Modern Slavery Statement

1. Introduction

This statement is made pursuant to section 54 of the UK Modern Slavery Act 2015. It sets out the steps taken by PortSwigger Ltd during the financial year ending 31 December 2026 to ensure that modern slavery and human trafficking are not taking place in our business or supply chains. We have a zero-tolerance approach and are committed to acting ethically and transparently in all our dealings.

2. About PortSwigger

PortSwigger is a UK cybersecurity company founded in 2008 and based in Knutsford, Cheshire. We create Burp Suite, the world's leading web application security testing toolkit, and the Web Security Academy, a free training platform used by security professionals worldwide. Our workforce is primarily skilled employees across engineering, research, product, sales, and support, serving a global customer base of enterprises, government bodies, and independent practitioners.

3. Our Supply Chains

As a software company our supply chains are lower-risk than labour-intensive or manufacturing industries. Principal categories include:

• Cloud hosting and infrastructure providers
• Software vendors and SaaS platforms
• Professional services (legal, accountancy, HR advisory, and recruitment)
• Contractors and freelancers for specialist engineering or design work
• Office facilities and equipment for our UK and US offices

We do not operate complex physical goods supply chains. We consider modern slavery exposure within our direct supply chains to be low, whilst recognising that risks can exist where indirect suppliers or sub-contractors are involved.

4. Governance, Policies and Employee Wellbeing

Responsibility for modern slavery compliance sits within our Culture and Finance Tribes, with oversight from the Board. Our approach is supported by policies covering recruitment and right-to-work checks, anti-bribery and corruption, and confidential reporting.

Employee wellbeing as an active safeguard

PortSwigger operates on a fully office-based model and all employees work from our physical premises. This provides natural, day-to-day visibility of workforce wellbeing that is simply not available in remote or distributed environments, and is one of our most meaningful structural protections against the conditions that enable modern slavery.

Each Tribe has a named Swigger Success Champion (SSC), a specialist people role whose remit explicitly includes spotting and tackling people risks early. SSCs operate as primary and backup pairings, meaning every employee has multiple points of contact and no concern is dependent on a single person. This sits alongside team leaders and the Culture Tribe as a layered escalation structure.

All employees also have access to our Wellbeing resources and Help@Hand, our Bupa-backed Employee Assistance Programme, which provides confidential mental health and wellbeing support independent of line management.

For new joiners relocating to Knutsford, PortSwigger provides SwigHouses which are company-owned shared accommodation. This ensures that new employees are not dependent on external housing arrangements or third-party providers during their settling-in period.

5. Risk Assessment and Due Diligence

Own operations: We consider the risk of modern slavery within our direct workforce to be low. All employees are engaged through lawful contracts, subject to right-to-work checks at hire, and paid at or above the National Living Wage (see Payroll and Working Hours & Holiday). We do not use zero-hours contracts.

Supply chain: We do not operate a formal supplier audit programme, which we consider proportionate to our risk profile. Our primary mitigation is supplier selection: the great majority of our suppliers are large, well-established technology companies and professional services firms with their own governance obligations and public reputations to maintain. We do not engage with suppliers in sectors or geographies commonly associated with elevated modern slavery risk. Where we engage contractors or recruitment agencies, we work with reputable, established providers.

6. Supplier Expectations

We expect all suppliers to comply with applicable laws, including those relating to forced labour, child labour, and minimum wages. We do not currently impose specific contractual modern slavery clauses as standard, but our selection of reputable, established suppliers means we are satisfied that those we work with operate within the law. We would not continue to engage any supplier found to be acting in breach of applicable labour standards.

7. Training and Awareness

We do not currently operate a formal modern slavery training programme. We consider this proportionate given the low-risk nature of our operations and supply chains.

Our primary safeguard in this area is our approach to hiring. PortSwigger recruits carefully for values and judgment, and the culture we have built means that employees are naturally alert to behaviour that conflicts with our ethical standards. The office-based environment, flat structure, and accessibility of SSCs and the Culture Tribe mean that any concerns are likely to be raised and heard without needing a formal training intervention.

We will keep the need for more structured awareness activity under review as the business grows.

8. Reporting

Any employee with a concern relating to modern slavery or unethical conduct can raise it directly with their team leader, any Swigger Success Champion, or the Culture Tribe. Our office-based, flat structure means these conversations can happen informally and without barriers. We do not currently operate or formally signpost a dedicated external reporting mechanism.

During the financial year ending 31 December 2025, no concerns relating to modern slavery were raised through any internal channel.

9. Effectiveness

Modern slavery risk is captured within PortSwigger's Board and Tribe risk registers, which provide ongoing oversight of material risks across the business. This ensures that any change in our risk profile, whether through growth, new supplier relationships, or changes in the regulatory environment, would be identified and acted upon at an appropriate level.

We do not currently operate a dedicated procurement function or a modern slavery-specific measurement programme. Our confidence in the effectiveness of our approach rests on the low inherent risk of our operations and supply chains, our values-based approach to hiring, and the wellbeing and support structures described in Section 4.

We will continue to review whether additional controls are warranted as the business scales.

10. Board Approval and Signature

This statement has been approved by the Board of Directors of PortSwigger Ltd and is made on behalf of the Company in accordance with section 54(1) of the Modern Slavery Act 2015.

Name: Dafydd Stuttard
Position: Chief Executive Officer
Date: 20 May 2026
On behalf of: PortSwigger Ltd, Knutsford, Cheshire, UK