws.

Exclusion of AntiSocial Forces

This Policy applies to entities located in Japan and is read together with the agreement (“ToU”) between UiPath and such entities (“you”).


  1. Organized Crime Group Members. Each of the Parties (a) represents, and covenants with respect to the future, to the other Party that the representing and covenanting Party is not currently, and will not be in the future, an organized crime group, an organized crime group member, a person for whom a period of five years has not elapsed since that person was an organized crime group member, a quasi-member of an organized crime group, a corporation affiliated with an organized crime group, a shareholder meeting extortionist (sokaiya) or the like, a corporate extortionist acting under the guise of a social movement or political activity (shakai undo-to hyobo goro), a group or individual that exploits its specialist knowledge in cooperation with an organized crime group (tokushu chino boryoku shudan to), or any other person similar to any of these entities (collectively, “Organized Crime Group Members”) and (b) represents, and covenants with respect to the future, to the other Party that the representing and covenanting Party does not currently, and will not in the future, fall under any of the following:
    1. the representing and covenanting Party has a relationship through which its management is considered to be controlled by an Organized Crime Group Member;
    2. the representing and covenanting Party has a relationship through which an Organized Crime Group Member is considered to be substantially involved in the representing and covenanting Party’s management;
    3. the representing and covenanting Party has a relationship through which an Organized Crime Group Member is considered to be unjustly used for the purpose of pursuing illicit gains for the representing and covenanting Party or a third party, causing damage to a third party, or for any other similar purpose;
    4. the representing and covenanting Party has a relationship through which it is considered to provide funds or benefits to an Organized Crime Group Member or otherwise be involved in an Organized Crime Group Member; or
    5. an officer of the representing and covenanting Party or any person substantially involved in that Party’s management has a socially reprehensible relationship with an Organized Crime Group Member.
  2. Unlawful acts. Each of the Parties covenants to the other Party that the covenanting Party will not, by itself or using a third party, commit any of the following acts with respect to the other Party:
    1. a violent demand;
    2. an unjust demand that exceeds the legal liability of that demand’s recipient;
    3. use of threatening behavior or violence in connection with a transaction;
    4. spreading of rumors or use of fraudulent means or force to damage the reputation of the other Party or to obstruct the other Party’s operations; or
    5. any other act similar to those provided for in (i) through (iv) above.
  3. Specific termination. Either Party may terminate this Agreement without providing the other Party with any demand for remedy if it is discovered that the other Party is an Organized Crime Group Member or falls under Section “Organized Crime Group Members” above, if the other Party commits any act provided for under Section “Unlawful acts” above, or if it is discovered that the other Party has made any false declaration in relation to its representations and covenants under Section “Organized Crime Group Members” above, and the Party considers it inappropriate to continue transactions with the other Party.
  4. No liability. Even if the terminated Party incurs any damage as a result of the provisions in Section “Specific Termination” above being applied, the Party may not make any claim against the other Party in relation to the damage. If the terminating Party incurs any damage, the terminated Party shall be the only one liable, therefore.


We reserve the right to update this Policy on at any time without prior written notice.
Last update made on: 4.06.2020.

Safe Harbor Statement

Some UiPath materials may contain forward-looking statements. Forward-looking statements include all statements that are not historical facts, and in some cases, can be identified by terms such as “anticipate,” “believe,” “estimate,” “expect,” “intend,” “may,” “might,” “plan,” “project,” “will,” “would,” “should,” “could,” “can,” “predict,” “potential,” “continue,” or the negative of these terms, and similar expressions that concern our expectations, strategy, plans or intentions. By their nature, these statements are subject to numerous risks and uncertainties, including factors beyond our control, that could cause actual results, performance or achievement to differ materially and adversely from those anticipated or implied in the statements. Although our management believes that the expectations reflected in our statements are reasonable, we cannot guarantee that the future results, levels of activity, performance or events and circumstances described in the forward-looking statements will be achieved or occur. Recipients are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date such statements are made and should not be construed as statements of fact.

This information is subject to change at any time without prior notice. Actual results and future plans may differ significantly as a result of, among other things, changes in product strategy. This presentation is not a commitment to deliver any material, or functionality. Any purchase of software by customers should neither be contingent on the delivery of any future functionality or features, nor dependent on any oral or written public comments made by UiPath regarding future functionality or features.