Key Figures

secunet Group overview (according to IFRS)

Key operating figures (in million euros)	2024	2023	Change
Sales revenue	406.4	393.7	3 %
Earnings before interest and income taxes (EBIT)	42.5	43.0	-1 %
EBIT margin	10.5 %	10.9 %	-0.4 Pp.
Earnings before interest, taxes, depreciation and amortisation (EBITDA)	60.3	60.4	– %
Earnings before taxes (EBT)	41.9	42.1	– %
Group profit for the period	27.9	29.0	-4 %
Earnings per share (in euros)	4.32	4.51	-4 %
Dividend per share (in euros, subject to resolution of the Annual General Meeting)	2.73	2.36	+16 %
Key cash flow figures (in million euros)	2024	2023	Change

Cash flow from operating activities	61.0	51.9	+18 %
Cash flow from investing activities	-22.7	-8.8	+160 %
Cash flow from financing activities	-21.8	-23.3	+6 %

Key balance sheet figures (in million euros)	31 December 2024	31 December 2023	Change
Balance sheet total	359.6	328.6	+9 %
Equity (including non-controlling interests)	150.8	137.8	+9 %
Equity ratio	41.9 %	41.9 %	0.0 Pp.
Cash and cash equivalents	57.7	41.3	+40 %
Liabilities	208.8	190.8	+9 %
Order book	205.3	190.2	+8 %
Permanent employees	1,059	1,043	+2 %

Key share figures (in million euros)	31 December 2024	31 December 2023	Change
Shares outstanding	6,469,502	6,469,502	– %
Closing price (Xetra, in euros)	118.20	146.80	-19 %
Market capitalisation (in billion euros)	0.8	0.9	-19 %

Long-term development of sales and EBIT

Public Sector

Digital sovereignty for state and society

A holistic IT security concept is essential for public authorities and armed forces. secunet's Public Sector supports the digital transformation of administrations, authorities and armed forces in Germany and abroad. Trustworthy security solutions assure resilient digital infrastructures and the utmost protection for data, applications and digital identities. Consulting, security analyses and training round out secunet's cybersecurity portfolio. This enables public organisations to leverage the latest technologies while retaining their digital sovereignty.

Business Sector

Secure digitalisation in industry and healthcare

The digital transformation is spawning new business models, accelerating communication and creating more efficient processes in existing value chains. However, increased networking and new technologies simultaneously amplify the risk of cyberattacks, malware, data misuse and espionage. secunet's Business Sector supports companies and the healthcare sector in safeguarding information and communication technologies. The core competence lies in consulting as well as in the development and production of trustworthy security solutions that integrate seamlessly into existing IT landscapes and protect them effectively.

secunet – protecting digital infrastructures

secunet is Germany's leading cybersecurity company. In an increasingly connected world, the Company's combination of products and consulting assures resilient digital infrastructures and the utmost protection for data, applications and digital identities. secunet specialises in areas with particular security requirements – such as eGovernment, eHealth as well as IIoT and cloud computing. With security solutions from secunet, companies can maintain the highest security standards in digitalisation projects and thus expedite their digital transformation.

Annual Report 2024

1.To the Shareholders

8 Foreword by the Management Board
14 Supervisory Board report
22 Spotlight
36 The secunet share
40 Corporate Governance Statement

Foreword by the Management Board

Dear shareholders, customers, business partners and friends of the company,

In the 2024 financial year, secunet Group once again successfully continued its long-term growth trajectory and achieved the targets it had set itself. The fourth quarter, which is traditionally the strongest quarter, together with a strong third quarter, contributed significantly to the eleventh consecutive record in sales revenue. The 400 million euro mark was exceeded for the first time in the company's history. The increase in sales revenue is primarily due to the continued positive business momentum in the Public Sector segment.

Our business model remained robust in a very challenging political and economic environment, particularly in Germany. In our most important market, the break-up of the "traffic light coalition" on 6 November 2024 was an important event that will have an impact on secunet's current 2025 financial year with the election of a new federal government on 23 February 2025. We genberally assume that a new German government will focus more strongly on national and European sovereignty interests, also against the backdrop of current geopolitical developments, and will act and invest accordingly. In our view, this is also appropriate in terms of industrial policy: investments, added value, jobs, taxes and expertise must be kept within a national and European area.

2024 has once again shown that our innovative products and our dedicated employees are important pillars that have made secunet the leading cybersecurity company in Germany for some years now. We have continued to focus our business activities on the structural growth drivers of sovereign digitalisation and IT security. The ever-increasing threat of cybercrime and espionage underscores the fact that the digital transformation – the advancement of which is supported by artificial intelligence – can only succeed with the aid of trustworthy products with strong protection mechanisms. This is secunet's great strength, which has led to outstanding positioning on the market.

Jessica Nospers Torsten Henn Axel Deininger Dr Kai Martius

This confirms to us that cybersecurity is no longer just a technical necessity, but a fundamental business requirement. According to Bitkom, investment in IT security in Germany is increasing. Expenditure in 2024 totalled 11.2 billion euros – an increase of 13.8 percent compared to 2023. The topic of IT security is receiving additional and necessary support through increased regulation, for example via the Cyber Resilience Act or the NIS2 Directive.

As a leading cybersecurity company, we are in close dialogue with customers, partners and regulators. This gives us the opportunity to work on solutions to avert threats at an early stage and often to define the state of the art. We are continuously investing in the further development of our solutions and reached important milestones in 2024, such as approvals for the SINA Cloud and the secunet Highspeedkonnektor 2.0. In addition, our high-security solutions are already equipped with mechanisms that also eliminate threats from quantum computers. We will continue to develop the entire portfolio to be cloud-based and quantum-resistant. We see promising potential here to continue our many years of growth and to benefit sustainably from the dynamic development in the IT sector.

Financial year 2024 closed with record sales revenue once again

secunet Group continued its successful performance in the 2024 financial year with its eleventh consecutive sales record. With sales revenue of 406.4 million euros, the 400 million euro mark was exceeded for the first time, as well as the previous year's sales revenue (393.7 million euros) and our sales forecast of around 390 million euros published in the 2023 annual report.

The second half of the year, with a strong third quarter (110.5 million euros) and record sales revenue of 151.9 million euros in the fourth quarter, were key to the successful sales revenue performance. This corresponded to almost 65 percent of annual sales revenue.

Group earnings before interest and taxes (EBIT) amounted to 42.5 million euros in 2024, slightly above the forecast of around 42.0 million euros and only slightly below the previous year's level of 43.0 million euros. The final quarter was also the strongest with an EBIT of just under 24.8 million euros, contributing significantly more than half of the annual result. Group profit for the period rose to 27.9 million euros (previous year: 29.0 million euros), corresponding to earnings per share of 4.32 euros (previous year: 4.51 euros).

The continued sales growth, profitability and strategic progress underscore the company's innovative strength. As you have come to expect from secunet, we would therefore like you, dear shareholders, once again to share appropriately in the Company's success of the past year. We will therefore propose a dividend for the 2024 financial year of 2.73 euros (previous year: 2.36 euros) to the Annual General Meeting on 28 May 2025. With this proposal, we are continuing our long-standing dividend policy of distributing around half of the net income for the year.

Strategic highlights

secunet Group has a clear strategy that is geared towards sustainable and profitable growth in core markets. Additionally, targeted investments are being made in futureoriented growth areas in order to create added value for the company and its stakeholders.

One key focus is on expanding the Public Sector and on the continuous further development of key technologies, particularly the SINA product family. secunet Group is pursuing the goal of driving forward the evolution of its core business models towards the cloud and comprehensive services. Other areas of development include the expansion of solutions in highly regulated and demanding sectors such as the healthcare industry and critical infrastructures. At the same time, we are expanding our international presence.

In the 2024 financial year, we made good progress in implementing our strategic focus areas:

State secrets secure in the cloud

With the SINA Cloud, secunet is presenting the first cloud infrastructure solution in Germany whose security architecture is authorised for classified information (VS) – up to and including the classification SECRET. This has enabled us to demonstrate that IT security in a cloud can also meet the high requirements for VS approvals. The German Federal Office for Information Security (BSI) has already approved two out of three components of the SINA Cloud Security Layer. This is a first for Germany.

Authorities working with classified information and security-sensitive companies in particular can benefit from the cloud transformation for the first time with the SINA Cloud and future-proof their IT infrastructure.

The new solution can be integrated seamlessly into existing SINA infrastructures. The SINA Cloud is also flexibly scalable. The security architecture is designed in such a way that compliance with the classified information directive (VSA) is maintained in the event of expansions and updates and does not always have to be checked again. We intend to establish a comprehensive ecosystem of sovereign and highly secure cloud solutions.

State secrets secure on smartphones

The smartphone is an integral part of our everyday lives. However, until now, the question of security and compliance has always arisen in professional contexts. To this end, we have developed the SINA Mobile application suite, with which sensitive data can be processed and transferred securely on standard smartphones.

The areas of application are diverse and range from secure official telephony, e-mail and messenger communication to the transmission of sensitive image material, for example by police officers in the field. Despite the high security and compliance requirements, we have placed a particular focus on usability and practicality.

State secrets safe from quantum computers

Store now, decrypt later is a strategic approach that is frequently used by state actors, especially in the field of espionage. The core of the concept is that today's strong encryption algorithms could be cracked in the future using powerful quantum computers. Until this Q-Day, data that are indecipherable today are stored and can subsequently be decrypted quickly using quantum computers. This strategy focuses on state secrets in particular. Even if, to date, no quantum attacks have yet become known, there are fears that information will soon be accessible that is actually intended to remain under lock and key for decades to come.

With this in mind, we began working on quantum computer-resistant technologies at an early stage. Like secunet, numerous companies are involved in research into quantum-resistant encryption methods. In addition to this holistic research approach, we have already equipped some SINA components with quantum-resistant mechanisms, deployed them for use by our customers, and received approval for them up to the classification level SECRET. However, this can only be the beginning of a continuous transformation that we will continue to pursue.

VS telephony without borders

Authorities and armed forces can now securely connect Voice-over-IP (VoIP) networks and make VS-NfD-certified calls and hold video conferences across divisional and organisational boundaries. This is made possible by the secunet Session Border Controller (SBC), which is the only such solution on the market to have received BSI approval for the classification level VS-NfD (classified information – for official use only). An important milestone for us and our customers.

Digitalisation in the healthcare sector

We have further expanded our position as a leading cybersecurity company and market leader among connector manufacturers in the growing healthcare sector. In December 2024, we received approval for the secunet Highspeedkonnektor (HSK) 2.0 from gematik, the National Agency for Digital Medicine. This offers a central solution for TI access and is the centrepiece of the TI Gateway (TIG). Using TIG, the HSK 2.0 can securely connect a large number of facilities to the TI in a secure, approved data centre. The TIG "as-aservice" range thus replaces the stationary connectors and enables centralised and powerful TI access for all outpatient and inpatient care scenarios, such as medical practices, hospitals and care facilities. This means that smaller facilities and mobile facilities can also benefit from TI access. This is the next step towards digital healthcare in conjunction with the telematics infrastructure.

After this brief insight into current strategic highlights and successes, we would like to recommend our secuview magazine to you. Here you will find in-depth reports and numerous practical examples – something we cannot present in the foreword of an annual report.

Looking ahead

The 2024 financial year once again underscored the fact that secunet Group has successfully and resiliently built up its market position strategically, operationally and financially. Our divisions cover various sectors.

The market environment in 2025, particularly in the public sector in Germany in the first half of the year, remains challenging due to the formation of a new government following the federal elections in February. This will certainly not make our short-term planning in the 2025 financial year any easier. On the other hand, the megatrends remain "intact", and geopolitical developments are supportive of our business model.

We are a leader in Germany with innovative cybersecurity solutions and are in constant dialogue with our customer groups in order to further expand our proven products and develop new security solutions. We see new opportunities in the planned further internationalisation of our business activities. We therefore expect demand for our products and solutions to remain strong in 2025, which should be particularly evident in the second half of the year. At the time of publication of this report, the order book already totalled 205.3 million euros. On this basis, we expect Group sales revenue of around 425 million euros for the 2025 financial year.

Our defined strategic goal is for our growth to go hand in hand with attractive, sustainable profitability. In order to achieve this, our short-term planning in the current financial year, as in 2024, will once again focus, on the one hand, on internal measures that optimally adapt our organisation and its processes to the constantly changing business activities. On the other hand, we are also investing heavily in research and development in order to successfully expand our portfolio. These measures are flanked by ongoing market screening in order to find attractive M & A targets that ideally complement or expand our product and service portfolio. This means that we are aiming for healthy profitability at around the previous year's level in the 2025 financial year. Accordingly, we expect an EBIT margin of 9.5 to 11.5 percent.

Expression of thanks

Dear shareholders, thank you very much for the trust you have placed in secunet. Our sincere thanks also go to our 1,086 employees. Together with this dedicated and excellently trained team, we are looking forward to continuing the secunet success story with innovative ideas.

The Management Board of secunet Security Networks AG

Axel Deininger (CEO) Torsten Henn (COO)

Dr Kai Martius (CTO) Jessica Nospers (CFO)

Supervisory Board report

Dear Shareholders, Ladies and Gentlemen,

the year 2024 was once again characterised by challenging conditions. Economic uncertainties, geopolitical tensions and the increasingly complex threat situation in the area of cybersecurity have challenged companies and institutions alike. In this environment, secunet has once again proven itself to be a reliable partner for IT security. With stable development and continuous demand for our reliable solutions, the Company has been able to successfully continue on its chosen course.

The ongoing digitalisation of the economy and society is highlighting the central importance of cybersecurity more than ever. Threats from attacks on digital infrastructures are increasing, as are the requirements for data protection and resilience. secunet is meeting these challenges with targeted investments in the course of further developing its product portfolio and a clear focus on future-relevant technologies. The Company is thus not only creating the basis for sustainable business development, but is also making a significant contribution to the security of the digital world.

The Supervisory Board has accompanied this process responsibly and with a clear focus on the Company's strategic goals. We would like to thank all our employees, the Management Board and our customers and partners, whose trust and commitment have made a significant contribution to secunet's positive development.

In the reporting year, the Supervisory Board continuously, diligently and conscientiously performed the tasks assigned to it by law and by the Company's Articles of Association and Rules of Procedure. We continuously monitored and regularly advised the Management Board in its management of secunet Security Networks AG on the basis of the Management Board's detailed written and oral reports and, in the course of performing our duties, satisfied ourselves that the work of the Management Board was lawful, expedient and proper. Between the Supervisory Board meetings, there was also a regular exchange of information (for example, on current business transactions) between the Chairman of the Supervisory Board and the Chairman of the Management Board as well as the other members of the Management Board. The Management Board always informed us quickly and comprehensively about all events and measures of material importance to the Company, in particular about the strategy, corporate planning including financial, investment and personnel planning, the profitability and the sustainable business development of the Company and the Group.

All members of the Supervisory Board had the opportunity at all times to attend to the Management Board's suggestions and reports in detail and to make their own proposals. Insofar as the approval of the Supervisory Board was required for decisions or measures by the Management Board in accordance with laws, the Articles of Association or the Rules of Procedure, the members of the Supervisory Board gave their approval after intensive examination and discussion.

Supervision and examination methods

The Supervisory Board has mainly based its examination on

» the regular reports of the Management Board as provided for by law and the Management Board's rules of procedure,
» the separate reports submitted by the Management Board on occasion and
» the supplementary explanations provided by the Management Board and the auditors.

Each of the reports was submitted to all members of the Supervisory Board. Where the Management Board submitted business measures to the Supervisory Board for approval, the Supervisory Board's copy was in each case accompanied by a presentation of the main points to be considered in taking a decision.

Meetings of the Supervisory Board

Four actual meetings were held in the reporting year: on 20 March, 23 May, 19 September and 27 November 2024. Furthermore, the Supervisory Board convened for an extraordinary meeting on 06 August 2024 (video conference). The Supervisory Board also regularly met without the Management Board.

Mr Thyen was excused from the meeting on 23 May 2024. During the past financial year, all members of the Supervisory Board attended all meetings of the Supervisory Board.

In addition, the Supervisory Board passed written circular resolutions between the meetings as required. The Management Board also kept the Supervisory Board informed about events and projects of particular importance to the Company during the periods between the meetings by means of detailed reports in text form. The Supervisory Board discussed with the Management Board any financial information arising over the course of the year, before its publication. In all of the ordinary meetings, the Supervisory Board addressed the current business performance of secunet Security Networks AG. In all ordinary meetings, it also dealt in detail with the relevant issues concerning business and investment planning, and the development of earnings and liquidity. The members of the Supervisory Board also discussed the Management Board's assessments of market developments and the Company's long-term strategic direction in detail. The focal points of the 2024 financial year were the longer-term strategic focus of the Company, the transformation of the product portfolio and the growth prospects of secunet Group.

In all ordinary Supervisory Board meetings, the members of the Supervisory Board received reports on the business development, the risk situation, the opportunity and risk management as well as the compliance of the company.

About the individual meetings and their contents:

At the meeting on 20 March 2024, the Supervisory Board dealt in detail with the business performance in 2023 and the discussion of the financial statements and the combined Management Report for secunet Security Networks AG and the Group as at 31 December 2023 and the report of the Supervisory Board for the 2023 financial year. The Supervisory Board reviewed and finally approved the report of the Supervisory Board, the Annual and Consolidated Financial Statements and the combined Management Report of the Company and the Group. The auditors took part in the discussions on 20 March 2024 and reported on the key results of their audit. The Supervisory Board's proposed resolutions to the Annual General Meeting of secunet Security Networks AG were also adopted at the meeting on 20 March 2024.

At the Annual General Meeting of secunet Security Networks AG held on 23 May 2024, the four shareholder representatives were elected to the Company's Supervisory Board. The constituent meeting took place at the subsequent meeting of the Supervisory Board on 23 May 2024. DrWintergerst and Mr Thyen were elected Chairman and Deputy Chairman of the Supervisory Board respectively. The Supervisory Board also appointed the members of the Audit Committee and the Technology and Innovation Committee. DrWintergerst was elected Chairman of the Technology and Innovation Committee. The Supervisory Board also discussed current business developments with the Management Board.

The 2024 half-year financial report was discussed during the video conference of 6 August 2024. Dr Zattler was also appointed Chairman of the Audit Committee.

In the meeting on 19 September 2024, the business situation and the financial position of the Company were discussed. The meeting focused on an update on secunet Group's strategy by the Management Board and the forthcoming restructuring of the business. Furthermore, the employment contracts of the members of the Management Board were adjusted to the Management Board remuneration system approved by the 2024 Annual General Meeting, which has been in place since the beginning of 2024. In addition, agreements were concluded with the members of the Management Board on implementing the multi-year special bonus introduced under the new Management Board remuneration system. The Supervisory Board subsequently set the target values for the multi-year special bonus.

In its meeting on 27 November 2024, the Supervisory Board addressed the current business situation. It discussed the budget planning for 2025 with the Management Board and approved it. The Supervisory Board also approved the target values for variable Management Board remuneration for 2025. The Supervisory Board approved the reorganisation of the subsidiaries secunet International GmbH & Co. KG, secunet International Management GmbH, and finally safe GmbH. At this meeting, the Supervisory Board also dealt with the Declaration of Conformity for 2024.

Corporate Governance

The Supervisory Board and Management Board act in the knowledge that good corporate governance is an important basis for the success of the Company. Great importance is placed on the implementation of the German Corporate Governance Code, and the application and further development of corporate governance standards within the Company are closely monitored by the Supervisory Board and Management Board.

The Supervisory Board adopted the 2024 Declaration of Conformity on 27 November 2024. Further information on the corporate governance of the Company and the Group can be found in the Corporate Governance Statement in this Annual Report. The current Declaration of Conformity is reproduced there and on the Company's website (www.secunet.com) under >> About us >> Investors >> Corporate Governance.

The Supervisory Board strives to continually improve the effectiveness and efficiency of its activities. On an annual basis, the review of the Supervisory Board's efficiency is included as a separate item on the agenda for the meetings of the Supervisory Board. In the 2024 financial year, the efficiency review or self-assessment was conducted at the meeting on 20 March 2024 on the basis of a catalogue of questions evaluated by an external service provider.

The members of the Supervisory Board are responsible for the training and further development measures required for their tasks, such as those relating to changes in the legal framework and new technologies, and are appropriately supported in this by the Company. In September 2024, the members of the Audit Committee completed further training on the legal framework for the Audit Committee's tasks, particularly in connection with the development of sustainability reporting. The employee representatives on the Supervisory Board also took part in public speaking training during the 2024 financial year.

The members of the Management Board and the Supervisory Board notify the Supervisory Board immediately of any conflicts of interest. The members of the Management Board and Supervisory Board were not notified of any conflicts of interest in the 2024 financial year.

Committee work

Audit Committee

The Audit Committee convened for three meetings in person during the year under review. All three committee members participated in the meetings. At all these meetings, the Audit Committee dealt with issues relating to the effectiveness of the internal control system, the risk management system and compliance and also monitored the independence, qualifications and efficiency of the auditor as well as the quality of the audit.

The meeting held on 20 March 2024 focused on the auditor's report for the annual audit of the 2023 financial year and the preliminary audit of the annual financial statement documents. After discussion, the Audit Committee recommended that the Supervisory Board approve the audited annual and Consolidated Financial Statements. The Audit Committee also deliberated while not in the presence of the Management Board.

The 2024 audit, carried out once again by the auditors from BDO, was presented at the meeting held on 19 September 2024. The focal points of the 2024 audit were also discussed, particularly in connection with sustainability reporting in accordance with CSRD.

The meeting on 27 November 2024 focused on the interim report on the Annual and Consolidated Financial Statement audit by the appointed BDO auditors. The Internal Audit, Risk Management and Compliance departments also presented their annual reports and the annual audit plans for 2025.

Technology and Innovation Committee

The Technology and Innovation Committee held three meetings in person during the reporting year. All three committee members participated in the meetings. In all meetings, the committee members dealt with the operational development, the strategy and the new products of the secunet Group.

The meeting on 20 March 2024 focused on the presentation of the "Border Control Systems" portfolio and the positioning of secunet Security Networks AG in the cloud environment.

At the meeting on 19 September 2024, the competitive situation in the business segment was discussed in particular. The transformation of the SINA portfolio to the cloud and the implementation of a "SINA-as-a-Service" concept were also discussed.

At the meeting on 27 November 2024, updates on the "Software Factory" and the cloud strategy were discussed. The use of artificial intelligence in secunet Security Networks AG's lines of business was also discussed.

Annual Financial Statements and Consolidated Financial Statements for 2024

BDO AG Wirtschaftsprüfungsgesellschaft, headquartered in Hamburg, Essen branch, was appointed by the Annual General Meeting on 23 May 2024 as auditor of the Company and the Group for the 2024 financial year and to review the condensed financial statements and the interim Management Report. The Chairman of the Audit Committee was also in regular contact with the auditor's representatives outside the Audit Committee meetings.

BDO AG Wirtschaftsprüfungsgesellschaft audited the Annual Financial Statements prepared by the Management Board in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Consolidated Financial Statements prepared in accordance with International Financial Reporting Standards (IFRS), as applicable in the European Union, for the 2024 financial year as well as the combined Management Report of the Group and the Company for the 2024 financial year, including the accounting records, and issued an unqualified audit opinion in each case.

The auditors examined the report on relations with affiliated companies prepared by the Management Board for the 2024 financial year in accordance with Section 312 AktG and relating to the existing majority shareholding of Giesecke + Devrient GmbH, Munich, and issued the following unqualified opinion. The Supervisory Board also examined this report and raised no objections to the final declaration of the Management Board contained in the report or the results of the audit.

The Audit Committee and the Supervisory Board dealt with the combined Sustainability Statement prepared by the Management Board and the remuneration report. The auditors conducted a limited assurance engagement on the Sustainability Statement and a substantive audit of the remuneration report and issued an unqualified auditor's report in both cases. The documents were comprehensively reviewed by the Audit Committee and the Supervisory Board on 26 March 2025. The Supervisory Board approved the remuneration report and took note of and approved the Sustainability Statement.

The annual financial statements prepared by the Management Board, the Consolidated Financial Statements, the combined management report for the 2024 financial year, the Management Board's proposal for the appropriation of the balance sheet profit and the audit reports were discussed in detail and debated intensively at the Audit Committee meeting on 26 March 2025. The auditors reported on the key audit matters and the main findings of their audit. On the basis of these findings, the Audit Committee decided to recommend that the Supervisory Board approve the submitted financial statements and support the intended profit appropriation.

At the meeting of the Supervisory Board on 26 March 2025, the annual financial statements prepared by the Management Board, the Consolidated Financial Statements, the combined management report and the Management Board's proposal for the appropriation of the balance sheet profit as well as the audit reports were available to the Supervisory Board. The Chair of the Audit Committee gave a detailed explanation of the committee's recommendations. Furthermore, all significant issues relevant to the financial statements and the audit, including the key audit matters, were discussed in detail with the auditor and subjected to a separate review by the Supervisory Board. The Supervisory Board also reviewed the Management Board's proposal for the appropriation of profits, which provides for a dividend of 2.73 euros per dividend-bearing share.

After detailed discussion and intensive deliberation, the members of the Supervisory Board came to the conclusion that there were no objections to the financial statements and the audit by the auditor. In the opinion of the Supervisory Board, the combined Management Report of the Company and the Group complies with all legal requirements. It agrees with the statements in the Management Report on the further development of the Company and has approved the result of the audit and the Annual Financial Statements of the Company and the Consolidated Financial Statements for the 2024 financial year. The Annual Financial Statements of secunet Security Networks AG were thus adopted on 26 March 2025. The Supervisory Board also endorsed the Management Board's proposal for the appropriation of profits.

Expression of thanks

The Supervisory Board would like to thank the members of the Management Board and all employees for their outstanding performance and good results in the 2024 financial year.

Essen, 26 March 2025

For the Supervisory Board

Dr Ralf Wintergerst Chairman of the Supervisory Board

SPOTLIGHT

Cloud transformation in public administration

Bundesdruckerei and secunet cooperate on sovereign cloud offerings for the public sector

Articles can also be found on https://secuview.secunet.com/

secunet provides sovereign cloud services for the Bundesdruckerei Group, the German federal government's technology company. These are offered in particular to public authorities and administrations with high availability requirements. The scalable Infrastructure-as-a-Service solution from secunet subsidiary and cloud-native

specialist SysEleven provides a solid basis for the operation of Bundesdruckerei's established development and operating platform.

"The successful integration of the secunet solutions is an important step for Bundesdruckerei's cloud strategy," says Dr Stefan Hofschen, CEO of Bundesdruckerei Gruppe GmbH. "As a technology company for the German federal government, we want to offer our customers with high availability requirements a secure, resilient and consistently structured system architecture in the sense of security by design." With the solutions that have now become possible, the company will be able to act faster on the market, scale more easily and offer customers from the public and private sectors modern applications with full data control based on a sovereign cloud infrastructure. "The collaboration between secunet and Bundesdruckerei on sovereign cloud offerings facilitates the secure migration to cloud technologies," says Hofschen.

The joint offering fulfils the requirements of authorities and companies for a modern infrastructure, digital sovereignty and national security interests. It stands for the cooperation partners' many years of experience in the development and operation of trustworthy solutions.

Bundesdruckerei is using IT infrastructure components in the modern, powerful and sustainable data centres of secunet.

"The collaboration between secunet and Bundesdruckerei on sovereign cloud offerings facilitates the secure migration to cloud technologies."

secunet continues to invest in cloud platform

"Our investments in the development of sovereign cloud solutions for public administration through the expansion of our open source-based platform and comprehensive certifications have led to market-ready solutions," explains Axel Deininger, CEO of secunet. "This is demonstrated by our cooperation with Bundesdruckerei. With over 25 years of experience in IT security, we provide a modern IT infrastructure that meets particularly high standards in terms of data and identity protection."

The public cloud offering is now available for public authorities and companies that require a secure cloud solution for critical workloads.

Norbert Müller, Vice President Cloud Solutions at secunet and Managing Director of SysEleven, adds: "Our cloud and cloud-native solutions are designed in such a way that we can customise them to meet the individual needs of our clients. Bundesdruckerei is already using first IT infrastructure components in our modern, powerful and sustainable data centres. We and Bundesdruckerei are thus making a decisive contribution to Germany's digital sovereignty."

1. To the Shareholders

SPOTLIGHT

EU funding programme 8ra (IPCEI-CIS) Edge cloud on the horizon

Articles can also be found on https://secuview.secunet.com/

An international kick-off meeting in Brussels in March 2024 marked the start of a key digital policy project in Europe: the IPCEI-CIS programme funded by the EU and the German Federal Ministry for Economic Affairs and Climate Protection. This project, which has now been renamed 8ra, pronounced "Oora", involves more than

150 companies and research institutions from twelve EU member states working together on a new edge-to-cloud continuum. secunet is one of the project partners and is developing innovative technology for this infrastructure, which is set to play an important role in Europe's digital future.

It could no longer be overlooked at the Brussels meeting: The IPCEI-CIS, launched by the European Union under the German Council Presidency in 2020 and approved by the EU Commission in 2023, had taken on considerable dimensions. At the kick-off meeting, there were already around 120 project partners, a significant number of whom had travelled to Brussels. A project like this needed a catchier name. The curtain was raised on "8ra", the new brand name for the future European edge cloud infrastructure. However, the previous name had already emphasised the importance of the project: IPCEI stands for "Important Project of Common European Interest", CIS for "Cloud Infrastructure and Services".

At its core, 8ra aims to strengthen Europe's digital sovereignty by reducing its dependence on technologies that do not originate from the EU. The field of European cloud providers is highly fragmented, together accounting for less than 13% of the global market. 1 The market is dominated by a few large companies from third countries, primarily the USA and China. However, their offerings are not without problems for European companies and authorities: data protection issues often remain unresolved, e. g. if the parent companies operate under non-European law. There is a lack of transparency and open standards. Vendor lock-in – a dependency on a single provider – can also quickly develop, for example if services are based on proprietary technology, interfaces are missing or if the contractual framework makes it difficult to change providers.

1 See the website of the German Federal Ministry for Economic Affairs and Climate Protection: https://www.bmwk.de/Redaktion/DE/Artikel/Industrie/ipcei-cis.html

"There are good reasons for European companies and authorities to rely on cloud solutions made in Europe," says Dr Elisabeth Rieger, who coordinates the work on the 8ra project for secunet and also attended the meeting in Brussels. "The EU's edge cloud initiative comes at just the right time. The funding and the common framework with so many partners at European level make it much easier to develop solutions and products in this area."

8ra will not be tied to a single provider, but will place great emphasis on the interoperability of its offerings. A variety of different data processing solutions from different European vendors will be combined to enable applications that require low latency times and high speeds – for example autonomous driving or the networking of critical infrastructure such as wind turbines or public transport infrastructure.

Funded by the European Union – NextGenerationEU. The views and opinions expressed are solely those of the author(s) and do not necessarily reflect the views of the European Union or the European Commission. Neither the European Union nor the European Commission can be held responsible for them.

Organisations from twelve EU member states are involved in 8ra.

Edge and cloud combined

The edge-to-cloud continuum combines the advantages of cloud computing with those of edge computing. What does this mean? In principle, cloud resources can be distributed across the entire network. They offer high flexibility and scalability, but have a certain time delay – latency – and are therefore often not suitable for real-time applications. Edge components, on the other hand, are located close to the respective end devices such as wind turbines – and thus at the edge of the network. Real-time data can also be processed quickly and securely there, and latency is practically zero. Data protection aspects and the sheer volume of data also increasingly favour the use of applications close to where the data is generated.

It therefore makes sense to combine the two approaches. In an edge-to-cloud continuum, data and applications can remain at the edge locations, be moved to the cloud or even be located somewhere in between, depending on their respective requirements – it is a real continuum. The edge is available for real-time data, for example, where it is processed quickly and securely. Less time- and security-critical tasks are handled in the cloud.

The secunet edge cloud can serve many application scenarios.

Central components for 8ra

Together with partners such as SAP, ADVA and LindnerAG, secunet is developing central components for this infrastructure: so-called edge cloud nodes. These highly secure and automatically networked modules are operated decentrally in the respective operating environment – for example at power generation plants such as wind turbines, where this is particularly energy-efficient. Ultimately, various operating sites on land, at sea or even mobile – in relocatable containers – are conceivable. When connected to other edge cloud nodes, large computing networks are created. This provides the basis for the exchange and processing of large amounts of data at potentially low operating costs and distributed data processing that is more responsive to local conditions, bandwidths, failure scenarios and resilience. Networking is either wired or via mobile communications, with the future 6G standard.

"When it comes to edge cloud nodes, it will be important that the solutions are easy to implement, scalable and interoperable," says Dr Kai Martius, Chief Technology Officer at secunet. "We will develop such solutions as part of the 8ra project and then expand them into mature, industrially manufacturable products."

Participants of the 8ra kick-off meeting in Brussels in March 2024. © European Commission

Security and open source

Cybersecurity plays a central role in the project – home territory for secunet with its decades of expertise in this area. "The 8ra continuum is intended for use in critical infrastructures, among other things, and should therefore be able to process particularly sensitive data," says Elisabeth Rieger. "That's why the nodes will use sophisticated cryptography and advanced virtualisation."

Another crucial point is the reliance on open source technology. This is because the use of open standards and generally accessible software modules guarantees verifiability and transparency – criteria that should be met by any cloud offering that is committed to true digital sovereignty. "Another typical advantage of open software is that it is further developed in the community across all manufacturers," says Rieger. "We will therefore subsequently make the results of our project work available to the general public, as is usual with open source."

Hot phase of cloudification

The project comes at a time when the cloud transformation has picked up speed once again: After companies and private individuals have been increasingly using cloud solutions for many years, public authorities and companies with special security requirements that were previously excluded from this development are currently following suit. For them, the cloud must meet significantly higher security and data protection standards, and the aspect of digital sovereignty is also more relevant. This is why secunet is constantly expanding its sovereign public cloud offering with edge and security services together with its wholly-owned subsidiary SysEleven. Kai Martius: "As a citizen, I can perhaps live with the fact that a non-European company potentially has access to my holiday photos. However, public authorities or companies that provide important services for society should never have to live with such data protection risks. That is why we at secunet are committed to a sovereign and highly secure European cloud infrastructure. Our developments for the edge-to-cloud continuum will complement this portfolio perfectly."

The 8ra project is already in full swing and will run until the end of 2026. The time frame shows that sophisticated technology is being developed, and it won't happen overnight. Nevertheless, a date within sight was chosen for the end of the project. After all, there is not much time to lose in the endeavour to free Europe from technological dependencies.

Dr Elisabeth Rieger

Dr Elisabeth Rieger has been managing the funded projects of secunet's CTO Office since 2023 and provides company-wide support for the implementation of other funded projects at EU and state level. Dr Rieger, who holds a doctorate in chemistry, gained in-depth insights into the funding project landscape and its administrative framework through several years of managing funded projects at Chemie-Cluster Bayern.

SPOTLIGHT

Post-quantum cryptography That crucial "quantum" of security

Because quantum computers will be able to break current encryption methods in a few years' time, cryptography is currently reinventing itself. As a pioneer in Europe, secunet has already equipped key products in the SINA portfolio for highly classified data with elements of post-quantum cryptography (PQC) that are immune to such attacks. At the same time, secunet experts are working on innovative technologies that will provide

additional security for networks in the era of quantum computers. To this end, they are participating in a research project in the greater Munich area.

Technological development seems to be taking place at breakneck speed, with one revolution following the next. Digitalisation, comprehensive networking and cloud transformation have not yet been fully completed, but the first AI-based applications are already appearing in our everyday lives – and give us an idea of the far-reaching consequences this technology will have. In comparison, another revolution is much less in the spotlight, although it could have a similarly major impact: the development of powerful quantum computers.

These computers are based on a completely different technology to that used in conventional computers. Instead of limiting themselves to binary arithmetic with zeros and ones, their fundamental information units, the qubits, can also work with gradations in between. This is due to the fact that the qubits are based on quantum mechanical states and therefore do not have to assume a unique value of zero or one. Instead, the two values can overlap, in which case different probabilities apply to them. If numerous qubits are connected, logical operations can be carried out. These, however, are more similar to processes in neural networks than to serial computing in classic computers. Quantum computers do not proceed step-by-step, but instead pursue many possible solutions approaches simultaneously and may also find multiple solutions. Algorithms must then limit the computational operations in a meaningful way so that usable results are obtained.

"Store now, decrypt later"

With their new type of machine computing, these devices will soon outperform conventional computers in many areas. These areas include solving mathematical problems that serve as the basis for conventional cryptography. This means the end for many common encryption methods. In fact, there is an acute need today: although today's quantum computers are not yet a threat to conventional encryption methods, anyone interested in sensitive data without authorisation can record and store it today in order to decrypt it in a few years' time using advanced quantum computers – "store now, decrypt later". As classified information in particular is intended to remain confidential for decades in many cases, this is a serious threat.

Already protected against quantum computers

However, new, quantum computer-resistant post-quantum cryptography (PQC) methods are already in the starting blocks, are being evaluated internationally and are already being used in high-security environments in Germany.

secunet is very active in this area: as an IT security partner of the Federal Republic of Germany, secunet has for many years been producing technology that protects highly classified data up to SECRET level and is used by the German armed forces and federal ministries with special security requirements, such as the Federal Ministry of Defence. In Germany, SINA is the de facto standard for encryption at this high security level.

secunet has already equipped key products in this portfolio with PQC elements:

» the SINA Communicator H, which offers tap-proof voice communication and many other secure communication features,
» the highly secure VPN gateway SINA L3 Box H,
» the SINA Workstation H Client V workstation computer, which delivers a unique combination of high-performance cryptography and high computing power, and
» the hardened SINAWorkstation H R RW14 laptop, which is designed for use in extreme conditions.

The Federal Office for Information Security has approved these SINA components as the first encryption products with PQC in Germany for the SECRET classification level. In a European comparison, Germany is therefore a pioneer in crypto devices that already work with PQC.

Security through quantum physics

Furthermore, other technologies are currently being evaluated that could additionally be used for secure communication with highly sensitive data in the future. This includes the research field of quantum communication. Like the quantum computer, it is based on quantum physics and utilises the bizarre phenomenon of "entanglement": two or more particles can behave as a complete system, even if they are far apart. If they spontaneously assume a random value during a measurement, this is correlated in the case of entangled particles – even if they are separated by a distance of many kilometres.

In quantum computers, entanglement is used to connect the qubits. In quantum communication, on the other hand, the effect can be used to exchange random but identical symmetric key material between two points, classically called Alice and Bob, which is also tap-proof. The process is called Quantum Key Distribution (QKD). In the future, VPN gateways, for example, could read the key material exchanged via QKD and use it as additional protection.

Practical challenges

Can the problems surrounding the threat posed by quantum computers be solved by QKD alone? Not yet, because a whole series of challenges currently arise in practice. For example, QKD currently requires a dedicated fibre optic cable, and connections to mobile devices such as laptops or telephones cannot yet be secured using this technology. Furthermore, the rate at which keys are exchanged fluctuates with vibrations or temperature changes in the glass fibre, for example. The range is also limited: it is currently around 100 kilometres per optical fibre. Additionally, the security of the current implementations has not yet been proven.

Nevertheless, since 2021, secunet has been involved in the MuQuaNet project, a quantum communication network for research and evaluation purposes in the greater Munich area, together with its long-standing research partner Ilmenau University of Technology. The project is being driven by the University of the Bundeswehr Munich (UniBw M). Not only QKD, but also other processes are being investigated. This includes three interesting concepts that can also be combined: the IKE proxy concept, the Business Trip Key Exchange (BTKE) and Multipath Key Reinforcement (MKR).

Additional protection through innovative technology

IKE proxy improves the common practice of additionally encrypting data packets before sending them via unsecured networks. This creates a so-called second line of defence, which must first be broken by an attacker. What is new is that several different key sources can be used at the same time; QKD would also be an option. An attacker would have to compromise all of the key sources used, otherwise they would not be able to successfully intercept the connection – even in the future.

With the Business Trip Key Exchange (BTKE), people act as key couriers and physically travel between different locations in a network to distribute new keys. This can be carried out without active intervention by the people travelling, for example if they are travelling to other locations of their organisation anyway. The rest is automated.

Finally, Multipath Key Reinforcement (MKR) can be used to achieve a comprehensive, regular, automated and secure key exchange. Key material is exchanged regularly – several times a day or even several times an hour– via various paths. One of these can be a QKD path. An attacker would have to successfully intercept not just one, but all of the paths used in order to be able to read the communication.

Conclusion: PQC and its helpers

In the dawning era of quantum computing, the primary task for the coming years will be to secure highly classified data and networks using PQC procedures. secunet is already supplying the required technology, so Germany has already made considerable progress. At the same time, it is worth researching other processes that are also likely to be able to contribute to the quantum-resistant network of the future and thus perhaps provide that crucial "quantum" of security.

Social Days

From the desk to the shovel

SPOTLIGHT

When IT experts slip into the role of carers during working hours and take children on a trip to the petting zoo, it can only mean one thing: Social Days are coming up at secunet!

Following last year's successful kick-off at the four major locations in Berlin, Dresden, Essen and Munich, this year secunet also gave its employees in Bonn, Eschborn, Hamburg and Hanover the opportunity to get involved in social activities as part of their work. With success: in April and June, almost 150 employees took part in a total of 13 social projects in the area of child and youth work, thus actively supporting the organisations in addition to making financial donations. Together, they embellished gardens, painted walls, held football tournaments and gained unique experiences with the children on excursions.

And regardless of whether it was an excursion or a hands-on project, the feedback

speaks for itself: "What I like is that everyone can help in this small way," said one participant. "The sparkle in the children's eyes is definitely worth it," said another. And it's not just the children who benefit from the initiative: "This year, I was able to experience for myself the energy that such teamwork generates outside of the regular working environment," says Axel Deininger, CEO of secunet and an active participant in Munich this year. "We will definitely continue the Social Days."

The secunet share

Stock market development

The stock market year 2024 was characterised by record highs, and at the same time concerns about recession, particularly in Germany. Many indices reached new highs: The S & P 500 exceeded 6,000 points for the first time, the both the NASDAQ-100 technology index and the DAX reached the 20,000 point mark, while the Dow Jones and Nikkei 225 surpassed the 40,000 point mark. By contrast, there was a downward trend in key interest rates in 2024. In December 2024, the ECB cut the key interest rate, further reducing the attractiveness of call deposits and fixed-term deposits compared with equity investments. The rise on the stock markets was surprising in view of the successful stock market year 2023 and the ongoing difficult geopolitical conditions. Fears of a downturn have also repeatedly surfaced in the USA. The Fed countered this with interest rate cuts.

In Germany, the leading index DAX reached a record high of 20,522 points in December 2024. It closed the year at 19,909.14 points, an annual increase of around 19%. By contrast, the small cap index SDAX lagged well behind and closed down 1.8% at 13,711.33 points. The SDAX was thus a long way off its record high of 17,450 points reached in November 2021. The TecDAX technology index developed positively with a plus of 2.78%, while the MDAX was down 5.7%. The index represents German SMEs, which are industry- and exportorientated and therefore suffered particularly from the weak economy, while the large DAX companies are more internationally oriented.

The secunet share

The secunet share is listed in the Prime Standard of the Frankfurt Stock Exchange and traded on all German stock exchanges. The secunet share is not currently listed in any index of the DAX family. In the ranking of all listed companies in Germany, secunet ranked 167th at the end of the year.

The secunet Security Networks AG share (hereinafter: secunet AG) started the year 2024 at a price of 147.60 euros. It reached its high for the year of 176.20 euros at the beginning of March. By mid-October, the share price had fallen to a low of 90.20 euros. As a result of the good business performance and the increase in the annual forecast, the share subsequently recovered and closed the year at 118.20 euros. Overall, this means an annual performance of almost -20%.

An average of 3,056 secunet shares were traded per day on Xetra in 2024 (previous year: 3,083 shares). Average daily sales amounted to 0.4 million euros (previous year: 0.6 million euros).

Dividend and proposed dividend

One of secunet's principles is to allow shareholders to participate in the company's success. The long-standing dividend policy was continued and 50% of the balance sheet profit (corresponding to the earnings after tax attributable to shareholders under commercial law) was once again distributed. Accordingly, the dividend totalled 2.36 euros per dividend-bearing share. This corresponds to a total distribution of 15.3 million euros.

The Management Board and Supervisory Board will propose to the Annual General Meeting on 28 May 2025 a continuation of the continuous dividend policy for the financial year 2024, corresponding to a dividend payout of 2.73 euros per dividend-bearing share. This corresponds to a total distribution of 17.6 million euros.

Annual General Meeting

The Annual General Meeting of secunet AG took place on 23 May 2024 as an in-person event in Essen. Around 86% of the share capital with voting rights was represented at the meeting (previous year: 85%). The shareholders present approved all items on the agenda by a large majority. The results and documents are available on the website: https://www. secunet.com/en/about-us/investors/hauptversammlung.

Shareholder structure

The share capital of secunet AG amounts to 6,500,000 euros and is subdivided into 6,500,000 no-par-value bearer shares. The number of shares outstanding remained unchanged, at 6,469,502 shares. Each share grants the holder one vote at the Annual General Meeting and, in the event of a distribution, an equivalent dividend entitlement. There are no share option programmes or convertible bonds that could dilute the shareholding.

Giesecke + Devrient GmbH, Munich, has held a direct stake in secunet AG since 2004. As at 31 December 2024, the share was 75.12%. The free float totalled 24.41% and was spread across a regionally diversified shareholder structure. A further 0.47% of shares (30,498 shares) are held by secunet AG itself.

Shareholder structure
Giesecke + Devrient GmbH	75.12 %
Treasury shares	0.47 %
Free float	24.41 %

Information according to voting-right notices available as at 31 December 2024

On 8 February 2024, secunet received voting-right notices from the owners of Giesecke + Devrient GmbH, Celia, Marian, Sylvius and Gabriel von Mitschke-Collande. In 2024, there were no notifications of the acquisition of financial instruments of secunet AG (so-called Managers' Transactions) by members of the Management Board and Supervisory Board and related parties subject to the reporting obligation.

Communication with the capital market

secunet attaches great importance to prompt, open and transparent communication with the capital market and other stakeholders. In the year under review, there were numerous personal contacts with existing and potential investors and financial analysts. secunet also offers a newsletter service, which is also used by many private shareholders. The publication of financial reports was also accompanied by regular video conferences in which the Management Board reported on business developments and answered questions from participants.

All information relevant to the capital markets is published promptly in German and English and made available on the company website (www.secunet.com). This includes financial results, press releases and ad hoc releases, as well as information about the Annual General Meeting and voting-right notices. Additionally, the website offers a financial calendar that clearly displays the dates of all important publications and events. In view of the continued successful development of the Company, secunet will expand its investor relations activities in 2025 in order to increase awareness of the company.

Analyst coverage

One component of capital market communication is continuous and transparent dialogue with financial analysts.As at 31 January 2025, secunet was covered by four analysts from various banks and research houses, all of whom recommended the share as a buy.

Institute	Analyst	Recommen dation	Target price in euros
mwb Research	Alexander Zienkowicz	Buy	185
Dr Kalliwoda Research	Dr Norbert Kalliwoda	Buy	258
Hauck Aufhäuser	Finn Kemper	Buy	123
Warburg Research	Hannes Müller	Buy	210

Information as at 31 January 2025

Share price development 1 January 2024 – 31 December

Index, share price 1 January 2024 = 100

Key figures and trading data

		2024	2023
Price at start of year (Xetra)	in euros	147.60	197.60
Price at end of year (Xetra)	in euros	118.20	146.80
High for the year (Xetra)		176.60	256.00
	in euros	(7 Mar 2024)	(15 Jun 2023)
Low for the year (Xetra)		90.20	124.40
	in euros	(17 Oct 2024)	(2 Nov 2023)
Development over year	%	-20	-29
Market capitalisation (31 Dec)	in million euros	764.69	949.72
Ø turnover per trading day (Xetra)	No. of shares	3,056	3,083
Ø turnover per trading day (Xetra)	in euros	383,895	597,794

Master data and indices

ISIN / WKN	DE0007276503 / 727650
Share capital	6.500.000 euros
Number of shares in circulation	6.469.502
Class of share	Ordinary bearer shares with no par value
Start of listing	9 November 1999
Stock exchange segment	Prime Standard Frankfurter Stock Exchange
Designated sponsor	ODDO BHF Corporates & Markets AG, Frankfurt am Main
Paying agent	Commerzbank AG, Frankfurt am Main

Corporate Governance Statement

An effective and transparent organisation, as well as responsible and reliable corporate governance is very important at secunet Security Networks AG. The Company's Management Board and Supervisory Board firmly believe that good corporate governance is key to the long-term success of the Company on the market.

The term Corporate Governance describes the regulatory framework for the management and supervision of companies. In a general sense, this framework must be designed in such a way that the Management Board and Supervisory Board work to ensure that the company continues to exist and creates value sustainably. Recommendations and proposals for how this requirement can be implemented in the management and supervision of companies are summarised in the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK). The Code serves the purpose of increasing trust in companies listed on the German stock exchange.

The Management Board and Supervisory Board therefore regularly check the implementation of the GCGC at secunet Security Networks AG. In the 2024 financial year, the Management Board and Supervisory Board of the Company once again carefully deliberated on the recommendations and proposals of the GCGC, in the version as amended on 28 April 2022. The Declaration of Conformity set out below regarding the GCGC was agreed on the basis of these deliberations. This declaration is permanently available on the Company's website (www.secunet.com) and will be updated immediately if required.

secunet Security Networks AG delivers the following Corporate Governance Statement in accordance with Sections 289f HGB and 315d HGB:

Management and supervisory structure

secunet Security Networks AG is subject to German stock corporation law and its own Articles of Association. As a German public limited company, it has a dual management and supervisory structure consisting of a Management Board and a Supervisory Board.

The Management Board and Supervisory Board work together closely and on the basis of mutual trust in their management and supervision of the Company. The Annual General Meeting is responsible for fundamental decisions in the Company.

Supervisory Board

In accordance with Article 9 (1) of the Articles of Association, the Supervisory Board comprises six members, four of whom are elected by the Annual General Meeting and two by the employees in accordance with the German One-Third Participation Act. In accordance with the recommendations of the GCGC, the shareholder representatives were elected by a single ballot. The current members of the Supervisory Board are Dr Ralf Wintergerst (Chairman of the Supervisory Board), Jan Thyen (Vice Chairman of the Supervisory Board), Dr Peter Zattler, Jörg Marx (employee representative), Gesa-Maria Rustemeyer (employee representative) and Professor Dr Günter Schäfer. Further information about the members of the Supervisory Board, including their term of office, can be found on the Company's website (www.secunet.com) under >> About us >> The Company.

The Supervisory Board monitors and advises the Management Board with regard to the management of the Company. At regular intervals, the Supervisory Board discusses business performance and planning, as well as the strategy and its implementation. It discusses the half-year financial reports and quarterly updates with the Management Board before their publication, and approves the Annual Financial Statements of secunet Security Networks AG and the Group, taking into consideration the audit reports prepared by the auditors, the preliminary audit conducted by the Audit Committee, and its own examination. The Audit Committee monitors the accounting process, the effectiveness of the internal control, risk management and internal audit, as well as the auditing of the financial statements.

The tasks and responsibilities of the Supervisory Board also include appointing members to the Management Board. The Supervisory Board decides on the remuneration system for members of the Management Board and sets the specific remuneration in accordance with the system. It sets the targets for the variable remuneration components and regularly reviews the appropriateness of the Management Board remuneration. Management Board decisions of fundamental importance, such as major acquisitions, disposals and financial measures, require the consent of the Supervisory Board. An extraordinary meeting of the Supervisory Board is convened as and when necessary should significant events arise. The Supervisory Board has drawn up rules of procedure for its work, which are published on the Company's website (www.secunet.com).

The Chair of the Supervisory Board is elected by the Supervisory Board from among its members. The Chair coordinates the work carried out within the Supervisory Board, chairs its meetings and represents its interests externally. The Supervisory Board strives to continually improve the effectiveness and efficiency of its activities. The efficiency review or self-assessment of the Supervisory Board is carried out at the start of each financial year. For the purposes of self-assessment, each member of the Supervisory Board answers a structured questionnaire on the individual aspects of efficiency. The results, including any possible proposals for improvement, are discussed at the first meeting of the financial year, at which the Annual Financial Statements are adopted. In the 2024 financial year, the Supervisory Board carried out an internal self-assessment on the basis of a questionnaire evaluated by an external service provider and discussed the results in detail at its meeting on 20 March 2024. The results of the self-assessment confirm professional, constructive and open cooperation within the Supervisory Board, its committees and with the Management Board. The results also confirm the efficient organisation, preparation and implementation of meetings and sufficient resources of the Supervisory Board as well as appropriate provision of information to the members of the Supervisory Board. The results of the self-assessment and the associated recommendations result in the continuous optimisation of the Supervisory Board's activities. There is no recognisable fundamental need for change.

The knowledge, skills and professional experience required to fulfil the remit are taken into account when drawing up the nominations for election to the Supervisory Board. The Supervisory Board of secunet Security Networks AG has also specified concrete targets for its composition, with due consideration given to diversity and relevant expertise. At least 30 percent of Supervisory Board members should be women in future. The purpose of the skills profile is to ensure that the members of the Supervisory Board possess all the knowledge and experience considered essential in light of the activities of secunet Group. One or more Supervisory Board members should also have many years of special experience abroad, acquired as a result of working abroad or due to a foreign country of origin. The skills profile for the board as a whole also includes expertise requirements in sustainability issues. Furthermore, an age limit of 70 years is planned for members of the Supervisory Board.

Nominations by the Supervisory Board to the Annual General Meeting shall take into account the aforementioned targets for the composition of the Supervisory Board and, at the same time, endeavour to meet the requirements of the skills profile for the board as a whole. The terms of office of Dr Wintergerst, Dr Zattler, Dr Legge and Professor Dr Schäfer expired at the end of the Annual General Meeting on 23 May 2024. Dr Legge was not available for re-election; Dr Wintergerst, Dr Zattler and Professor Dr Schäfer were re-elected as members of the Supervisory Board by the Annual General Meeting on 23 May 2024. Based on the proposal of the Supervisory Board, the Annual General Meeting on 23 May 2024 elected Mr Jan Thyen as an additional member of the Supervisory Board (shareholder representative). The composition of the Supervisory Board complied with the specifications of the skills profile both before and after the Supervisory Board elections in 2024, with the exception of the gender quota of 30 percent. The Supervisory Board members possessed and possess the professional and personal qualifications deemed necessary. They were and are all familiar with the sector in which the Company is active and had and have the essential knowledge, skills and experience for the Company.

The qualification matrix below shows the implementation status of the objectives of the Supervisory Board's skills profile.

	Interna tionality and capital market	Research & devel opment / technology	Production / marketing / sales / digi talization	Sectors / markets	Accounting	Controlling / risk man agement	Govern ance / compliance	Sustaina bility
Dr Wintergerst	X	X	X	X			X	X
Dr Zattler	X			X	X	X	X	X
Thyen	X				X	X	X	X
Professor Dr Schäfer		X	X	X				X
Rustemeyer				X	X		X	X
Marx		X	X	X				X

Furthermore, in accordance with Section C.6 of the GCGC, the Supervisory Board should include what it considers to be an appropriate number of members on the shareholder side who are independent of the Company, its Management Board and the controlling shareholder. Taking into account particularly the ownership structure and the size of the board as a whole, the Supervisory Board has come to the conclusion that one independent shareholder representative as per the above definition is appropriate and that Supervisory Board member Dr Peter Zattler meets these requirements. Dr Zattler thus also complies with the recommendation in Section C.9 of the GCGC. This states that in the case of a controlling shareholder (this criterion being fulfilled here by the majority holding of Giesecke + Devrient GmbH, Munich, in secunet Security Networks AG) and a Supervisory Board size of six or fewer members, at least one shareholder representative should be independent of the controlling shareholder.

Furthermore, according to Section C.7 of the GCGC, more than half of the shareholder representatives should be independent of the Company and the Management Board. A Supervisory Board member is deemed to be independent of the Company and its Management Board if he or she has no personal or business relationship with the Company or its Management Board that could constitute a material and not merely temporary conflict of interest. In accordance with Section C.7 of the GCGC, the shareholder side shall, when assessing the independence of its Supervisory Board members from the Management Board and the Company, in particular take into account whether the Supervisory Board member or a close family member of the Supervisory Board member (i) was a member of the Management Board of the Company in the two years prior to the appointment, (ii) currently has or has had a material business relationship with the Company or a company dependent on it (for example, as a customer, supplier, lender or consultant), either directly or as a shareholder or in a responsible function of a company outside the Group, in the year leading up to the appointment, (iii) is a close family member of a Management Board member, or (iv) has been a member of the Supervisory Board for more than twelve years.

If one or more of the aforementioned indicators applies and the Supervisory Board member in question is nevertheless considered to be independent, this shall be justified in the Corporate Governance Statement pursuant to Section C.8 of the GCGC. According to the Supervisory Board's assessment, more than half of the shareholder representatives are independent of the Company and the Management Board pursuant to the recommendation under Section C.7 of the GCGC, namely Dr RalfWintergerst, Mr Jan Thyen and Dr Peter Zattler. In this assessment, the Supervisory Board also took into consideration the fact that Dr Zattler has been a member of the Supervisory Board since 2004. He therefore fulfils one of the aforementioned indicators with a length of service of more than twelve years, so that – in accordance with the recommendation under Section C.8 of the GCGC – reasons are to be given in the Corporate Governance Statement as to why Dr Zattler is nevertheless considered independent. Dr Zattler performed his duties with great diligence and consistently in line with the corporate interests of secunet Security Networks AG. With the exception of his length of service, Dr Zattler has no other personal or business relationships with the Company or its Management Board, nor are there any other indications that could be construed as constituting a material, and not merely temporary, conflict of interest. Moreover, no conflicts of interest have arisen in the past. In the opinion of the Supervisory Board, it would therefore be wrong to conclude a lack of independence from the Company and the Management Board based solely on the length of service.

The Supervisory Board has established an Audit Committee and a Technology and Innovation Committee. Each committee consists of two shareholder representatives and one employee representative. The chairs of the committees report regularly to the Supervisory Board on their respective activities.

As at 31 December 2024, the Audit Committee comprised the following members: Dr Zattler (Chairman), Mr Jan Thyen and Ms Gesa-Maria Rustemeyer. Dr Zattler, the Chairman of the Audit Committee, also has expertise in the field of accounting and auditing, including sustainability reporting and auditing, due to his many years of service as CFO of Giesecke + Devrient GmbH up to the end of April 2024 and is also considered to be independent. Another member of the Audit Committee, Mr Jan Thyen, has special knowledge and experience in the field of accounting, in particular in the application of accounting principles and internal control and risk management systems, due to his work as a member of the Management Board and CFO of Giesecke + Devrient GmbH and his previous positions at Giesecke + Devrient GmbH. The Audit Committee reviews the accounting and monitors the accounting process, deals with the effectiveness of the internal control system, the risk management system, the internal audit system and compliance. On the basis of the auditors' report, the Audit Committee recommends approval of the annual and Consolidated Financial Statements and submits proposals to the Supervisory Board concerning the appointment of the auditors. It issues the audit mandate for the annual and Consolidated Financial Statements and for the audit review of interim financial reports to the auditors elected by the Annual General Meeting, determines the focal points of the audit together with the auditors and reviews the quality of the audit and the independence of the auditors. The Audit Committee decides on the admissibility and scope of non-audit services and issues any audit mandate required for the Sustainability Statement.

As at 31 December 2024, the Technology and Innovation Committee comprised the following members: Dr Ralf Wintergerst (Chairman), Professor Dr Günther Schäfer and Mr Jörg Marx. The Technology and Innovation Committee deals with business strategy, new products and key technology issues.

The Supervisory Board has not formed a Nomination Committee. In the opinion of the Supervisory Board, this is not necessary as the Supervisory Board consists of only six members and the establishment of a separate Nomination Committee would not increase efficiency in terms of the nomination of suitable candidates for election to the Supervisory Board.

Management Board

The Management Board consists of four members, namely MrAxel Deininger, Chairman of the Management Board, Mr Torsten Henn, Dr Kai Martius and Ms Jessica Nospers. Mr Pleines left the Management Board at the end of May 2024 in accordance with his contract.

The Management Board, as the body responsible for managing the Company, conducts the Company's business under its own responsibility and in the Company's interests. Its aim is to increase the enterprise value on a sustainable basis. In particular, it determines the principles of the Company's policy and is also responsible for developing the Company's strategy, for planning and setting the Company's budget, for allocating resources, and for controlling and managing the Company's corporate and business divisions. Specific measures described in the Management Board's rules of procedure require the approval of the Supervisory Board. The Management Board is responsible for preparing the Company's quarterly updates and half-year financial reports, the Annual Financial Statements of secunet Security Networks AG, and the Consolidated Financial Statements.

The Management Board works closely with the Supervisory Board. It informs the Supervisory Board regularly, comprehensively and without delay – by means of written and verbal reports – of all issues important to the Company as a whole with regard to strategy and strategy implementation, planning, business performance, the financial and earnings situation, and entrepreneurial risks. The Supervisory Board is involved without delay in all decisions fundamental to the Company.

Targets for the appointment of women

At its meeting on 25 May 2022, the Supervisory Board established a target of 33 percent for the proportion of women on the Board, relating to the implementation period to 30 June 2027, which corresponds to the goal of electing two female members to the Supervisory Board.

At its meeting on 25 May 2022, the Supervisory Board decided on a target figure of one woman on the Management Board of the Company for the implementation period until 26 May 2027. Ms Nospers has now been a member of the Management Board since 1 June 2024.

At its meeting on 15 June 2022, the Management Board set the following targets for the two management levels below the Management Board for the period until 30June 2027: 25 percent for the first management level and 15 percent for the second management level.

It remains challenging for the Company to attract more women into management positions. The relative proportion of women in the IT security sector is lower than in other industries, partly due to the relatively low proportion of female STEM graduates. In view of the size of the Company, the limited number of management positions and the associated low level of fluctuation, the Management Board is of the opinion that more ambitious targets would currently not be realistic. However, the Management Board reiterates its intention to move towards a higher proportion of management positions being held by women to the greatest extent possible.

Diversity and long-term succession planning for the Management Board

At secunet Security Networks AG, diversity is understood as a broad approach that covers not only age and gender, but particularly also professional qualifications and experience as well as cultural background. A diverse composition of the Management Board serves the goal of ensuring the sustainable success of secunet Security Networks AG by taking into account diverse, complementary characteristics. Furthermore, the Supervisory Board has decided on an age limit of 67 years for members of the Management Board. In the opinion of the Supervisory Board, the current composition of the Management Board implements to the greatest extent possible the diversity concept described above; in particular, the members of the Management Board cover a broad range of knowledge and experience as well as educational backgrounds that are considered essential in view of the Company's business activities. In addition, the goal of electing a woman to the Management Board was achieved on 1 June 2024. For the Supervisory Board, reference is made to the skills profile already presented.

The Supervisory Board works together with the Management Board to ensure the longterm succession planning for the Management Board. In addition to the requirements of the German Stock Corporation Act and the GCGC, the targets set by the Supervisory Board for the proportion of women on the Management Board are taken into account as well as the above diversity concept. Taking these criteria and specific qualification requirements into account, the Supervisory Board develops a requirement profile on the basis of which a selection of possible candidates is made. In a further step, structured discussions are held with these candidates, on the basis of which the Supervisory Board makes its decision, if necessary with the assistance of external advisers.

Corporate governance guidelines

The Articles of Association of secunet Security Networks AG form the basis of our Company. The Company's Articles of Association, together with the current and previous Declarations of Conformity and further corporate governance documents can be found online at www.secunet.com under >> About us >> Investors >> Corporate Governance.

The Management Board has introduced separate Codes of Conduct for the employees, suppliers and business partners of secunet Group, which are available on the Internet at www.secunet.com under >> About us >> The Company >> Corporate Compliance. The Codes of Conduct summarise the business principles, ethos and values of secunet Group and are a crucial part of how secunet Group sees itself, and of the expectations that it strives to meet. The Codes of Conduct set down standards of conduct for dealing with all the economic, legal and moral challenges that we face in our day-to-day business activities, and are intended to serve as a benchmark and guide when working together within the Group, and with customers, suppliers and other business partners or others. They also govern our conduct when trading in secunet shares, their derivatives and other financial instruments. The Company has set up a compliance office for questions arising in connection with the Codes of Conduct.

With a Group-wide compliance management system, the Company bundles measures to comply with legal regulations and self-imposed standards of conduct in the areas of antitrust law, prevention of corruption and money laundering, conflicts of interest, fraud / embezzlement and human rights. The compliance management system aims to prevent, detect and sanction – systematically and permanently – violations of rules in the above-mentioned areas within the Company. The Company has an electronic whistleblower system that gives employees the opportunity to provide information about legal violations in the Company in a protected environment. This option is also available to third parties.

Transparent corporate governance and corporate values

Transparency in corporate governance is very important to the Management Board and Supervisory Board of secunet Security Networks AG. Shareholders, all participants in the capital market, financial analysts, shareholder associations and the media are provided with comprehensive, regular and up-to-date information regarding the Company's position and key changes to the Company's business.

secunet Security Networks AG reports to its shareholders four times a year on business performance and on the financial and earnings situation, and makes all reports and information permanently available to shareholders on the Company's website (www.secunet.com). The dates for regular financial reporting are listed in the financial calendar. If any circumstances arise at secunet Security Networks AG that might significantly influence the stock market price of the Company, these are disclosed in ad hoc announcements in accordance with the legal requirements. The financial calendar and ad hoc announcements are available to view on the website of secunet Security Networks AG (www.secunet.com) under >> About us >> Investors >> Financial News.

Shareholders and Annual General Meeting

The shareholders of secunet Security Networks AG may exercise their rights, including voting rights, at the Annual General Meeting. Shareholders can exercise their voting rights at the Annual General Meeting themselves or choose an agent or Company proxy bound by their instructions to exercise the voting rights. The Annual General Meeting takes place in the first eight months of the financial year. The Chairman of the Supervisory Board normally chairs the Annual General Meeting. Ahead of the Annual General Meeting, shareholders receive comprehensive information about the past financial year and about the individual items on the agenda of the upcoming meeting by way of the Annual Report and invitation to the meeting. All relevant documents and information on the Annual General Meeting, together with the Annual Report, are also available on our website (www.secunet.com).

In accordance with the provisions of law, the auditors are appointed by the Annual General Meeting. Following a selection procedure conducted in accordance with Art. 16 EU Audit Regulation, BDO AG Wirtschaftsprüfungsgesellschaft, registered office in Hamburg, Essen branch, was selected by the Annual General Meeting on 23 May 2024 as auditors for secunet Security Networks AG and Group auditors for secunet Group for the 2024 financial year and as auditors for an audit review of the condensed financial statements and the interim Management Report of secunet Security Networks AG and secunet Group as at 30 June 2024.

Shareholders are notified of important dates by means of a financial calendar published in the Annual Report, in the quarterly updates and on the Company's website (www.secunet.com).

Further detailed information about secunet Security Networks AG is available on our website (www.secunet.com).

Management Board and Supervisory Board remuneration

The remuneration system applicable since 1 January 2024 for the members of the Management Board pursuant to Section 87a (1) and (2), sentence 1 of the German Stock Corporation Act (AktG), which was approved by the Annual General Meeting on 23 May 2024, as well as the resolution adopted by the Annual General Meeting on 23 May 2024 pursuant to Section 113 (3) of the German Stock Corporation Act (AktG) on the remuneration of the Supervisory Board is publicly available at www.secunet.com under >> About us >> Investors >> Corporate Governance. The remuneration report for the 2024 financial year with the auditor's report can also be found in the aforementioned section.

Disclosures on share-based incentive schemes

In the reporting year, a tranche of virtual shares (performance shares) was allocated to each Management Board member as part of the long-term variable Management Board remuneration (Performance Share Plan I – PSP I). In addition, as part of the multi-year special bonus (Performance Share Plan II – PSP II) in force since 1 January 2024, which was introduced by the remuneration system for the members of the Management Board approved by the Annual General Meeting on 23 May 2024, the members of the Management Board (with the exception of the former member of the Management Board, Mr Pleines) were each allocated a tranche of performance shares. The main performance categories and performance targets as well as the achievement of PSP I and PSP II targets in the reporting year are presented in the remuneration report pursuant to Section 162 of the German Stock Corporation Act (AktG) for the 2024 financial year.

There are no stock option programmes or similar securities-based incentive systems for employees of the Company.

Notification of transactions under Article 19 of the European Market Abuse Regulation (managers' transactions)

Article 19 of the European Market Abuse Regulation (EU) No. 596 / 2014 requires members of corporate bodies (Supervisory Board /Management Board) and certain executives, as well as closely related parties, to disclose transactions in secunet shares or related financial instruments where the sum total of such transactions reaches or exceeds 20,000 euros within a single calendar year. Relevant disclosures are also published on the Company's website (www.secunet.com) under >> About us >> Investors >> Corporate Governance. No managers' transactions were reported in the 2024 financial year.

Accounting and auditing of the financial statements

secunet Security Networks AG prepares its Consolidated Financial Statements and Consolidated Interim Financial Statements in accordance with the International Financial Reporting Standards (IFRS) as applicable in the European Union. The Annual Financial Statements of secunet Security Networks AG are prepared in accordance with German commercial law (HGB) and the German Stock Corporation Act. The Annual and Consolidated Financial Statements are compiled by the Management Board and audited by the auditors, the Audit Committee and the Supervisory Board. Quarterly updates and the half-year financial report are discussed by the Management Board and Supervisory Board prior to their publication.

secunet Security Networks AG's Consolidated and Annual Financial Statements have been audited by BDO AG Wirtschaftsprüfungsgesellschaft, registered office in Hamburg, Essen branch, the auditors appointed by the 2024 Annual General Meeting. The audits were performed in accordance with Section 317 HGB and with due consideration for the generally accepted standards for the audit of financial statements in Germany promulgated by the Institute of Public Auditors in Germany (IDW). The undersigned auditors for the Annual Financial Statements and Consolidated Financial Statements of secunet Security Networks AG are Mr Marc Fritz and Dr Marcus Falk.

It was also contractually agreed with the auditors that they inform the Supervisory Board and Audit Committee without delay of any potential grounds for exclusion or bias and of any findings or occurrences of significance to the Supervisory Board's remit that came to light during the auditing of the financial statements.

The condensed Consolidated Interim Financial Statements and the interim Consolidated Management Report as at 30 June 2024 were subjected to an audit review by BDO AG Wirtschaftsprüfungsgesellschaft.

Declaration of Conformity under Section 161 of the German Stock Corporation Act dated 27 November 2024

The management and supervisory boards of companies listed on the German stock exchange are legally obliged, in accordance with Section 161 of the German Stock Corporation Act (Aktiengesetz, AktG), to annually declare whether the official recommendations of the Government Commission on the German Corporate Governance Code applicable at the time of making the declaration have been fulfilled and will be fulfilled. The Company is furthermore required to disclose which recommendations of the Code have not been applied or will not be applied and to explain the reasons for this. This Declaration of Conformity is printed in full below, with explanations. The Declaration of Conformity can also be found on secunet Security Networks AG's website (www.secunet.com) under >> About us >> Investors >> Corporate Governance. The Declarations of Conformity issued in the last five years are permanently available on the website.

The Management Board and Supervisory Board of secunet Security Networks AG hereby submit the following Declaration of Conformity regarding the recommendations of the Government Commission on the German Corporate Governance Code in accordance with Section 161 of the German Stock Corporation Act (AktG):

Declaration of Conformity with the GCGC 2022

Since submission of the last Declaration of Conformity on 30 November 2023 and the associated updates on 3 April 2024 and 19 September 2024, secunet Security Networks AG has complied with, and will continue to comply with, the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version in force on 28 April 2022 (GCGC 2022), and published by the German Ministry of Justice in the official part of the Federal Gazette on 27 June 2022, with the following exceptions:

Committees of the Supervisory Board

Recommendation D.4 GCGC 2022: The Supervisory Board shall form a Nomination Committee, composed exclusively of shareholder representatives, which names suitable candidates to the Supervisory Board for its proposals to the General Meeting on the election of Supervisory Board members.

Explanation: The Supervisory Board of secunet Security Networks AG has no Nomination Committee. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Due to the number of Supervisory Board members and the composition of the Supervisory Board, setting up a separate Nomination Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to the nomination of suitable candidates for the Supervisory Board's proposals to the Annual General Meeting for the election of Supervisory Board members. An additional Nomination Committee has therefore not been set up.

Determination of the amount of the variable remuneration components (Management Board remuneration)

Recommendation G.7 GCGC 2022: The Supervisory Board should define the performance criteria for all variable remuneration components for each member of the Management Board for the upcoming financial year, which – in addition to operational targets – should be based primarily on strategic objectives. The Supervisory Board should determine the extent to which individual targets of individual Management Board members or targets for all Management Board members are decisive.

Explanation: The revised remuneration system for members of the Management Board of secunet Security Networks AG was approved by the Annual General Meeting on 23 May 2024. The revised remuneration system applies with effect from 1 January 2024 and allows the Supervisory Board, at its discretion, to award an additional, optional special bonus component with a multi-year assessment basis based on a Performance Share Plan ("PSP II"). The performance assessment period for PSP II covers the financial years 2024 to 2026. The minimum four strategic performance criteria for PSP II are defined in the remuneration system, whereby the Supervisory Board can specify other strategically relevant performance criteria for the particular Management Board department additionally to or instead of the performance criteria provided for in the remuneration system for three years. The Supervisory Board set the performance criteria and the respective target and threshold values for the three financial years 2024 to 2026 at its first regular meeting following the Annual General Meeting on 19 September 2024. The performance criteria and the target and threshold values could not be determined before the start of the 2024 financial year with regard to the special bonus component based on a PSP II without the proviso that the remuneration system be submitted to the Annual General Meeting for approval, as the remuneration system in force at that time did not yet provide for a special bonus component based on a PSP II.

If a deviation from recommendation G.7 GCGC 2022 should be noticed in the determination of the performance criteria and the target and threshold values for PSP II in September 2024, this is appropriate from the perspective of secunet Security Networks AG because it concerns the implementation of a special bonus component recently approved by the Annual General Meeting, and the Supervisory Board only decided to award this on the basis of the remuneration system in September 2024.

Recommendation G.8 GCGC 2022: Subsequent changes to the target values or comparison parameters shall be excluded.

Explanation: The remuneration system for members of the Management Board of secunet Security Networks AG provides for the possibility of the Supervisory Board deviating temporarily from the stipulations of the remuneration system, even after the relevant performance criteria and targets have been set, if this is necessary in the interests of secunet Security Networks AG, and particularly in the event of far-reaching changes to the general economic conditions. Possible deviations may include, among others, the performance criteria of the variable remuneration elements, the total maximum remuneration as well as the relation between fixed and variable remuneration components. In addition, the Supervisory Board can adjust the target achievement measurement to take account of special effects (e. g. M & A transactions, restructuring measures) with regard to all variable remuneration components. This provision takes into account the fact that secunet Security Networks AG operates in a volatile and innovative market environment and that a change in the corporate strategy – and thus the performance criteria for Management Board members – must also, in the interests of the sustainable development of the Company, be possible within an assessment period for the variable remuneration components. Furthermore, the remuneration system is designed to provide an incentive for Management Board members even in the event of profound changes in the general economic conditions. In addition, even in the event of special effects (e. g. M & A transactions, restructuring measures), a sustainable incentivisation of the Management Board is to be ensured, whilst maintaining a focus on the interests of the Company. The Supervisory Board is therefore of the opinion that, contrary to the recommendation in G.8 GCGC 2022, this flexibility is appropriate with regard to the targets and parameters for comparison concerning Management Board remuneration.

secunet Security Networks AG

Essen, 27 November 2024

For the Management Board For the Supervisory Board Axel Deininger Dr Ralf Wintergerst

2.Management Report

Combined Management Report on the position of the Company and the Group for the 2024 financial year of secunet Security Networks Aktiengesellschaft, Essen

54 Principles of the Group
60 Economic report
73 Risk and opportunity report
80 Forecast
83 Risk reporting in relation to financial management
83 Risk management and internal control system
85 Description of the key features of the accounting related internal control and risk management system pursuant to Section 289 (4) and Section 315 (4) HGB
87 Takeover-related information pursuant to Section 289a, sentence 1 and Section 315a, sentence 1 HGB
88 Management and control reference to the Corporate Governance Statement pursuant to Sections 289f HGB and 315d HGB
89 (Consolidated) Sustainability Statement
168 Management Board report pursuant to Section 312 (3) AktG

Principles of the Group

This Management Report combines the Management Report of secunet Security NetworksAG (hereinafter "secunet AG") and the Management Report of secunet Group (hereinafter "secunet"). This is because the risks and opportunities of the parent company as well as the expected development and the main activities in the area of research and development are inextricably linked to the Group. The Management Report of secunet AG is therefore consistent with the situation of secunet Group.

Business model

secunet is one of the leading cybersecurity companies in Germany. In an increasingly connected world, the Company's combination of products and consulting assures resilient digital infrastructures and the utmost protection for data, applications and digital identities. A central component of the portfolio are network components that have highly developed encryption technologies and are approved by the German Federal Office for Information Security (BSI) up to the highest national security level. secunet is an IT security partner to the Federal Republic of Germany and a partner of the German Alliance for Cyber Security.

secunet's business covers the entire value chain from analysis and design to development, integration, operation, maintenance and support of the solutions. Flexible, scalable and highly secure solutions are implemented through the extensive use of open source software and a large number of coordinated security mechanisms. These are generally customised for specific application scenarios in industries with particularly high information security requirements. This primarily includes the public sector, including national and international governments, ministries and authorities as well as quasi-governmental organisations. The focus is also on the German armed forces and organisations in the defence sector as well as organisations with security tasks such as the police and border guards. The company also addresses areas in which there are special IT security requirements – such as healthcare and industry.

Group organisation

Legal structure of the Group

secunet Security Networks AG is the parent company of secunet Group. The company has its registered office in Essen, Germany. It acts as the strategic and financial management of the Group and comprises the majority of the operating divisions. In addition, Group-wide central functions such as Finance, Accounting, Controlling, Internal Audit, Legal, Compliance, Human Resources, IT, Investor Relations, Sustainability and Corporate Communications are organised centrally and are the direct responsibility of the Management Board.

secunet AG holds all shares in the subsidiaries SysEleven GmbH (based in Berlin), secunet International GmbH & Co. KG (Essen), secunet International Management GmbH (Essen) and stashcat GmbH (Hanover). The Group companies also include the non-operational secunet Inc. (Texas, USA), finally safe GmbH (Essen) and secustack GmbH (Dresden).

International marketing activities for the SINA product family are bundled in secunet International GmbH & Co. KG. As the general partner of secunet International GmbH & Co. KG, secunet International Management GmbH is responsible for the management of secunet International GmbH & Co. KG.

SysEleven GmbH is a German provider of cloud infrastructure, cloud services, managed services and managed Kubernetes. The company has its own open source-based cloud infrastructure with data centre locations in Germany certified to ISO 27001 (Infrastructure-as-a-Service) and provides MetaKube, a platform for the efficient management and optimisation of computing, storage and network resources based on Kubernetes (managed Kubernetes).

stashcat GmbH offers a Business Messenger that enables messaging that is secure as well as data protection-compliant and GDPR-compliant and includes additional security-optimised collaboration and video conferencing functions.

Giesecke + Devrient GmbH, headquartered in Munich, is the majority shareholder with a direct holding of 75.12%, and is the parent company of secunet AG. As a strategic holding company, the owner-managed Giesecke + Devrient GmbH manages its affiliated companies, including secunet AG. The group of companies is internationally oriented and active in the field of banknote and securities printing as well as the development and production of security paper and banknote processing systems. In addition, the group of companies develops and manufactures magnetic strip and chip cards, predominantly for the telecommunications industry, banks and the healthcare sector.

Group management

As a German stock corporation, secunet AG has a two-tier management system consisting of a Management Board and a Supervisory Board. The Management Board is responsible for managing the company and is advised and monitored by the Supervisory Board.

For further information on the composition and allocation of responsibilities of the Management Board and Supervisory Board, please refer to the Corporate Governance Statement, which forms part of this report and is available on the company website. This also includes the Declaration of Conformity in accordance with Section 161 AktG.

Locations

At the end of 2024, secunet Group had thirteen locations in Germany.

Business activities

secunet Group's operating business is divided into two divisions: Public Sector and Business Sector. In its financial reporting, secunet reports on the operational business development in addition to the overall assessment of the Group on the basis of these divisions. Within the divisions, the organisation has a process-oriented design and aims to optimise operations for the relevant markets and customers.

Public Sector

The Public Sector division serves clients in the public sector, including national and international governments, ministries and public authorities as well as quasi-governmental organisations. This customer group also includes the German armed forces and organisations in the defence sector as well as organisations with security tasks such as the police and border guards.

A central component of the product range is the IP-based cryptosystem SINA ("Secure Inter-Network Architecture"), which was developed in cooperation with the German Federal Office for Information Security (BSI). SINA serves to protect electronic information from unauthorised access and enables the protected processing, storage and transmission of classified information via the Internet. SINA fulfils maximum security standards with approvals from the BSI up to the high national classification level "SECRET".

The SINA product family comprises a constantly growing number of modular components such as clients, gateways, servers and software tools. These components are used to secure a wide range of application scenarios. Special SINA components are available for military and official high-security networks, which place particularly high demands on data security and equipment resilience. These are based on a hardened hardware platform and are designed for extreme operating conditions.

The public sector also includes activities in the areas of digital identities and biometrics. The range of products and services includes solutions for personal identification and authentication of users on web portals as well as for biometric capture and verification in connection with official identity documents. This also includes automated border control systems that ensure a smooth and secure flow of passengers at airports and other border control stations.

The business activities of the subsidiaries SysEleven GmbH and stashcat GmbH are integrated into the Public Sector division. In addition to the range of products, the division also offers a broad spectrum of consulting services, ranging from security assessments (known as penetration tests) via security consulting (for security guidelines and their implementation, for example) up to support for certification projects.

Business Sector

The Business Sector division addresses two markets in the private sector: healthcare and industry.

In the healthcare market, secunet's services are aimed at medical service providers, including doctors, hospitals and pharmacies. The focus of the range is on the provision of various connectors. These offer secure access to the telematics infrastructure (TI) and provide interfaces to applications such as the electronic health record (EHR) and the electronic prescription (ePrescription). The connectors also perform important security functions such as encrypting and signing medical documents. This ensures the secure transmission and processing of sensitive health data in the context of digital health applications.

For industry, secunet offers solutions for secure edge computing and early warning systems for the prevention and detection of cyber attacks. The focus is particularly on manufacturing companies with high security requirements. Critical infrastructures (CI) are also addressed, i. e. organisations and facilities that are important to the state and society, including those in the energy, transport, traffic, water, finance and insurance sectors.

As in the Public Sector division, the Business Sector division also includes a wide range of consulting services.

International business

In both divisions, the geographical focus of sales is primarily on Germany. secunet's sales activities abroad are focused on the countries of the European Union, EU organisations as well as defence and space organisations (including organisations such as NATO) and the Middle East.

Procurement

secunet Group does not have its own production facilities. secunet works with a large number of manufacturing partners for the value creation and manufacture of hardware products. secunet purchases both standard products from computer manufacturers, which are then refined in terms of security technology, and special products that are ordered and manufactured to secunet's specifications. For particularly security-critical components, secunet favours partners from Germany or the European Union. When procuring software components that are used as part of products, secunet focuses primarily on open source, i. e. software whose source code is freely available and may be used commercially depending on the underlying licence.

It is particularly important to secunet Group that fundamental labour, social and environmental standards are observed in the manufacture and transport of the products sold by secunet. The company also respects and supports the principles of the International Labour Organisation (ILO), the Supply Chain Act and the UN Global Compact. secunet passes on to its suppliers its principles of conduct with regard to human rights, working conditions, environmental protection and business practices that comply with the law and are based on integrity. These principles of conduct are defined in the Code of Conduct for Suppliers and Business Partners, which was updated in 2022 and is binding for all suppliers and business partners. With this Code, secunet obliges its partners to orientate themselves with our principles of conduct, to comply with them and to pass them on in their supply chain. This is an essential building block for fulfilling social, ecological and economic responsibility in the supply chain.

Management system and key performance indicators

Internal Group management system

secunet Group and secunet AG are managed in accordance with the long-term strategy and the short and medium-term targets. The Management Board bears joint responsibility for overall planning and for realising the formulated targets as part of the company's strategic development.

The Management Board primarily uses financial management and performance indicators to assess current business performance and make decisions on future strategies and investments. In the annual strategy process, an internal plan is drawn up for a medium-term period and a planning calculation for the coming year. At the same time, a forecast for the current financial year is regularly prepared on the basis of current business performance. Target achievement is monitored by the Management Board by means of a target / actual comparison and the forecasts. In addition, the progress made in achieving the strategic targets is regularly reviewed and analysed at meetings of the Management Board.

The financial management and performance indicators are also used in the financial reporting. A detailed presentation of their development can therefore be found in the section "Economic report".

The company is not managed exclusively on the basis of financial indicators, but also takes into account non-financial performance indicators as well as industry and company-specific early indicators.

Key financial performance indicators

The most important financial performance indicators for corporate management and financial reporting are sales revenue, earnings before interest, taxes, depreciation and amortisation (EBITDA) and earnings before interest and taxes (EBIT). EBIT represents the net income for the period before interest income, interest expenses or financial result of income from equity investments (in particular HGB-compliant annual financial statements) and income taxes. It presents the operating result without the influence of effects from internationally inconsistent taxation systems and varying financing activities.

The key financial performance indicators are recorded and monitored both at Group level and in the individual segments. They form the basis for management processes and decision-making at strategic and operational level, for example for investment and acquisition decisions.

The remuneration of the members of the Management Board includes a variable component that depends on the achievement of targets for the key financial performance indicators. This is described in detail in the separate "Remuneration report in accordance with Section 162 AktG", which also forms part of the Annual Report.

Other key financial performance indicators

secunet Group also uses other key financial performance indicators to assess its economic performance, both in its corporate management and in its financial reporting. In contrast to the aforementioned, the financial performance indicators are only of secondary importance. For this reason, no forecast is provided for these key performance indicators.

These key performance indicators include gross profit and operating expenses in particular. Gross profit, derived from the difference between sales revenue and cost of sales, serves as an indicator of the company's value creation. Operating expenses include expenses incurred in the course of normal business activities. A distinction is made between selling expenses, research and development costs and general administrative costs.

Key non-financial performance indicators

In addition to the financial management and performance indicators, the Group is also managed on the basis of non-financial performance indicators, which are of secondary importance behind the financial performance indicators. The Supervisory Board sets various sustainability and ESG targets each year, usually up to three. In 2024, these included increasing customer satisfaction compared to the reference group through a net promoter score survey, increasing employee satisfaction through the implementation of appropriate projects and reducing CO2 emissions, measured in tons per employee.

A planned value of 2 was envisaged for the Net Promoter Score in 2024, but a better value of 17 was achieved. The planned amount of CO2 emissions was 3.55 tonnes per employee, but a significantly better figure of 1.00 tonnes per employee was achieved. The Supervisory Board has set a target of 150% for the increase in employee satisfaction, as measures have been implemented. This is intended to increase employee satisfaction, which was rated at 2.35 in an employee survey in 2023.

The Supervisory Board has set the following targets for 2025: A Net Promoter Score of 2 and CO2 emissions of 2.09 tonnes per employee. Furthermore, a target of 14.4% was set for the proportion of women in management positions below the first management level with the aim of promoting women.

The remuneration of the members of the Management Board includes a variable component that depends on the achievement of targets for the non-financial performance indicators. This is described in detail in the separate "Remuneration report in accordance with Section 162 AktG", which also forms part of the Annual Report.

Sector and company-specific early indicators

According to the Management Board's assessment, the key company-specific early indicators are incoming orders and the order book. These key performance indicators are recorded on a monthly basis and serve as an indication of expected capacity utilisation and the anticipated sales revenue and earnings performance.

In order to gain an overview of market conditions, management continuously monitors and analyses statistics and forecasts on general economic trends and the dynamics of the ITand IT security markets.

Research and development

The research and development activities of secunet Group, secunet AG and SysEleven GmbH are aimed at identifying technological trends at an early stage and addressing them in a targeted manner. This is intended to provide optimum support for the achievement of strategic corporate goals. The focus is on developing new products, opening up new markets and acquiring new customers. The research and development activities are carried out both for our own purposes and also within the framework of individual customer projects.

Innovation management

Strategically, secunet bases its innovation efforts on three pillars:

» Promoting the culture of innovation by incentivising new developments as well as through regular and intensive internal technical exchange and by building an infrastructure for knowledge management;
» Cooperation and partnerships with customers, suppliers, universities and associations to achieve synergies in research and development;
» Organisational bundling of competences in product management that support developments from innovation management through to the creation of market-ready products.

Employees of secunet Group are members of numerous national and international standardisation bodies and committees. Active participation enables innovations in IT to be tested, recognised and implemented at an early stage. The Management Board believes that this not only promotes the valuable exchange of expertise, but also contributes to the continuous qualification of own workforce.

Economic report

General economic environment

Germany remains the most important sales market for secunet Group due to its high share of sales.

The German economy shrank for the second year in a row in 2024. According to the German Federal Statistical Office, the price-adjusted gross domestic product (GDP) fell by 0.2% compared to the previous year. In the previous year, the decline was 0.3%. This development reflects the ongoing difficult economic environment. Geopolitical uncertainties weighed on global supply chains and dampened export growth. At national level, the formation of a new federal government and the consolidation of the federal budget continue to pose a risk to public investment. Additionally, the current geopolitical security situation renders it impossible to make any reliable statements about future market developments in the international environment.

Sector-specific framework conditions

Market for information and communication technology (ICT)

In addition to the general economic development in Germany, the overall market for information technology and telecommunications (ICT) forms an essential framework and comparative basis for the assessment of secunet Group's economic development. Market statistics are available from the digital association Bitkom.

Last year, expenditure on information technology and telecommunications (ICT) rose by 3.3% to 224.8 billion euros. The business climate in the digital economy developed positively, bucking the trend in the economy as a whole. A key factor in this development was the market for information technology (IT), which is particularly relevant for secunet Group and saw above-average growth of 4.4% in 2024. This market comprises IT hardware, software and IT services. With growth of 9.5% to 46.5 billion euros, expenditure on software recorded the largest increase in this segment. Despite slight growth of 0.7%, IT hardware still makes up the largest share of the IT market with a volume of 52.0 billion euros, followed by IT services, for which expenditure rose by 3.8% to 51.2 billion euros (source: Bitkom, IDC December 2024).

Market for IT security

In view of the increasing threat of cyber attacks, investment in IT security in Germany has increased. According to current data from Bitkom, expenditure in Germany rose to 11.2 billion euros in 2024 – an increase of 13.8% compared to the previous year. The market for IT security thus grew considerably more dynamically than the overall market for information technology and telecommunications (ICT) and than the German economy as a whole.

The largest share of expenditure was on investments in IT security software, which grew by 17.3% to around 5.8 billion euros. IT security services followed close behind with an increase of 11.4% to 4.4 billion euros. By contrast, expenditure on IT security hardware remained almost constant, increasing by 5.2% to just under 1.0 billion euros (source: e3mag.com, E3-Magazin 10 January 2025).

Business risk of cyberattacks

Cyber attacks continue to pose a significant threat to society and the economy. The impact of such attacks goes far beyond financial damage and affects critical infrastructure such as hospitals, power stations, airports and transport systems.

According to a survey commissioned by Bitkom, 81% of all companies in Germany were affected by the theft of data and IT devices as well as digital and analogue industrial espionage or sabotage last year – an increase of 9 percentage points on the previous year (72%). A further 10% of companies suspect such incidents, which also represents a slight increase on the previous year (8%). Parallel to the increase in the number of companies affected, the damage caused by these attacks has also increased significantly. The total amount to 266.6 billion euros, corresponding to an increase of around 29% on the previous year (205.9 billion euros).

Companies are increasingly responding to the rising level of threat posed by cyber attacks by further increasing their awareness of cyber security. The Allianz Risk Barometer 2025 shows that cyber incidents are perceived as the greatest business risk in Germany – ahead of risks such as business interruptions, natural disasters or changes to laws and regulations. This assessment is also reflected at international level, where cyber attacks are also identified as a priority threat.

Increasing regulation

The topic of IT security is receiving additional support through increasing regulation. This is playing a role in ensuring that cybersecurity is no longer seen as a mere technical necessity, but as a fundamental business requirement. New legal requirements and international standards promote robust security structures and force companies and the public sector to review and adapt their protective measures regularly.

Particularly noteworthy are initiatives such as the EU Directive on Security of Network and Information Systems (NIS2) and the IT Security Act 2.0 in Germany, which oblige companies in particularly critical sectors, such as energy, healthcare, financial services and telecommunications, to establish higher security standards. The NIS2 Directive obliges operators of essential services and digital service providers to improve and regularly review their cybersecurity measures and, if necessary, adapt them to new threats and risks. It also calls for the implementation of emergency plans and the reporting of security incidents to national authorities. This ensures greater transparency and a faster response in the event of cyber attacks.

These regulatory measures motivate companies and the state to invest more in IT security in order to strengthen their resilience to digital threats. The clear legal anchoring strengthens trust and leads to cybersecurity being recognised as an integral part of corporate strategy.

Business performance in 2024

Business performance of secunet Group

In the 2024 financial year, secunet Group generated sales revenue of over 400 million euros for the first time (previous year: 393.7 million euros). The Management Board had already raised the original sales forecast of 390 million euros in October; with actual sales revenue of 406.4 million euros, the forecast figure was even slightly exceeded. Business with ministries, public authorities and the defence sector in particular continued to develop positively.

Earnings before interest and taxes (EBIT) reached 42.5 million euros, compared with 43.0 million euros in the previous year. This includes additional write-downs on inventories totalling around 4 million euros. Despite this additional burden on earnings, the targets set were achieved and the original planning was thus also fulfilled. It should also be noted that the previous year's result was positively influenced by a revaluation of the earnout clause amounting to 2.6 million euros agreed as part of the acquisition of SysEleven GmbH.

Earnings before interest, taxes, depreciation and amortisation (EBITDA) remained stable at 60.3 million euros in the 2024 financial year (previous year: 60.4 million euros).

As in previous years, business performance in 2024 was characterised by pronounced seasonality. A particularly strong second half of the year made a decisive contribution to the positive overall performance.

The Management Board believes that the company is very well positioned to benefit from future market opportunities. To this end, important investments were driven forward, including the approvals for the SINA Cloud and the TI Gateway, which represent important milestones. These developments form the basis for further expansion of the product portfolio and customer base and realisation of further growth.

Against this backdrop, the Management Board regards the results for the 2024 financial year as successful. The renewed sales growth, profitability and strategic progress underscore the company's competitiveness and innovative strength. The focus remains on securing sustainable growth and further strengthening the company.

Business performance of secunet AG

secunet AG is managed on the basis of the key performance indicators sales revenue and EBIT. The economic development of the company depends directly on the development of the Group as a whole. Accordingly, secunet AG's forecast for the 2024 financial year was based on the same assumptions as for the Group: sales revenue of around 363 million euros and EBIT of around 46 million euros were expected.

In the 2024 financial year, secunet AG recorded sales revenue of 389.3 million euros and EBIT of 51.1 million euros. Sales revenue thus considerably exceeded both the forecast (around 363 million euros) and the sales revenue achieved in the previous year (372.4 million euros). secunet AG's EBIT was thus above both expectations (around 46 million euros) and the previous year's figure (43.4 million euros). Details of these developments can be found in the section "Business performance of secunet Group".

The Management Board assesses the business performance of secunet AG in the 2024 financial year as good overall.

Results of operations

Results of operations of the Group

The income statement for secunet Group in accordance with IFRS, as applicable in the EU, is presented according to the cost of sales method.

Sales revenue performance

In the 2024 financial year, secunet Group recorded sales revenue of 406.4 million euros, which corresponds to an increase of 3.2% compared to the previous year (393.7 million euros). The product business, which comprises the sale of hardware, software, maintenance and support, generated a total of 353.5 million euros in the 2024 financial year (previous year: 349.7 million euros). At 52.8 million euros in 2024 (previous year: 44.0 million euros), growth was also achieved in the invoicing of services.

secunet Group's business focus remained on German federal ministries, national and international government institutions and organisations in the defence sector. 91% of Group sales revenue in the 2024 financial year were attributable to this target group (previous year: 88%). The Public Sector division, which covers these activities, achieved sales revenue of 369.7 million euros in the reporting period, which corresponds to an increase of 7% compared to the previous year (344.8 million euros). As in previous years, successful product business with the SINA product family was a key factor in sales growth.

The remaining 9% of Group sales revenue were attributable to the Business Sector division (previous year: 12%). This division serves two markets in the private sector: healthcare and industry. The Business Sector generated sales revenue of 36.7 million euros in the 2024 financial year and was unable to reach the previous year's level (48.9 million euros) due to increased investment requirements. A new product line for connecting hospitals and medical practices to the telematics infrastructure has been developed for the healthcare market. The secunet Highspeedconnector 2.0 successfully received the required Gematik approval in December 2024. secunet Group recorded positive growth both on the German market and in its international business in the 2024 financial year.

In Germany, sales revenue rose by 2% from 358.5 million euros in the previous year to 366.3 million euros in the current reporting period. In its international business, secunet achieved sales revenue of 40.1 million euros, compared to 35.1 million euros in the previous year, which corresponds to an increase of 14%. The share of international business in total sales revenue remained unchanged at around 10%.

The increase in Group sales revenue resulted from higher sales volumes and increased prices. As secunet Group mainly operates in the eurozone, currency effects were insignificant. At 0.7 million euros (previous year: 2.8 million euros), sales revenue from projects with the parent company Giesecke + Devrient remained at a low level.

Order book

As at 31 December 2024, secunet Group's order book amounted to 205.3 million euros, exceeding the previous year's figure of 190.2 million euros. The order book mainly comprises orders from public-sector customers as well as orders for the 2025 financial year and subsequent years.

Earnings performance

In the 2024 financial year, secunet Group generated a gross profit of 97.3 million euros, which corresponds to a gross margin of 23.9%. Compared to the previous year, gross profit improved by 10.0 million euros or 11.4%. This improvement is due to one-off procurement costs, which led to a gross profit of 87.4 million euros and a gross margin of 22.2% in the previous year.

The cost of sales is the most significant cost item in secunet Group and consists primarily of materials expenses and personnel expenditure. In the reporting year, the cost of sales increased by 0.9% from 306.3 million euros in 2023 to 309.1 million euros.

In 2024, the selling expenses of secunet Group rose to 28.8 million euros due to a further expansion of sales activities (previous year: 26.1 million euros). The ratio of selling expenses to sales thus rose from 6.6% to currently 7.1%.

General administrative expenses totalled 11.6 million euros. The increase of 9.2% compared to the previous year (10.6 million euros) is due to higher personnel and material costs for management and administrative offices. The ratio of administrative expenses to sales revenue rose moderately from 2.7% in the previous year to 2.9% in the reporting period.

Research and development costs, i. e. expenses in connection with operational research and development for new products, totalled 13.7 million euros in 2024 (previous year: 10.3 million euros). This expenditure was incurred in connection with various projects, which are explained in more detail in the "Investments" section. The ratio of research and development costs to sales revenue amounted to 3.4% after 2.6% in the previous year.

As a result of the developments described above, earnings before interest and taxes (EBIT) of 42.5 million euros were generated in the financial year. This corresponds to an EBIT margin of 10.5%. In the previous year, secunet Group achieved an operating profit of 43.0 million euros with a margin of 10.9%.

The Public Sector division recorded EBIT of 44.8 million euros in the 2024 financial year after 42.5 million euros in the previous year. Due to the investments described above, the Business Sector division generated EBIT of -2.3 million euros after 0.5 million euros in the previous year.

Interest income remained negligible in the 2024 financial year (0.8 million euros, previous year: 0.0 million euros). Interest expenses totalled 1.4 million euros after 0.9 million euros in the previous year. In addition to the interest on pension provisions, interest expenses rose mainly due to the compounding of the earn-out liability and the increase in interest expenses as part of lease accounting in accordance with IFRS 16.

At 60.3 million euros, earnings before interest, taxes, depreciation and amortisation (EBITDA) in the 2024 financial year matched the previous year's figure of 60.4 million euros.

secunet Group achieved earnings before taxes (EBT) of 41.9 million euros in the 2024 financial year after 42.1 million euros in the previous year. The effective tax rate in the reporting year, based on the Group profit before tax, was 33.4% (previous year: 31.1%).

As a result, secunet Group recorded a consolidated net income of 27.9 million euros compared to 29.0 million euros in the previous year. Of this amount, 28.0 million euros (previous year: 29.2 million euros) was attributable to the shareholders of secunet AG, while non-controlling

2. Management Report

interests no longer arose to any significant extent in 2024 (previous year: -0.1 million euros to minority shareholders of secustack GmbH). Diluted and undiluted earnings per share amounted to 4.32 euros, compared to 4.51 euros in the previous year.

Results of operations of secunet AG

In the annual financial statements of secunet AG issued pursuant to commercial law, the income statement is presented using the nature of expense method.

In the 2024 financial year, secunet AG generated sales revenue of 389.3 million euros, compared to 372.4 million euros in the previous year and 363 million euros in the forecast. The increase in sales revenue is attributable to the same reasons as at Group level. Other operating income totalled 3.7 million euros compared to 1.2 million euros in the previous year. This included government project grants, reimbursements from damages, income from the release of provisions and other income. The change in inventories of unfinished services as well as work in progress and finished goods increased by 1.6 million euros in the 2024 financial year, compared to a decrease of -1.0 million euros in the previous year.

At 208.3 million euros, materials expenses were on a par with the previous year (209.9 million euros). Personnel expenditure rose to 94.8 million euros due to staff growth and the general inflation rate, compared to 80.1 million euros in the previous year.

At 4.1 million euros, depreciation and amortisation of intangible assets and property, plant and equipment were slightly lower in the 2024 financial year than the previous year's balance sheet entry (4.3 million euros). These resulted mainly from the company's property, plant and equipment, with office equipment and IT infrastructure being the main components. Other operating expenses increased to 36.3 million euros compared to 34.9 million euros in the previous year. This increase resulted from various cost items, including rental costs for office space, advertising costs, ancillary personnel expenses and company car costs.

Income from equity investments totalled 0.0 million euros in the reporting period compared to 2.7 million euros in the previous year. This income mainly resulted from the net income of secunet International GmbH & Co. KG, which realised an operating loss in 2024.

Earnings before interest, taxes, depreciation and amortisation (EBITDA) at secunet AG increased by 16% from 47.8 million euros to 55.2 million euros.

At 51.1 million euros, secunet AG's earnings before interest and taxes (EBIT) in the 2024 financial year were significantly better than in the previous year (43.4 million euros). The original forecast of 46 million euros was exceeded.

The financial result increased to 0.6 million euros compared to an expense of -1.1 million euros in the previous year. In contrast to the previous year, the company did not have to utilise an overdraft facility in 2024.

Earnings before taxes (EBT) thus reached a level of 51.7 million euros after 45.0 million euros in the previous year.

After deducting income taxes of 16.4 million euros (previous year: 14.2 million euros) and other taxes of 0.0 million euros (previous year: 0.3 million euros), the net income for the year was significantly improved at 35.3 million euros compared with 30.5 million euros in the previous year.

Financial and net asset situation

Financial and net asset situation of the Group

The balance sheet is presented in accordance with IFRS, as applicable in the EU.

Capital structure of the Group

secunet Group's balance sheet total as at the reporting date of 31 December 2024 amounted to 359.6 million euros, which represents an increase of 9.4% compared to the figure as at 31 December 2023 (328.6 million euros). On the liabilities side of the balance sheet, equity accounted for 150.8 million euros (31 December 2023: 137.8 million euros) and debt capital for 208.8 million euros (31 December 2023: 190.8 million euros). The equity ratio at 31 December 2024 remained unchanged at 41.9% (previous year: 41.9%). The debt ratio also remained unchanged from the previous year at 58.1%.

As at the reporting date, short-term loans and the current portion of long-term loans totalled 1.3 million euros, compared to 1.2 million euros on 31 December 2023. Ongoing business and necessary replacement investments were financed primarily from the operating cash flow in the reporting period.

in euros	31 Dec 2024	31 Dec 2023
Current assets
Cash and cash equivalents	57,682,113.94	41,269,674.54
Trade receivables	84,807,157.94	88,896,835.69
Intercompany financial assets	42,680.84	1,234,850.54
Contract assets	3,286,668.57	2,872,998.07
Inventories	53,852,840.96	48,033,717.04
Other current assets	6,742,352.92	4,234,838.59
Income tax receivables	1,337,152.14	6,047,856.47
Total current assets	207,750,967.31	192,590,770.94

Non-current assets
Property, plant and equipment	13,353,481.00	11,492,598.69
Right-of-use assets	22,263,140.52	17,376,742.30
Intangible assets	36,694,810.65	35,690,375.98
Goodwill	47,627,601.69	47,627,601.69
Non-current financial assets	6,306,820.30	6,438,407.00
Deferred taxes	5,852,002.00	3,241,252.60
Other non-current assets	19,800,609.62	14,180,063.10
Total non-current assets	151,898,465.78	136,047,041.36

Total assets	359,649,433.09	328,637,812.30

Balance sheet of secunet Group, assets

Assets

The assets side of the consolidated balance sheet showed current assets of 207.8 million euros as at 31 December 2024, which corresponds to an increase of 7.9% on the 192.6 million euros as at the previous year's reporting date.

Cash and cash equivalents increased due to the cash inflow from operating activities to 57.7 million euros compared to 41.3 million euros on the previous year's reporting date. This was offset by investments in intangible assets and property, plant and equipment as well as the dividend payment.

Despite the growth in sales revenue, trade receivables decreased from 88.9 million euros as at 31 December 2023 to 84.8 million euros as at the current reporting date.

At the end of the year, inventories of 53.9 million euros were carried forward to the new financial year (31 December 2023: 48.0 million euros).

Contract assets as at 31 December 2024 amounted to 3.3 million euros, compared to 2.9 million euros as at the same reporting date in the previous year. These values represent services that have already been rendered under service or employment contracts, but for which no unconditional claim to payment has yet arisen.

Income tax receivables totalled 1.3 million euros as at the reporting date compared to 6.0 million euros as at the previous year's reporting date. The reduction was mainly due to lower tax prepayments in the financial year.

Non-current assets totalled 151.9 million euros as at 31 December 2024 and were therefore above the balance sheet entries as at the previous year's reporting date (136.0 million euros).

Goodwill totalled 47.6 million euros, unchanged from the previous year. Intangible assets recorded a moderate increase to 36.7 million euros, compared to 35.7 million euros as at the previous year's reporting date due to further capitalisations in the financial year. Property, plant and equipment, which mainly consists of office equipment and IT infrastructure, increased to 13.4 million euros compared to 11.5 million euros in the previous year.

Right-of-use assets amounting to 22.3 million euros (31 December 2023: 17.4 million euros) increased in line with other sales growth and resulted primarily from leases for buildings, offices and company cars. The corresponding items on the liabilities side are the lease liabilities.

Current and non-current other assets increased to 26.5 million euros (31 December 2023: 18.4 million euros). These consist mainly of other receivables from suppliers, advance payments for travel expenses, prepayments for future services and other receivables.

Debt and equity

The liabilities side of the consolidated balance sheet showed current liabilities of 115.8 million euros as at 31 December 2024 compared with 112.9 million euros in the previous year. Non-current liabilities rose from 77.9 million euros to 93.0 million euros. As at the reporting date, shortterm loans and the current portion of long-term loans totalled 1.3 million euros and were therefore essentially stable compared to the previous year's reporting date (1.2 million euros).

Balance sheet of secunet Group, liabilities

in euros	31 Dec 2024	31 Dec 2023
Current liabilities
Trade accounts payable	41,611,809.36	32,354,865.81
Intercompany payables	151,549.96	173,410.58
Lease liabilities	6,299,664.89	5,032,943.46
Short-term loans and current portion of long-term loans	1,289,258.41	1,161,643.18
Other provisions	25,331,506.94	18,660,695.33
Income tax liabilities	760,642.62	51,235.23
Other current liabilities	7,274,804.30	22,938,684.64
Contract liabilities	33,124,992.52	32,522,556.53
Total current liabilities	115,844,229.00	112,896,034.76

Non-current liabilities
Leasing commitments	16,576,462.14	12,897,754.89
Other non-current liabilities	2,870,595.94	2,977,256.29
Deferred taxes	11,229,546.92	11,006,351.21
Provisions for pensions	6,360,121.00	6,575,285.00
Other provisions	2,708,865.09	1,686,058.24
Contract liabilities	53,226,350.08	42,755,799.98
Total non-current liabilities	92,971,941.17	77,898,505.61

Equity
Subscribed capital	6,500,000.00	6,500,000.00
Capital reserves	21,922,005.80	21,922,005.80
Other reserves	-383,196.11	-701,105.06
Revenue reserves	122,710,681.16	110,026,191.28
Equity attributable to parent company shareholders	150,749,490.85	137,747,092.02
Non-controlling interests	83,772.07	96,179.91
Total equity	150,833,262.92	137,843,271.93

Total liabilities	359,649,433.09	328,637,812.30

Against the backdrop of further growth in sales revenue, trade payables also increased by 28.6% as at the reporting date. At 31 December 2024, they amounted to 41.6 million euros after 32.4 million euros in the previous year.

Lease liabilities totalled 22.9 million euros after 17.9 million euros in the previous year. They mainly resulted from leases for buildings, offices and company cars. On the assets side, these liabilities are offset by the corresponding right-of-use assets.

Contract liabilities increased to 86.4 million euros as at 31 December 2024 (31 December 2023: 75.3 million euros) and comprised customer prepayments that will be recognised as sales revenue after the reporting date. This item contains transactions where secunet generates cash inflow in advance due to multiple-year maintenance and support contracts and extended warranties or receives advance payments for later supplies or services. The increase is mainly due to the growth in the product business.

Due to increasing utilisation from pension payments, there was a slight reduction in pension provisions. As at 31 December 2024, they amounted to 6.4 million euros, after 6.6 million euros as at the previous year's reporting date.

Other provisions increased to 25.3 million euros as at the reporting date (31 December 2023: 18.7 million euros). This increase was mainly due to the creation of provisions for variable remuneration components for the workforce.

Other current liabilities decreased to 7.3 million euros as at the balance sheet date compared to 22.9 million euros in the previous year. As at 31 December 2023, the performancerelated purchase price component agreed as part of the acquisition of SysEleven GmbH was still reported under this item. Other non-current liabilities, on the other hand, were almost unchanged in the financial year at 2.9 million euros after 3.0 million euros as at the previous year's reporting date.

Deferred tax liabilities were 11.2 million euros, changed only insignificantly compared to the previous year' reporting date (11.0 million euros). These included in particular the deferred tax liabilities from intangible assets in the course of the acquisition of SysEleven GmbH.

secunet Group's equity increased from 137.8 million euros as at the 2023 balance sheet date to 150.8 million euros as at 31 December 2024. This is primarily attributable to the increase in revenue reserves, which rose from 110.0 million euros to 122.7 million euros. At 41.9%, there was no change in the equity ratio in relation to the balance sheet total compared to the previous year's reporting date.

Cash flow and liquidity

In the 2024 financial year, secunet Group recorded a cash flow from operating activities of 61.0 million euros. This represents a significant improvement on the same period of the previous year (51.9 million euros). This positive development was achieved by reducing working capital.

Cash flow from investing activities amounted to -22.7 million euros in the reporting period and mainly comprised investments in intangible assets and property, plant and equipment. Under property, plant and equipment, these consisted, in particular, of expenditures for the new acquisition and replacement of hardware and other operating equipment. Furthermore, the earnout component due in 2024 in conjunction with the acquisition of SysEleven GmbH is included at -8.8. As at 31 December 2023, -8.8 million euros were invested.

The cash flow of -21.8 million euros from financing activities (previous year: -23.3 million euros) essentially reflects the dividend payment of 15.3 million euros (previous year: 18.5 million euros) and repayments of lease liabilities in the amount of 6.6 million euros (previous year: 6.0 million euros).

After the end of the 2024 financial year, there was an overall inflow of cash and cash equivalents totalling 16.4 million euros, compared to a cash inflow of 19.8 million euros in the same period of the previous year. Cash and cash equivalents amounted to 57.7 million euros as at 31 December 2024 and were therefore significantly higher than the figure as at the previous year's reporting date (41.3 million euros). In order to ensure additional financial flexibility, secunet has a credit line of 30 million euros.

Financial and net asset situation of secunet AG

The annual financial statements of secunet AG were prepared in accordance with German commercial law. The accounting measurement methods in the Annual Financial Statements of secunet AG pursuant to commercial law differ from those for secunet Group (prepared in accordance with IFRS), as applicable in the EU, primarily with regard to the presentation of receivables, inventories, provisions for pensions and deferred taxes.

A different measurement method is also used for goodwill, which according to the German Commercial Code (HGB) is amortised on a straight-line basis, while IFRS only provides for unscheduled impairments following an annual impairment test.

in euros	31 Dec 2024	31 Dec 2023
A. Fixed assets
I. Intangible fixed assets	923,505.00	1,154,060.00
II. Property, plant and equipment	7,501,278.00	6,879,027.69
III. Financial assets	89,040,595.04	80,499,152.04
Total fixed assets	97,465,378.04	88,532,239.73

B. Current assets
I. Inventories	55,579,671.50	50,521,853.28
II. Receivables and other assets	86,404,294.70	96,583,853.94
III. Cash in hand and balances with credit institutions	53,819,380.22	35,177,432.79
Total current assets	195,803,346.42	182,283,140.01

C. Prepaid expenses and accrued income	24,059,251.15	16,727,936.08

Total assets	317,327,975.61	287,543,315.82

Balance sheet of secunet AG, assets

secunet AG's balance sheet total increased to 317.3 million euros as at 31 December 2024 compared to 287.5 million euros as at 31 December 2023. On the assets side of the balance sheet, fixed assets increased from 88.5 million euros in the previous year to 97.5 million euros as at the reporting date on 31 December 2024. Financial assets amounted to 89.0 million euros (31 December 2023: 80.5 million euros) and comprised shares in affiliated companies and equity investments. Property, plant and equipment amounted to 7.5 million euros, a slight increase on the previous year (6.9 million euros). Due to scheduled amortisation, intangible assets decreased to 0.9 million euros (31 December 2023: 1.2 million euros).

Current assets increased to 195.8 million euros as at 31 December 2024, which corresponds to a slight increase compared to the previous year's reporting date (182.3 million euros). This increase was due primarily to the rise in cash in hand to 53.8 million euros (31 December 2023: 35.2 million euros). Receivables and other assets were reduced to 86.4 million euros (31 December 2023: 96.6 million euros). One of the main reasons for this is the decrease in income tax receivables. On the other hand, inventories increased from 50.5 million euros in the previous year to 55.6 million euros as at 31 December 2024. The reasons for these developments largely correspond to those within the Group.

Prepaid expenses and accrued income included accruals of 24.1 million euros (31 December 2023: 16.7 million euros), mainly due to advance payments for product services sold as part of customer projects.

in euros	31 Dec 2024	31 Dec 2023
A. Equity
Subscribed capital	6,500,000.00	6,500,000.00
Nominal value of treasury shares	-30,498.00	-30,498.00
I. Issued capital	6,469,502.00	6,469,502.00
II. Capital reserves	21,656,305.42	21,656,305.42
III. Retained earnings
Other retained earnings	109,250,451.13	91,616,863.84
IV. Net accumulated profit	17,661,740.46	15,268,024.72
Total equity	155,037,999.01	135,010,695.98

B. Provisions	37,293,050.28	29,489,300.64
C. Liabilities	47,046,902.25	60,609,157.99
D. Deferred income and accrued expenses	77,950,024.07	62,434,161.21

Total liabilities	317,327,975.61	287,543,315.82

Balance sheet of secunet AG, liabilities

As at the reporting date of 31 December 2024, secunet AG's equity amounted to 155.0 million euros, compared to the previous year's value of 135.0 million euros.

Provisions amounted to 37.3 million euros as at the reporting date (31 December 2023: 29.5 million euros) and mainly comprised provisions for pensions and similar obligations, tax provisions and other provisions.

Liabilities fell to 47.0 million euros as at 31 December 2024 after 60.6 million euros as at the previous year's reporting date due to the earn-out payment and a high proportion of payments due on the reporting date.

Deferred income and accrued expenses to 78.0 million euros as at the reporting date, compared to 62.4 million euros as at the previous year's reporting date. This is attributable to the growing product business, where increased income was recognised in connection with the provision of services after the reporting date.

Proposal for the appropriation of distributable earnings

The Management Board and Supervisory Board will propose to the Annual General Meeting to be held on 28 May 2025 that an amount of 17.7 million euros be distributed to the shareholders as a dividend on the 6,469,502 shares of share capital as at 31 December 2024, corresponding to 2.73 euros per share, from the balance sheet profit of secunet AG for the 2024 financial year in the amount of 17.7 million euros.

Investments

In the 2024 financial year, secunet Group's investments in intangible assets and property, plant and equipment totalled 14.1 million euros. These were primarily expenditures for the new acquisition and replacement of hardware, software and other operating equipment and investments in internally generated software. In the previous year, 8.8 million euros were spent on this. In the same period, secunet AG made investments totalling 4.1 million euros, compared with 2.8 million euros in the previous year. The majority was required for the replacement of hardware and other operating and office equipment.

Employees

As at the reporting date of 31 December 2024, secunet Group had 1,059 permanent employees. Compared to the previous year's reporting date (1,043 permanent employees), the number of employees increased by 19 people or 2%. In addition, secunet Group employed 123 temporary staff as at the reporting date (31 December 2023: 118 temporary staff). This means that a total of 1,185 people were working for secunet Group (31 December 2023: 1,161 people). The increase in the number of employees is exclusively attributable to organic growth.

At the end of the 2024 financial year, secunet AG employed 869 permanent employees (31 December 2023: 853).

Overall statement on the earnings, financial and net assets situation

The Management Board continues to assess the economic situation of the Group and the Company as good at the time of reporting.

The increase in sales revenue shows that secunet Group can continue to achieve significant growth. The company has also successfully expanded and diversified its product portfolio. Despite extensive investments, the Group's EBIT remained at the previous year's level, demonstrating that the Group is thus extremely profitable. The Management Board is convinced that the investments represent an essential step that is necessary for the medium and longterm growth of the company and opens up additional growth potential.

The positive results and the secunet Group's cash-generative business model have led to a pleasing cash flow from operating activities. This financial strength is also reflected in a strong balance sheet, in particular in a more than solid equity ratio of over 40%.

Risk and opportunity report

Goals and methods of risk and opportunity management

Risk and opportunity management (hereinafter ROM) is carried out in the same way and in parallel for secunet Group and for secunet AG. The function presented below and the description of individual risks and opportunities thus apply to both secunet Group and secunet AG.

ROM at secunet is carried out at various levels: accordingly, the consideration of the risk and opportunity situation is fed from various sources.

Risks and opportunities relating to the targets set in the current annual planning are dealt with in a dedicated risk committee – the ROM Committee.

Recurring operational risks and opportunities are taken into account as part of the regular operational routines and risk minimisation or opportunity maximisation measures and are reduced or eliminated (risks) or supported (opportunities) to the fullest extent possible.

Risks and opportunities that are countered by means of strategic, medium to long-term measures are taken into account by the Management Board as framework conditions for medium-term strategic corporate planning.

The early risk detection system and the risk and opportunity management system of secunet AG are being continuously developed and improved.

Risk and opportunity management for the current planning and financial year

ROM relating to the targets set in the current annual planning is carried out at secunet by a risk committee, the ROM Committee. This comprises the members of the Management Board, the commercial manager and the departmental manager responsible for risk management. The ROM Committee holds regular meetings once a quarter. Developments that could jeopardise the fulfilment of objectives, or which may even threaten the survival of the Company, are subjected to intense analysis, scrutiny and assessment by the risk committee. The aim of doing this is to ensure that information about risks, and the associated financial implications, is detected as early as possible in order to be able to implement suitable measures. The existing opportunities and associated potential for earnings are to be identified and leveraged.

As part of the preparation for meetings of the risk committee, a comprehensive risk and opportunity inventory takes place in each area of the Company. Following a bottom-up approach, the significant risks /opportunities are identified as well as assessed and aggregated according to their damage extent or earnings contribution and probability of occurrence. Significant risks and opportunities are to be recorded, for which the materiality threshold was defined as a deviation of 1% or more from the respective target figure. In principle, all risks can be included; for risks above the materiality threshold, this is mandatory. In parallel with the inventory of risks and opportunities, the plausibility of this information is checked by comparing it with the current sales and earnings projections, which are maintained by the sales management and financial controlling departments. The results of the plausibility check are also included in the risk and opportunity inventory.

The Company-specific risks and opportunities surveyed in this manner are then discussed at the risk committee meetings, implementing a top-down approach, and revalidated. A net presentation is shown when evaluating the potential damaging effects of risks, or the effects on earnings of opportunities, in other words the effects of any risk minimisation /opportunity improvement measures already taken are considered as part of the evaluation. Depending on the probability-weighted damage value of the risks /earnings value of the opportunities (risk value /opportunity value), the further treatment of the risks and opportunities is then determined according to standardized maxims for action. These range from pure documentation where the value is negligible (the probability-weighted damage value /opportunity value for secunet Group in the 2024 financial year amounting to less than around 0.3 million euros in EBIT losses; "low risk /low opportunity") and further observation and monitoring of existing measures (for a damage value /opportunity value for secunet Group in the 2024 financial year in the amount of under around 1.7 million euros; "medium risk /medium opportunity") to the need to take and monitor measures immediately (reporting threshold – for a probability-weighted damage value /opportunity value for secunet Group in the 2024 financial year exceeding around 1.7 million euros; "high risk /high opportunity").

The value limits defined above are re-determined annually based on the planned annual result. Insofar as the identified risks /opportunities are quantifiable, the corresponding risk /opportunity values (relating to the reporting date) are adopted in the reporting system.

If required, proposals for countermeasures are then drawn up in the case of risks and support measures in the case of opportunities. The Management Board reviews these measures and ensures that they are implemented in a timely manner.

The operating risks and opportunities considered in this part of ROM for secunet Group and thus also for secunet AG as the parent company of the Group are primarily classified according to their origin in the functional areas of secunet as follows:

» Sales risks /sales opportunities: these are risks and opportunities in all areas connected with distribution. They relate primarily to the functions purchasing and inbound logistics, sales and outbound logistics as well as distribution and marketing.
» Product risks /opportunities: these are the risks and opportunities that can arise in connection with products and solutions from secunet. They relate primarily to risks from technical defects or potential security weaknesses in the components used. Also included in this category are risks from the divisions responsible for planning and coordinating the market-readiness of products and solutions from secunet Group.

2. Management Report

» Project risks /opportunities: these are the risks and opportunities that can arise in connection with development and consulting projects. They mainly include the risks relating to budget planning and subsequent budget compliance. Opportunities can arise when projects are completed better than planned.
» Structural risks /opportunities: these are the risks and opportunities arising from support functions such as finance and controlling, legal and human resources, and IT. Risks from M & A activities and compliance risks are also recorded here.

At the time of preparing this report, the risk and opportunity situation with regard to operational risks is as follows:

» Sales risks primarily include risks from the postponement of major projects, for example as a result of budget cuts by major customers. These sales risks are compensated by sales opportunities that arise, for example, from large new projects or the expansion of existing major projects in the public sector. Sales risks also include risks from supply bottlenecks. These are mitigated by means of active supply chain management (for example through a build-up of inventories and continuous close coordination with the most important suppliers).
» Product risks result primarily from higher than expected time expenditures for the development and approval of new products. This indirectly influences the sales opportunities through these products.
» The project risks mainly consist of budget deviations. These are mitigated by means of coordination with the customers (adjustment of the budget, change requests in the project planning) and by including the risks in the forecast (adjustment of results).
» Structural risks for example, impending value adjustments on inventories or other unplanned expenses – are more than compensated for by opportunities in this category.

Operational risk and opportunity management

Operational risks and opportunities are risks /opportunities affecting ongoing business operations that can arise repeatedly. They are recorded, evaluated and, as far as possible, excluded or exploited through specific risk minimisation or opportunity improvement routines. These control mechanisms are applied at various points in the value creation process. They are documented in the internal control system (ICS).

Distribution or sales risks are discussed within the framework of distribution coordination via risk committees. Risk committees must be held in the case of orders that exceed a defined value. These committees are made up of at least the representatives of the responsible (sales) department, the division /business unit expected to be entrusted with the desired order, the commercial manager, representatives of the legal department and purchasing as well as a member of the Management Board. The goal of the risk committees is to decide for the respective order or invitation to tender, on the basis of transparent criteria, whether and how a bid can be submitted or an order accepted. A standardised synoptic presentation of the risks and opportunities of the respective tender object serves this purpose.

Since a discussion of the risks, including an assessment of their acceptability, is conducted by the risk committees in each case, and the decision recognises the risks as acceptable, they are considered to be low at the time of writing this report.

There is a general project management risk when it comes to major projects. In addition, there are specific risks for long-term major projects. At secunet, such project risks are identified and evaluated in the higher-level project coordination and mitigated by means of appropriate measures. The project management risk arises after the commissioning of major projects: these projects are characterised by multiple uncertainties in their implementation due to the sheer fact of their size. The risk may consist, for example, of a failure to maintain schedules and project budgets. secunet takes these risks into account by means of a comprehensive project management system, which is used to create regular management reports for project managers, division heads and the Management Board. The risks arising from major projects are continuously monitored – in the same way as development risks – with comprehensive project planning and control mechanisms, in conjunction with a risk-oriented reporting system. In the event of deviation from the set targets, measures to reduce the risk are resolved and implemented immediately. These can consist of making additional capacity available for processing the project or discussing deviations with the customer in order to bring expectations into line with the altered framework conditions. The risks arising in the course of project management are sufficiently mitigated by the corresponding measures. Accordingly, the project risks outlined are considered low at the time of writing this report.

There were no significant project risks as at the end of 2024; accordingly, this risk class was assessed as low.

Product risks can arise in various forms. They are largely mitigated within the framework of operational management processes, with the effect that they are considered low at the time of preparing this report.

Product risks can arise in the individual phases of a product life cycle. In conjunction with the development of new products – including corresponding major projects – the following risks are discussed and evaluated regularly:

» Risk of a possible decline in demand: the product fails to prove itself on the market.
» Risk of undesirable technical developments: the product contains defects that lead to warranty claims.
» Risk of failure to complete the product in time: the development project takes considerably more time than estimated.

At the time of preparing this report, there is no market risk and no risk of undesirable technical development. Only the latter development risks are taken into consideration. These have an impact mainly as a sales risk within the framework of the risk assessment for the current financial year.

In the past, secunet primarily developed products and solutions in response to orders to cover specific security needs in the public sector. Its high-security IT solutions were tailored precisely to customers' needs; secunet products were generally not designed without a specific requirement in mind. Most of the products developed by secunet were made to order and were accordingly financed by the customer. Therefore, no development risks existed in terms of potentially waning demand. The risks associated with developing new products that subsequently prove unsuccessful on the market have therefore not been of primary significance for secunet in most product areas.

The development of secunet's own products, such as the secunet konnektor, SINA Communicator and easykiosk, has increased the volume of related internal investments. This has brought development risks more into the focus of risk evaluation. The focus here is less on the sales prospects associated with the products than on the duration of development and certification. The greatest risk for development projects may be underestimation of the time required before they are ready for acceptance. This can lead to expenditure of time and personnel, which limits the profitability of these projects. In order to keep these risks as low as possible, secunet uses extensive project planning and control mechanisms in different locations, paired with a dedicated reporting line. This part of the risk analysis and risk management is identical to the activities that apply for major projects. In the area of development projects, the risk at the time of creating this report is classified as low.

The secunet AG product portfolio is concentrated on solutions in the area of cybersecurity. In the case of the SINA product family in particular, these solutions are protected and approved at a high level in cryptographic terms. One risk that is evaluated on an ongoing basis in connection with the technical properties of these products is the effect of any possible – as yet undetected – security weaknesses. In this context, the focus is on the question of whether and to what extent the security promise made to its customers by secunet in connection with the solution as a whole is compromised as a result of security holes in individual components. This is the task of operational incident management, another component of risk management at secunet. A comprehensive process of ongoing risk identification and assessment takes place in this area for the purposes of risk minimisation. As part of this process, secunet collects and evaluates findings about potential security risks from a wide range of sources. Even if potential vulnerability of the systems merely seems possible as a result of this evaluation, customers are informed immediately and supported in closing the potential security hole. This process of monitoring and solving potential technical security risks is implemented in close collaboration with the Company's development and certification partner, the German Federal Office for Information Security (BSI). In view of the risk minimisation measures in use, the economic risk connected with technical product security is believed to be low.

Strategic risk and opportunity management

Medium and long-term risks and opportunities for secunet are taken into account in the course of strategic planning. They are summarised in the risk and opportunity categories of strategic risks (macroeconomic framework conditions, market dynamics and the development of the competitive situation as well as risks in investments and M & A activities and capital market risks) as well as risks relating to sustainability and compliance risks. These framework conditions and the consequences for the strategy are regularly discussed as part of the planning process with the Supervisory Board, which approves and follows up on this planning.

The risks considered here include the following:

Macroeconomic developments such as economic trends (possible recession), inflation and interest rate trends are included in the analysis, but are not considered material for secunet. This is due to the fact that secunet products have so far mainly been used in infrastructure projects of public authorities, which are much less susceptible to economic cycles than projects in the private sector. Inflation expectations are included in the planning. Beyond this, secunet has only taken out short-term loans and is thus relatively independent of interest rate developments.

Market risks are more than offset by market opportunities. Rapid technological change, which creates a high pressure to innovate and increases competitive pressure due to the attractiveness of the market for IT security, are seen as risks. Opportunities arise from fundamental market growth as a result of growing digitalisation, complemented by the desire for digital sovereignty and cyber resilience. Trustworthy IT security products made in Germany are thus in demand. Regulatory requirements, for example from the German IT Security Act, are additionally driving demand.

The concentration of secunet's business on the German market, the target group of public sector users with relatively few large customers who are essentially served with one product family (SINA) are seen as potential risks. In addition to the fact that these aspects can equally be interpreted as a stable basis for sustainable business, secunet's strategy is to exploit growth opportunities in the private sector (Business Sector) and in international markets.

As with the operating divisions, supply risks are considered very significant in the strategy. Geopolitical developments ("America First" orders, the war in Ukraine, the war in the Gaza Strip, the changes in procurement relationships) exacerbate the fundamentally tense supply situation on the international market for semiconductors. This is reinforced especially for secunet by the fact that often only single suppliers are approved for the high-security sector. The single-source dependency makes it almost impossible to switch to alternative suppliers. Permanent risk-minimising supply chain management is thus important both operationally and strategically. Previous experience in the operating divisions has shown that secunet can deal with these challenges and gives us confidence for medium term.

On the procurement side for personnel, the shortage of skilled workers as well as demographic change create challenges for the future. As a result, secunet strives to continue to be recognised as an attractive employer.

Growth through acquisitions continues to be seen as an opportunity in strategic areas. The acquisition of SysEleven GmbH in the financial year 2022 has shown that secunet can carry out successful transactions. secunet also actively continues to identify suitable and commercially viable acquisition targets.

Overview of risks and opportunities

An overview of risks and opportunities which could impact on the further development of secunet Group shows a positive evaluation overall. The assessment revealed that the risks at the time of creating the report can be controlled overall, and the identified risks do not threaten the continued existence of the Group and the Company in terms of illiquidity or excessive debts in the reporting period of at least one year. The overall risk position has not changed significantly compared to the previous year. The opportunities identified support this assessment. In the operational management of the Group, measures are continuously being taken to prevent a worsening of the risk situation. At the same time, the utilisation of the opportunities described above is being driven forward by a number of activities. No material risks are present as at the balance sheet date.

The business development of secunet AG is subject to the same risks and opportunities as those of the Group. The presentation and evaluation of risks and opportunities thus also apply in the same way for secunet AG.

Forecast

Premises of the forecast

The forecasts for the secunet Group and secunet AG include all information known to the Management Board at the time of preparing this report that could impact business performance. The outlook is based, among other things, on the expectations described below for economic development as well as the development of the IT and IT security market.

With regard to the secunet Group as well as the individual Public Sector and Business Sector divisions, unforeseeable events could influence the currently expected development of the company or individual divisions.

The developments forecast for the key financial performance indicators apply exclusively to the development of the secunet Group in the Group structure as at the reporting date of 31 December 2024 (consolidated Group). Any acquisitions in the 2025 financial year are not taken into account.

General economic environment

Germany remains the most important sales market for secunet Group and secunet AG due to its high share of sales.

The Kiel Institut für Weltwirtschaft (IfW Kiel) reports increasing downside risks in its winter forecast. The economic outlook for the coming years has clouded over due to impending budget consolidation.

The economic consequences are largely dependent on the specific austerity measures and the strength of the knock-on effects, about which there is great uncertainty. This uncertainty is also affecting the behaviour of economic players and leading to a reduced willingness to invest. The IfW Kiel forecasts economic growth of 0.9% for 2024, while an increase of 1.2% is expected for 2025. However, the experts point out that an even weaker development is possible, particularly if the savings have a greater impact on the economy or are more extensive. A recession in 2025 is considered unlikely, but cannot be ruled out.

Sector-specific framework conditions

Market for information and communication technology (ICT)

In addition to the general economic development in Germany, the overall market for information technology and telecommunications (ICT) forms an essential framework for secunet. Market statistics are compiled by the digital association Bitkom.

According to Bitkom, the German market for information and communication technology (ICT) is expected to grow by 4.6% cent to a volume of 232.8 billion euros in 2025. This growth will be driven in particular by the information technology (IT) sector, which is expecting a 5.9% increase in sales revenue to 158.5 billion euros. Within IT, the software sector is set to record the highest growth with a forecast increase of 9.8% to 51.1 billion euros. IT services are also expected to grow by 5.0% to 53.8 billion euros.

The most important growth drivers include the area of cloud services, with growth of 17%. However, significant growth rates are also expected for software (almost 10%) and artificial intelligence (up 43%).

Market for IT security

According to current forecasts, expenditure on hardware, software and services in the area of IT security will exceed the 10 billion euro mark for the first time and amount to around 10.3 billion euros. This corresponds to an increase of around 10% compared to the previous year.

IT security services account for the largest share of this expenditure, followed by investments in security software and hardware. Increasing digitalisation and the associated cyber threats are driving this growth. Companies are increasingly recognising the need to invest in robust security solutions to protect themselves against ever more complex attacks.

Company-specific framework conditions

Strategy

secunet pursues a clear strategy that is based on sustainable and profitable growth in core markets, but also includes targeted investments in promising growth areas. The primary focus is on strengthening the market position, utilising future opportunities and creating value for all stakeholders.

One key focus is on expanding the public customer base and on the continuous further development of key technologies, particularly the SINA product family. secunet is consistently pursuing the goal of driving forward the transformation of its core business models towards the cloud and implementing post-quantum-resistant encryption technologies. Additionally, secunet is focusing on expanding the business segment with a particular emphasis on the healthcare sector and critical infrastructures. At the same time, the international presence is being systematically expanded.

Market position

The Management Board is of the opinion that secunet's products and solutions enjoy an excellent reputation. The company is recognised as a provider of high-quality and trustworthy IT security that meet the highest demands. The IT security partnership that has existed with the Federal Republic of Germany since 2004 underscores this assessment. This puts secunet Group in an excellent position to meet the increasing demand resulting from market growth.

IT security solutions "Made in Germany" enjoy an excellent reputation around the world due to their quality and trustworthiness. The international demand for high-quality solutions such as those offered by secunet is increasing. In addition to the German market, secunet focuses on countries in the European Union, EU organisations as well as defence and space organisations (including organisations such as NATO) and countries in the Middle East. The Management Board sees secunet Group as being optimally positioned to exploit growth potential in foreign markets. The employees in international distribution have extensive experience in the Group and in dealing with international customers.

Acquisitions

secunet Group strives for sustainable and profitable organic development, which is complemented in a targeted manner by value-enhancing acquisitions. The goal is to close gaps in our portfolio and further strengthen our technological expertise. Thanks to its stable balance sheet structure, secunet Group is in a position to implement the planned growth through targeted acquisitions, cooperation projects and partnerships.

Forecast for the secunet Group

In view of the general conditions described above, the Management Board expects demand for secunet Group's products and solutions to remain strong. This positive assessment is confirmed by the order book at the start of the 2025 financial year, which includes firm orders totalling 205.3 million euros.

The risks presented in the risk and opportunity report are considered manageable by the Management Board. In the view of the Management Board, the opportunities outweigh the risks. Against this background, the Management Board is positive about the expected development of secunet Group. For the 2025 financial year, the Management Board expects sales revenue of around 425 million euros (2024: 406 million euros).

The Management Board plans to continue the strategic initiatives unchanged and is deploying targeted resources in 2025 to further advance the progress already made. Accordingly, an EBIT margin of 9.5 - 11.5% is expected (2024: 10.4%).

With regard to EBITDA performance, the Management Board expects an EBITDA margin of 14.5 - 16.5% (2024: 14.8%).

Forecast for secunet AG

secunet AG is managed on the basis of sales revenue and EBIT. The future economic development of the company is directly dependent on the development of the Group as a whole. Accordingly, the statements in the forecast for the Group apply equally to the company.

For the 2025 financial year, the Management Board expects sales revenue of around 400 million euros (2024: 389 million euros). The EBIT margin is expected to be 11.5 - 13.5% (2024: 13%). With regard to EBITDA performance, the Management Board expects an EBITDA margin of 14.5 - 16.5% (2024: 14.2%).

Risk reporting in relation to financial management

The financial management of the Company and the Group has a clear focus on the regulations and requirements applicable under corporate law. This ensures that all Group companies can operate as going concerns.

secunet Group and its associated companies were in a position to fulfil their payment obligations at all times. The investment of liquid funds occurs on a strictly risk-minimising basis. The ongoing monitoring of liquid funds and the coordination with liquidity demands serve to ensure the ongoing ability to pay. This is also the main objective of financial management.

As at the reporting date of 31 December 2024, there was a temporary credit line of 30 million euros with CommerzbankAG, Frankfurt am Main. This served to proactively hedge the Group's liquidity.

Risk management and internal control system

An internal control system (hereinafter referred to as ICS) exists for secunet Security Networks AG and secunet Group, which specifically pursues the following three objectives:

» Reporting: ensuring the accuracy and reliability of internal and external financial and non-financial reporting
» Efficiency: ensuring the effectiveness and efficiency of business processes
» Compliance: supporting compliance with laws, regulations, contracts and internal policies

The ICS is divided into the following sub-areas:

» Controlling environment and objective of the ICS
» ICS process with risk assessment, controlling activities and reporting
» Information and communication
» Monitoring and improvement

The ICS comprises the principles, procedures and measures to ensure the effectiveness and efficiency of business activities, the correctness and reliability of internal and external accounting, and compliance with the legal regulations relevant to the Company. It also serves to detect risks arising from potential breaches of the law and /or endangering the Company's assets or targets. It is also an information system that supports the Management Board and all stakeholders in fulfilling their tasks.

The ICS organisation is integrated into secunet Group's corporate governance system. In addition to the ICS, which is primarily geared towards managing process risks, secunet Group maintains the other corporate governance systems of the risk management system, compliance management system and internal audit system. These systems are essentially operated in parallel with the ICS. The necessary integration is carried out by the respective system managers, among other things through the exchange of information in regular meetings as well as at the level of the responsible members of the Management Board.

All relevant (essential) processes and functions are included in the ICS. Roles and responsibilities are clearly defined within the ICS.

The ICS process is designed as a cycle:

» New creation of processes including description of processes, risks and controls
» Implementation and performance of control activities in the operational processes
» Regular effectiveness assessment and reporting
» Control self-assessment: The currently valid processes and process risks as well as the current status of the documentation in the ICS are compared. This determines whether the documented ICS corresponds to operational reality and whether the defined controls sufficiently cover the process risks. If this is not the case, the process owner must define additional controls or adapt the existing controls accordingly.
» Implement possible improvements from the effectiveness assessment and the control self-assessment in the controlling activities.

The ICS process is communicated within the Company by the ICS coordinator appointed by the Management Board. An IT solution is used for documentation of the ICS, the control confirmations and the self-assessment. Those responsible for the ICS process are trained in its use by the ICS coordinator.

Statement on the appropriateness and effectiveness of the governance systems 1

In accordance with principles 4 and 5 of the German Corporate Governance Code (GCGC 2022), appropriate and effective governance systems (internal control system, risk management system and compliance management system) are required in the Company in order to deal responsibly with the risks of business activities.

As part of its ongoing internal steering and monitoring activities, the Management Board received and discussed regular reports on the governance systems during the 2024 financial year. In addition to the fulfilment of management tasks, these regular processes contribute to the continuous optimisation of these internal processes in the sense of a continuous improvement process. The Management Board is also supported in this by the internal audit department. The Management Board is not aware of any circumstances arising from its discussions of the governance systems that would call into question the appropriateness and effectiveness of these systems.

¹ The section "Statement on the appropriateness and effectiveness of the governance systems" is not part of the management report and was not subjected to a substantive audit by the auditor.

Description of the key features of the accounting-related internal control and risk management system pursuant to Section 289 (4) and Section 315 (4) HGB

secunet Group's internal control and risk management system includes all principles, procedures and measures for ensuring the effectiveness, efficiency and correctness of the accounting system and also assures compliance with the applicable legal provisions. Risk identification and risk mitigation for the accounting-related internal control system (ICS) is carried out in the same way as for secunet's entire ICS.

secunet Group's internal control system consists of an internal steering system and an internal monitoring system. The Management Board of secunet AG – in its function as the managing body of the Company – has assigned responsibility for the internal steering system in secunet Group to the Risk Management department in secunet AG.

Process-integrated and process-independent monitoring measures are the cornerstone of secunet Group's internal monitoring system. In addition to manual process controls – such as the dual control principle – automatic IT process controls are also a key feature of the process-integrated measures. Furthermore, process-integrated monitoring is assured by means of committees such as the risk committee and by specific functions within the Group such as the Legal department. The internal audit department of secunet AG is involved in secunet Group's internal monitoring system through process-independent auditing functions.

The risk management system presented here primarily focuses on avoiding the occurrence of damage through risks.

Use of IT systems

In secunet Group, accounting processes are mainly recorded by the ERP system provided by the manufacturer SAP.

Specific Group accounting-related risks

Specific risks related to Group accounting may result, for example, from the conclusion of unusual or complex transactions and from business transactions that are not routinely performed.

Key regulatory and controlling activities for ensuring the correctness and reliability of accounting within the Group

The controlling activities for assuring the correctness and reliability of the accounting system include tasks such as the analysis of circumstances and developments using specific analyses of key indicators. The separation of administrative, executive, billing and approval functions, and their performance by different individuals, reduce the possibility of fraudulent actions. The organisational measures also focus on recording restructuring or changes in the business activities of individual divisions in the Group accounting promptly and properly. They also ensure that in the event of changes to the IT systems for the underlying accounting in the affiliated companies, for example, the accounting processes are recorded in their entirety for the relevant periods. The internal control system also ensures the mapping of changes in the economic or legal environment of secunet Group and ensures that the Group accounting is adjusted in line with new legal provisions or amendments to such provisions.

The secunet Group accounting principles, which include compliance with International Financial Reporting Standards (IFRS), ensure that the companies included in the Consolidated Financial Statements of secunet AG follow consistent accounting and measurement policies.

The internal control system measures, which focus on the correctness and reliability of Group accounting, ensure that business transactions are recorded in good time and in accordance with the law and the Articles of Association. It is also ensured that inventories are carried out correctly and that assets and debts are reported, measured and declared appropriately in the Consolidated Financial Statements. Regulatory activities also ensure that reliable and transparent information is made available in the accounting documents.

The German subsidiaries and the parent company prepare their annual financial statements in accordance with German commercial law. As part of the consolidation process, the financial statements are reconciled by Group Accounting to commercial balance sheet II in accordance with IFRS as applicable in the EU, using uniform standards. The Consolidated Financial Statements are determined by consolidating capital, liabilities, expenses and income, as well as eliminating intra-Group results, in the aggregate balance sheet and income statement.

Restrictive details

In spite of the aforementioned internal organisation, control and monitoring structures, individual discretionary decisions, defective controls, criminal actions and other circumstances cannot be ruled out. This may lead to limited effectiveness and reliability of the internal control and risk management system used, to the extent that the Group-wide application of the system cannot absolutely guarantee security regarding the correct, complete and timely recording of facts in the Group accounting and in the annual financial statements of the individual companies.

Takeover-related information pursuant to Section 289a, sentence 1 and Section 315a, sentence 1 HGB

The Management Board of secunet AG provides the following information for the 2024 financial year in line with Section 289a, sentence 1 and Section 315a, sentence 1 HGB:

1. The share capital of secunet AG remains unchanged at 6,500,000 euros and is divided into 6,500,000 bearer shares with no par value. Each share entitles the holder to one vote at the Annual General Meeting of secunet AG.
1. A restriction on the transfer ofshares of secunet AG may apply pursuant to the Foreign Trade and Payments Act (Außenwirtschaftsgesetz, AWG), owing to the products supplied by secunet AG. Section 5 (3), sentence 1, no. 2, AWG stipulates that "Restrictions … can in particular be imposed with reference to the acquisition of domestic companies or shares in such companies by foreigners in order to guarantee the essential security interests of the Federal Republic of Germany if the domestic companies … manufacture products with IT security functions to process classified state material or components essential to the IT security function of such products, or have manufactured such products, and still dispose of the technology if the overall product was licensed with the knowledge of the Company by the Federal Office for Information Security." Apart from the restrictions under the AWG, the shareholders of secunetAG are not restricted either by German law or by the Company's Articles of Association in their decisions on the acquisition or disposal of the Company's shares.as licensed with the knowledge of the Company by the Federal Office for Information Security. In particular, the acquisition and disposal of shares does not require the approval of the Company's corporate bodies or other shareholders in order to be valid. The voting rights of shareholders are not subject to any restrictions arising either from legislation or the Articles of Association of the Company. The Management Board is not aware of any agreements between shareholders that give rise to restrictions on the transfer of the Company's shares.
1. To the knowledge of the Management Board, 24.41% of the Company shares are free floating. To the Management Board's knowledge, direct and indirect capital holdings exceeding 10% of voting rights are held by Giesecke + Devrient GmbH, Munich, which had a direct stake of 75.12% as at 31 December 2024. MC Familiengesellschaft mbH, Munich, has an indirect holding of 75.58% in secunet AG (including the treasury shares held by secunet AG) via its participation in Giesecke + Devrient GmbH. Verena von Mitschke-Collande, Celia von Mitschke-Collande, Marian von Mitschke-Collande, Sylvius von Mitschke-Collande and Gabriel von Mitschke-Collande also hold a 75.58% stake in secunet AG indirectly via MC Familiengesellschaft mbH.
1. secunet AG has not issued any shares that grant special rights.
1. Like the rest of the Company's shareholders, employees and members of the Management Board who hold some of its capital also make their own decisions on the exercise of their voting and control rights and therefore exercise their control rights directly.
1. The Management Board of secunet AG is appointed and dismissed in accordance with the applicable legal provisions, in particular Sections 84 and 85 of the German Stock Corporation Act (Aktiengesetz, AktG). The Articles of Association do not contain any special provisions governing the appointment and dismissal either of individual members or of the entire

Management Board. The Supervisory Board has sole responsibility for its / their appointment and dismissal. It appoints members of the Management Board for a maximum term of five years. Members may be reappointed or have their term of office extended, in each case for a maximum of five years. In accordance with Section 179 AktG, changes to the Articles of Association require a decision by the Annual General Meeting; changes that only affect the wording may also be conferred to the Supervisory Board. The amendment becomes effective upon entry in the Commercial Register. In accordance with Article 22 of the Articles of Association, the resolutions of the Annual General Meeting require a simple majority of the votes cast, insofar as the Articles of Association or statutory legal provisions do not specify anything to the contrary. Article 10 (5) of the Articles of Association entitles the Supervisory Board to decide on amendments to the Articles of Association that only affect the wording.

1. The Management Board is not authorised to issue new shares. The Articles of Association of secunet AG do not provide for a contingent capital increase, nor do they include any authorisation for the Management Board to increase the share capital by issuing new shares in return for capital contribution (approved capital). Furthermore, as set out in Section 71 (1), no. 8, AktG, there is no authorisation to purchase treasury stock. As at 31 December 2024, the Company held 30,498 bearer shares, which it purchased on the basis of an authorisation issued during the Annual General Meeting held on 29 May 2001. As per resolution of the Annual General Meeting on 27 May 2009, the Management Board is entitled to divest these shares on a stock exchange with the agreement of the Supervisory Board. As at 31 December 2024, the Management Board of secunet AG had not made use of this authorisation.
1. The Company has no significant agreements that are contingent upon a change of control due to a takeover bid.
1. The Company has concluded no compensation agreements with any members of the Management Board or employees in the event of a takeover bid.

Management and control – reference to the Corporate Governance Statement pursuant to Sections 289f HGB and 315d HGB

As a German public company limited by shares, secunet AG has a dual management and control structure. The Company and the Group are managed by the Management Board, whose members are appointed by the Supervisory Board. The Supervisory Board advises the Management Board and monitors its conduct of business.

A detailed explanation of the management of secunet Group can be found in the Corporate Governance Statement pursuant to Sections 289f HGB and 315d HGB, which is made available in this Annual Report and on the Company's website (www.secunet.com) under >> About us >> Investors >> Corporate Governance.

In accordance with Section 317 (2), sentence 6 of the German Commercial Code (HGB), the information in the Corporate Governance Statement is not included in the audit of the annual and Consolidated Financial Statements.

(Consolidated) Sustainability Statement

With this (Consolidated) Sustainability Statement (hereinafter referred to as the Sustainability Statement), secunet fulfils the obligation of the Company and the Group to disclose nonfinancial information for the 2024 financial year. With this statement, secunet is meeting its obligations as set forth in the "Act to strengthen non-financial reporting by companies in their management reports and group management reports (CSR Directive Implementation Act, CSR-RUG)" pursuant to Sections 315b, 315c in conjunction with 289b – 289e of the German Commercial Code (HGB) and REGULATION (EU) 2020/852 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 18 June 2020 on the establishment of a framework to facilitate sustainable investment, and amending Regulation (EU) 2019/2088.

The Sustainability Statement shows how environmental, social and governance-related impacts, risks and opportunities are managed within secunet Group. The approach is based on Directive (EU) 2022/2464 with regard to corporate sustainability reporting, also known as the Corporate Sustainability Reporting Directive (CSRD). With the Sustainability Statement, companies should include information in the management report that is necessary for understanding the impact of the company's activities on sustainability aspects and the impact of sustainability aspects on the company's business performance, business results and position.

As the European Commission has adopted the European Sustainability Reporting Standards (ESRS) as reporting standards, this year's reporting is the first to fully apply the ESRS as a framework in accordance with Section 315c (3) in conjunction with Section 289d HGB. This Sustainability Statement in accordance with the ESRS also fulfils the requirements for the (consolidated) non-financial statement prepared in accordance with Sections 315b to 315c in conjunction with Sections 289b – 289e of the German Commercial Code (HGB).

Previous reporting on sustainability was organised according to the following topics: "overarching governance issues", "responsible corporate governance", "employee issues", "social issues", "environmental issues" and "respect for human rights". The following reconciliation table shows which ESRS cover these matters.

Reconciliation of ESRS topics / disclosures concerning aspects in accordance with Section 289c (3) HGB

Aspect pursuant to Section 289c (3) HGB	ESRS according to CSRD
Environmental concerns	ESRS E1
	ESRS E5
Employee concerns	Aspects from ESRS S1
	Aspects from ESRS S2
Human rights	Aspects from ESRS S1
	Aspects from ESRS S2
Social concerns	Aspects from ESRS S2
Avoidance of corruption & bribery	ESRS G1
General disclosures	n/a

In accordance with Section 317 (2), sentence 4 of the HGB, the information in the Sustainability Statement is not included in the audit of the combined Management Report. Instead, the combined Sustainability Statement of the Company and the Group has been audited with limited assurance by BDO AG Wirtschaftsprüfungsgesellschaft in accordance with the requirements of the International Auditing Standard ISAE 3000 (revised).

The present Sustainability Statement is accessible to the public together with the combined Management Report on the position of the Company and the Group on the Company's website (www.secunet.com) under >> About Us >> Investors >> Financial Publications.

Content Index

ESRS 2 - General disclosures

Description	Page
General basis for preparation of the Sustainability Statements	92
Disclosures in relation to specific circumstances	93
The role of the administrative, management and supervisory bodies	94 f.
Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies	95 f.
Integration of sustainability-related performance in incentive schemes	96 f.
Statement on sustainability due diligence	97
Risk management and internal controls for sustainability reporting	98
Strategy, business model and value chain	99 ff.
Stakeholders' interests and positions	101 ff.
Key IROs and their interaction with strategy and business model	103 f.
Description of the DMA	104 ff.

ESRS E1 - Climate change

Disclosure requirement	Description	Page
SBM-3	Disclosure requirements in connection with ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model	108 ff.
E1-1	Transition plan for climate change mitigation	110
E1-2	Policies	110 f.
E1-3	Actions	111
E1-4	Targets	111
E1-5	Energy consumption and energy mix	112
E1-6	Gross GHG emissions	113 ff.
E1-8	Internal carbon pricing	117

ESRS E5 - Resource use and circular economy

Disclosure requirement	Description	Page
SBM-3	Disclosure requirements in connection with ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model	118
E5-1	Policies	118
E5-2	Actions	119
E5-3	Targets	119
E5-5	Resource outflows	119 f.

EU - Taxonomy

Disclosure requirement	Description	Page
	EU taxonomy	121 ff.
	EU taxonomy tables	126 ff.

ESRS S1 - Own workforce

Disclosure requirement	Description	Page
SBM-3	Disclosure requirements in connection with ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model	132 ff.
S1-1	Policies	134 f.
S1-2	Processes for engaging with own workers and workers' representatives about impacts	135 f.
S1-3	Processes to remediate negative impacts and channels for own workers to raise concerns	136
S1-4	Actions	136 ff.
S1-5	Targets	138
S1-6	Characteristics of the undertaking's employees	139 f.
S1-8	Collective bargaining coverage and social dialogue	140
S1-9	Diversity metrics	140
S1-14	Health and safety metrics	141
S1-16	Remuneration metrics	141 f.
S1-17	Incidents, complaints and severe human rights impacts	142

ESRS S2 - Workers in the value chain

Disclosure requirement	Description	Page
SBM-3	Disclosure requirements in connection with ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model	143 f.
S2-1	Policies	144 f.
S2-2	Processes for engaging with value chain workers about impacts	146

Disclosure requirement	Description	Page
S2-3	Processes to remediate negative impacts and channels for value chain workers to raise concerns	146 f.
S2-4	Actions	148

ESRS G1 - Business conduct

Disclosure requirement	Description	Page
SBM-3	Disclosure requirements in connection with ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model	149 f.
G1-1	Policies	151 ff.
G1-2	Management of relationships with suppliers	154 f.
G1-3	Prevention and detection of corruption and bribery	155 ff.
G1-4	Confirmed incidents of corruption or bribery	157
G1-5	Political influence and lobbying activities	157 ff.

Company-specific topics

Disclosure requirement	Description	Page
	Information security	159 ff.

ESRS 2 - General disclosures

1-Basics for the preparation

BP-1: General basis for preparation of the Sustainability Statements

The (Consolidated) Sustainability Statement 2024 (hereinafter referred to as the Sustainability Statement) was prepared on a consolidated basis. The companies included in the consolidated Sustainability Statement are the same as those included in the scope of consolidation in the Consolidated Financial Statements. If individual subsidiaries that are part of the scope of consolidation are not included in individual disclosures of the Consolidated Sustainability Statement, this is stated separately in the relevant sections of the Sustainability Statement.

In our sustainability activities and when assessing the impact of secunet Group (secunet) on aspects of sustainability, we look at our own business operations as well as the upstream and downstream value chain. Accordingly, we include the upstream and downstream value chain in our Sustainability Statement as far as possible. Due to the limited information and data available on the upstream and downstream value chain, it is not possible to include it in full in all the reporting standards specifying it. We make this clear in this report under the respective topics.

In preparing this Sustainability Declaration, secunet has not made use of the safeguard clause in accordance with ERSR 1, Chapter 7.7 (Classified and sensitive information, and information on intellectual property, know-how or results of innovation) or the safeguard clause in accordance with the CSRD with regard to information on forthcoming developments or matters currently under negotiation.

BP-2: Disclosures in relation to specific circumstances

secunet makes the following disclosures in relation to specific sustainability reporting circumstances. Any specific deviations from the information provided here are disclosed and explained in the relevant sections of the Sustainability Statement.

» The Company has not deviated from the medium or long-term time horizons specified in ESRS 1 Section 6.4 for the purposes of reporting.

Accordingly, we have set the following time intervals:

for the short-term time horizon: the current financial year (calendar year),
for the medium-term time horizon: from the end of the short-term reporting period up to five years and
for the long-term time horizon: more than five years.
» Our Sustainability Statement includes various estimates of data on the upstream and downstream value chain. This applies, for example, to the calculation of CO2 emissions for the determination of emissions in accordance with Scope 3 (3.1), which are calculated using the spend-based approach. These metrics and monetary amounts are disclosed and explained in the relevant sections of the report.
» In our Sustainability Statement, no metrics and monetary amounts are stated that are impossible to specify accurately.
» Unless otherwise stated, the key performance indicators have not been validated by any other external body.
» This Sustainability Statement is the first to comply with the reporting requirements of the CSRD, and consequently also the ESRS. Accordingly, no changes in the preparation and presentation of sustainability information compared to a previous reporting period are to be reported.
» This Sustainability Statement is the first of its kind. Accordingly, there are no reporting errors to be reported for previous periods.
» secunet does not include any information in its Sustainability Statement based on other legal provisions that require the company to disclose sustainability information, or generally recognised standards and frameworks for sustainability reporting. Accordingly, such information is not reported.
» secunet does not incorporate any information by reference in this Sustainability Statement. Accordingly, such information is not reported.
» The provision for graduated disclosure requirements in accordance with ESRS 1 Appendix C does not apply to secunet. Accordingly, this information is not included in our sustainability report.

2-Governance

GOV-1: The role of the administrative, management and supervisory bodies

secunet Security Networks AG is subject to German stock corporation law (AktG) and its own Articles of Association. It has a dual management and control structure. The operational management of the company is in the hands of the Management Board, while the Supervisory Board acts in an advisory and supervisory capacity to support and monitor the corporate strategy.

The Management Board works closely with the Supervisory Board. It informs the Supervisory Board regularly, comprehensively and without delay – by means of written and verbal reports – of all issues important to the Company as a whole with regard to strategy and strategy implementation, planning, business performance, the financial and earnings situation, and entrepreneurial risks. The Supervisory Board is directly involved in all decisions fundamental to the Company.

The Management Board of the Company comprises four members, including one woman, which corresponds to a share of 25% or a ratio of 1:3 of women to men. The Supervisory Board consists of six members, two of whom were delegated as employee representatives under the One-Third Participation Act. One woman is also represented on the Supervisory Board, which equates to a share of 16.7%.

The members of the Management Board and Supervisory Board bring a wide range of experience and expertise to the Company. Axel Deininger, Chairman of the Management Board, has extensive expertise in the IT security sector, while Dr Kai Martius, Chief Technology Officer, specialises in the development of high-security products. Jessica Nospers, Chief Financial Officer, brings in-depth knowledge in the areas of M & A and financial management. Torsten Henn, Chief Operating Officer, has extensive experience in the IT security industry. On the Supervisory Board, personalities such as Professor Dr Günter Schäfer with his expertise in network security as well as Dr Peter Zattler and Jan Thyen with extensive experience in finance and governance complement the Board's expertise.

Individual members of the Management Board and the members of the Audit Committee of the Supervisory Board have acquired expertise relating to sustainability in various ways:

» Training on sustainability topics and regulatory requirements, including with regard to reporting: In the 2023 / 24 financial year, the Management Board members Axel Deininger and Torsten Henn as well as Gesa-Maria Rustemeyer, a member of the Supervisory Board, completed special training courses on sustainability topics.
» Advice from specialists, e. g. auditors.
» Several years of support for the sustainability reporting of secunet Security Networks AG and the experience gained in the process.

This expertise promotes an understanding of the risks and opportunities arising from the sustainability perspective and supports future-oriented action within the company.

In addition to gender diversity, the committees are characterised by their interdisciplinary composition, which is reflected in a broad spectrum of industry-specific knowledge. The independence of the committee members is another crucial aspect: four of the six Supervisory Board members (66.7%) are considered independent of the main shareholder, with one member also being independent of the company and the Management Board. This independence strengthens objective decision-making and monitoring.

The Audit Committee, which deals with sustainability issues and sustainability reporting, and the full Management Board of secunet Security Networks AG, which is informed about sustainability issues in case of need, are responsible for monitoring the impacts, risks and opportunities within the Supervisory Board. Responsibilities with regard to individual impacts, risks and opportunities are allocated within the Management Board in accordance with the allocation of responsibilities. The fulfilment of tasks is delegated to the respective specialist departments. For example, responsibility for issues relating to ESRS S1 "Own workforce" lies with the CEO, who is responsible for HR issues. The realisation of the tasks is then the responsibility of the divisional manager in the HR department.

ESRS	Specialist area	Board department
2 General disclosures	Sustainability	CFO
E1 Climate change	Environmental management	COO
E5 Circular economy	Sustainability	CFO
S1 Own workforce	HR	CEO
S2 Workers in the value chain	Compliance	CFO
G1 Business conduct	Compliance	CFO
Company-specific: information security	Product strategy, product management	CTO

The company management has delegated the tasks of monitoring and managing impacts, risks and opportunities as well as responsibility for internal and external reporting to the Sustainability department. No special controls and processes are applied for the management of impacts, risks and opportunities (IROs).

The setting of targets, where possible, is part of the meetings of the Management Board, during which the discussion and approval of sustainability-related activities (or the ESG strategy) is part of the agenda. Remuneration-related targets are submitted to the Supervisory Board for approval.

GOV-2: Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies

The Management Board and Supervisory Board are informed at least once a year and on an ad hoc basis about significant impacts, risks and opportunities. This information includes a description of the current status of the double materiality analysis (DMA), including any changes, the processes for identifying and assessing impacts, risks and opportunities, and the status of implementation of the ESG strategy.

The Management Board and Supervisory Board discuss the impacts, risks and opportunities in connection with the company's strategy, important transactions and risk management as an integral part of the decision-making processes at board meetings. When making strategic decisions and transactions, the executive bodies of secunet analyse whether and to what extent compromises are necessary with regard to other strategic aspects. In particular, it is assessed whether the decision is in line with the long-term targets of the sustainability strategy.

Due to the new appointment of the Audit Committee in 2024 and the first-time application of the reporting obligations under the CSRD, the Supervisory Board was informed in detail about all impacts, risks and opportunities associated with the materiality analysis in 2024 (meeting on 27 November 2024).

GOV-3: Integration of sustainability-related performance in incentive schemes

Sustainability-related targets and performance metrics are part of the long-term variable remuneration of secunet AG's Management Board.

The topic of sustainability is an integral part of the corporate strategy and is also reflected in the long-term variable remuneration as a performance criterion with a weighting of 30% (share of long-term variable remuneration).

As an innovation and market leader in the field of IT security solutions, secunetAG is committed to the goal of contributing to societal development and economic sustainability – particularly in the thematic cluster of IT security and combating cybercrime – through high-performance software and hardware products and services as well as state-of-the-art corporate structures. In doing so, the Supervisory Board focuses primarily on the needs of the employees, an effective compliance strategy and consideration of environmental and social issues.

Against this backdrop, the Supervisory Board usually defines up to three different sustainability or ESG targets each year. Examples include diversity targets within the workforce, junior staff development and the attractiveness of secunet AG as an employer, alongside occupational health and safety, and training and further education targets. Attention to environmental concerns or the creation and maintenance of compliance structures, for example, can also be included in this performance category.

The progress of the corresponding actions in the area of the relevant annual sustainability targets is assessed at yearly intervals (in particular on the basis of a Sustainability Statement) and the respective performance of the Management Board member is evaluated on a scale from 50% to 150%, with the aim of achieving the ability to measure target achievement as far as possible. To the extent that accurate measuring of target achievement is not ensured, the Supervisory Board shall determine target achievement in relation to all sustainability / ESG targets at its own discretion. If the minimum performance of 50% of the sustainability targets set is not achieved, target achievement is 0%. It is not possible to exceed the 150% threshold.

Specifically, the part of the variable remuneration of the Management Board of secunet Security Networks AG that is linked to ESG targets is structured as follows for 2024:

» Reduction of CO2 emissions at secunet Security Networks AG. This means that climaterelated considerations are included in the remuneration.
» Increasing employee satisfaction by implementing projects derived from the employee survey.
» Customer satisfaction, measured by the net promoter score (NPS).

Background information on the calculation can be found in the remuneration report of secunet Security Networks AG.

The remuneration of the Supervisory Board of secunet Security Networks AG is not referenced to climate-related considerations or other sustainability-related aspects.

GOV-4: Statement on sustainability due diligence

The core elements of due diligence for the impact on people and the environment can be found in the following relevant information in secunet's Sustainability Statement.

Core elements of due diligence	Disclosures in the Sustainability Statement
a) Integration of due diligence into governance, strategy and business model	GOV-1 Management of responsibilities GOV-1 Monitoring of sustainability IROs
	GOV-2 Information and sustainability aspects dealt with by the company's administrative, management and supervisory bodies
	GOV-3 Inclusion of sustainability-related performance in incentive schemes
	SBM-3 Double materiality analysis
b) Involvement of affected stakeholders in all key due diligence steps	SBM-2 Stakeholders' interests and positions
	GOV-2 Information and sustainability aspects dealt with by the company's administrative, management and supervisory bodies
	IRO-1 Double materiality analysis process
c) Identification and assessment of negative impacts	SBM-3 Double materiality analysis SBM-3 Results of the double materiality analysis IRO-1 Materiality analysis process
d) Actions to counter these negative effects	E1-3 Actions
	E5-2 Actions
	S1-4 Actions
	S2-4 Actions
	G1-2 Management of relationships with suppliers
	G1-3 Prevention and detection of corruption and bribery
e) Tracking the effectiveness of these efforts and	S1-4 Actions
communication	S2-3 Process for improving negative impacts and whistleblower system
	G1-1 Policies

GOV-5: Risk management and internal controls for sustainability reporting

Based on its many years of experience with various types of reporting (management report, non-financial statement), secunet identifies incomplete, inaccurate and unpunctual reporting as the main risks of sustainability reporting. Organisational actions have been taken to mitigate these risks.

Risks	Mitigated by
Unpunctual reporting	Centralised coordination by the Sustainability department, scheduling and ongoing monitoring
Incorrect information in the individual ESRS	Departments each double-staffed when checking the data
KPIs incorrect	Data input into the Sphera IT system at the parent company G + D with the 6-eyes principle at secunet (input, approval and validation) and a plausibility check by G + D.
	Transfer from Sphera to the IT system for secunet reporting; then fresh check for transfer errors

Risk management system and internal control system in relation to sustainability reporting

Sustainability reporting is coordinated for the Group by the Sustainability department of secunet Security Networks AG. Detailed scheduling and ongoing monitoring of adherence to deadlines prevents late reporting

The risks of incomplete and inaccurate reporting are minimised through the intensive involvement of the specialist departments and the ongoing monitoring of the content of the Sustainability Statement (comparison against the ESRS requirements) by the Sustainability department. This form of management was carried out over the entire financial year in order to identify the content of the Sustainability Statement sufficiently in advance and to close any gaps.

In addition, prior to the main audit of the sustainability reporting, a preliminary audit is undertaken by the auditors commissioned with the audit. This largely avoids possible mistakes. Furthermore, the risk of incomplete documentation and evidence is avoided by the audit.

The Sustainability department keeps the Management Board of secunet Security NetworksAG regularly informed on the status of preparation of the Sustainability Statement against the background of the aforementioned risks. In order to avoid risks, regular consultations are held with the auditors and a summary report is submitted to the Management Board as a result of these consultations.

3-Strategy

SBM-1: Strategy, business model and value chain

secunet is one of the leading cybersecurity companies in Germany. In an increasingly connected world, the company's combination of products and consultancy assures resilient digital infrastructures and the utmost protection for data, applications and digital identities. A central component of the portfolio is represented by network components that have highly developed encryption technologies and are approved by the German Federal Office for Information Security (BSI) up to the highest national security level.

Among the significant products offered are also the activities in the areas of digital identities and biometrics. The range of products and services includes solutions for personal identification and authentication of users on web portals as well as for biometric capture and verification in connection with official identity documents. This also includes automated border control systems that ensure a smooth and secure flow of passengers at airports and other border control stations.

For industry, secunet offers solutions for secure edge computing and early warning systems for the prevention and detection of cyber attacks. The focus is particularly on manufacturing companies with high security requirements. Critical infrastructures (CI) are also addressed, i.e. organisations and facilities that are important to the state and society, including those in the energy, transport, traffic, water, finance and insurance sectors.

secunet is not involved in the fossil fuel sector, the manufacture of chemicals, controversial weapons or the cultivation and production of tobacco.

Reporting by ESRS sector is not yet mandatory at the time of preparing this Sustainability Statement.

No prohibitions apply to secunet products or services. There are only supply restrictions in terms of customers and regions for products that are subject to export restrictions, the provisions of the Foreign Trade and Payments Act and national secrecy. These are primarily the products of the SINA product family.

The Company's main geographical sales area is Germany. secunet's sales activities abroad are focused on the countries of the European Union, EU organisations as well as defence and aerospace organisations (including organisations such as NATO) and the Middle East.

Customers of secunet primarily include the public sector, including national and international governments, ministries and authorities as well as quasi-governmental organisations. The focus is also on the German armed forces and organisations in the defence sector as well as organisations with security tasks such as the police and border guards. The company also addresses areas in which there are special IT security requirements – such as healthcare and industry.

secunet's business model is based on certain inputs that are collected, developed and secured in the following way: A distinction is made between development services / software and hardware on the one hand (IT solutions) and the consultancy business by secunet employees on the other:

» IT solutions: hardware requirements are covered by central purchasing and supply chain management, while software development services are predominantly provided by the company's own employees. Requirements in this case are met through employee development and recruitment.
» Consultancy business: here too, requirements are met through employee development and recruitment.

The outputs of secunet's business model and the results in terms of current and expected benefits for customers and investors are as follows:

» Outputs to customers are solutions and IT products, software and IT hardware as well as consultancy services.
» Outputs to investors are information from regular financial and non-financial reporting or from investor meetings. Investors also receive income in the form of dividend payments from the annual profit and increases in the share value.
» There are no other significant stakeholders which receive outputs from secunet's business model.

secunet does not hold a dominant market position within the value chain:

IT hardware is procured in the upstream value chain; secunet has a heterogeneous supplier structure, including both medium-sized and large players in the field of standard IT hardware. On the other hand, suitable personnel is procured on the labour market in the upstream value chain. Here, secunet competes with many other (IT) companies for qualified personnel.

There are two types of markets in the downstream value chain: on the one hand there are regulated markets, in which only authorised or certified products can be traded. secunet has an established market position here, as many of the products in secunet's portfolio are authorised. The situation is different in the non-regulated markets, where competition is significantly higher. Here secunet is in competition with national and international providers.

As at the reporting date on 31 December 2024, secunet employed a total of 1,231 people, all of them in Germany. 2

SBM-2: Stakeholders' interests and positions

Our stakeholders and stakeholder groups include our customers, business partners, employees, investors and analysts, legislators and associations, employees in the value chain, affiliated companies and cooperation partners, NGOs and all those interested in secunet AG's sustainable activities in politics, business and society.

As part of the stakeholder analysis, secunet identified internal and external stakeholders, sorted them according to relevance and evaluated them. The stakeholder analysis was discussed and validated with the relevant departments dealing with the respective stakeholders and with the Management Board.

We maintain an active stakeholder dialogue on all our business activities and make use of various channels and activities to involve stakeholders. The form of dialogue depends on the topic and the stakeholders involved, as not every stakeholder in the company can be considered equally relevant to every aspect of our strategy, including the aspect of sustainability.

Due to their experience and operational tasks, the Management Board and Supervisory Board are already informed about the views and interests of the stakeholders concerned. If this information needs to be supplemented by current sustainability issues, a corresponding notification will be sent.

² Excluding the Management Board.

Key stakeholders	Organisation of the commitment	Purpose and result of the commitment
Employees	• Formal employee appraisals; • Identification of training needs and their implementation; • Workshops; • Works meetings; • All-hands meetings; • Site visits with dialogue format.	• Offering attractive employment and career opportunities; • Developing skills, talents and experience; • Promoting diversity, equal opportunities, inclusion, affiliation and corporate culture.
Customers	• Direct exchange in regular customer and project business, e. g. via key account managers; • Bundling and reporting of customer feedback in the public sector by BSI; • Regular customer events; • Customer survey with top 10 customers per divi sion incl. questions on good / bad experiences with secunet (products) plus the option to give plain text comments. Forwarding the collected data to the responsible divisions (NPS).	• Improving customer satisfaction and expanding product and service offerings.
Suppliers & business partners	• Supplier meetings; • Supplier evaluations; • Supplier audits; • Bilateral exchange.	• Creating mutually beneficial economic value for our suppliers and partners; and • Ensuring an environmentally and socially responsi ble supply chain. We want to work with suppliers who share the same values and are committed to improving sustainable practices.
Investors & analysts	• Year-round dialogue through investor relations events and meetings; • Regular meetings with analysts and investors; • Annual General Meeting.	• Creating a good understanding of the economic situation of secunet AG and promoting the com pany's prospects of generating total shareholder return through rises in the share price and divi dends.
Affiliated companies & cooperation partners	• Direct exchange with affiliated companies; • Strategic alignment
Workers in the value chain	• Exchange with suppliers on topics relating to workers in the supply chain

The views of employees are incorporated into the secunet Group's strategies, decisions and actions through various firmly established dialogue formats. Stakeholder interests are incorporated into the materiality analysis and determine its outcome.

» Regular dialogue between employees and their managers (e. g. annual target agreement and target achievement meetings as well as interim meetings)
» Formats for exchanges between the Management Board and employees (e. g. all-hands meetings; secublog)
» Staff meetings
» Dialogue, consultations and negotiations between the Management Board and the HR department

» Employee surveys: measurement of employee satisfaction. This survey provides information on employee satisfaction and motivation, the quality of cooperation and the development of corporate culture. By giving employees the opportunity to make open statements in the surveys, we also encourage them to provide specific suggestions for improvement, from which we derive actions to optimise our performance as an employer. The results of the employee surveys also serve as a basis for regular dialogue between managers and employees in the individual areas and units of our company.

The interests, views and rights of workers in the value chain which may be significantly affected by secunet, including respect for their human rights, are taken into account.

The basis for the purchasing and procurement process at secunet AG is formed by clearly defined processes and responsibilities that are firmly anchored in the company's process landscape. Annual meetings are held with secunet AG's most important suppliers to discuss the in-house evaluation of the supplier and to suggest possible or necessary changes, including sustainability issues. The aim of these discussions is to promote the positive development of suppliers and to ensure an enduring positive assessment. We are aware that many of our suppliers are already on the path to sustainable development or are already implementing it.

Our procurement platform includes a supplier questionnaire that presents the supplier's profile in detail. One section of the questionnaire is dedicated to the Supply Chain Due Diligence Act (LkSG), in which the company's positions on human rights-related issues and fundamental sustainability aspects are queried. Suppliers are evaluated based on the answers to the questionnaire and an abstract risk analysis that takes industry and country risks into account.

SBM-3: Key IROs and their interaction with strategy and business model

Our identified material IROs are set out in the DMA process and further described in the respective topic-specific chapters.

Overall, our main IROs relate to the core activities of our business model and focus primarily on our own operating activities. As our main IROs are closely linked to our business model, we manage most of them directly as part of our ongoing business activities. This applies in particular to IROs in the area of governance and our own employees. For environmental IROs identified in our upstream and downstream value chain, our direct influence lies in strengthening processes, particularly in the areas of procurement and waste management.

Our main environmental impact results primarily from CO2 emissions. However, emissions are low due to the business model.

The negative social impacts identified are potential in nature and result primarily from sector-specific challenges such as data protection and high workloads. We have implemented targeted actions and guidelines to meet these challenges. If these actions are not continued, the potential negative impact on employees and customers could spread.

However, as an IT service provider, we also make a positive contribution: we invest specifically in the further training and skills development of our employees and promote social standards in our own workforce as well as digitalisation in society – especially for public institutions.

Current financial impact

The financial impact of the significant risks and opportunities identified is currently limited. The resources required to comply with the CSRD and the EU taxonomy remain at a similar level to the previous year. The number of employees in this area has also remained the same. At the same time, we have increased our investments in external consultancy and limited audits as part of CSRD implementation.

As our key IROs are closely linked to our core activities and our growth potential, actions to optimise opportunities and mitigate risks and negative impacts are embedded in our existing governance structures. This gives us a high level of resilience within the time horizons defined for the 2023 and 2024 DMAs. This assessment is based on qualitative analyses by internal experts who carried out a holistic assessment of the existing risk mitigation actions for all IROs as part of the DMA process.

Changes to key IROs

As part of the ongoing CSRD implementation, which continued after the partial pre-implementation in 2023, we have gained an even more detailed analysis of our key IROs through the 2024 DMA. The central topics presented in the 2023 Annual Report have been further refined in this Sustainability Statement and divided into detailed sub-topics and sub-sub-topics in accordance with CSRD requirements.

4-Management of the IROs

IRO-1: Description of the DMA

Background and methodology of the DMA

Since 2023, we have been conducting an annual double materiality analysis (DMA) and reporting on it in our Sustainability Statements. Our sustainability reporting is based on the CSRD (Directive (EU) 2022/2464) and the ESRS. The methodology for assessing material IROs has been continuously developed to meet the requirements of the CSRD. Our DMA is based on the findings of previous years, with the results of the 2023 materiality analysis being reviewed again to ensure that they are up to date and relevant. Our business model, stakeholders, value chain and existing dependencies were taken into account. In this context, affected stakeholders were also systematically involved in order to reflect their perspectives and interests. The stakeholder analysis served as the basis for identifying significant impacts, risks and opportunities.

The DMA is performed in accordance with the double materiality principle. This states that disclosures on ESG topics are required if significant effects on people and the environment (impact materiality) or financial effects on the company (financial materiality) have been identified. Either a top-down or bottom-up approach can be used to identify potentially material topics and their impacts, risks and opportunities. In our case, the top-down approach was used, with the ESRS serving as the basis.

Performing the materiality analysis

A preliminary materiality analysis was already prepared at the beginning of 2023 on the basis of the draft ESRS available at that time. The existing materiality analysis in accordance with HGB/NFRD was transferred to the ESRS logic for this purpose. Initial assessments of key ESG issues were validated by the Sustainability department in consultation with the relevant specialist departments. Following publication of the European Commission's Draft Delegated Act, the methodology and assessment tools were revised. Updated evaluation forms and other documents were used to carry out the stakeholder analysis. The results were approved by the entire Management Board of secunet Security Networks AG on 9 October 2024.

Assessment system

Materiality is assessed in two dimensions.

» Impact materiality: determination of the materiality of impacts on people and the environment based on the following criteria:
- Extent: scale of the impact
- Scope: scope of the impact (persons or resources affected)
- Remediability: possibility of counteracting the impacts
- Likelihood of occurrence: probability of occurrence within the next ten years

Impact materiality is calculated using the formula: Impact materiality = severity of the impact x likelihood of occurrence. The severity of the impact results from the sum of the extent, scope and reversibility.

» Financial materiality: determination of financial opportunities and risks, taking into account the following criteria:
- Likelihood of occurrence: assessment of the risk before counteractions
- Magnitude of financial impacts: assessment of the potential damage or gain from ESG issues

Financial materiality is calculated using the formula: Financial materiality = magnitude of financial impacts x likelihood of occurrence. An ESG issue is considered material as soon as the score is between 3 or -3 to 5 or -5.

Interactions between the impacts were also taken into account when identifying and assessing the risks and opportunities. This means that we have not only considered the risks and opportunities that are immediately recognisable, but also whether and to what extent risks and opportunities arise from the impacts in the long term.

Validation and approval

The materiality assessment was initially carried out by the Sustainability department and then validated in separate discussions with the specialist departments. The results were discussed from two perspectives in order to compare the assessments and adjust them if necessary. Following this internal coordination, an overall assessment was carried out in order to recognise discrepancies and make adjustments. The final results were presented to the Management Board on 4 September 2024. Following a further discussion and incorporation of comments, final approval was given by the full Management Board on 9 October 2024.

Update and adjustments

The DMA is reviewed annually and updated as required as soon as new data or findings become available. Changes in influencing factors and new regulatory requirements are taken into account. Changes in the procedure compared to the previous reporting period are explained above. The assessment of materiality will be reviewed again in the course of the 2025 financial year in order to prepare for the sustainability reporting in 2026. In addition, non-material data points were also assessed. The objective and content of the respective requirements as well as their relevance to our business and their potential benefit for the users of our annual report were analysed.

Sustainability-related risks and opportunities are recognised and tracked as a separate risk category (opportunity category) in secunet's risk and opportunity management. The assessment procedure corresponds to the standard secunet procedure: where possible, a monetary (quantitative) valuation is preferred. Otherwise, a qualitative assessment is carried out.

Where possible, existing quantitative data from secunet's internal accounting system or from valid sources on the Internet or other media were used as data sources for the assessment. Where possible and necessary, assumptions were checked for plausibility with the relevant specialist departments.

Environment

As part of our overarching analysis process, we used a combination of internal dialogue and the technical expertise of our environmental management team to comprehensively assess our current situation. We have come to the conclusion that although our company has an impact on climate change, this can be categorised as low due to our greenhouse gas footprint.

E1

To supplement our DMA, we carried out a climate risk analysis. This has given us a sound understanding of our current situation. In this context, we have also examined the extent to which future scenarios could reveal potential additional risks for our company, including our business activities and assets. Based on this scenario-based assessment method, no significant additional risks beyond those already reported above were identified.

Aspect	Description
Object of investigation	secunet Group (Germany), mainly office buildings, no significant manufacturing activities. Focus on climate risks for own business operations and indirect effects in the value chain.
Time horizon	The period under consideration is five to 25 years, with an end point around 2050.
Climate change scenarios	Best case (Net Zero Emissions 2050): Strict climate policy, rapid technological progress, renewable energies, no new coal or natural gas projects.
	Worst case (SSP5-8.5): Temperature rise of 4°C, extreme weather events, rising sea levels, heavy use of fossil fuels.
Stakeholder involvement	Interviews with specialist departments such as Supply Chain Operations, Central Purchasing, HR, Facility Management, CIO and CISO for risk assessment.

In the course of the DMA and the associated analyses, we considered climate-related hazards and transition risks in accordance with the applicable application requirements in the area of climate change. Our current valuation approach enables an appropriate assessment of our situation, particularly as potential risks are categorised as limited. Nevertheless, we will continue to examine the extent to which further analyses, such as more detailed scenario analyses, could provide additional added value for our assessments.

E2

In order to determine secunet's actual and potential impacts, risks and opportunities in connection with environmental pollution in the context of its own activities and within its upstream and downstream value chain, the Environmental Management and the Central Product Management and Product Compliance departments were surveyed in close connection with the materiality analysis. Their disclosures have been entered in the assessment of environmental pollution as not material for secunet.

E3

As secunet's business model and its own activities, as well as the activities within the upstream and downstream value chain, have no known or suspected points of contact with water and marine resources, the ESRS E3 was assessed as not material.

E4

To determine whether the activities at secunet's sites have an impact on biodiversity and ecosystems, a biodiversity analysis was carried out and discussions were held with the Facility Management and Environmental Management departments.

The biodiversity analysis comprised the examination of all 13 secunet sites for the presence of protected areas or Key Biodiversity Areas (KBA) within a radius of 5 km using specialised geoservices and biodiversity tools. The analysis revealed that there are protected areas or KBAs at seven of the 13 sites, but no relevant impacts of the secunet sites on these were identified, as there are only minor ecological interactions due to the office structure. Therefore, ESRS E4 biodiversity and ecosystems was not considered material for secunet.

E5

The ESRS E5 report involved special focus on secunet's product business. As part of an internal dialogue, various stakeholders were involved, including the unit responsible for product management and development in the CTO Office, the Supply Chain Operations and Environmental Management departments and the product managers.

Governance

G1

As part of our governance standard, IROs are identified by the Compliance Office in close coordination with the Sustainability department. We benefit from the expertise of the Compliance Office and its in-depth understanding of our company.

This assessment is based on findings from the daily work of the Compliance Office and company-wide guidelines and requirements. The analysis covers the entire company in order to ensure a consistent strategic direction in the area of governance and to anchor our corporate values in all areas.

Environment

ESRS E1 - Climate change

Disclosure requirements in connection with ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model

As an IT security company with a growing infrastructure, we are aware of the importance of using resources responsibly. Increasing digitalisation and the growing demand for computing power are leading to higher energy consumption, making sustainable solutions and the increased use of renewable energies ever more relevant.

We are actively committed to minimising our environmental impact. This includes reducing our own energy consumption and adapting to the increasing sustainability requirements of our business partners. At the same time, our IT security solutions help to support companies on their path to more climate-friendly digitalisation and drive sustainable innovation.

IROs		Position in the value chain		Time horizon
		Up stream	Own activi ties	Down stream	Short term	Medi um term	Long term
Vulnerabilities within the supply chain Natural disasters such as storms, earthquakes or floods can have a negative impact on the production or delivery capabilities of suppliers and partners. This could in turn have an impact on supplies and lead to bottle necks as global security of supply is jeopardised.	Risk		X		X	X	X
GHG emissions Even if greenhouse gas emissions are only low, emissions are still generated by business activities.	Actual negative impact	X	X	X	X	X	X
Transition risks Failure to fulfil future customer requirements and procurement specifications in the area of climate protection could have a significant financial impact.	Risk	X	X	X		X
Utilisation and development of energy-efficient solutions Energy consumption through the use of secunet products, both in PCs / notebooks and data centres, is falling.	Potential positive impact		X	X			X
Energy consumption from fossil fuels Energy consumption from fossil fuels leads to more emissions.	Actual negative impact	X	X	X	X	X	X
Cost savings through energy-efficient software and data centres By developing energy-efficient software solutions, secunet strives to minimise its environmental footprint while achieving long-term cost savings for both the company itself and its customers.	Opportunity		X	X		X	X
Rising energy prices The cost prices for products and services are rising, resulting in higher operating costs.	Risk	X	X	X	X	X	X
Stricter regulation of energy-intensive products Stricter regulations for energy-intensive products leads to rising costs, as companies such as secunet have to bear the additional expense of compliance with these regulations.	Risk	X	X	X		X	X
Consumption of renewable energies The use of green electricity has a positive impact on the environment.	Actual positive impact		X		X	X	X

The list of IROs identifies sustainability issues that could have a negative impact on our business (risks) or negative consequences for nature and the climate (negative impacts) if not managed properly. However, sustainability issues can also have positive effects – both for the environment and in the form of financial opportunities.

Assessment of resilience based on the climate risk analysis

Category	Evaluation
Physical risks	Exist, but not classified as critical for secunet.
Transition risks	Low, as secunet has proven to be adaptable to regulatory changes.
Overall resilience	secunet is largely resilient to climate risks. The geographical location in Germany and existing adjustment actions contribute to stability.
Future steps	Annual review of the analysis to take account of new developments.

E1-1: Transition plan for climate change mitigation

There is currently no transition plan for climate protection to ensure that our strategy and business model are in line with the transition to a sustainable economy and limiting global warming to 1.5 degrees in accordance with the Paris Agreement. However, we have already started to examine possible approaches to achieving this goal. The basis for this is the carbon footprint prepared for the first time for the base year 2023, which includes Scope 1, Scope 2 and key categories from Scope 3 in accordance with the requirements of the Greenhouse Gas Protocol.

E1-2: Policies

secunet has set itself the goal of minimising the negative impact of its business activities on the environment as well as environmental risks for the company and using resources efficiently. In particular, this includes reducing greenhouse gas emissions and energy consumption wherever there are reasonable and effective opportunities to do so.

An environmental management system in accordance with DIN EN ISO 14001 was implemented for this purpose, with initial certification taking place in September 2024. Key components of the environmental management system are both the environmental policy and the environmental guideline, which provide pointers for environmentally compatible conduct and are aimed at all employees. It also ensures that all activities comply with the relevant environmental laws and regulations and that employees are informed and trained on compliance. The interests of our stakeholders as well as employees and customers, were also taken into account.

The strategy for environmental activities is conceptually based on the identified material impacts, risks and opportunities. In particular, this includes taking into account transition risks that may arise due to changes in customer requirements and regulatory directives in the sphere of climate protection. Failure to fulfil future procurement requirements could have a significant financial impact. For this reason, secunet pursues a proactive strategy of integrating environmental aspects into business development at an early stage and offering sustainable solutions.

The environmental management system applies to secunet Security Networks AG and covers all of the company's sites. The system relates to all activities within the organisation and takes into account effects on upstream and downstream value chains. The Management Board is responsible for implementing the environmental management system, which is coordinated by the Environmental Management department in close cooperation with the Sustainability department.

A key area of action is the reduction of energy consumption from fossil fuels in order to reduce direct and indirect greenhouse gas emissions. Even if emissions are low overall, they are still generated by business activities and are to be further minimised through targeted actions. At the same time, secunet is increasingly focussing on the use of renewable energies in order to achieve a positive environmental impact and reduce dependence on fossil fuels.

Another key issue is adapting to climate change, particularly with regard to potential bottlenecks in the supply chain. These risks are regularly assessed and updated in order to ensure sustainable resilience in the procurement processes. In addition, any shifts in demand due to changes in environmental requirements on the part of customers are actively monitored and taken into account.

The environmental efforts described are made transparent to internal and external stakeholders and made available via suitable communication channels in order to ensure broad acceptance and support.

E1-3: Actions

Even though secunet does not yet have a comprehensive transition plan, we are already implementing actions to reduce emissions. Since 2022, one key measure has been the use of renewable energies through the purchase of green electricity. This measure applies across all locations and will be continued on an ongoing basis.

Actions relating to the key sustainability issues of "climate protection" and "adaptation to climate change" have not yet been taken, as the aim is first to improve the database in order to be able to derive targeted, effective actions from it.

E1-4: Targets

The processes relating to the requirements of ESRS E1 "Climate change" are already firmly established in the relevant departments and ensure compliance with legal requirements. In addition, environmental issues are continuously taken into account as part of our ISO 14001-certified environmental management system.

In the 2024 financial year, we prioritised improving the data situation so that we can formulate a success-oriented and measurable emissions target in 2025. There are currently no explicit, success-orientated and measurable targets for the key sustainability topics of "climate protection", "adaptation to climate change" and "energy".

At the time of writing, we are developing ESRS-compliant objectives to fulfil the requirements of ESRS E1-4. In this context, the remuneration-related and emissions-related targets are also being further optimised. The evaluation of the effectiveness of the actions described above in relation to the main IROs is also in preparation.

E1-5: Energy consumption and energy mix

	Energy consumption and energy mix		2023	2024
(1)	Total consumption of fossil energy	MWh	2,904	2,923
	Share of fossil fuels in total energy consumption	%	51.30 %	51.31 %
(2)	Consumption from nuclear power sources	MWh	0	0
	Share of consumption from nuclear sources in total energy consumption	%	0	0
(3)	Fuel consumption for renewable sources, includ ing biomass (including industrial and municipal waste of biological origin, biogas, hydrogen from renewable sources, etc.)	MWh	0	0
(4)	Consumption from purchased or received electricity, heat, steam and cooling and from renewable sources	MWh	2,757	2,774
(5)	Consumption of self-generated renewable energy other than fuels	MWh	0	0
(6)	Total consumption of renewable energy (sum of lines 3 to 5)	MWh	2,757	2,774
	Share of renewable sources in total energy consumption (market-based)	%	48.70 %	48.69 %
	Total energy consumption (sum of lines 1 and 6)	MWh	5,661	5,698

Data survey on energy consumption:

secunet's Facility Management department records all relevant building-specific energy consumption data such as electricity, heating, cooling and gas. If no figures are available for the current financial year, these are extrapolated on the basis of the last available year.

Since 1 January 2022, secunet has been purchasing 100% green electricity from Stadtwerke Krefeld.

E1-6: Gross GHG emissions

		Retrospective viewpoint
		Base year	Comparison = year preceding N	N
Emissions 3		2023	2023	2024	% N / N-1
Scope 1 greenhouse gas emissions
Gross Scope 1 GHG emissions	(t CO2e)	460	460	459	0.22 %
Percentage of Scope 1 Greenhouse gas emissions from regulated emissions trading systems	%	n. a.	n. a.	n. a.	n. a.
Scope 2 greenhouse gas emissions
Gross location-based Scope 2 GHG emissions (t CO2e)	(t CO2e)	1,142	1,142	1,148	0.53 %
Gross market-based Scope 2 GHG emissions (t CO2e)	(t CO2e)	174	174	173	0.57 %
Significant Scope 3 greenhouse gas emissions
Gross total indirect (Scope-3) GHG emissions (t CO2e)	(t CO2e)	81,699	81,699	106,320	30.14 %
1 Purchased goods and services	(t CO2e)	70,333	70,333	95,905	36.36 %
2 Capital goods	(t CO2e)	see line above	see line above	see line above	see line above
3 Activities in connection with fuels and energy (not included in Scope 1 or Scope 2)	(t CO2e)	374	374	379	1.34 %
4 Upstream transport and distribution	(t CO2e)	403	403	1,061	163.28 %
5 Waste generated in operations	(t CO2e)	31	31	10	-67.74 %
6 Business traveling	(t CO2e)	798	798	719	-9.90 %
7 Employee commuting	(t CO2e)	1,486	1,486	1,359	-8.55 %
8 Upstream leased assets	(t CO2e)	not relevant	not relevant	not relevant	not relevant
9 Downstream transport	(t CO2e)	36	36	95	163.89 %
10 Processing of products sold	(t CO2e)	not relevant	not relevant	not relevant	not relevant
11 Use of products sold	(t CO2e)	7,913	7,913	6,570	-16.97 %
12 End-of-life treatment of sold products	(t CO2e)	325	325	222	-31.69 %
13 Downstream leased assets	(t CO2e)	not relevant	not relevant	not relevant	not relevant
14 Franchises	(t CO2e)	not relevant	not relevant	not relevant	not relevant
15 Investments	(t CO2e)	not relevant	not relevant	not relevant	not relevant
Total GHG emissions
Total GHG emissions (location-based)	(t CO2e)	83,301	83,301	107,927	29.56 %
Total GHG emissions (market-based)	(t CO2e)	82,333	82,333	106,952	29.90 %

3 The headcount as at 30 June 2024 was used to calculate the E1 key figures.

secunet reports on emissions in accordance with the categories and methods defined in the GHG Protocol. Under the GHG Protocol, emissions are categorised into Scope 1, 2 and 3. Scope 1 focuses on direct emissions in connection with stationary and mobile combustion, process emissions and volatilisation. Scope 2 covers indirect emissions caused by purchased electricity, district heating and cooling. Scope 3 focuses on all other indirect emissions that occur in a company's value chain.

The reported figures apply to the parent company secunet Security Networks AG and all subsidiaries.

For secunet AG, the required key figures were provided by the specialist departments. In the event of data gaps among the subsidiaries, these were closed by extrapolating based on the number of employees. secunet is endeavouring to continuously improve the recording of key figures for all subsidiaries.

The emissions were calculated using specialised software. The emission factors used are based on comprehensive life cycle assessment (LCA) databases, which are constantly updated. 4

Scope 1 emissions

The basis for calculating the reported emission values was the recorded consumption. Due to the sometimes limited availability of real-time data, different methods of calculation were used depending on the emission source.

Stationary combustion

Gas is burnt at four locations. The exact consumption is taken from the bill and converted into CO2e using an emission factor.

Biogenic CO2e emissions from the incineration or biodegradation of biomass do not occur at secunet and can therefore be disclosed at 0%.

Mobile combustion

The exact fuel consumption of the company car fleet is available for the entire Group and is converted into CO2e using emission factors. The emissions resulting from charging electric vehicles cannot yet be taken into account due to lack of data.

Process emissions and volatilisation

No industrial processes that generate emissions take place at secunet. Furthermore, no volatilisation occurred during the operation of air-conditioning systems; emissions are negligible.

Scope 2 emissions

Scope 2 comprises indirect emissions from purchased electricity and district heating and cooling. These emissions arise in connection with the rented office locations.

4 The columns for milestones and target years are omitted as there is no target.

Electricity

Not all accounts were available at the time of publication of the report. In this case, the previous year's consumption was used for the calculation. Exact data will be reported in stages.

Scope 2 emissions are calculated using the following two methods: location-based and market-based. Location-based emissions from purchased electricity are calculated using average grid emission factors per location. Contractual instruments cannot be taken into account in the location-based method. The market-based method, on the other hand, takes into account the renewable energy certificates applicable to electricity consumption. Certified green electricity accounts for 100% of total electricity consumption.

Heat

Heat consumption is currently taken from the most recent landlords' utility bills. These values were used for the current reporting year and consumption was extrapolated by reference to the number of employees.

Cold

District cooling is sourced exclusively at the Dresden site. The invoice was not yet available at the time. In this case, the previous year's consumption was used for the calculation. The exact value will be reported later.

Scope 3 emissions

The relevant Scope 3 categories are explained below. It is also explained why some categories are not reported on.

The calculation of Scope 3 greenhouse gas emissions is based on data from activities within the Group's upstream and downstream value chain. The percentage of emissions determined on the basis of primary data from suppliers or other partners in the value chain is currently 0%.

There are no indirect Scope 3 greenhouse gas emissions included in these categories that originate from the consolidated accounting group, which includes both the parent company and subsidiaries.

Scope 3 greenhouse gas emissions from associated companies, joint ventures or non-consolidated subsidiaries are not recognised, as secunet does not have any affiliated companies of this type, with the exception of one non-consolidated, inactive subsidiary due to its immateriality.

Relevant Scope 3 emissions

3.1 Purchased goods and services

Emissions from purchased goods and services are currently calculated exclusively using the spend-based method.

3.2 Capital goods

Emissions from capital goods are also currently calculated exclusively using the spend-based method. At present, these are still included in the calculated value of the goods and services purchased.

3.3 Activities in connection with fuels and energy

These are emissions that are not included in Scope 1 or 2 and that occur during the extraction, production or transport of the purchased energy. The calculation is based on the average data method.

3.4 Upstream transport

At secunet, upstream transport is subdivided into warehouse and drop shipment transport. The emissions within this category can currently only be determined for warehouse transport using the spend-based method. The transport costs from the drop shipment business are included in the purchasing costs and therefore cannot be isolated at present.

3.5 Waste generation

As secunet is a tenant at all locations, the landlord is responsible for the disposal of office waste. Therefore, no exact quantities are available. The calculation is carried out for the waste types which are mixed municipal waste, paper / cardboard and packaging on the basis of land consumption and a general factor applied for the respective waste type.

These quantities are determined on the basis of the information on the invoices.

Waste was categorised into waste that was incinerated to generate energy and waste that was sent for recycling. The waste-type-specific method was used to determine the emissions.

3.6 Business traveling

Emissions from business travel include data from air travel, rail travel and car hire. Hotel accommodation, taxi journeys or the use of public transport cannot currently be taken into account. The data from air and rail journeys is recorded and analysed using a software tool.

For air travel, the passenger kilometres flown are divided into long-haul (> 1,000 km) and short-haul flights (<= 1,000 km), and the emissions calculated using the distance-based method. The same calculation method is also used for rail journeys, but here the kilometres travelled were not divided into different distances.

Emissions from hire cars were calculated using the spend-based method.

3.7 Employee commuting

This category includes emissions from the transport of employees between their homes and workplaces. Emissions from employee commuting can be caused by

» Car journeys,
» Local public transport,
» Other means of transport (e. g. by bicycle, on foot).

The average data method is used for the calculation. The commuting behaviour, average travel distance and mode of transport were taken from a statistical information system. The emissions were calculated on the basis of the total number of employees.

3.9 Downstream transport

This category includes emissions generated in the reporting year from the transport and distribution of products sold in vehicles and facilities that are not owned or controlled by the reporting company. Emissions are calculated within the software used on the basis of upstream transport. secunet has no direct control or access to detailed data on these activities, so the data must be calculated as a percentage of the Scope 3.4 emissions. In this case, the experience of the parent company was used and the share of Scope 3.9 emissions was given as 9% of the value of upstream transport.

3.11 Utilisation of products sold

The majority of the products sold by secunet are Lenovo brand laptops. Lenovo provides detailed PCFs for a large number of its products. The percentage of emissions generated during use of a representative model was multiplied by the number of laptops sold and this figure was extrapolated to 100% of the total number of products sold.

3.12 End-of-life treatment of products sold

The calculation was carried out using the same method as described under 3.11. However, the percentage share of emissions that occur during disposal was calculated here.

Non-relevant Scope 3 emissions

The following Scope 3 categories were categorised as not relevant for secunet, as they do not occur within the value chain and business model:

» 3.8 Upstream leased assets
» 3.10 Processing of products sold
» 3.13 Downstream leased assets
» 3.14 Franchises
» 3.15 Investments

GHG intensity

GHG intensity per net sales revenue		2023	2024	% N / N-1
Net sales revenue	in euros	393,700,000.00	406,400,000.00
GHG intensity (location-based) per net sales revenue	(tonnes CO2e /euro)	0.000211585	0.000265568	25.51 %
GHG intensity (market-based) per net sales revenue	(tonnes CO2e /euro)	0.000209126	0.000263169	25.84 %

The revenue of the secunet Group was calculated in accordance with IFRS.

E1-8: Internal carbon pricing

No internal CO2 pricing systems are used.

ESRS E5 - Resource use and circular economy

Disclosure requirements in connection with ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model

We rely on highly qualified employees and the essential hardware with which they develop customised solutions for our customers. secunet's business operations are primarily officebased and located in urban areas. We rely on modern, high-performance hardware in our offices and data centres to ensure efficient business operations.

As part of the materiality analysis, only the issue of waste was identified as material.

IROs		Position in the value chain			Time horizon
		Up stream	Own activi ties	Down stream	Short term	Medi um term	Long term
Use of recycled and recyclable packaging Our environmentally friendly packaging solutions are based on recycled and recyclable materials. By reusing the packaging of the pre-product, we avoid the need for additional packaging.	Actual positive impact	X	X	X	X	X	X
Extended producer responsibility Although electronic waste is generated after the life cycle of secunet products, secunet implements extended producer responsibility (EPR). We ensure proper disposal and, wherever possible, enable the products to be reused.	Actual positive impact		X	X	X	X	X

E5-1: Policies

secunet does not yet have an official concept for managing its material impacts, risks and opportunities in connection with resource utilisation and the circular economy. In fact, these issues are planned and fulfilled by complying with the regulatory requirements necessary for these matters: so far, only statutory regulations (such as ElektroG, VerpackG, BattG and European EPR, WEEE, BATT and PACK directives) have been complied with. The Product Management and Supply Chain Operations departments are responsible for implementation.

secunet's business model does not incorporate its own manufacture. Hardware components are exclusively purchased and resold in combination with software as a so-called bundle product. As a result, the organisation of the upstream value chain is only possible to a limited extent. On the other hand, it is possible to consider and plan resource utilisation and the circular economy in the company's own area and in the downstream value chain.

E5-2: Actions

Actions in connection with resource utilisation and the circular economy have not yet been documented in bundled form at secunet due to the lack of a corresponding concept. However, there are certainly building blocks to mention in this respect:

» Recycled packaging materials are used for products in the SINA L3 Box S, SINA L3 Box E/H, SINAWorkstation S and SINAWorkstation Terminal E/H series in order to reduce packaging waste.
» With SINA Workstation S, secunet enables used laptops to be returned to their original condition (refurbished) at the end of their life cycle and used for alternative purposes. This should reduce the generation of electronic waste.
» Within the framework of legal requirements, secunet ensures the environmentally friendly disposal of electronic waste at the end of the product life cycle and ensures that all EPR (Extended Producer Responsibility) requirements are met.

These actions will be continued on an ongoing basis.

E5-3: Targets

As there is no specific concept for resource utilisation and the circular economy, no corresponding targets have been set so far. There are currently no plans to set a target.

Our established processes are anchored in the relevant specialist departments, which ensure compliance with legal requirements daily. Environmental issues are also taken into account continuously as part of our ISO 14001 certifications. The effectiveness of the actions described above is not currently being tracked in relation to the main IROs.

E5-5: Resource outflows

Waste

secunet sells IT products that become electronic waste at the end of their useful life. In order to ensure sustainable and responsible handling of this waste, the legislator has introduced extended producer responsibility. This obliges manufacturers to organise the disposal, recycling and environmentally friendly treatment of their products. secunet meets these requirements by ensuring that products are taken back and disposed of properly and by promoting recycling in order to conserve resources and minimise environmental impact.

Packaging materials are used for shipping. In order to reduce the amount of packaging waste generated, secunet uses the packaging material from purchased products for onward dispatch to customers.

secunet does not produce any hazardous waste or radioactive waste in accordance with Article 3 (7) of Council Directive 2011/70/Euratom.

As secunet is a tenant at all locations, the landlords are responsible for the disposal of office waste such as paper / cardboard, mixed municipal waste and packaging (yellow bin / green dot). secunet provides separate bins at each location for all of the aforementioned types of waste. The actual amount of waste cannot be determined as no exact data is provided by the landlords. The amount of waste is therefore calculated by multiplying the number of square metres of rented space by an average value via an external website. The corresponding waste codes are announced via the waste disposal companies.

Furthermore, waste is generated and disposed of independently by secunet. The exact quantities and waste codes are determined each year on the basis of invoices and the records are archived.

The following table provides an overview of the quantities produced:

in tonnes	Total	Hazardous	Non-hazardous
Amount of waste generated	1,426	0	1,426
Quantity diverted from disposal	1,236		1,236
Preparation for reuse	0	0	0
Recycling	1,236	0	1,236
Other utilisation processes	0	0	0
Quantity destined for disposal	190	0	190
Incineration	190	0	190
Landfill	0	0	0
Other types of disposal	0	0	0
Amount of non-recycled waste	190	0	190
Percentage of non-recycled waste	13.32	0	13.32

The waste volume is broken down as follows. A distinction is made between waste that is disposed of by the landlord and waste that is disposed of by secunet:

Article (in tonnes)	2023	2024
Landlord – mixed municipal waste	188.43	189.65
Landlord – cardboard / paper	837.45	842.87
Landlord – packaging	343.26	345.48
secunet – internal electronic waste	8.35	8.39
secunet – mixed packaging (commercial)	19.14	22.11
secunet – high security (data carriers)	0.78	0.79
secunet – wood	0.20	0.20
secunet – paper / cardboard	17.82	16.50
secunet – bulky waste	0.17	0.17

EU taxonomy

As part of its Action Plan on Financing Sustainable Growth, the European Union (EU) aims to redirect capital flows towards sustainable investment. Against this backdrop, the EU Taxonomy Regulation 2020/852 came into force in mid-2020, classifying which economic activities are considered environmentally sustainable in the EU.

The EU has now published guidelines on sustainable economic activities within the meaning of the Taxonomy Regulation for all six environmental objectives (climate change mitigation, climate change adaptation, sustainable use and protection of water and marine resources, transition to a circular economy, pollution prevention and control, and protection and restoration of biodiversity and ecosystems). The description of economic activities in the delegated acts determines which economic activities may, in principle, be considered. These are the so-called taxonomy-eligible economic activities. Only taxonomy-eligible economic activities may be considered environmentally sustainable upon meeting certain technical screening criteria and in compliance with minimum social protection. If an economic activity meets the screening criteria specified in the delegated acts, it is to be classified as environmentally sustainable and thus taxonomy-compliant.

Delegated Regulation 2022/1214 of 9 March 2022 on nuclear power and natural gas is not applicable.

In the reporting year 2021, only the shares of taxonomy-eligible and non-taxonomy-eligible economic activities in sales revenue, capital expenditure (CapEx) and operating expenditure (OpEx) had to be disclosed for the first two environmental objectives "Climate change mitigation" and "Climate change adaptation" in accordance with the relief granted by the EU. For the reporting year 2022, the extent to which the taxonomy-eligible economic activities meet the technical assessment criteria also had to be disclosed for these two environmental objectives in order to be able to demonstrate taxonomy compliance.

Additional disclosure requirements were added in the 2023 reporting year. On the one hand, the two environmental objectives "Climate change mitigation" and "Climate change adaptation" were supplemented by the "Amended Climate Delegated Act" with additional economic activities and their technical assessment criteria, which had to be reviewed for the 2023 reporting year with regard to their taxonomy eligibility. Moreover, Delegated Regulation C(2023)3851 – also known as the "Environmental Delegated Act" (EnvDA) – was published on 27 June 2023. For the first time, this contains the technical assessment criteria for the economic activity of environmental targets 3 to 6, namely "Sustainable use and protection of water and marine resources", "Transition to a circular economy", "Pollution prevention and control", and "Protection and restoration of biodiversity and ecosystems". For the 2024 financial year, these environmental objectives and their associated economic activities have been reviewed with regard to their taxonomy eligibility.

No further disclosure requirements were added in the 2024 financial year.

In principle, all fully consolidated Group companies are included in this analysis with regard to their sales revenues, capital expenditure and operating expenditure. Further information on the fully consolidated Group companies can be found in the economic report.

Analysis of taxonomy eligibility

In an increasingly networked world, secunet's combination of products and consultancy ensures resilient digital infrastructures and the highest possible level of protection for data, applications and digital identities. secunet specialises in areas where there are particular security requirements, such as eGovernment, eHealth, IIoT and Cloud. With security solutions from secunet, companies can maintain security standards in digitalisation projects and thus expedite their digital transformation.

In order to identify secunet Group's taxonomy-eligible economic activities, those activities that correspond to secunet's business model were first identified on the basis of a list of potentially taxonomy-eligible activities. These were then checked for plausibility using key financial indicators. Both the items reported in the consolidated income statement and internal financial KPIs were used for this purpose.

As a result of the analysis, economic activities 6.5 "Transport by motorbikes, passenger cars and light commercial vehicles", 7.7 "Acquisition and ownership of buildings" and 8.1 "Data processing, hosting and related activities" were classified as taxonomy-eligible. This categorisation was validated again in 2024 to ensure that the activities continue to meet the current requirements.

secunet's EU taxonomy KPIs

	Taxonomy eligible proportion	Non-taxonomy eligible proportion
Sales revenue	3 %	97 %
Capital expenditure (CapEx)	60 %	40 %
Operating expenses (OpEx)	5 %	95 %

Key figures on taxonomy-eligible economic activities

On the basis of Section 289 (1) of the German Commercial Code (HGB), secunet is obliged to apply the regulatory provisions of the Taxonomy Regulation. Pursuant to Section 315e (1) HGB, the Consolidated Financial Statements of secunet as at 31 December 2024 have been prepared in accordance with IFRS. The amounts used for calculation of the sales revenue, CapEx and OpEx KPIs are correspondingly based on the figures reported in the Consolidated Financial Statements. Based on an analysis of the economic activities, the proportion of taxonomy-eligible sales revenue / capital expenditure (CapEx) and operating expenses (OpEx) in the respective secunet Group values is stated for the 2024 financial year.

Sales revenue:

The sales revenue reported in the consolidated income statement is quantified for the 2024 reporting year in the amount of 406.4 million euros. This amount is the denominator under the EU Taxonomy Regulation. The sum of the sales revenues of the taxonomy-eligible economic activities for the 2024 financial year constitutes the numerator. The taxonomy-eligible sales revenue identified in this 2024 reporting year is attributable to the business activities of SysEleven GmbH. SysEleven GmbH operates its own cloud infrastructure and rents it out to business customers, supplemented by other cloud services, including the Kubernetes platform MetaKube, as well as consultancy and IT services.

Capital expenditure (CapEx):

At secunet, the CapEx indicator shows the share of capital expenditure that is either associated with a taxonomy-eligible economic activity (CapEx a), or is associated with a plan to taxonomy-eligible economic activities or enables the conversion of taxonomy-eligible economic activities into taxonomy-compliant economic activities (CapEx b), or relates to the acquisition of products and services from a taxonomy-eligible economic activity (CapEx c). There is currently no CapEx plan, according to which CapEx b does not apply. The basis of the capital expenditure comprises the additions to property, plant and equipment and intangible assets and right-of-use assets from leases (including rent adjustments) during the financial year under review, before depreciation and any revaluations for the financial year concerned and excluding changes in fair value. This also applies to corresponding additions resulting from business combinations.

The reported capital expenditure (CapEx) calculated in this way and presented in sections "3. Property, plant and equipment", "4. Intangible assets" and "5. Leases" in the notes to the Consolidated Financial Statements totalled 25.7 million euros for the 2024 reporting year.

The sum of the additions reflecting taxonomy-eligible investments form the numerator of the CapEx KPI. This includes investments in the data processing activity (8.1. Data processing, hosting and related activities (Annex I)). Outside its core business, secunet can also make a contribution to climate change mitigation with its investments in the vehicle fleet (6.5. Transport by motorbikes, passenger cars and light commercial vehicles (Annex I)) and in buildings (7.7. Acquisition and ownership of buildings (Annex I)).

Operating expenses (OpEx):

The OpEx ratio indicates the proportion of operating expenses associated with taxonomyeligible economic activities. This includes operating expenses for assets or processes related to taxonomy-compliant economic activities, including training and other labour adjustment requirements, as well as direct non-capitalised costs in the form of research and development (OpEx a). The key performance indicator also includes operating expenses that are part of the CapEx plan to expand taxonomy-compliant economic activities or enable the conversion of taxonomy-eligible economic activities into taxonomy-compliant economic activities within a predefined period (OpEx b), as well as the acquisition of products from a taxonomy-compliant economic activity (OpEx c). To calculate the taxonomy-eligible OpEx share, those accounts of financial accounting that reflect the direct, non-capitalised costs for research and development (R & D), building refurbishment actions, short-term leasing, maintenance and repair expenses were used to determine the denominator.

The numerator results from an analysis of the recognised expenses that have been recorded with the above accounts and that are related to the assets with regard to their taxonomy eligibility. Of the total operating expenses, data processing activities (8.1. "Data processing, hosting and related activities" (Annex I)) are categorised as taxonomy-eligible economic activities.

The following economic activities of secunet were classified as taxonomy-eligible for the environmental objective of climate protection:

Taxonomy-eligible activity	Description of the activity	Assignment at secunet
6.5 Transport by motorbikes, passenger cars and light commercial vehicles	Vehicle fleet	CapEx
7.7 Acquisition and ownership of buildings	Buildings	CapEx
8.1 Data processing, hosting and related activities	Cloud infrastructure and cloud services from SysEleven GmbH	Sales revenue, CapEx, OpEx

Analysis of taxonomy compliance

Building on the identified taxonomy-compliant economic activities, secunet carried out an analysis of taxonomy compliance (alignment). It was assessed whether the economic activities make a significant contribution to the achievement of one or more environmental objectives and do not lead to a significant impairment of one or more environmental objectives. Finally, compliance with minimum social protection must be ensured. If the requirements are met, an economic activity can be classified as taxonomy-compliant.

In connection with the analysis, documents were requested from our stakeholders and discussions were held against the background of the alignment.

Economic activity 6.5 (Transport by motorbikes, passenger cars and light commercial vehicles)

The Group incurs capital expenditure that is to be classified under the definition of CapEx c) (Section 1.1.2.2. of Delegated Regulation 2021/2178). In order to analyse compliance, documentation was requested from various stakeholders, especially leasing providers, to assess the above criteria. No information was provided to secunet in sufficient detail for the 2024 financial year. An assessment of taxonomy compliance could therefore not be fully carried out on this basis.

Economic activity 7.7 (Acquisition and ownership of buildings)

The Group uses rented office properties and thus incurs capital expenditure that is to be classified under the definition of CapEx c) (Section 1.1.2.2. of Delegated Regulation 2021/2178). To analyse compliance, the age of the buildings was first checked – properties that were completed before 31 December 2020 are to be classified as non-taxonomy-compliant. The properties used by secunet were either occupied before 31 December 2020 or are older than this date. This criterion therefore applies.

Economic activity 8.1 (Data processing, hosting and related activities)

SysEleven GmbH's data processing, hosting and related activities relate to CapEx a) and OpEx a) (Sections 1.1.2.2. and 1.1.3.2. of Delegated Regulation 2021/2178) and sales revenue. The technical assessment criteria are not met in the reporting year, as the refrigerants used in the cooling system of the data centres (for example F-gases) have a greenhouse gas potential higher than the limits prescribed by the regulations.

As a result, no economic activity currently meets the criteria, which is why it is not possible to report EU taxonomy compliance for secunet Group in the 2024 financial year.

Activities in the areas of nuclear energy and fossil gas

Row	Nuclear energy related activities
1	The undertaking carries out, funds or has exposures to research, development, demonstration and deployment of innovative electricity generation facilities that produce energy from nuclear processes with minimal waste from the fuel cycle.	NO
2	The undertaking carries out, funds or has exposures to construction and safe operation of new nuclear installations to produce electricity or process heat, including for the purposes of district heating or industrial processes such as hydrogen production, as well as their safety upgrades, using best available technologies.	NO
3	The undertaking carries out, funds or has exposures to safe operation of existing nuclear installations that produce electricity or process heat, including for the purposes of district heating or industrial processes such as hydrogen production from nuclear energy, as well as their safety upgrades.	NO
	Fossil gas related activities
4	The undertaking carries out, funds or has exposures to construction or operation of electricity generation facilities that produce electricity using fossil gaseous fuels.	NO
5	The undertaking carries out, funds or has exposures to construction, refurbishment, and operation of combined heat /cool and power generation facilities using fossil gaseous fuels.	NO
6	The undertaking carries out, funds or has exposures to construction, refurbishment and operation of heat generation facilities that produce heat / cool using fossil gaseous fuels.	NO

Share of sales revenue from goods or services related to taxonomy-compliant economic activities – disclosure for the year 2024

Criteria for a significant contribution
Economic activities (1)	Code(s) (2)	Absolute sales revenue (3)	Sales revenue share (4)	Climate protection (5)	Adaptation to climate change (6)	Water and marine resources (7)	Environmental pollution (8)	Circular economy (9)	Biodiversity and ecosystems (10)
		Currency	(%)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)
A TAXONOMY-ELIGIBLE ACTIVITY
A.1 Ecologically sustainable activity

Category transitional activity (20)

A.1 Ecologically sustainable activity (taxonomy-compliant)
Sales revenue for environmentally sustainable activity (taxonomy-compliant (A.1))		0.00 €	— %
A.2 Taxonomy-eligible but not environmentally sustainable activities (not taxonomy-compliant)
Data processing, hosting and related activities	CCM 8.1	12,862,426.12 €	3 %	EL	N/EL	N/EL	N/EL	N/EL	N/EL
Sales revenue for taxonomy-eligible but not environmentally sustainable activities (non-taxonomy-compliant activities (A.2))		12,862,426.12 €	3 %	EL	N/EL	N/EL	N/EL	N/EL	N/EL
Total (A.1 + A.2)		12,862,426.12 €	3 %	EL	N/EL	N/EL	N/EL	N/EL	N/EL

B NON-TAXONOMY-ELIGIBLE ACTIVITIES

Sales revenue for non-taxonomy-eligible activities (B)	393,521,656.84 €	97 %
Overall (A+B)	406,384,082.96 €	100 %

				DNSH criteria ("no significant impairment")
Climate protection (11)	Adaptation to climate change (12)	Water and marine resources (13)	Environmental pollution (14)	Circular economy (15)	Biodiversity and ecosystems (16)	Minimum social standards (17)	Taxonomy compliant (A.1) or taxonomy eligible (A.2) share of sales revenue 2023 (18)	Category enabling activity (19)	Category transitional activity (20)
(Y/N)	(Y/N)	(Y/N)	(Y/N)	(Y/N)	(Y/N)	(Y/N)	Percent	E	T

Share of sales revenue from goods or services

Economic activities (1)

A TAXONOMY-ELIGIBLE ACTIVITY

B NON-TAXONOMY-ELIGIBLE ACTIVITIES

Sales revenue for non-taxonomy-eligible

activities (B) 393,521,656.84 € 97 %

Overall (A+B) 406,384,082.96 € 100 %

related to taxonomy-compliant economic activities – disclosure for the year 2024

Code(s) (2)

Absolute sales revenue (3)

Sales revenue share (4)

Currency (%) (Y; N;

Climate protection (5)

N/EL)

Share of capital expenditure (CapEx) associated with taxonomy-compliant economic activities – disclosure for the year 2024

					Criteria for a significant contribution
Economic activities (1)	Code(s) (2)	Absolute CapEx (3)	Share of CapEx (4)	Climate protection (5)	Adaptation to climate change (6)	Water and marine resources (7)	Environmental pollution (8)	Circular economy (9)	Biodiversity and ecosystems (10)
		Currency	(%)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)
A TAXONOMY-ELIGIBLE ACTIVITY
A.1 Ecologically sustainable activity (taxonomy-compliant)
CapEx for environmentally sustainable activity (taxonomy-compliant (A.1))		0.00 €	— %
A.2 Taxonomy-eligible but not environmentally sustainable activities (not taxonomy-compliant)
Transport by motorbikes, passenger cars and light commercial vehicles	CCM 6.5	879,000.02 €	3 %	EL	N/EL	N/EL	N/EL	N/EL	N/EL

7.7 10,410,756.09 € 41 % EL N/EL N/EL N/EL N/EL N/EL 30 %

Total (A.1 + A.2) 15,370,338.47 € 60 % EL N/EL N/EL N/EL N/EL N/EL 57 %

15,370,338.47 € 60 % EL N/EL N/EL N/EL N/EL N/EL 57 %

8.1 4,080,582.36 € 16 % EL N/EL N/EL N/EL N/EL N/EL 20 % ^T

Category transitional activity (20)

B NON-TAXONOMY-ELIGIBLE ACTIVITIES CapEx for non-taxonomy-eligible activities (B) 10,305,437.38 € 40 % Overall (A+B) 25,675,775.85 € 100 %

Acquisition and ownership of buildings CCM

Data processing, hosting and related activities CCM

CapEx for taxonomy-eligible but not environmentally sustainable activities (non-taxono-

my-compliant activities (A.2))

					DNSH criteria ("no significant impairment")
Climate protection (11)	Adaptation to climate change (12)	Water and marine resources (13)	Environmental pollution (14)	Circular economy (15)	Biodiversity and ecosystems (16)	Minimum social standards (17)	Taxonomy compliant (A.1) or taxonomy eligible (A.2) share of sales revenue 2023 (18)	Category enabling activity (19)	Category transitional activity (20)
(Y/N)	(Y/N)	(Y/N)	(Y/N)	(Y/N)	(Y/N)	(Y/N)	Percent	E	T

Share of capital expenditure (CapEx)

Economic activities (1)

A TAXONOMY-ELIGIBLE ACTIVITY

B NON-TAXONOMY-ELIGIBLE ACTIVITIES

CapEx for non-taxonomy-eligible activities (B) 10,305,437.38 € 40 %

Overall (A+B) 25,675,775.85 € 100 %

associated with taxonomy-compliant economic activities – disclosure for the year 2024

Code(s) (2)

Absolute CapEx (3)

Share of CapEx (4)

Currency (%) (Y; N;

Climate protection (5)

N/EL)

					A.1 Ecologically sustainable activity
			0.00 € — %		CapEx for environmentally sustainable activity (taxonomy-compliant (A.1))
				A.2 Taxonomy-eligible but not environmentally sustainable activities (not taxonomy-compliant)
T	7 %	N/EL N/EL N/EL N/EL	879,000.02 € 3 % EL N/EL	CCM 6.5	Transport by motorbikes, passenger cars and
	30 %	N/EL N/EL N/EL N/EL	10,410,756.09 € 41 % EL N/EL	CCM 7.7
T	20 %	N/EL N/EL N/EL N/EL	4,080,582.36 € 16 % EL N/EL		CCM Data processing, hosting and related activities 8.1
	57 %	N/EL N/EL N/EL N/EL	15,370,338.47 € 60 % EL N/EL		CapEx for taxonomy-eligible but not environ mentally sustainable activities (non-taxono
	57 %	N/EL N/EL N/EL N/EL	15,370,338.47 € 60 % EL N/EL

Share of operating expenses (OpEx) associated with taxonomy-compliant economic activities – disclosure for the year 2024

							Criteria for a significant contribution
Economic activities (1)	Code(s) (2)	Absolute OpEx (3)	OpEx share (4)	Climate protection (5)	Adaptation to climate change (6)	Water and marine resources (7)	Environmental pollution (8)	Circular economy (9)	Biodiversity and ecosystems (10)
		Currency	(%)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)	(Y; N; N/EL)
A TAXONOMY-ELIGIBLE ACTIVITY
A.1 Ecologically sustainable activity (taxonomy-compliant)
Sales revenue for environmentally sustainable

Category transitional activity (20)

Sales revenue for environmentally sustainable activity (taxonomy-compliant (A.1))		0.00 €	— %
A.2 Taxonomy-eligible but not environmentally sustainable activities (not taxonomy-compliant)
Data processing, hosting and related activities	8.1	298,365.65 €	5 %	EL	N/EL	N/EL	N/EL	N/EL	N/EL
Sales revenue for taxonomy-eligible but not environmentally sustainable activities (non-taxonomy-compliant activities (A.2))		298,365.65 €	5 %	EL	N/EL	N/EL	N/EL	N/EL	N/EL
Total (A.1 + A.2)		298,365.65 €	5 %	EL	N/EL	N/EL	N/EL	N/EL	N/EL

B NON-TAXONOMY-ELIGIBLE ACTIVITIES

Sales revenue for non-taxonomy-eligible activities (B)	5,211,523.65€	95 %
Overall (A+B)	5,509,889.30€	100 %

DNSH criteria ("no significant impairment")
Climate protection (11)	Adaptation to climate change (12)	Water and marine resources (13)	Environmental pollution (14)	Circular economy (15)	Biodiversity and ecosystems (16)	Minimum social standards (17)	Taxonomy compliant (A.1) or taxonomy eligible (A.2) share of sales revenue 2023 (18)	Category enabling activity (19)	Category transitional activity (20)
(Y/N)	(Y/N)	(Y/N)	(Y/N)	(Y/N)	(Y/N)	(Y/N)	Percent	E	T

Share of operating expenses (OpEx)

Economic activities (1)

A TAXONOMY-ELIGIBLE ACTIVITY

B NON-TAXONOMY-ELIGIBLE ACTIVITIES

Sales revenue for non-taxonomy-eligible

activities (B) 5,211,523.65€ 95 %

Overall (A+B) 5,509,889.30€ 100 %

associated with taxonomy-compliant economic activities – disclosure for the year 2024

Code(s) (2)

Absolute OpEx (3)

OpEx share (4)

Currency (%) (Y; N;

Climate protection (5)

N/EL)

Social affairs

ESR S1 - Own workforce

Disclosure requirements in connection with ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model

Our employees are at the centre of our company. We are committed to their personal and professional development and promote an inclusive corporate culture that focuses on appreciation and support for all employees. Regardless of gender, age or location, all employees should have the same development opportunities.

Our employees can be affected to varying degrees by the impact of our business activities – as shown in the IRO table.

As part of the ESRS S1, we have identified the following key topics, among others: data protection, working time regulations and work-life balance, gender equality and social dialogue. Our commitment also includes measures against violence and harassment to ensure a safe and supportive working environment.

We also make targeted investments in further training and skills development in order to offer long-term benefits to our employees and society alike. The health and safety of our employees is our top priority, which is why we continuously promote our health management programme. We are also actively committed to the prevention of forced and child labour.

Sub Sub Topics	IROs		Position in the value chain			Time horizon
			Up stream	Own activi ties	Down stream	Short term	Medi um term	Long term
Working hours	Limitation of overtime secunet contractually limits its employees' overtime in order to avoid a culture of excessive overtime and prevent overwork.	Actual positive impact		X		X
Working hours	Failure to record working hours Failure to record working hours can lead to hidden overtime and thus to employees being overworked. This can have a negative impact on their health and performance, which in turn can lead to downtime or loss of quality – with a potential impact on secunet's economic performance.	Risk		X			X
Social dialogue	Employee satisfaction secunet already actively promotes employee satisfaction by involving them in decision making processes and cooperating with em ployee representatives. Continuous measures can further strengthen this satisfaction and employee loyalty.	Actual positive impact		X		X	X	X

Sub Topics	IROs		Position in the value chain			Time horizon
			Up stream	Own activi ties	Down stream	Short term	Medi um term	Long term
health & safety Work-life-balance;	Increasing attractiveness Further measures to promote social standards can increase secunet's attractiveness as an employer.	Opportunity		X		X	X	X
Social dialogue	Consideration of the needs and wishes of employees Taking employees' needs and wishes into account can increase productivity and reduce the leaving rate. This offers the company opportunities by increasing efficiency and reducing costs for new hires.	Opportunity		X		X	X	X
Work-life balance; working hours	Flexibility in working hours and location Flexible working hours on a trust basis and the option of mobile working and desk share allow secunet employees to customise their working hours and location. This promotes the compatibility of work, family and leisure time.	Actual positive impact		X		X	X
Work-liffe balance	Access to childcare and care for the elderly secunet offers its employees access to the PME Family Service. This encourages a better combination of career and family life, with a positive impact on the work-life balance.	Actual positive impact		X		X	X
Health & Safety	Expansion of health management Implementing further measures in the area of health management, e.g. focusing on mental health, can increase the positive effects on the health of employees.	Potential positive impact		X			X	X
Gender equality	Promoting women in the IT sector The IT sector is considered to be male dominated. secunet has the opportunity to promote women in the industry and so attract competent female employees.	Opportunity		X			X	X
Further training and skills development	Promotion of skills within the workforce The skills of secunet employees are further developed through training and education.	Actual positive impact		X		X	X	X
Actions against violence and harassment	Thorough recruitment process During the recruitment process, great attention is paid to interpersonal skills as well as professional expertise. This promotes a positive corporate climate and cooperation within the company.	Actual positive impact		X		X

Sub-

Sub Sub Topics	IROs		Position in the value chain		Time horizon
			Up stream	Own activi ties	Down stream	Short term	Medi um term	Long term
Actions against violence and harassment	Loss of image and brain drain due to dismissals as a result of potential violence or harassment Risks such as loss of image and brain drain can arise through dismissals due to potential violence or harassment in the workplace.	Risk		X		X	X	X
Data protection	Loss of image due to data protection incidents Data protection incidents can make employers less attractive and recruitment more difficult. High costs are also involved in repairing the damage and rebuilding the company's reputation. In addition, considerable fines may be imposed.	Risk		X		X	X	X

The list of IROs identifies sustainability issues that, if not properly managed, could lead to adverse effects for individuals (negative impacts) or risks for our company. However, impacts can also be positive, and sustainability issues may potentially lead to positive financial effects (opportunities).

S1-1: Policies

There is currently no written personnel concept. Nevertheless, there are numerous activities in connection with the company's own workforce.

secunet is committed to respecting and complying with internationally recognised human rights and the due diligence obligations concerning human rights and the environment. We see it as our responsibility to ensure compliance with these standards in our business and in our supply chains and to take measures to prevent human rights violations. Our actions are guided by the principles of the United Nations Universal Declaration of Human Rights, the UN Guiding Principles on Business and Human Rights, the OECD Guidelines for Multinational Enterprises, the fundamental principles of the International Labour Organization (ILO), the ten principles of the UN Global Compact (UNGC) and other relevant international conventions. These commitments form the basis of our business activities and our corporate culture.

We endeavour to provide safe and healthy working conditions that comply with legal and trade association requirements. Our activities are aimed at promoting the physical and mental health of our employees and ensuring a safe working environment. At the same time, secunet stands for diversity, inclusion and respectful interaction with one another. We do not tolerate discrimination of any kind. Regardless of ethnic origin, religion, gender, age, sexual orientation, disability or other characteristics, we promote equal rights and equal opportunities. These values are firmly anchored in our corporate culture and are expressed in our signing of the Diversity Charter. Through this initiative, we are expressly committed to a working environment that is free of prejudice and recognises the diversity of our employees as an enrichment.

To address the potential impact on our employees, we have implemented the Code of Conduct for Employees 5. Our Code of Conduct serves as a binding framework for adherence to compliance standards and ethical principles. It applies to all employees and business partners within the secunet Group and obliges them to comply with human rights due diligence obligations in accordance with the German Supply Chain Due Diligence Act (LkSG). Violations of the Code of Conduct are consistently pursued and penalised.

secunet is also actively committed to achieving a good work-life balance and promoting diversity. We support our employees through targeted programmes and initiatives that create an inclusive and sustainable working environment. With these principles, we want to make a contribution to a fair and sustainable economy and actively promote the protection of human rights. Our full policy statement is publicly available and demonstrates our commitment to responsible corporate governance.

The policy statement 6 on human rights is available at secunet.com.

S1-2: Processes for engaging with own workers and workers' representatives about impacts

secunet is intent on being an appealing employer and maintaining an attractive image in the future too. In order to fulfil this requirement, the company implements processes to involve its own employees under the direction of the HR department. A central component comprises continuous dialogue with employees – both individually and at company level.

Employee surveys as an important feedback tool

In order to measure the satisfaction of the workforce and involve them actively in the design of working conditions, secunet carries out employee surveys. Two surveys were already conducted in 2021 and 2023, which met with great interest – with the participation rate in the latter survey being 72%.

Several projects to improve working conditions and collaboration were derived from the results of the 2023 survey. These include:

» Optimisation of interdisciplinary cooperation
» Improvement of administrative processes, e.g. through the introduction of a new tool for travel expense accounting in 2025
» Increased visibility and responsiveness of the Management Board

Discussions on the continuation of these projects were held in 2024. New approaches and perspectives were discussed in order to define further steps and incorporate the knowledge gained into future planning. A new employee survey is also planned for 2025 in order to continue the dialogue and initiate further improvements.

⁵ For more on the Code of Conduct, see G1-1.

⁶ For more on the Declaration of Principle, see S2-1.

Direct involvement of the workforce

secunet relies on firmly established dialogue formats to actively incorporate the opinions and concerns of employees into business decisions. This includes:

» Regular meetings between employees and managers
» Annual target agreement and target achievement meetings
» Interim meetings for continuous coordination
» Exchange between the Management Board and employees
» Quarterly online Management Board dialogues ("all-hands meetings")
» Face-to-face dialogue format "You ask, we answer" four times a year
» Regular dialogue and consultations between the Management Board and HR
» Employee surveys for the structured collection of feedback

Continuous feedback process for effective decisions

The continuous feedback process ensures that the interests of employees are incorporated into corporate decision-making. The aim is not only to strengthen employee dialogue, but also to ensure a sustainable and attractive working culture.

S1-3: Processes to remediate negative impacts and channels for own workers to raise concerns

Managers are obliged to report known or observed incidents. There are several ways to do this: Reports can be made directly to the HR department, the Compliance Office or via the global whistleblower system 7 , which guarantees confidentiality and protection.

We ensure that all employees are informed about the available grievance mechanisms – both during the onboarding process and through internal communication channels. Every incoming report will be treated confidentially.

We consider the channels through which employees can communicate their concerns and needs to be effective, as they are firmly established and well known to employees. Regular dialogues with managers and employee surveys follow a clear rhythm. This ensures that measures to improve employee interests are continuously reviewed and that the interests of employees are always taken into account.

S1-4: Actions 8

Promotion of feedback culture and personnel development

secunet attaches great importance to a strong feedback culture in order to enable in-depth feedback is received on individual jobs. A central component is the annual employee appraisal, which serves as a standardised, structured dialogue between employees and managers. In addition to the performance review, aspects such as job satisfaction, stress and individual development are discussed here. From this, requirements for further training are derived, which means that the training programme is continuously expanded (ongoing process).

7 For more information on the whistleblower system, see G1-1.
8 Unless otherwise stated, all measures mentioned in this chapter are ongoing and apply to the entire Group.

In order to meet the requirements of the IT sector, secunet is focussing on targeted recruitment and personnel development. secunet secures qualified talent at an early stage through university cooperations, internships, dissertations and the German scholarship. The company is also actively involved in vocational training and offers a trainee programme for graduates.

The in-house training programme includes IT training, project management certifications and programmes for personal and methodological skills development. In addition, there are external training courses, coaching sessions and customised training courses that are individually tailored to the needs of employees.

We manage data and feedback in accordance with our data protection guidelines and focus on the well-being of our employees – in line with ethical standards and legal requirements. Employee data is treated as strictly confidential in order to enable open and constructive feedback via various channels. This approach ensures that our employees feel supported, valued and involved.

Health management and occupational safety

secunet relies on comprehensive health management that involves all employees. The measures include:

» Company medical service: preventive medical check-ups, health counselling and vaccination services, including flu vaccination campaigns at major sites.
» Ergonomic workstations: Promoting physical and mental health through optimised workplace design.
» Analysis of accidents at work and absences due to illness: Identification of areas for action to further improve occupational health management.

From 2025, an in-house integration consultant (BEM officer) will be introduced to support reintegration measures together with the occupational physician service (BAD). In addition, this health-promoting offering, including sports programmes, is to be further expanded.

Compatibility of family and career

secunet promotes the work-life balance of its employees through various measures:

» Flexible working time models: part-time options, trust-based working hours and individual working time organisation in consultation with the manager.
» Mobile working & desk share: Flexibility in the choice of work location.
» Employee Assistance Service: Support in the areas of childcare, caring for relatives and crisis intervention – free of charge and confidential.
» PME Family Service.
» "Work and family" certification: Advice and assistance to help employees achieve a better work-life balance.

Diversity, equal opportunities and inclusion

secunet sees diversity as a success factor and is actively committed to equal opportunities at all hierarchical levels. The company undertakes to comply with the general principle of equal treatment and does not tolerate any discrimination on the basis of origin, gender, religion, disability, age or other personal characteristics.

Actions to promote diversity:

» Commitment through the Code of Conduct: All employees are obliged to maintain respect and equal treatment.
» Signing of the "Diversity Charter": Official commitment to an unprejudiced and appreciative working environment.
» Promotion of women in technical professions: Participation in Women4Tech events and university fairs to target female talent.
» Increasing the proportion of females in management positions: Through targeted measures to reconcile family and career.

Ethical corporate governance and reporting channels

secunet pursues responsible corporate governance, complemented by transparent reporting and control mechanisms. All employees as well as management and supervisory bodies are bound by the secunet Code of Conduct. Violations can be reported confidentially via internal reporting channels.

In addition, compliance with human rights and environmental due diligence obligations is ensured in accordance with the LkSG. An annual risk analysis reviews potential human rights and environmental risks.

The effectiveness of these measures and initiatives is continuously monitored and evaluated by HR through discussions and the collection of various KPIs, among other things.

We do not report on other measures that serve exclusively to comply with existing legal requirements and recognised human rights standards. Although we are clearly committed to fair and safe working conditions, reporting on this would only reflect our compliance with existing regulations and would not indicate a specifically identified impact. Our focus is on maintaining high standards in the workplace that comply with both legal requirements and ethical guidelines – with the aim of ensuring that all employees are treated fairly and respectfully.

S1-5: Targets

We have not set any specific targets, but we continuously evaluate our activities and their impact at the relevant management levels as part of our business activities. Our established processes are firmly anchored in the areas that are responsible for compliance with our guidelines on a daily basis. We also use continuous communication channels and reporting systems to record concerns. This approach emphasises our commitment and focus on industry-relevant priorities.

S1-6: Characteristics of the undertaking's employees

Number of employees and gender ratio

Gender	Number of employees (headcount)
Women	299
Men	932
Miscellaneous	0
Not specified	0
Total	1,231

Method

The total number of employees of secunet Group is calculated by adding up the number of employees at all locations, including employees not entitled to continued pay, parental leave or unpaid leave, excluding the Management Board and freelancers. This calculation is based on the reporting date of 31 December 2024.

Employee characteristics

Gender	Training contract	Unlimited	Temporary	Total
Women	4	261	34	299
Men	3	833	96	932
Miscellaneous	0	0	0	0
Not specified	0	0	0	0
Total	7	1,094	130	1,231

Method

Employees with a training contract

These employees complete a vocational training programme in which they acquire both theoretical and practical knowledge in their specialist area. During the contractually agreed training period, they are specifically prepared for their future career. This also includes people in dual training programmes who acquire their theoretical knowledge at vocational school and gain practical experience in the company.

Employees with a permanent contract

These employees are employed by the company on a permanent basis, contribute to the long-term stability and further development of the company and benefit from continuous professional development.

Employees with a temporary contract

These employees work for the company for a limited period, either to cover temporary requirements or for project-related tasks. Their deployment offers the company flexibility, while they contribute their skills and expertise for the agreed duration.

Employee turnover

Disposals in 2024:	132
Additions 2024:	188
Headcount 1 Jan 2024	1,187
Fluctuation in %	9.6%

Method

The fluctuation rate was calculated using the headcount (excluding the Management Board) and the Schlüter formula. All disposals were included in this calculation.

S1-8: Collective bargaining coverage and social dialogue

There is currently no institutionalised social dialogue and no collective bargaining coverage. The social dialogue takes place via the measures described in S1-2. The materiality of this topic will be reviewed in the coming year and adjusted if necessary.

S1-9: Diversity metrics

Gender proportions at management level

	Number	in %
Number of managers reporting to the Management Board	24		incl. Subs
Of which female	4	16.7%

Method

The management level consists of managers who report directly to the Management Board. This definition corresponds to our company-specific interpretation of the top management level, as it reflects our business structure and internal reporting channels.

Distribution of employees by age group

Gender	30 – 50.	Over 50	Under 30	Total
Women	178	52	69	299
Men	535	234	163	932
Total	713	286	232	1,231

Method

The age distribution of employees is determined by summarising the total number of employees under 30 (29 or younger), between 30 and 50 (30 to 49) and aged 50 and over. Freelancers and external contractors are not taken into account.

S1-14: Health and safety metrics

Work-related injuries are rare in our workplace, as our activities do not involve a high level of physical strain for employees. All employees are covered by our health and safety management system. In 2024, there were no fatal accidents at work among our employees or at our sites.

Percentage of employees covered by the health and safety management system.	100 %
Number of deaths due to work-related injuries and illnesses	0
Number and rate of reportable accidents at work	Accidents: 2 Rate: 0.9246
Number of cases of notifiable work-related illnesses	0
Number of days lost due to work-related injuries, illnesses and fatalities	37 days

Method

The figures are recorded through employee notification. The rate of reportable occupational accidents was determined in accordance with the requirements of ESRS S1-14 AR.89.

S1-16: Remuneration metrics

Gender pay gap

The gender pay gap in the IT sector is strongly characterised by historical factors. More men continue to complete STEM training and therefore make up the majority of the talent pool – which is also reflected in management positions and the overall company structure. With targeted diversity initiatives, we endeavour to balance the gender distribution in management positions and throughout the company and to ensure equal pay for the same qualifications and similar jobs. Although we pay equal pay for equal work, the gender imbalance in the industry affects the overall statistics. Without these industry-specific factors, our remuneration structure would reflect fair pay.

At secunet, women earn on average 76.81% of the salary of their male colleagues, which corresponds to a gender pay gap of 23.19%. This means that women earn on average 23.19% less than men across all employees. However, a detailed analysis of gross salaries shows that this difference is significantly influenced by the following factors:

» Occupational groups
» Length of service
» Relevant professional experience

On average, male employees have been with the company for longer and therefore often have more professional experience. In addition, men are currently much more strongly represented than women in technical professions such as IT security. However, an increase in female students can already be observed at universities, which is likely to lead to more female applicants in the coming years. In the long term, this trend could help reduce the gender-specific pay gap by encouraging more women to enter technical professions and aspire to management positions.

Method

The gender pay gap at secunet is calculated on the basis of the average annual salary, which is determined as the mean value of the annual salaries and levelled to a weekly working time of 38.5 hours, whereby student trainees are also included in the calculation.

Ratio of total remuneration

in euros	Mean value of annual salary adjusted for 38.5 hours	Mean value of annual salary adjusted for 38.5 hours
Median	72,774.04	76,588.48
Highest individual (Management Board)	474,999.92	474,999.92
in %	653 %	620 %
	With temporary staff, trainees, students, etc.	Without trainees, students, etc.

Method

The annual salary is standardised to a weekly working time of 38.5 hours and also includes employees with an hourly wage, such as working students. For all employees, with the exception of working students, the annual salary is made up of a fixed monthly gross salary and a variable bonus component. In addition, the highest earning individual among all employees, including the Management Board, is noted.

S1-17: Incidents, complaints and severe human rights impacts

Discrimination cases:
a) Total number of discrimination cases	0
b) Number of complaints reported via the whistleblower system / Complaints procedure	1
c) Total amount of penalties	0

We investigate all reported cases of discrimination and complaints within our company through official channels. Due to the sensitivity of these issues, we do not disclose details of individual incidents. Every report is treated with the utmost confidentiality. Our grievance mechanisms ensure that employees can report incidents safely and confidentially.

We monitor all fines and penalties to ensure that they are promptly recognised and processed accordingly. No fines or penalties related to discrimination were recorded in 2024. We remain committed to complying with all relevant regulations and maintaining the highest ethical standards in our business processes. In addition, there were no serious human rights incidents in our workforce in 2024, meaning that no penalties or compensation payments were registered in this context.

ESRS S2 - Workers in the value chain

Sub-

Disclosure requirements in connection with ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model

As an internationally active company, secunet is aware of the importance of employee rights throughout the entire value chain. The protection of human rights and compliance with environmental standards are essential components of our corporate responsibility.

Due to the nature of our supply chain, there are no significant actual or potential negative effects on employees in the value chain. Nevertheless, we take this issue seriously and implement targeted measures to ensure high social and ecological standards at our suppliers.

As part of our obligations under the German Supply Chain Due Diligence Act (LkSG), secunet has implemented the necessary due diligence obligations and carried out a comprehensive risk analysis of its direct suppliers. Based on the results of this analysis, further measures were defined, which are presented in detail in this chapter. In this way, we ensure that our supply chain is organised sustainably and responsibly.

Sub Topics	IROs		Position in the value chain			Time horizon
			Up stream	Own activi ties	Down stream	Short term	Medi um term	Long term
Appropriate remuneration; health & safety	Strengthening attractiveness Strengthening secunet's attractiveness as a supplier, e. g. to the public sector, through high social standards.
	Promoting a high level of social standards enhances secunet's reputation and ESG performance, which can have a positive impact on its attractiveness as a business partner.	Opportunity	X			X	X
Working hours; fair pay; health & safety	Blacklisting If secunet does not ensure compliance with social standards in its supply chain, it may suffer reputational damage, which could lead to secunet being excluded from public procurement processes / blacklisting – in which case a significant deterioration in sales and EBIT is possible.	Risk			X	X	X
Appropriate remuneration; health & safety; forced labour	Damage to image Negative image effect due to non-compli ance with social standards in the supply chain, which leads to potential employees turning away from secunet.	Risk		X		X	X

The list of IROs includes sustainability issues that could entail risks for our company if not managed properly. In addition to these potential negative consequences, sustainability aspects can also have positive effects – both in social terms and through economic opportunities arising from a sustainable corporate strategy.

As part of the materiality analysis, secunet did not identify any significant potential or actual positive or negative effects on employees in the value chain. The risk analysis in accordance with Section 5 LkSG for the 2024 financial year also revealed no evidence of child or forced labour among direct suppliers. In addition, no specific groups of workers were identified that are particularly at risk or could be affected by negative impacts. There were no complaints from indirect suppliers in the reporting period.

Despite the general lack of note, individual occupational groups, such as cleaners, tradespeople and employees of logistics providers and distributors, can potentially be affected by non-compliance with social standards. Even if the negative effects were not classified as significant, compliance with social standards remains very important for secunet. This is particularly relevant with regard to public tenders, as violations of social standards could lead to exclusion from award processes or inclusion on blacklists. This would have a considerable financial impact and could impair secunet's competitiveness, as a significant proportion of secunet's customers come from the public sector. This would also mean that secunet would no longer be accepted as a supplier, which would result in considerable losses in sales and EBIT.

Furthermore, publicising breaches of social standards by suppliers could have a negative impact on secunet's corporate image and reduce secunet's attractiveness as an employer, which in turn could make it more difficult to recruit new employees.

secunet therefore relies on consistent monitoring and safeguarding of social standards in the supply chain in order to maintain the trust of customers, partners and employees and remain competitive in the long term. The aforementioned risks and opportunities in this context apply uniformly to all employees in the value chain.

S2-1: Policies

Declaration of Principle

This Declaration of Principle applies to the entire secunet Group, including all subsidiaries. 9 It extends to the company's own business area and the entire supply chain with the aim of identifying and minimising human rights and environmental risks and preventing violations of human rights and environmental obligations.

The policy statement is publicly accessible and has also been passed on internally to employees.

The Management Board bears overall responsibility for compliance with and implementation of human rights and environmental due diligence obligations and ensures that these are integrated into the corporate strategy and risk management. Responsibility for implementing the Declaration of Principle and the Human Rights Strategy lies with the Human Rights Officer.

9 Unless otherwise stated, all the measures mentioned in this chapter are ongoing.

secunet is guided by recognised international standards such as:

» UN Guiding Principles on Business and Human Rights (UNGP)
» United Nations Universal Declaration of Human Rights
» OECD Guidelines for Multinational Enterprises
» Core labour standards of the International Labour Organization (ILO)
» Ten principles of the UN Global Compact (UNGC)
» Stockholm Convention on Persistent Organic Pollutants (POPs Convention)

The Declaration of Principle defines binding ethical, social and environmental standards for secunet and its value chain, describes its human rights strategy and is based on the above-mentioned international frameworks. It describes clear responsibilities at management level, mechanisms for risk minimisation and compliance monitoring as well as measures for stakeholder involvement, including a whistleblower system to ensure transparency and continuous improvement.

In the reporting year, secunet did not record any cases of non-compliance with the aforementioned principles and standards.

Code of Conduct for Suppliers and Business Partners

secunet expressly positions itself against human trafficking, forced labour and child labour in its own business area as well as in its upstream and downstream supply chain. These principles are enshrined in the Code of Conduct for Employees 10, the Code of Conduct for Suppliers and Business Partners and the Declaration of Principle.

The Code of Conduct for Suppliers and Business Partners is a central element of the L-CMS and is binding for all suppliers and business partners. It was adopted by the Management Board in 2022 and is intended to promote the sustainable development of our supply chain. The Code of Conduct for Suppliers and Business Partners contains clear guidelines that enable us to work together with our suppliers and business partners responsibly, ethically and with integrity in accordance with legal regulations.

The content of the Code is based on the ten principles of the UN Global Compact, the ILO principles and the LkSG.

To ensure compliance with the requirements, audit and information rights are enshrined in secunet's General Terms and Conditions (GTCs) and the GTCs for purchasing. The Code is available in German and English on the intranet and on the company website.

¹⁰ For more information on the Code of Conduct, see ESRS G1-1.

S2-2: Processes for engaging with value chain workers about impacts

There is currently no need to implement a procedure for cooperation with the workforce in the value chain, as all direct suppliers – including their employees – are based in Europe. The risk analysis carried out as part of the LkSG did not reveal any significant human rights or environmental risks in the supply chain. secunet will periodically review the risk analysis and reassess the need for a corresponding procedure if the framework conditions change.

S2-3: Processes to remediate negative impacts and channels for value chain workers to raise concerns

secunet pursues a structured, multi-stage approach to implementing remedial measures in order to systematically address human rights risks.

1. Identifying and analysing risks

Potential or actual human rights impacts along the value chain are regularly assessed by means of risk analyses. These analyses are carried out using ESG risk management software and in direct dialogue with the suppliers concerned.

2. Graduated approach to negative effects

If a violation is detected, secunet initiates progressive measures:

» Dialogue: Initial contact with the supplier concerned in order to develop a joint solution.
» Improvement plan: If necessary, a plan is drawn up with specific measures, responsibilities and deadlines.
» Controls: Performance of audits to check the implementation of the agreed measures.
» Final measures: If no improvement is achieved, the business relationship may be temporarily suspended or, in extreme cases, terminated.

As no prioritised (LkSG) risks were identified in the supply chain in the reporting year, it was not necessary to evaluate the effectiveness of remedial measures.

Complaints procedure

In addition to the whistleblower system, secunet has set up a complaints procedure that offers both internal and external stakeholders, including employees in the value chain, the opportunity to voice human rights and environmental complaints. Complaints can be submitted via various channels:

» Electronic whistleblower system
» E-mail
» Phone
» Letter
» Personal meeting with the Human Rights Officer / Compliance Officer

The complaints procedure is accessible to internal and external stakeholders via the intranet and the company website and is integrated into the Compliance guidelines and the secunet Code of Conduct.

If secunet becomes aware of a lack of access to the complaints procedure at suppliers, appropriate processes or additional reporting channels will be introduced to enable the employees concerned to access the complaints procedure.

The complaints procedure is based on the provisions of the LkSG and guarantees a fair, transparent and effective procedure. The internal processes are set out in the "Procedural instructions for the whistleblower and complaints procedure", which have been published both internally on the intranet and externally on the company website.

The procedural instructions ensure that all reports and complaints are processed objectively and in compliance with the procedural principles. In accordance with the LkSG and the Whistleblower Protection Act (HinSchG), fixed deadlines were defined for processing in order to ensure a rapid and structured investigation.

In addition, internal and external stakeholders have the opportunity via the intranet and the company website to find out about

» the processing procedure and the responsible contact persons,
» the protection mechanisms for whistleblowers,
» the functionality of the electronic whistleblower system and
» the reporting criteria and the available reporting channels.

In the reporting year, no complaints were submitted by employees in the value chain via the complaints procedure. The effectiveness of the procedure is currently assessed solely on the basis of the framework conditions described.

S2-4: Actions

As part of the materiality analysis, secunet did not identify any significant potential or actual positive or negative effects on employees in the value chain.

The risk analysis carried out in accordance with the LkSG shows that, due to the geographical structure of the supply chain – with direct suppliers in Europe – there are currently no prioritised human rights or labour law (LkSG) risks. Should relevant indications of (LkSG) risks become apparent in the future, secunet will analyse them and take appropriate measures.

Supply Chain Compliance Management System (L-CMS)

secunet is a signatory to the UN Global Compact and is committed to respecting and promoting human rights through the Declaration of Principle. This declaration is a central component of the Group-wide Supply Chain Compliance Management System (L-CMS), which ensures that human rights and environmental due diligence obligations are observed along the entire value chain. The implementation of the LkSG is a dynamic, ongoing process.

A key component of the L-CMS is the annual and event-driven LkSG risk analysis. The aim is to recognise potential risks at an early stage, especially for vulnerable employees. Continuous abstract risk analyses, which take country and industry-specific factors into account, form the basis for the concrete assessment and monitoring of risks in the supply chain. ESG risk management software supports the automated screening of direct suppliers for human rights and environmental standards. The final risk assessment is based on the probability and severity of possible violations, the impact on identified risks and the contribution of the respective supplier to the cause.

Complaints procedure and remedial action

To promote the transparency of risks in the supply chain, the Group-wide whistleblower system has been supplemented by a complaints procedure 11 in accordance with Section 8 LkSG. This also enables employees in the value chain to report human rights and environmental violations by stating their name or else anonymously.

If the LkSG risk analysis identifies risks at a supplier, the first step is to set up corrective measures 12 in cooperation with the affected suppliers. If necessary, this can be supplemented by further measures such as audits.

The measures described were implemented for the first time in the 2024 financial year. An assessment of effectiveness will therefore only be possible in the coming years and will be based on a risk-based analysis.

As described in section S2-1, secunet has implemented a Code of Conduct for suppliers and business partners in order to seize opportunities in the area of social responsibility within the value chain. This ensures that ethical, social and environmental standards are observed and promoted along the supply chain. No specific measures are currently planned.

¹¹ Further details on the complaints process and the assessment of its effectiveness are described in section S2-3.

¹² Further details on the remedial actions are described in section S2-3.

Governance

ESRS G1 - Business conduct

Our success is based on the commitment of our employees and on trusting relationships with business partners in our value chain. Compliance with national and international laws and Group-wide guidelines is not only a legal requirement, but also an economic necessity. Violations may have legal and financial consequences and may impair trust in secunet.

Responsible behaviour towards our employees, business partners and society is therefore an integral part of our corporate culture. We are committed to protecting human rights, counteracting corruption and ensuring that whistleblowers who draw attention to abuses are protected. These measures help to promote a safe, fair and sustainable working environment.

Disclosure requirements in connection with ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model

The topic ESRS G1 – Business Conduct was assessed as material. As part of the materiality assessment, the following impacts, opportunities and risks were identified in the context of secunet's corporate governance.

Sub Sub Topics	IROs			Position in in the value chain			Time horizon
			Up stream	Own activi ties	Down stream	Short term	Medi um term	Long term
Corporate culture	Promotion of the corporate culture A positive corporate culture sensitises employ ees to ethical behaviour and strengthens the trust of employees and business partners. This creates a sustainable and integrity-orientated working environment that promotes social responsibility within and outside the company.	Actual positive impact		X				X
Protection of whistleblowers	Whistleblower system A secure whistleblower system and a trusting working environment ensure that the identity and interests of whistleblowers are protected. This strengthens secunet's integrity and the trust of employees and external stakeholders in the corporate culture.	Actual positive impact	X	X	X			X
Corruption and bribery; supplier relations	Binding standards Binding standards for employees, suppliers and business partners promote transparency and sustainability along the value chain. This strengthens the trust of customers, suppliers and other stakeholders.	Actual positive impact	X	X				X
Corporate culture	Increasing attractiveness through a good corporate culture Promoting a good corporate culture of integ rity increases secunet's attractiveness as an employer. This supports the recruitment and retention of qualified employees, strengthens employer branding and increases competi tiveness on the labour market.	Opportunity		X		X	X	X
Corporate culture	Compliance as a practised corporate culture A corporate culture based on integrity and ethical behaviour helps to prevent compliance violations.	Opportunity		X		X	X	X
Corruption and bribery; political influence and lobbying activities	Non-compliance with compliance regulations Non-compliance with and failure to imple ment statutory and corporate regulations, including antitrust law and corruption pre vention, harbours the risk of legal sanctions, including fines, exclusion from public procure ment processes and potential reputational damage. This could lead to considerable financial losses and long-term impairment of business activities.	Risk		X		X	X	X

G1-1: Policies 13

secunet's corporate culture 14 is a central element of our shared success and is based on five core values that were developed and defined by the Group's employees in a values workshop in 2022. These values were published by the Management Board at the end of 2022 and have since served as a guide for the company's daily actions and long-term orientation.

In order to actively live and further develop the corporate values, secunet is involved in charitable "hands-on projects" throughout Germany, such as the remodelling of rooms and outdoor areas of project partners, and "excursion projects" with children and young people from the project partners. Since 2023, Social Days have been organised every year at large and small locations, giving all employees the opportunity to get involved in social activities. These activities are intended not only to strengthen team spirit, but also to further cohesion and help bring the company values to life.

The "secunet Summit" also offers employees a valuable opportunity to exchange ideas and network across divisions, departments and locations. The focus is not only on professional exchange, but also on promoting cohesion within the Group. In addition to the joint development of topics relevant to the company, great importance is attached to promoting inspiring discussions and a varied supporting programme that emphasises the fun and enjoyment of working together. Since 2022, the secunet Summit has been organised every three years to make this special experience a regular occurrence.

Open and regular internal communication forms the backbone of our corporate culture. Formats such as all-hands meetings 15, blog entries by the Management Board and specialist departments, and company-wide news promote transparency and make the company's values tangible. Blog entries offer exciting insights into current projects, successes and innovations, strengthen the transfer of knowledge and create a lively connection between the different areas of secunet. Team events and informal meetings also create an environment that further supports collaboration and innovation.

secunet attaches great importance to the personal and professional development of its employees 16. Training courses, workshops and exchange formats specifically promote skills, strengthen identification with secunet and contribute to employee motivation and satisfaction.

The corporate culture is assessed through employee surveys 17. These surveys provide insights into employee satisfaction and commitment and help to analyse the perception of the corporate culture and identify possible areas for action.

¹³ secunet has not yet finalised its ESG targets for the current reporting year 2024. A definition of the targets based on the ESRS standards is planned for the coming 2025 financial year. The effectiveness of the policies and actions from ESRS G1 was not tracked in any other way with regard to the material sustainability-related IROs.

¹⁴ Unless otherwise stated, all the actions mentioned in this chapter are ongoing.

¹⁵ For further information, see ESRS S1-2.

¹⁶ For further information, see ESRS S1-4.

¹⁷ For more information on the employee survey and its results for 2024, see ESRS S1-1 & S1-2.

Integrity and ethics in corporate governance

Our corporate governance is based on the cornerstones of integrity and ethics. Responsible and sustainable conduct, social acceptance and a high degree of integrity are essential preconditions for the economic success of our company.

Compliance management system

Our compliance management system, which the secunet Management Board has introduced for loss prevention and risk control, is a key component of this. With this programme, secunet defines uniform Group-wide standards for key compliance issues and thus ensures that secunet acts in accordance with the applicable legal regulations in the countries in which it operates.

The principles and measures implemented with the CMS comprise the key elements of a compliance management system in accordance with IDW PS 980. All of the measures reflect the "Tone from the Top" 18 programme specified by the Management Board.

In 2022, the suitability and effectiveness of the compliance management system was certified by an external audit in accordance with IDW Auditing Standard 980. As in the previous financial year, the suitability and effectiveness of the compliance management system was reviewed in a self-assessment carried out for the 2024 financial year.

The secunet Management Board is responsible for the implementation, monitoring and further development of appropriate and effective compliance measures within secunet Group.

Code of Conduct for Employees

A key element of the compliance management system is the Group-wide Code of Conduct for Employees, which is binding for all employees. This was adopted and implemented by the secunet Management Board in 2022. The Code of Conduct aims to promote and ensure sustainable and responsible behaviour in everyday working life. The content of the Code of Conduct for Employees is based on internationally recognised standards such as the ILO standards. The main aim is to promote a positive corporate culture of integrity that sensitises employees to ethical behaviour. Compliance with the Code is of central importance; violations of its content will not be tolerated and will be sanctioned accordingly. The Code of Conduct is available in German and English on the intranet and on the website for employees and third parties.

The Code of Conduct for Employees contains binding rules of conduct with regard to human rights, social standards, labour standards, environmental protection, transparent and sustainable business relationships, fair market conduct, information security and data protection.

Various Group and company guidelines and work instructions supplement and elucidate legal and internal requirements from the Code of Conduct for Employees. These are also binding for all employees.

¹⁸ The Tone from the Top can be found under "Corporate Compliance" on the secunet website: https://www.secunet.com/en/about-us/company

Whistleblower system and protection against reprisals

Another element of the CMS is the whistleblower system which is designed to highlight potential risks and avert damage to the Group and its stakeholders and protect people harmed by violations. A procedural instruction and an internal process have been implemented to deal with violations of legal and internal company requirements, which ensure the application of Directive (EU) 2019/1937, the Whistleblower Protection Act and the LkSG. Our whistleblower system makes possible the confidential reporting of incidents both internally and externally.

Whistleblower system

All secunet Group employees can find information about the whistleblower system and the complaints procedure on the intranet. The individual reporting channels and reporting categories are shown here. In addition, information about the whistleblower system is provided in blog posts. New employees are also made aware of the whistleblower system via an onboarding e-mail.

The secunet Group has also drawn up rules of procedure 19, with the aim of ensuring a fair and transparent process that takes into account both the principle of proportionality for the persons concerned and also the protection of the whistleblower. The rules apply to all persons who report information in accordance with the HinSchG and complaints in accordance with the LkSG and are available on the secunet website and the intranet. The rules of procedure were put into force by the Board of Directors. The Compliance Officer is responsible for the operational implementation of the rules of procedure. There are five internal reporting channels for whistleblowers to report rule violations. Information can be submitted by e-mail, via the electronic whistleblower system, by post, in person and/or by telephone. The contents of the rules of procedure are based on the provisions of the HinSchG and the LkSG.

The reporting officers continuously expand their expertise through specialised training courses and webinars on internal investigations and whistleblower systems. In addition, they receive regular legal updates from the Legal department and exchange best practices in specialist networks.

The secunet Group prohibits and does not tolerate any form of reprisals (e. g. adverse action, disciplinary measures, threats, intimidation) for reports made in good faith.

In order to protect our whistleblowers, employees are given the option of contacting external reporting centres (e. g. BaFin, BAFA) or reporting anonymously via various internal reporting channels.

In addition, all reports of rule violations and complaints as well as all information contained therein will be treated as strictly confidential. The identity of the whistleblower is protected with the utmost care. When investigating a whistleblower report or complaint, the "need-toknow" principle is applied so that only the persons required to clarify the facts are included in the investigation. Care is taken to ensure that the information / complaint, the persons mentioned therein and the facts pointed out are used for further processing, research and clarification in anonymised and generalised form.

19 For further information on the contents of the rules of procedure, see ESRS S2-3.

Information on violations (incidents) of legal and internal company regulations, including those relating to corruption and bribery, can be reported to the Corporate Compliance department via the whistleblower system. The department investigates these cases immediately (in compliance with legal requirements), independently, separately from the management chain and in accordance with the principle of "no judgement on one's own behalf". All internal investigations are conducted fairly, transparently and objectively, respecting the rights of all parties involved and without bias. The principle of the presumption of innocence always applies in order to ensure a fair and legally compliant examination of the facts.

Compliance training

All employees are obliged to take part in digital training courses on compliance issues every two years. The aim is to sensitise employees to ethically correct and legally impeccable behaviour. The compliance training courses last between 15 and 45 minutes.

Training is offered on the following topics:

» The basics of compliance
» Antitrust Law
» Dealing with conflicts of interest
» Prevention of corruption
» Data protection
» Prevention of insider trading

There is an increased risk of corruption and bribery in the areas of marketing, sales and purchasing.

G1-2: Management of relationships with suppliers

secunet maintains a strategic and responsible relationship with its suppliers 20, which is based on the principles of sustainability, transparency and social responsibility.

Supply Chain Compliance Management System (L-CMS)

In accordance with the requirements of the German Supply Chain Due Diligence Act (LkSG), secunet has established a Supply Chain Compliance Management System (L-CMS), which is integrated into the existing Compliance Management System. The L-CMS serves to identify human rights and environmental risks along the supply chain at an early stage, to minimise them effectively and, if necessary, to eliminate them consistently.

The L-CMS is specifically designed to fully implement and continuously develop the due diligence obligations of the LkSG. It enables secunet to systematically recognise potential risks, prevent them through preventive measures and, if necessary, respond with suitable remedial measures.

²⁰ For further information, see ESRS S2-1.

Supplier management

When selecting suppliers, secunet attaches great importance to social, environmental and ethical criteria. To ensure that these requirements are met, every new supplier is obliged to complete a supplier self-disclosure form using ESG risk management software.

This self-disclosure process serves as the basis for the evaluation and classification of the supplier. It involves checking the extent to which the supplier fulfils the social, environmental and ethical standards defined by secunet. At the same time, the strategic importance of the supplier is analysed.

Through this structured process, secunet ensures that only suppliers who fulfil the company's high requirements are included in the value chain. This not only supports the fulfilment of sustainability targets, but also minimises potential risks along the supply chain.

secunet attaches great importance to compliance with the principles of proper accounting, particularly with regard to the timeliness of invoice processing.

To ensure this, the responsible employee is proactively informed in the invoice management system when an invoice is overdue. In addition, we regularly check which invoices contain outstanding items so as to ensure that no invoice goes unnoticed.

secunet deliberately avoids long payment periods so as not to jeopardise the liquidity of small and medium-sized enterprises (SMEs) in particular. The agreed payment targets are consistently adhered to and invoices are processed swiftly by the relevant departments in order not to jeopardise the financial stability of suppliers and to enable trusting and longterm collaboration with suppliers.

G1-3: Prevention and detection of corruption and bribery

As an active participant in the UN Global Compact Germany 21, secunet is committed to combating and preventing corruption and bribery in all its forms. Our zero-tolerance policy is enshrined in the Code of Conduct for Employees and the Code of Conduct for Suppliers and Business Partners.

Anti-corruption policy

This principle is also set out in the separate, Group-wide internal anti-corruption guideline, which was updated and approved by the Management Board in the 2024 financial year. It serves to prevent corruption risks from arising and provides employees with clear guidelines for their day-to-day work. The anti-corruption guideline is based on the requirements of internationally recognised standards such as the UK Bribery Act and the Foreign Corrupt Practices Act (FCPA). It contains binding rules on the handling of donations in the private sector and towards public officials; in response to various employee queries, these are clarified in the new version by means of a graphic decision table. The guideline also regulates the application for donations and sponsoring actions as well as the commissioning of external personnel. Supplementary process descriptions ensure consistent implementation.

The anti-corruption guideline applies to all employees in all Group companies and is available on the intranet. It is updated annually and is an integral part of the internal control system (ICS) and the compliance management system. Compliance with the requirements is monitored by the Internal Audit department as part of its ongoing audits.

21 For further information, see ESRS S1-1.

The Compliance Office uses various communication channels (intranet, e-mails or an internal compliance blog) to inform the workforce about compliance-relevant requirements concerning anti-corruption or other regulatory changes.

Monitoring and audits

Compliance audits were carried out in cooperation with the Internal Audit department in order to detect violations. In the 2024 financial year, compliance with legal and internal company requirements was reviewed for the first time by means of compliance audits at the subsidiaries and measures were derived and recommendations made on the basis of the findings.

Reporting channels and whistleblower system

Clear reporting channels and contacts are defined in the anti-corruption guideline for reporting potential violations or obtaining further advice. Suspicious cases can be reported anonymously or personalised via the whistleblower system. This enables the systematic identification, investigation and prosecution of offences, allowing corruption risks to be recognised at an early stage and addressed effectively.

Compliance violations are reported to the Management Board and Supervisory Board annually and on an ad hoc basis.

Corruption prevention training

secunet employees are taught how to behave with integrity and in compliance with the rules in mandatory training courses held in a two-year cycle. The corruption prevention training courses cover the topics of anti-corruption and dealing with conflicts of interest. Furthermore, information on these topics is made permanently available on the intranet.

The training courses on anti-corruption and dealing with conflicts of interest cover the following topics:

» Dealing with donations from public officials
» Dealing with donations from the private sector
» Recognising and preventing conflicts of interest in the professional environment
» Risks and effects of conflicts of interest
» Dealing with conflicts of interest

Training in anti-corruption and dealing with conflicts of interest is mandatory for all employees. This means that 100% of the high-risk functions are covered by the two training modules. The management bodies are also trained via the two training modules. secunet does not currently offer any separate training courses for the Supervisory Board.

Training rates for the "Anti-corruption" and "Dealing with conflicts of interest" training courses 22:

	Organs (Boards)	Managers	Risk-exposed roles	Other employees
Coverage through "Corruption prevention" training
Total	11	167	119	938
Trained persons	10	159	114	893
Training rate	90.91 %	95.21 %	95.80 %	95.20 %
Coverage through "Dealing with conflicts of interest" training
Total	11	167	119	938
Trained persons	10	159	112	873
Training rate	90.91 %	95.21 %	94.12 %	93.07 %
Training method and duration
Computer-based training	30 min	30 min	30 min	30 min
Frequency	Every 2 years	Every 2 years	Every 2 years	Every 2 years

G1-4: Confirmed incidents of corruption or bribery

Number of convictions and level of fine:

Number of convictions for corruption and bribery offences	0
Level of fine for offences against corruption and bribery regulations	0

G1-5: Political influence and lobbying activities

As an IT security partner of the Federal Republic of Germany, secunet does everything in its power to ensure the confidentiality and integrity of communication infrastructures of companies and authorities at a high level by continuously developing its technologies.

secunet is actively and transparently involved in social and political dialogue, particularly in the areas of IT and cybersecurity as well as digital infrastructures.

For the purpose of representing interests, discussions are held with representatives of the federal ministries and with members of the German Bundestag to explain technical issues and the need for change with regard to a large number of topics that are of great importance as framework conditions for business activity, including the situation concerning the company's employees.

Organisation and responsibility for lobbying activities

The original responsibility for overseeing lobbying activities within the secunet Group lies with the CEO, who has delegated operational implementation to the Public Affairs department. The Public Affairs department is responsible for developing strategies to represent the interests of the secunet Group in the political arena. The Public Affairs department also advises and supports management in communicating and representing interests to political decision-makers.

secunet is involved in numerous industry associations and is committed to maintaining a fair competitive environment. In doing so, secunet ensures that all political lobbying is carried out in compliance with antitrust regulations. The aim is to promote framework conditions that strengthen innovation and safety without compromising competition.

Antitrust guideline

A key basis for secunet Group's lobbying activities is the antitrust guideline, which defines specific requirements for dealing with political decision-makers and institutions. It ensures that all lobbying activities are carried out in accordance with the rules, transparently and in compliance with the applicable antitrust regulations. This includes clear internal processes for managing and monitoring interest groups in order to avoid risks such as unauthorised influence or anti-competitive cooperation.

The aim of the guideline is to prevent antitrust violations and suspected violations and to maintain confidence in the lawful behaviour of secunet and its employees. The guideline aims to implement the applicable German (e. g. Amendments to Act against Restraints of Competition, GWB) and European antitrust law.

It sets binding standards for compliance with national and European competition rules and provides clear guidelines for dealing with competitors, customers and suppliers. It also regulates behaviour in the event of a strong market position and official investigations (dawn raids).

All employees are obliged to attend regular training sessions on antitrust law 23. Participation is monitored and documented by the Corporate Compliance department. In addition, the whistleblower system offers the option of reporting potential violations anonymously or openly. This system helps to identify, analyse and effectively address risks at an early stage.

The guideline, last updated and approved by the Management Board in 2023, applies to all secunet Group companies and employees. The Corporate Compliance department is responsible for the operational implementation of the guideline with the support of the Legal department. The antitrust guideline can be downloaded by employees from the intranet. It acts as a basic minimum standard for all company activities, is an integral part of the compliance management system and is subject to an annual update review. Compliance with the requirements is reviewed by Internal Audit.

Lobby register

secunet is registered in both the German Lobby Register and the EU Transparency Register and is thus committed to transparent and responsible lobbying.

Transparency Register	Register number
EU Transparency Register	533422038902-36
Lobby register for the representation of interests vis-à-vis the German Bundestag and the Federal Government	R001612

23 For further information on compliance training, see G1-1.

Financial expenses for lobbying activities

In the financial year 2024, secunet Group's financial expenditure 24 for lobbying activities in Germany totalled 169,000 euros. This amount comprises rounded amounts from pro rata personnel costs 25, infrastructure costs, representation costs, external consultancy and support services and other costs, including the costs of memberships in associations. 26

A total of 98,000 euros was spent on lobbying activities with European Union organisations – not including EU nation states. This sum is made up of pro rata personnel costs, travel expenses, membership fees paid and costs for the back office and administration.

Company-specific topics

Information security

The customers of secunet mainly come from the public sector, including national and international governments, ministries and authorities as well as quasi-governmental organisations. The focus is also on the German armed forces and organisations in the defence sector as well as organisations with security tasks such as the police and border guards. The company also addresses areas in which there are special IT security requirements – such as healthcare, critical infrastructure and industry.

Our customers strive for digital sovereignty, i. e. control over the data they process that is as secure and trustworthy as possible. secunet also makes a valuable contribution to state sovereignty in the area of administrative digitalisation and the digitalisation of the German armed forces by enabling state secrets to be protected with trustworthy IT systems.

Through its product portfolio, secunet makes a contribution to societal issues with regard to the needs for data protection, information security and digital sovereignty. Data protection or informational self-determination is one of the fundamental rights of citizens in the European Union. Information security is an essential building block for ensuring effective data protection. Digital sovereignty refers to all efforts to achieve successful digitalisation without new structural, economic and political dependencies. Information security plays an essential role in this area as well.

As part of the materiality analysis, we identified a key company-specific topic in connection with our customers: the topic of information security, which materialises in the form of cybersecurity, data protection and data security.

²⁴ The information on financial performance is based on internal company surveys.

²⁵ In line with the requirements of the Lobby Register Act, a factor of 0.3 was used to determine the personnel costs.

²⁶ The amount of expenditure that the individual associations have budgeted for lobbying in the 2024 financial year has not yet been determined. The calculation was based on the figures from the 2023 financial year.

The following impacts, risks and opportunities have been identified:

IROs		Position in the value chain			Time horizon
		Up stream	Own activi ties	Down stream	Short term	Medi um term	Long term
Contribution to information and data security secunet is a trustworthy provider in the field of IT security and ensures trustworthy digitalisation.	Actual positive impact	X	X	X	X	X	X
Constant demand for secunet products Functioning, reliable IT security ensures trustworthy digitalisation for customers, lasting demand for secunet products and therefore secunet's long-term business success.	Opportunity		X		X	X	X
Loss of trust Systematic weaknesses destroy trust in secunet and the business model, which can lead to a decline in orders and the loss of sales.	Risk		X		X	X	X

The list of IROs contains sustainability aspects which, if not managed appropriately, can lead to advantages and disadvantages for customers (positive and negative impacts) and to potential positive and negative financial impacts (opportunities and risks).

Information / data security is a core element of secunet's strategy and business model. Our strategy and business model are therefore closely linked to the actual impact on our customers.

The main risks and opportunities for secunet in relation to information security, and thus to our customers, are closely linked to the impacts. In fact, the absence of positive impacts, for example as a result of unresolved security weaknesses, is associated with the risk of customer migration and a decline in demand. This would have a negative impact on sales and EBIT. Conversely, if customer satisfaction and loyalty are high, if secunet is recommended to others and benefits from a good image, there is a prospect of growing sales and EBIT. In both cases, the same measures contribute that are used for the impacts. Fast problem-solving capacity and reliability minimise the risks and increase the opportunities for secunet.

There are therefore many interactions between IROs and the strategy and business model.

Policies

There are close interactions between the impacts, risks and opportunities in connection with our customers. They are primarily influenced by our products and services. These are designed to assure information security, in particular by using cryptographic methods. Information security is, in itself, an essential precondition for digitalization based on trust.

Moreover, information security lays a foundation for effective data protection. The applicable technical requirements, as set out in the EU GDPR for example, are supplemented by consultative approaches and coupled with organisational measures.

Information security and data protection are of paramount importance in all our dealings with customers:

» Our IT security partnership with the Federal Republic of Germany as well as the extensive number of secunet products and solutions that have been approved and certified by the Federal Office for Information Security are good indicators of this.
» secunet also works towards ensuring data security and data protection by providing consultancy services in the fields of information security management systems and data protection. The increase in revenue and the growing proliferation of secunet solutions from year to year, particularly in the public sector, are proof that the number of customers who place their trust in secunet in this regard is rising.

Digitalisation is increasingly taking place in the cloud, meaning that digital processes no longer take place on local platforms, but as-a-Service in the cloud. The topic of IT security is also linked here with the characteristic of digital sovereignty.

The debate concerning digital sovereignty has its origins in the discussion about the security of 5G networks. The same situation has now emerged with cloud services. Until now, many customers have often only been able to use large cloud operators from America or China. The focus here is on the dependencies that have already arisen and the difficulties of still providing a secure and available infrastructure despite this degree of dependency.

Here, in particular, secunet translates the term "digital sovereignty" as freedom of choice for users who require cloud infrastructures for sensitive data (authorities, eHealth, critical infrastructures). SINA Cloud extends the tried-and-tested SINA security architecture to include a modern cloud platform and meets the need for digital sovereignty. With this, we are developing a certifiable and transparent solution with a high level of security as a cloud operating system that allows customers to build their own cloud infrastructure with a ready-to-use on-premise solution. The security mechanisms of SINA Cloud were approved in 2024 for the processing of classified information up to the classification SECRET. Technological building blocks for digital sovereignty – such as a cloud operating system, encryption, virtualisation and operational competence – are available at any rate.

We have structured our own internal processes to ensure a high level of data security and data protection. To this end, we have integrated comprehensive measures in our business processes and implemented due diligence processes. We pursue our corresponding objectives with the assistance of the CISO and the secunet data protection officer. secunet AG is certified according to DIN EN ISO/IEC 27001:2017 and thus meets stringent quality standards with regard to in-house information security. The continuous refinement of associated technical and organisational security measures is indicative of our commitment to providing the greatest possible data protection. We communicate requirements on data security and data protection to our suppliers via the General Terms and Conditions, which form the basis for the provision of services.

The product and service strategy therefore essentially relates to the company's own business division. In some cases, it relates to the upstream value chain, e. g. when it comes to hardware components that are included in the solutions. Technical and qualitative specifications are then made, compliance with which is checked as part of the development and subsequent procurement processes. The product and service strategy also relates to the downstream value chain when feedback is obtained from customers on their satisfaction with the products and services.

The creation of data security, data protection and digital sovereignty is closely linked to the risk of not fulfilling the product promise with regard to security. The effects on our customers are data leaks, data protection incidents, loss of informational self-determination, breaches of confidentiality and declining trust in digitalisation. secunet mitigates these effects through its own quality assurance, approval processes and certifications in product development as well as through incident management in product operation.

The Management Board of secunet AG decides on the product and service strategy. Product Management, Development Areas, Quality Assurance, Purchasing and Supply Chain Management as well as Quality Management are responsible for implementation. The smoothest possible implementation is monitored by the Management Board divisions.

Our customers are integrated into the processes in various ways. The Federal Office for Information Security is involved at various points in products and solutions that undergo an approval process, representing customers in German public administrations and organisations. Regular consultations with BSI, during which future requirements are discussed, are incorporated into the long-term product strategy. In the case of development projects that are carried out as contract development, the client may also be involved.

Processes to address negative impacts and channels through which customers can raise concerns

The following communication channels are used to identify possible issues that indicate negative impacts:

» coordination with the Federal Office for Information Security on threats to IT security and their potential effects on the product portfolio developed in cooperation with the BSI or on behalf of the BSI,
» the error messages received by customer support (Service Centre),
» the communication between secunet customers and the responsible key account managers,
» analyses of so-called CVE (Common Vulnerability Exploits) reports, which provide information about security weaknesses in software components, and
» information from manufacturers whose products are used in secunet solutions.

The following processes are used to process the potential negative impacts disclosed this way, differentiated here according to the degree of impact intensity:

» Enquiries to the service desk (customer support) are answered immediately where possible or at least their processing is indicated to the customer. In the case of more complex issues, for example when second or third level support has to be called in, processing can also take a longer period of time.
» Information from consultations with the BSI, from CVE reports and from information from manufacturers is evaluated with regard to its impact. If a significant impact is identified, organisational measures are usually recommended first. In addition, bug fixes are often provided by adapting the solution software, for example.

In the latter case, the BSI often checks whether the bug fixes fulfil the requirements of the previously issued approvals. This also allows the effectiveness of the measure to be evaluated.

Actions

The main effects of our activities on our customers are primarily positive, as they go hand in hand with enabling secure, trustworthy digitalisation. The associated data and information protection is the result of secure products and solutions as well as accompanying advice with regard to technical and organisational measures for data protection and information security, which secunet provides to its customers and end users. The product portfolio offered by secunet thus corresponds to the measures to be reported. The effectiveness of these measures is demonstrated by the fact that no negative consequences of security weaknesses in connection with the proper use of secunet products have become known or are on record due to the comprehensive internal quality assurance, the authorisation processes (e. g. by the BSI) and the ongoing incident management by secunet.

Individual action plans and resources for these measures relate to secunet's strategy in terms of product portfolio and product development. This strategy is classified as an internal secunet matter and confidential. In addition, the product strategy approaches that are developed in collaboration with the Federal Office for Information Security and with customers, for example, are subject to confidentiality. It is therefore not possible to report on action plans and resources here.

The funds made available or spent on impact management are primarily personnel expenses that are already incurred in connection with product management, development, quality assurance, authorisation, warehousing, and sales and customer support. There are no significant amounts of specifically allocated funds to report.

In principle, secunet's product portfolio has a positive impact on our customers. Nevertheless, technical and security problems are conceivable that could have a negative impact on the unrestricted benefits of the product portfolio. Information on such restrictions reaches secunet via customer support, via the ongoing monitoring of so-called CVE reports, via the ongoing exchange with the BSI and via various informal communication channels in the IT security industry. If these notifications relate to potential security weaknesses, they are evaluated and, if necessary, mitigated with the appropriate measures (customer communication, development of bug fixes, etc.). These remedial measures, insofar as they are associated with the technical and security features of the products, are subject to internal quality assurance and, if necessary, also the approval routines of the BSI. This ensures that the measures are effective.

All of the measures described here are aimed at all of secunet's customers and end users. They are designed for the long term, i.e. the time horizon is continuous. The associated expenses (OpEx) and investments (CapEx) correspond to the amounts recognised for secunet's business activities in the annual financial statements. The success of the measures is measured in the same way as secunet's business success or can be derived from it.

Customer satisfaction: NPS and CRI

We conduct an annual customer satisfaction survey.

The Net Promoter Score (NPS) is calculated for this purpose. The NPS is a simple method of measuring customer satisfaction with a particular brand or company and its products. In a short survey, customers are asked about their willingness to recommend the company to others.

On a scale of 0 to 10, you can indicate your response to the simple question "Would you recommend secunet to others?" All respondents who select between 0 and 6 are considered to be "critics", assessments 7 and 8 are not taken into account and only 9 or 10 are counted as "promoters". An index is then formed: % promoters - % detractors = NPS with a value between -100 and +100. This serves as an assessment of customer loyalty.

However, the NPS is statistically vulnerable and remains vague. This is why we use four additional questions (overall satisfaction, continuation of the customer relationship, perceived competitive advantage, recommendation to others) to determine the so-called Customer Retention Index (CRI). This provides us with further information on the degree of customer loyalty (based on an index number).

Customer satisfaction indicator	2022	2023	2024
NPS	17	33	17
CRI	70	78	71

Data points from EU legislation

The following table contains the data points derived from other EU legislation as listed in Annex B of ESRS 2. It shows where these data points can be found in our report and flags those that have been categorised as "not material".

Not material: information not material to reporting Not relevant: information not relevant to business operations

Disclosure			SFDR reference	Pillar 3 reference	Benchmark regulation	EU climate law reference	Page / materiality
requirement	Data point	Description
ESRS 2 GOV-1	21 (d)	Board's gender diversity	X		X		P. 94
ESRS 2 GOV-1	21 (e)	Percentage of board members who are independent			X		P. 95
ESRS 2 GOV-4	30	Statement on due diligence	X				P. 97
ESRS 2 SBM-1	40 (d) i	Involvement in activities related to fossil fuel activities	X	X	X		Not relevant
ESRS 2 SBM-1	40 (d) ii	Involvement in activities related to chemical production	X		X		Not relevant
ESRS 2 SBM-1	40 (d) iii	Involvement in activities related to controversial weapons	X		X		Not relevant
ESRS 2 SBM-1	40 (d) iv	Involvement in activities related to cultivation and production of tobacco			X		Not relevant
ESRS E1-1	14	Transition plan to reach climate neutrality by 2050				X	Not relevant
ESRS E1-1	16 (g)	Untertakings excluded from Paris-aligned Benchmarks		X	X		Not relevant
ESRS E1-4	34	GHG emission reduction targets	X	X	X		Not relevant
ESRS E1-5	38	Energy consumption from fossil sources disaggregated by sources (only high climate impact sectors)	X				Not relevant
ESRS E1-5	37	Energy consumption and energy mix	X				P. 112
ESRS E1-5	40-43	Energy intensity associated with activities in high climate impact sectors	X	X			Not relevant
ESRS E1-6	44	Gross Scope 1, 2, 3 and Total GHG emissions	X	X	X		P. 113 ff.
ESRS E1-6	53-55	Intensity of gross GHG emissions	X		X		P. 117
ESRS E1-7	56	Removal of greenhouse gases and carbon certificates				X	Not relevant
ESRS E1-9	66	Exposure of the benchmark portfolio to climate-related physical risks			X		Not relevant
ESRS E1-9	66 (a); 66 (c)	Disaggregation of monetary amounts by acute and chronic physical risk. Location of significant assets at material physical risk	X				Not relevant
ESRS E1-9	67 (c)	Breakdown of the carrying value of its real estate assets by energy-efficiency classes		X			Not relevant

Disclosure requirement	Data point	Description	SFDR reference	Benchmark regulation	Page / materiality
ESRS E1-9	69	Degree of exposure of the portfolio to climate related opportunities		X	Not relevant
ESRS E2-4	28	Amount of each pollutant listed in Annex II of the E-PRTR Regulation (European Pollutant Release and Transfer Register) emitted to air, water and soil	X		Not material
ESRS E3-1	9	Water and marine resources	X		Not material
ESRS E3-1	13	Dedicated policy	X		Not material
ESRS E3-1	14	Sustainable oceans and seas	X		Not material
ESRS E3-4	28 (c)	Total water recycled and reused	X		Not material
ESRS E3-4	29	Total water consumption in m3 per net revenue on own activities	X		Not material
ESRS 2 - SBM 3 - E4	16 (a) i	–	X		Not material
ESRS 2 - SBM 3 - E4	16 (b)	–	X		Not material
ESRS 2 - SBM 3 - E4	16 (c)	–	X		Not material
ESRS E4-2	24 (b)	Sustainable land / agriculture practices or policies	X		Not material
ESRS E4-2	24 (c)	Sustainable oceans / seas practices or policies	X		Not material
ESRS E4-2	24 (d)	Policies to address deforestation	X		Not material
ESRS E5-5	37 (d)	Non-recycled waste	X		P. 120
ESRS E5-5	39	Hazardous and radioactive waste	X		Not relevant
ESRS 2 - SBM 3 - S1	14 (f)	Risk of forced labour	X		Not relevant
ESRS 2 - SBM 3 - S1	14 (g)	Child labour	X		Not relevant
ESRS S1-1	20	Human rights policy commitments	X		P. 134 f.
ESRS S1-1	21	Due diligence policies on issues addressed by the fundamental International Labour Organization Conventions 1 to 8		X	P. 134 f.
ESRS S1-1	22	Processes and measures for preventing trafficking in human beings	X		P. 135
ESRS S1-1	23	Workplace accident prevention policy or management system	X		P. 137
ESRS S1-3	32 (c)	Grievance / complaints handling mechanisms	X		P. 136

Disclosure requirement	Data point	Description	SFDR reference	Benchmark regulation	Page / materiality
ESRS S1-14	88 (b) & (c)	Number of fatalities and number and rate of work-related accidents	X	X	P. 141
ESRS S1-14	88 (e)	Number of days lost to injuries, accidents, fatalities or illness	X		P. 141
ESRS S1-16	97 (a)	Unadjusted gender pay gap	X	X	P. 141
ESRS S1-16	97 (b)	Excessive remuneration of members of the management bodies	X		P. 142
ESRS S1-17	103 (a)	Incidents of discrimination	X		P. 142
ESRS S1-17	104 (a)	Non-compliance with the United Nations Guiding Principles on Business and Human Rights and the OECD Guidelines	X	X	P. 142
ESRS 2 - SBM3 - S2	11 (b)	Significant risk of child labour or forced labour in the value chain	X		P. 143 f.
ESRS S2-1	17	Human rights policy commitments	X		P. 144 f.
ESRS S2-1	18	Policies related to value chain workers	X		P. 144 f.
ESRS S2-1	19	Non-compliance with the United Nations Guiding Principles on Business and Human Rights and the OECD Guidelines		X	P. 144 f.
ESRS S2-1	19	Due diligence policies on issues addressed by the fundamental International Labour Organization Conventions 1 to 8	X		P. 144 f.
ESRS S2-4	36	Human rights issues and incidents connected to its upstream and downstream value chain	X		P. 148
ESRS S3-1	16	Human rights policy commitments	X		Not material
ESRS S3-1	17	Non-compliance with the United Nations Guiding Principles on Business and Human Rights, the ILO Principles or the OECD Guidelines	X	X	Not material
ESRS S3-4	36	Human rights isssues and incidents	X		Not material
ESRS S4-1	16	Policies related to consumers and end-users	X		Not material
ESRS S4-1	17	Non-compliance with the United Nations Guiding Principles on Business and Human Rights and the OECD Guidelines	X	X	Not material
ESRS S4-4	35	Human rights issues and incidents	X		Not material
ESRS G1-1	§ 10 (b)	United Nations Convention against Corruption	X		P. 152
ESRS G1-1	§ 10 (d)	Protection of whistleblowers	X		P. 153 f.
ESRS G1-4	§ 10 (d)	Fines for offences against corruption and bribery regulations	X	X	P. 157
ESRS G1-4	§ 24 (b)	Standards of anti-corruption and anti-bribery	X		P. 155 f.

Management Board reportpursuant to Section 312 (3) AktG

Pursuant to Section 312 (3) of the German Stock Corporation Act (AktG), the Management Board has issued a report on the relations with affiliated companies for the 2024 financial year. The report contains the following closing statement: "It is hereby declared that, according to the circumstances known to the Management Board in which the legal transaction was undertaken, our Company received an appropriate consideration for each of the legal transactions listed and was not disadvantaged. This assessment has been made on the basis of the circumstances known at the time of the reportable proceedings. There were no further reportable legal transactions, measures or omissions in addition to the activities reported."

Essen, 25 March 2025

Axel Deininger Torsten Henn

Dr. Kai Martius Jessica Nospers

3.Consolidated Financial Statements

of secunet Security Networks Aktiengesellschaft, Essen

170	Consolidated balance sheet
172	Consolidated income statement
173	Group statement of comprehensive income
174	Consolidated cash flow statement
176	Consolidated statement of changes in equity
178	Notes to the Consolidated Financial Statements
232	Independent auditor's report

244 Responsibility statement

169

Consolidated Financial Statements

of secunet Security Networks Aktiengesellschaft, Essen

Consolidated balance sheet

(according to IFRS) as at 31 December 2024

Assets

in euros	Note	31 Dec 2024	31 Dec 2023
Current assets
Cash and cash equivalents	1	57,682,113.94	41,269,674.54
Trade receivables	2, 11	84,807,157.94	88,896,835.69
Intercompany financial assets	2	42,680.84	1,234,850.54
Contract assets	2, 11	3,286,668.57	2,872,998.07
Inventories	7	53,852,840.96	48,033,717.04
Other current assets	2	6,742,352.92	4,234,838.59
Income tax receivables		1,337,152.14	6,047,856.47
Total current assets		207,750,967.31	192,590,770.94
Non-current assets
Property, plant and equipment	3	13,353,481.00	11,492,598.69
Right-of-use assets	5	22,263,140.52	17,376,742.30
Intangible assets	4	36,694,810.65	35,690,375.98
Goodwill	6	47,627,601.69	47,627,601.69
Non-current financial assets	8	6,306,820.30	6,438,407.00
Deferred taxes	9	5,852,002.00	3,241,252.60
Other non-current assets	2	19,800,609.62	14,180,063.10
Total non-current assets		151,898,465.78	136,047,041.36

Total assets 359,649,433.09 328,637,812.30

Liabilities

in euros	Note	31 Dec 2024	31 Dec 2023
Current liabilities
Trade accounts payable	10	41,611,809.36	32,354,865.81
Intercompany payables	10	151,549.96	173,410.58
Lease liabilities	5, 10	6,299,664.89	5,032,943.46
Short-term loans and current portion of long-term loans	10	1,289,258.41	1,161,643.18
Other provisions	13	25,331,506.94	18,660,695.33
Income tax liabilities	10	760,642.62	51,235.23
Other current liabilities	10	7,274,804.30	22,938,684.64
Contract liabilities	10, 11	33,124,992.52	32,522,556.53
Total current liabilities		115,844,229.00	112,896,034.76
Non-current liabilities
Leasing commitments	5, 10	16,576,462.14	12,897,754.89
Other non-current liabilities	10	2,870,595.94	2,977,256.29
Deferred taxes	9	11,229,546.92	11,006,351.21
Provisions for pensions	12	6,360,121.00	6,575,285.00
Other provisions	13	2,708,865.09	1,686,058.24
Contract liabilities	10, 11	53,226,350.08	42,755,799.98
Total non-current liabilities		92,971,941.17	77,898,505.61
Equity
Subscribed capital	15	6,500,000.00	6,500,000.00
Capital reserves	15	21,922,005.80	21,922,005.80
Other reserves	15	-383,196.11	-701,105.06
Revenue reserves	15	122,710,681.16	110,026,191.28
Equity attributable to parent company shareholders		150,749,490.85	137,747,092.02
Non-controlling interests	15	83,772.07	96,179.91
Total equity	15	150,833,262.92	137,843,271.93
Total liabilities		359,649,433.09	328,637,812.30

Consolidated income statement

(according to IFRS) for the period from 1 January 2024 to 31 December 2024

in euros	Note	1 Jan – 31 Dec 2024	1 Jan – 31 Dec 2023
Sales revenue	16	406,384,082.96	393,684,906.62
Cost of sales		-309,058,581.35	-306,314,193.46
Gross profit on sales		97,325,501.61	87,370,713.16
Selling expenses		-28,798,366.91	-26,052,197.05
Research and development costs	18	-13,687,038.46	-10,340,995.05
General administrative costs		-11,585,990.72	-10,614,200.80
Impairment losses on trade receivables and contract assets	2	-699,036.47	-30,273.84
Other operating income		22,894.40	2,664,748.40
Other operating expenses		-54,028.44	-13,495.80
Earnings before interest and taxes (EBIT)		42,523,935.01	42,984,299.02
Interest income	19	771,256.94	1,888.35
Interest expenses	19	-1,370,377.40	-896,624.50
Earnings before taxes (EBT)		41,924,814.55	42,089,562.87
Income taxes	20	-13,984,707.79	-13,088,076.73
Group profit for the period		27,940,106.76	29,001,486.14
of which attributable to shareholders of secunet AG		27,952,514.60	29,150,004.30
of which attributable to minority interests	15	-12,407.84	-148,518.16
Earnings per share (diluted / undiluted)		4.32	4.51
Average number of shares outstanding (diluted / undiluted, units)		6,469,502	6,469,502

Group statement of comprehensive income

(according to IFRS) for the period from 1 January 2024 to 31 December 2024

in euros	Note	1 Jan – 31 Dec 2024	1 Jan – 31 Dec 2023
Group profit for the period		27,940,106.76	29,001,486.14
Items not reclassified to the income statement
Revaluation of defined benefit pension plans	15	467,307.00	-720,103.00
Income tax attributable to components of the other comprehensive income / loss		-149,398.05	230,216.93
		317,908.95	-489,886.07
Other comprehensive income / loss		317,908.95	-489,886.07
Consolidated comprehensive income / loss		28,258,015.71	28,511,600.07
of which attributable to shareholders of secunet AG		28,270,423.55	28,660,118.23
of which attributable to minority interests		-12,407.84	-148,518.16

Consolidated cash flow statement

(according to IFRS) for the period from 1 January 2024 to 31 December 2024

in euros	1 Jan – 31 Dec 2024	1 Jan – 31 Dec 2023
Cash flow from operating activities
Earnings before taxes (EBT)	41,924,814.55	42,089,562.87
Depreciation and amortisation of tangible and intangible fixed assets	17,791,253.50	17,459,808.40
Other non-cash income	-72,750.35	-2,544,474.30
Change in provisions	7,347,061.08	1,591,574.15
Book losses on the sale of intangible assets and of property, plant and equipment	31,134.04	6,194.10
Interest result	599,120.46	894,736.15
Change in receivables, contract assets, inventories and other assets	-8,933,507.12	8,571,795.27
Change in liabilities and contract liabilities	13,393,992.33	6,242,419.49
Tax paid	-11,101,547.81	-22,435,739.47
Cash from operating activities	60,979,570.68	51,875,876.66
Cash flow from investing activities
Purchase of intangible assets and of property, plant and equipment	-14,133,434.99	-8,807,774.18
Proceeds from the sale of intangible assets and of property, plant and equipment	82,673.70	49,648.90
Purchase of financial assets	-60,257.42	-61,625.40
Proceeds from financial assets	119,093.77	65,571.70
Acquisition of subsidiaries less cash and cash equivalents acquired	-8,750,000.00	0.00
Cash outflow from investing activities	-22,741,924.94	-8,754,178.98
Cash flow from financing activities
Proceeds from short-term or long-term loans	1,329,869.96	2,739,956.52
Dividend payment	-15,268,024.72	-18,502,775.72
Repayment portion of lease payments	-6,577,912.77	-5,978,543.88
Interest received	771,256.94	1,888.35
Interest paid	-771,677.02	-688,069.63
Loan repayments	-1,308,718.73	-904,028.14
Cash outflow from financing activities	-21,825,206.34	-23,331,572.50
Change in cash and cash equivalents	16,412,439.40	19,790,125.18
Cash and cash equivalents at the beginning of the period	41,269,674.54	21,479,549.36
Cash and cash equivalents at the end of the period	57,682,113.94	41,269,674.54

For further explanations, see Note 21.

175

Consolidated statement of changes in equity

(according to IFRS) for the period from 1 January 2024 to 31 December 2024

Other reserves Other reserves

Revaluation of defined benefit pension plans

Income taxes allocated to components of the other comprehensive income / loss

Equity of secunet AG shareholders

in euros	Subscribed capital	Capital reserves	Reserve for treasury shares
Equity as at 31 Dec 2022 / 1 Jan 2023	6,500,000.00	21,922,005.80	-103,739.83
Group profit for the period 1 Jan – 31 Dec 2023			0.00
Other comprehensive income / loss 1 Jan – 31 Dec 2023			0.00
Consolidated comprehensive income 1 Jan – 31 Dec 2023			0.00
Dividend payment			0.00
Equity as at 31 Dec 2023 / 1 Jan 2024	6,500,000.00	21,922,005.80	-103,739.83
Group profit for the period 1 Jan – 31 Dec 2024			0.00
Other comprehensive income / loss 1 Jan – 31 Dec 2024			0.00
Consolidated comprehensive income 1 Jan – 31 Dec 2024			0.00
Dividend payment			0.00
Equity as at 31 Dec 2024	6,500,000.00	21,922,005.80	-103,739.83

For further information on the development of the Group's equity, see Note 15.

					Other reserves
Total	Non-controlling interests	Equity of secunet AG shareholders	Retained earnings	Total other reserves	Income taxes allocated to components of the other comprehensive income / loss	Revaluation of defined benefit pension plans
127,834,447.58	244,698.07	127,589,749.51	99,378,962.70	-211,218.99	84,027.04	-191,506.20
29,001,486.14	-148,518.16	29,150,004.30	29,150,004.30	0.00	0.00	0.00
-489,886.07	0.00	-489,886.07	0.00	-489,886.07	230,216.93	-720,103.00
28,511,600.07	-148,518.16	28,660,118.23	29,150,004.30	-489,886.07	230,216.93	-720,103.00
-18,502,775.72	0.00	-18,502,775.72	-18,502,775.72	0.00	0.00	0.00
137,843,271.93	96,179.91	137,747,092.02	110,026,191.28	-701,105.06	314,243.97	-911,609.20
27,940,106.76	-12,407.84	27,952,514.60	27,952,514.60	0.00	0.00	0.00
317,908.95	0.00	317,908.95	0.00	317,908.95	-149,398.05	467,307.00
28,258,015.71	-12,407.84	28,270,423.55	27,952,514.60	317,908.95	-149,398.05	467,307.00
-15,268,024.72	0.00	-15,268,024.72	-15,268,024.72	0.00	0.00	0.00
150,833,262.92	83,772.07	150,749,490.85	122,710,681.16	-383,196.11	164,845.92	-444,302.20

Consolidated statement of changes in equity

(according to IFRS) for the period from 1 January 2024 to 31 December 2024

For further information on the development of the Group's equity, see Note 15.

Notes to the Consolidated Financial Statements

for the 2024 financial year (according to IFRS)

General principles

Reporting company

secunet Security Networks Aktiengesellschaft (hereinafter referred to as "secunet AG" or "secunet") is registered with Essen Local Court, Germany (under HRB 13615). It is a listed company in the Prime Standard segment of the regulated market in Frankfurt. The address of the company's registered office is: secunet Security Networks Aktiengesellschaft, Kurfürstenstrasse 58, 45138 Essen, Germany.

secunet Group (hereinafter referred to as "secunet") and secunet Security Networks Aktiengesellschaft, Essen, is a German provider of high-quality cyber security solutions and an IT security partner of the Federal Republic of Germany. secunet offers public-sector clients and private-sector companies a comprehensive portfolio of products and consulting services for the protection of data, infrastructures and digital identities, as well as for information transmission, storage and processing. This includes, above all, network components with BSI-approved encryption technology up to the highest security level.

secunet covers the entire value chain from analysis and design to development, integration, operation, maintenance and support of the solutions. The portfolio is generally geared towards large-scale infrastructures and focuses on areas in which there are special requirements on IT security – such as the cloud, the Internet of Things, eGovernment, eHealth and biometrics.

Declaration of compliance with IFRS

The Consolidated Financial Statements have been prepared in accordance with the International Financial Reporting Standards (IFRS) as applicable in the European Union. The requirements of Sections 315, 315e (1) of the German Commercial Code (Handelsgesetzbuch, HGB) have been met. The IFRS standards used consist of the IFRS as newly issued by the International Accounting Standards Board (IASB), the International Accounting Standards (IAS), and the interpretations of the International Financial Reporting Interpretations Committee (IFRIC) and of the Standing Interpretations Committee (SIC). All standards and interpretations issued by the IASB and applicable at the time of preparation of the Consolidated Financial Statements have been implemented, provided that they have been endorsed by the EU. In this respect the Consolidated Financial Statements of secunet AG comply with IFRS.

The Consolidated Financial Statements and the summarised Management Report – Company and Group Management Report were released by the Management Board on 25 March 2025 following their preparation.

Disclosure

The Consolidated Financial Statements – as well as the Annual Financial Statements of secunetAG – are filed with the operator of the central register of companies and subsequently announced there. They are available for download on the website https://www.secunet.com/ en/about-us/investors. They may also be requested from secunet AG at the above address or inspected at the Company's business premises.

Parent company

The parent company is Giesecke + Devrient GmbH based in Munich, Germany. It holds a direct share of 75.12% in secunet AG.

Via the Consolidated Financial Statements of Giesecke + Devrient GmbH, Munich (smallest consolidated group), the Consolidated Financial Statements of secunetAG are included in the Consolidated Financial Statements of MC Familiengesellschaft mbH, Munich, which prepares the Consolidated Financial Statements for the largest group of companies. The Consolidated Financial Statements of MC Familiengesellschaft mbH and Giesecke + Devrient GmbH are filed with the operator of the central register of companies.

First-time adoption of new and revised standards and interpretations

Compared with the Consolidated Financial Statements as at 31 December 2023, the following new and revised standards and interpretations were to be applied for the first time following the EU endorsement or entry into force of the standard / interpretation:

Standard / interpretation	Key amendment	Entry into force for financial years commenc ing on or after:
Revised standards
Amendments to IAS 1	Classification of liabilities as current or non-cur rent (incl. deferral of time of first-time adoption) and Non-current liabilities with covenants	1 January 2024
Amendments to IFRS 16	Lease liability in a sale-and-lease-back transaction	1 January 2024
Amendments to IAS 7 and IFRS 7	Supplier Finance Arrangements	1 January 2024

The application of the modified standards did not have any material impact on the Consolidated Financial Statements.

New accounting rules

The following standards and interpretations had been published at the time the Financial Statements were prepared but were either not yet required to be applied in accordance with the provisions of the respective standard or interpretation, or had not yet been endorsed by the EU.

Standard / interpretation	Key amendment	First-time adoption
Amended standards (EU endorsement completed by 31 December 2024)
Amendments to IAS 21	Lack of exchangeability of currencies	FJ 2025
Modified standards (not yet endorsed by the EU)
Amendments to IFRS 9 and IFRS 7	Classification and measurement of financial instruments	FJ 2026
Amendments to IAS 7, IFRS 1, IFRS 7, IFRS 9 and IFRS 10	Annual Improvements to IFRS – Volume 11	FJ 2026
IFRS 18	Presentation and disclosures in the financial statements	FJ 2027
IFRS 19	Subsidiaries without public accountability: Disclosures	FJ 2027

An early adoption of these standards and interpretations is not planned.

With exception of IFRS 18, no material effects on the secunet Consolidated Financial Statements are expected to result from adopting the new and amended standards and interpretations. The analysis of the effects of IFRS 18 will start at a later date.

Accounting principles

The present Consolidated Financial Statements as at 31 December 2024, with the exception of the amendments due to the first-time adoption of new or amended IAS / IFRS provisions above, have been prepared using the same accounting and measurement methods and the same methods of computation as in the previous year. The Consolidated Financial Statements have been prepared on the assumption that the Company is a going concern. Items in the balance sheet as at 31 December 2024 are classified by maturity. The income statement is based on the cost-of-sales method. In order to improve the clarity of presentation, various items in the consolidated balance sheet and consolidated income statement have been summarised and are explained in the notes.

The Consolidated Financial Statements of secunet AG are presented in euros. All amounts are stated in euros, unless indicated otherwise.

Consolidated group

In addition to secunet Security Networks Aktiengesellschaft, the Consolidated Financial Statements include all associate companies that are controlled by secunet AG. Control is considered to be in place if secunet has the authority to dispose of the associate company, has a right to variable returns from participation and has the opportunity to use the authority to dispose of the associate company in a way that can influence the variable returns.

The consolidated Group has not changed compared to the previous year.

As at 31 December 2024, the consolidated Group consisted of the parent company secunetAG and six (previous year: six) fully consolidated subsidiaries.

In accordance with IFRS, the subsidiaries report the following figures:

Company	Registered office	Equitiy holding	Non controlling interests	Equity as at 31 Dec 2024	Net income for 2024
secunet International GmbH & Co. KG	Essen	100 %	0 %	-1,891 kEUR	-2,000 kEUR
secunet International Management GmbH	Essen	100 %	0 %	65 kEUR	8 kEUR
secustack GmbH i. L.	Dresden	51 %	49 %	219 kEUR	-25 kEUR
finally safe GmbH	Essen	100 %	0 %	48 kEUR	-1 kEUR
stashcat GmbH	Hanover	100 %	0 %	143 kEUR	-972 kEUR
SysEleven GmbH	Berlin	100 %	0 %	11,036 kEUR	-6,660 kEUR

The consolidated subsidiary secustack GmbH is in liquidation.

secunet Inc., Austin, Texas (USA), 100% participation, is no longer operational and has not been consolidated since the 2002 financial year on the grounds that it is not material.

The Group's accounting and measurement policies are applied consistently to the financial statements of secunet AG and its subsidiaries included in the Consolidated Financial Statements. The reporting date for secunet AG and for all consolidated companies is 31 December 2024.

The wholly-owned subsidiary secunet International GmbH & Co. KG, which is fully included in these Consolidated Financial Statements, makes use of the exemption provisions of Section 264b HGB for the 2024 financial year with regard to disclosure requirements. secunet International Management GmbH is a partner with unlimited liability of secunet International GmbH & Co. KG.

Basis of consolidation

Capital consolidation is carried out in accordance with the purchase method. When consolidated for the first time, the acquisition cost of the shareholdings acquired is offset against the remeasured equity. The assets and liabilities of the acquired subsidiary are recognised at their fair values. Any remaining positive differences are capitalised as goodwill in accordance with IFRS 3 and subjected to an annual impairment test.

Non-controlling interests are initially measured at their proportionate share of the identifiable net assets of the acquired company at the time of acquisition.

Changes in the Group's interest in a subsidiary that do not result in a loss of control are accounted for as equity transactions.

Both expenses and income, and receivables and payables between the consolidated companies are eliminated. Intercompany profits are eliminated unless they are immaterial.

Write-downs of shares in consolidated companies that have been carried out in individual financial statements as well as intercompany receivables are reversed within the framework of consolidation.

Reporting currency

The Group's reporting currency is euros.

Financial instruments

Recognition and initial measurement

Trade receivables are recognised at the time they arise. They are measured at the transaction price.

Financial assets and financial liabilities are recognised if a Group company is party to the agreement on the financial instrument. Financial assets or financial liabilities are initially recognised at the fair value. If the change in fair value is not recognised through profit or loss (FVTPL), the transaction costs directly attributable to the acquisition are added.

Classification and subsequent measurement

They are grouped into one of the following categories at the time of acquisition:

» At amortised cost
» FVOCI debt instruments (investments in debt instruments carried at fair value with changes in other comprehensive income)
» FVOCI equity instruments (equity investments carried at fair value with changes in other comprehensive income)
» FVTPL (at fair value with changes in fair value reported in profit or loss)

Financial assets are not reclassified after initial recognition unless the Group changes its business model for managing financial assets. In this case, all affected financial assets are reclassified on the first day of the reporting period following the change in the business model.

A financial asset is measured at amortised cost if the following cumulative conditions are met and it has not been designated as FVTPL:

» It is held within a business model whose objective is to hold financial assets for the purpose of collecting the contractual cash flows, and
» the contractual terms of the financial asset give rise, on specified dates, to cash flows that are solely payments of principal and interest on the principal amount outstanding.

A debt instrument is designated as FVOCI if both of the following conditions are met and it has not been designated as FVTPL:

» It is held within a business model whose objective is both to hold financial assets for the purpose of collecting the contractual cash flows and to sell financial assets; and
» its contractual terms give rise, on specified dates, to cash flows that are solely payments of principal and interest on the principal amount outstanding.

On initial recognition of an equity investment that is not held for trading purposes, the Group may irrevocably elect to report subsequent changes in the fair value of the investment in other comprehensive income. This choice is made on a case-by-case basis for each investment.

All financial assets that are not measured at amortised cost or FVOCI are measured at FVTPL. On initial recognition, the Group may irrevocably decide to designate financial assets that otherwise qualify for measurement at amortised cost or at FVOCI as FVTPL if this serves to eliminate or significantly reduce accounting mismatches.

The Group makes an assessment of the objectives of the business model in which the financial asset is held at a portfolio level. In the past, secunet Group acquired all financial instruments exclusively for the purpose of holding them to collect interest and principal payments. On this basis, it is assumed that this will also apply in the future.

For the purpose of assessing the cash flow criterion, in other words whether the contractual cash flows are exclusively interest and principal payments on the principal amount (fair value at initial recognition), the Group considers the contractual agreements relating to the instrument. This includes an assessment of whether the financial asset contains a contractual agreement that could change the timing or amount of the contractual cash flows with the effect that they no longer meet these conditions.

When making this assessment, the Group takes into account:

» specific events that would change the amount or timing of the cash flows,
» conditions that would affect the interest rate, including variable interest rates,
» early repayment and extension options, and
» conditions that restrict the Group's entitlement to cash flows from a particular asset (for example, no right of recourse).

An early repayment option is consistent with the criterion of exclusive interest and principal payments if the early repayment amount substantially represents unpaid amounts of principal and interest on the outstanding principal; this may include reasonable additional compensation for early termination of the contract.

In addition, a condition for a financial asset acquired at a premium or discount on the contractual nominal amount that permits or requires early repayment at an amount that substantially represents the contractual nominal amount plus accrued (but unpaid) contractual interest (which may include reasonable additional compensation for early termination of the contract) is treated as consistent with the criterion, provided the fair value of the early repayment option at the beginning is not significant.

Subsequent measurement and recognition of gains and losses

Financial assets at FVTPL / Financial liabilities at FVTPL

These assets and liabilities are subsequently measured at fair value. Net gains and losses, including any interest or dividend income, are recognised in profit or loss.

Based on the measurement hierarchy levels stated in IFRS 13, financial assets and liabilities are measured subject to the availability of relevant information. For the first level, listed (unadjusted) market prices for identical assets and liabilities can be directly observed on active markets. On the second level, they are measured based on measurement models that assess variables that can be observed on the market. The third level does not permit the use of measurement models which rely on input factors that cannot be observed on the market.

If the input factors used to determine the fair value of an asset or a liability can be allocated to different levels of the fair value hierarchy, measurement at fair value is allocated in its entirety to the fair value hierarchy level that corresponds to the lowest input factor which is overall essential to measurement.

There are currently no issues for financial assets at FVTPL.

Financial assets at amortised cost

These assets are subsequently measured at amortised cost using the effective interest method. The amortised cost is reduced by impairment losses. Interest income, foreign exchange gains and losses, and impairments are recognised in profit or loss. A gain or loss resulting from derecognition is reported accordingly.

Debt investments at FVOCI

These assets are subsequently measured at fair value. Interest income calculated using the effective interest method, foreign exchange gains and losses, and impairments are recognised in profit or loss. Other net gains and losses are recorded under other comprehensive income / loss. On derecognition, the accumulated other comprehensive income is reclassified to profit or loss. There are currently no items in this category.

Equity investments at FVOCI

These assets are subsequently measured at fair value. Dividends are recognised as income in profit or loss unless the dividend clearly serves to cover part of the investment cost. Other net gains and losses are recorded under other comprehensive income / loss and never reclassified to profit or loss. There are currently no items in this category.

Derecognition

The Group derecognises a financial asset when the contractual rights with regard to the cash flows from the financial asset expire or when it transfers the rights to receive the cash flows in a transaction in which all significant risks and rewards incidental to ownership of the financial asset are transferred.

Derecognition also takes place if the Group neither transfers nor retains all significant risks and rewards incidental to ownership and does not retain control of the transferred asset.

The Group derecognises a financial liability when the contractual obligations have been fulfilled, cancelled or have expired. Furthermore, the Group also derecognises a financial liability if its contractual terms are changed and the cash flows of the modified liability are significantly different. In this case, a new financial liability is recognised at fair value based on the revised terms.

When a financial liability is derecognised, the difference between the carrying amount of the extinguished liability and the consideration paid (including non-cash assets transferred or liabilities assumed) is recognised in profit or loss.

Cash and cash equivalents

The Group regards all highly liquid assets for which withdrawal or usage is not restricted as cash and cash equivalents. Alongside cash in hand and deposits held at call with banks, these also include short-term bank deposits with original maturities of three months or less. The measurement takes place based on the relevant nominal value.

Contract assets

Services already rendered in connection with customer projects but not yet invoiced to the customer are recorded under contract assets.

Inventories

Inventories, which consist almost exclusively of trade goods, are measured at the lower of historical cost or cost of production, or net realisable value less costs not yet incurred. Historical cost is calculated in accordance with the weighted average cost method.

Finished goods and work in progress are valued at the cost of acquisition of the materials used and the cost of production.

Property, plant and equipment

Property, plant and equipment consist not only of office and operating equipment, but generally also of assets under construction and are measured at historical cost or production cost less regular depreciation. When items of property, plant and equipment are disposed of or retired, their historical costs or production costs, accumulated depreciation and impairment are eliminated from the balance sheet and the gain or loss resulting from their sale is recognised in the income statement. Historical costs also include individually attributable additional and subsequent costs of acquisition. Purchase price reductions are offset.

Subsequent costs are only included in the asset's carrying amount or recognised as a separate asset, as appropriate, when it is probable that future economic benefits associated with the asset will flow to the Group and the cost of the asset can be reliably measured. Repairs and maintenance are charged to the income statement during the financial year in which they are incurred.

The depreciation period is based on the useful economic life and is between three and ten years. Depreciation is on a straight-line basis.

The assets' carrying amounts and useful lives are reviewed, and adjusted if appropriate, at each balance sheet date.

Intangible assets

Intangible assets with a finite useful life acquired for a consideration are measured at historical cost plus additional costs of acquisition less accumulated amortisation calculated using the straight-line method. Acquired software is amortised over three to seven years on a straight-line basis. Purchased customer bases and brands are amortised over ten to twelve years.

Costs incurred in preserving the original economic benefits of existing software systems are recognised as an expense when the maintenance work is carried out.

Internally produced intangible assets are capitalised if the criteria in IAS 38.57 are fulfilled. Direct costs as well as attributable indirect costs are used on the basis of hourly rates as well as purchased third-party services. Amortisation of the intangible asset begins at the time of operational readiness.

Impairment of intangible assets is determined by comparing their carrying amount with the recoverable amount, which is the higher of the asset's fair value and its value in use. If no separate future cash inflows generated independently of other assets can be allocated to the individual assets, the recoverability must be tested on the basis of the next highest aggregated cash-generating unit of assets. If the reasons for previously recognised impairment losses no longer apply, an impairment reversal is recognised for these assets. Goodwill is an exception to this rule.

The assets' carrying amounts and useful lives are reviewed, and adjusted if appropriate, at each balance sheet date.

Goodwill

Goodwill represents the excess of the cost of an acquisition over the fair value of the Group's share of the net identifiable assets of the acquired company at the date of the acquisition.

Under IFRS 3 in conjunction with IAS 36 and IAS 38, goodwill is not subject to scheduled amortisation. It is instead subjected to an annual impairment test and carried at original historical cost less accumulated impairment losses.

Where a cash-generating unit is sold, the relevant share of goodwill attributable to that unit is taken into account when calculating the profit from the sale.

Impairment of assets

Assets that are subject to scheduled amortisation are reviewed for impairment whenever events or changes in circumstances indicate that the carrying amount may no longer be recoverable. An impairment loss is recognised for the amount by which the asset's carrying amount exceeds its recoverable amount. The recoverable amount is the higher of an asset's fair value less costs to sell and its value in use. For the purposes of the impairment test, assets are grouped at the lowest levels for which there are separately identifiable cash flows (cash-generating units).

Where there is an indication that the impairment no longer exists or has decreased, the impairment reversal is recognised as income in the income statement for the asset in question. There were no unscheduled impairments or impairment reversals in the reporting year.

In impairment testing, goodwill acquired in a business combination and customer bases and brands measured as part of purchase price allocations are allocated to those cash-generating units that are expected to benefit from the synergies arising from the business combination. Impairment testing is carried out on an annual basis and additionally whenever there are indications of impairment in the respective cash-generating unit.

If the carrying amount of the cash-generating unit exceeds its recoverable amount, the carrying amount of the goodwill allocated to this cash-generating unit must be reduced by the amount of the difference. Impairment losses already recognised are not reversed in this process. If the impairment of the cash-generating unit exceeds the carrying amount of the goodwill allocated to it, the remaining impairment loss is recognised by reducing, on a pro-rata basis, the carrying amounts of the cash-generating unit's identifiable assets.

Income tax

Income taxes comprise all current taxes based on the result for the year as well as deferred taxes. In accordance with IAS 12 (Income Taxes), deferred taxes are recognised, using the liability method, for all temporary differences arising between the carrying amounts of assets and liabilities for IFRS accounting purposes and the amounts used for tax purposes. Deferred tax assets may also comprise tax reduction claims that arise from the expected use of existing loss carryforwards in subsequent years. Deferred tax assets are recognised only to the extent that it is probable that future taxable profit will be available against which the temporary differences can be utilised.

Deferred tax is calculated using the tax rates that are expected to apply at the time of realisation in accordance with the legal regulations valid at the balance sheet date. Deferred tax is recognised in the income statement as tax income or expense, except to the extent that it is directly linked to equity or items included in other comprehensive income / loss. Deferred taxes resulting from the accounting of right-of-use assets and lease liabilities are shown netted.

Leases

At the start of a contract, the Group assesses whether the contract constitutes or contains a lease. This is the case if the contract grants the right to control the use of an identified asset for a specified period of time in return for the payment of a consideration. In order to assess whether a contract contains the right to control an identified asset, the Group uses the definition of a lease in accordance with IFRS 16.

This method is applied to contracts concluded on or after 1 January 2019.

Lessee

On the date of provision or when a contract containing a lease component is amended, the Group separates the contractually agreed consideration into lease and non-lease components on the basis of the relative stand-alone selling prices.

On the date of provision, the Group recognises an asset for the right of use granted and a lease liability. The right-of-use asset is initially measured at cost, which is equal to the initial measurement of the lease liability, adjusted for payments made on or before the date of provision, plus any initial direct costs and the estimated costs of dismantling or removing the underlying asset or restoring the underlying asset or the site at which it is located, less any lease incentives received.

Subsequently, the right-of-use asset is amortised on a straight-line basis from the date of provision to the end of the lease term unless ownership of the underlying asset is transferred to the lessee at the end of the lease term or the cost of the right-of-use asset takes into account the fact that the lessee will exercise a purchase option. In this case, the right-ofuse asset is depreciated over the useful life of the underlying asset, which is determined in accordance with the rules for property, plant and equipment. Additionally, the right-of-use asset is adjusted continuously – where necessary – for impairment and to take specific revaluations of the lease liability into account.

For the first time, the lease liability is recognised at the present value of the lease payments not yet made at the date of provision, discounted at the underlying interest rate of the lease or, if this cannot be readily determined, at the lessee's incremental borrowing rate. The Group normally uses its incremental borrowing rate as the discount rate.

The lease payments included in the measurement of lease liabilities comprise fixed payments, amounts that are expected to be paid on the basis of a residual value guarantee and the exercise price of a purchase option if the lessee is sufficiently certain to exercise it.

Lease payments for lease extension options are taken into account if the lessee is sufficiently certain to exercise them.

The lease liability is measured at amortised cost using the effective interest method. Interest expenses are included in the financial result, and the payments made reduce the carrying amount of the lease liability. It is remeasured if future lease payments change due to a change in the index or (interest) rate, if the lessee adjusts its estimate of the expected payments under a residual value guarantee, if the lessee changes its assessment regarding the exercise of a purchase, extension or termination option or if a de facto fixed lease payment changes.

In the case of such remeasurement of the lease liability, a corresponding adjustment is made to the carrying amount of the right-of-use asset or, if the carrying amount of the right-ofuse asset has been reduced to zero, this adjustment is recognised in the income statement.

The Group has decided not to recognise right-of-use assets and lease liabilities for leases based on low-value assets and for short-term leases, including IT equipment. The lessee recognises the lease payments associated with these leases as an expense on a straight-line basis over the term of the lease.

Other provisions

Other provisions comprise all legal and constructive obligations towards third parties identifiable at the balance sheet date that are based on past events, where the amount can be reliably estimated, and where it is probable that an outflow of resources embodying economic benefits will be required to settle the obligation. The provisions are recognised in the amount of the best estimate of the expected settlement value. Possible claims for reimbursement are not offset against the provisions.

Provisions for pensions

In accordance with IAS 19, pension provisions are measured using the projected unit credit method for defined benefit plans. This means that future obligations are measured using actuarial methods to estimate the relevant variables and to determine their present value.

All actuarial gains and losses are recorded in the other comprehensive income / loss as they arise and without affecting the operating result. Reported pension provisions are based on actuarial certificates issued by an independent actuary.

Pension commitments under defined contribution plans are recognised in the relevant functional areas as expenses for employee services in the period during which the employee provides the related services.

Share-based remuneration

secunet has remuneration plans under which the members of the Management Board of secunet AG are granted virtual shares which are settled entirely in cash at the end of a four-year performance period. The fair value at the time of allocation is determined using recognised financial models and reported as an expense over the vesting period with a corresponding provision being recognised. The provision is revalued at each balance sheet date within the performance period and at the time of payment. Changes in fair value are recognised in the operating result.

Contract liabilities

Income received before the balance sheet date is deferred as a contract liability to the extent that it results in revenue after that date.

Equity

The subscribed capital is 6,500,000 euros. It is divided into 6,500,000 bearer shares without par value. All shares are fully paid.

Of secunet AG's capital reserves, 1,902,005.80 euros results from payments by the shareholder before the transformation of secunet AG into a public limited company. The price premium paid in the initial public offering accounts for 20,020,000.00 euros of the total. The capital reserves are available – subject to statutory regulations – for the purposes of offsetting any losses incurred and for capital increases from the Company's own funds.

The other reserves include the reserve for treasury shares and the other comprehensive income / loss.

Treasury shares are shares in secunetAG held by the Company itself. The acquisition of treasury shares is recognised in the Consolidated Financial Statements as a change in equity (reserve for treasury shares (value as at 31 December 2024 as in the previous year: -103,739.83 euros)). No gain or loss is shown in the income statement for the sale, issue or recalling of treasury shares. The consideration in such transactions is recognised in the Consolidated Financial Statements as a change in equity.

Profits from the current financial year and the previous years that are not paid out to shareholders are recognised in the revenue reserves.

Non-controlling interests

Non-controlling interests are initially measured at their proportionate share of the identifiable net assets of the acquired company at the time of acquisition.

The non-controlling interests' share of the Group profit or loss leads to an increase or decrease in the non-controlling interests.

Changes in the Group's interest in a subsidiary that do not result in a change of control are accounted for as equity transactions.

Sales revenue recognition

secunet Group realises its revenue through the sale of hardware, licences, service and maintenance, both separately and in product bundles, and through the provision of services as part of service and work contracts. Payments are typically due within 30 – 90 days.

I. Separate sale of hardware or licences

For the separate sale of hardware or licences, the breakdown into contractual obligations is unnecessary, since each respective individual sale represents a contractual obligation. With regard to the sale of hardware, revenue is recognised in line with IFRS 15 at the time at which the customer takes control of the asset. In the case of licence transfers, IFRS 15 necessitates an assessment as to whether the customer receives access or a right of use as a result. This shall determine whether sales revenue is recognised over time or at a point in time.

II. Sale of product bundles

The sale of product bundles is a transaction involving multiple elements according to IFRS 15. IFRS 15 requires the separable, independent contractual obligations within a product bundle to be identified in the case of multiple-element transactions. Subsequently, it must be determined whether the revenue is recognised over time or at a point in time for each of these contractual obligations. When doing so, the focus should be on the general principles for sales revenue recognition, as outlined above.

For the services included in the product bundles (for example, software subscription, Service Level Agreements, support services or extended warranties), discretionary decisions must be used to determine whether these are separate respective contractual obligations or whether these services form a service bundle in combination with another contractual obligation from the product bundle.

The allocation of the total transaction price to the individual performance obligations is based on individual selling prices.

III. Provision of services

The provision of services occurs both on the basis of service contracts and on the basis of work contracts within the Group.

Service contracts

Generally, consulting services involving the temporal coincidence of service provision and service consumption are provided in the form of service contracts. According to the nature of a service contract, it is the provision of the service that is owed, rather than the result.

Pursuant to IFRS 15.35, the service in these cases is registered over the period during which the service is provided in accordance with the share of the total service provided (output-oriented).

Work contracts

With respect to the work contracts, the result is owed, which constitutes a distinguishing characteristic between these and the service contracts, meaning that in the wider sense, an asset is created for the customer. The Group has no alternative way to use this asset. The Group uses this type of contract to cover mainly customer-specific software developments, but also licence sales with extensive customisation.

In the case of these work contracts, the sales revenue must be recognised in relation to the percentage of completion (IFRS 15.39). The percentage of completion is estimated on the basis of the costs incurred in relation to the expected total costs (input-oriented).

Assumptions and estimates

In the preparation of the Consolidated Financial Statements, assumptions and estimates were made that affected the reported amounts of assets, liabilities, income and expenses. These assumptions and estimates relate primarily to an estimate of the useful life for depreciable tangible and intangible assets (see Notes 3 and 4), the impairment of receivables (see Note 2), the recognition and measurement of provisions (see Notes 12 and 13), the capitalisation of deferred taxes on loss carryforwards (see Note 9) and the recognition of revenue in the case of services (see section on sales revenue recognition in this Chapter). For the purposes of calculating the value in use of the cash-generating units, as part of the impairment test for the goodwill, estimates and assumptions are required for determining the future cash flows from the cash-generating unit and for calculating the discount interest rate (see Note 6). Estimates and assumptions also play a role in the purchase price allocation within the scope of initial consolidations. Here, particularly in the determination of the discount interest rate for the useful life and the determination of licence fees.

Actuarial gains and losses from the pension provision calculation are recorded in other comprehensive income / loss without affecting the operating result. In some cases, actual results may differ from these estimates and assumptions. Changes are taken into account in the income statement at the time when better knowledge becomes available.

The current geopolitical and economic upheavals (war in Ukraine, conflict in the Middle East, rising electricity, energy and raw material prices, and the associated risk of continued high or rising inflation rates with negative impacts on the willingness to invest, and as a result of further interest rate increases) are associated with uncertainty from today's perspective. The business activities of the secunet Group are still not directly affected.

As the Management Board considers these risks to be manageable overall, there were no significant adjustments to the assumptions and estimates on which the recognition and measurement were based.

Furthermore, the impairment tests performed on goodwill (see Note 6), other intangible assets and property, plant and equipment (see Notes 3 and 4), deferred tax assets (see Note 9), trade receivables and contract assets (see Note 2) did not result in any impairment losses in this connection.

Climate change does not give rise to any risks or opportunities for secunet AG's business.

Grants

In accordance with the option provided by IAS 20.24 and IAS 20.27, government grants for assets are offset directly against the acquisition / production costs of the subsidised asset and thus represent a reduction in the cost of acquisition. The grants are recognised on a pro rata basis in the income statement in the form of lower depreciation. In the 2024 financial year, grants amounting to 0.4 million euros were received (previous year: 0.0 million euros).

Other grants are recognised as income in the period in which the entitlement arises.

Discretionary decisions

Discretion is exercised when determining cash-generating units for the purpose of goodwill impairment testing (see Note 6), when categorising financial assets and liabilities (see Notes 2 and 8) and when determining interest rates for lease accounting (see Note 5).

Notes to the balance sheet

The balance sheet is classified into non-current and current assets and liabilities. Assets and liabilities due within one year are recognised as current.

In accordance with IAS 12, deferred tax balances are recognised as non-current assets and liabilities.

1. Cash and cash equivalents

Cash and cash equivalents comprise cash in hand and bank balances.

The movement in cash and cash equivalents is shown in the consolidated cash flow statement.

2. Receivables, other assets, contract assets and financial assets from affiliated companies

The trade receivables amount to 84,807,157.94 euros (previous year: 88,896,835.69 euros).

In the year under review, contract assets of 3,286,668.57 euros (previous year: 2,872,998.07 euros) were reported for services already rendered in connection with customer projects but not yet invoiced (thereof 9,457.00 euros to affiliated companies; previous year: 16,817.00 euros).

Intercompany financial assets amount to 42,680.84 euros (previous year: 1,234,850.54 euros) and, as in the previous year, result in full from trade receivables.

The maturities of all the trade receivables are as follows:

Days overdue

in euros	31 Dec 2024	31 Dec 2023
Not due	50,483,963.02	67,833,044.21
1 – 30	30,794,784.00	20,562,747.00
31 – 90	2,564,255.00	130,380.00
91 – 180	327,368.00	328,695.00
181 – 360	326,903.00	1,500,595.00
> 360	679,801.00	-127,928.00
Total	85,177,074.02	90,227,533.21

The valuation allowance for trade receivables and contract assets was as follows:

in euros	2024	2023
As at 1 Jan	95,846.98	179,520.51
Amounts written off	0.00	0.00
Revaluation of allowances	231,388.26	-83,673.53
As at 31 Dec	327,235.24	95,846.98

A specific valuation allowance is posted to a separate valuation allowance account in cases where receivables are clearly overdue (>180 days) and owed from non-public-sector clients or due to special information in individual cases. The receivable is derecognised in the income statement in the event of established insolvency or in cases where the receivable is estimated to be irrecoverable for other reasons.

In the case of trade receivables from third parties that are not subject to a specific valuation allowance, an allowance is calculated on a collective basis for the amount of the expected credit losses over the term of the receivables. Calculation of the expected losses on a collective basis is based on an impairment matrix containing an analysis of historical data over the last five years. The collective allowance is already to be recognised by applying historical data when the trade receivable from third parties is initially recognised and is to be adjusted at each reporting date on the basis of current information and expectations.

Receivables and other assets that are not yet due and not individually impaired are assessed by the Management Board to be recoverable. This assessment is based on past experience, the customer structure and long-term business relationships.

Additions to and reversal of valuation allowances are disclosed separately in the income statement under the item "Impairment reversals / impairment losses on trade receivables and contract assets".

The other current and non-current assets totalling 26,542,962.54 euros (previous year: 18,414,901.69 euros) predominantly concern other receivables from suppliers, advance payments for travel expenses, prepayments for future services and other receivables. No impairments were made.

3. Property, plant and equipment

	2024		2023
in euros	Office and operating equipment	Property, plant and equipment	Office and operating equipmen	Property, plant and equipment
Accumulated historical cost as at 1 Jan	33,802,207.42	33,802,207.42	29,816,677.28	29,816,677.28
Additions	7,228,376.90	7,228,376.90	5,646,852.11	5,646,852.11
Disposals	-1,280,184.76	-1,280,184.76	-1,661,321.97	-1,661,321.97
As at 31 Dec	39,750,399.56	39,750,399.56	33,802,207.42	33,802,207.42

Accumulated depreciation as at 1 Jan	22,309,608.73	22,309,608.73	19,096,260.28	19,096,260.28
Additions	5,234,687.44	5,234,687.44	4,818,827.42	4,818,827.42
Disposals	-1,147,377.61	-1,147,377.61	-1,605,478.97	-1,605,478.97
As at 31 Dec	26,396,918.56	26,396,918.56	22,309,608.73	22,309,608.73
Carrying amount as at 31 Dec	13,353,481.00	13,353,481.00	11,492,598.69	11,492,598.69

The changes in property, plant and equipment may be summarised as follows:

The carrying amount of property, plant and equipment subject to restrictions on disposal in connection with financial liabilities totalled 3.6 million euros (previous year: 3.5 million euros). As in the previous year, there are no fixed assets pledged to lenders.

4. Intangible assets

The changes in intangible assets may be summarised as follows:

	2024
in euros	Internally generated in tangible assets	Purchased intangible assets	Total intangible assets
Accumulated historical cost as at 1 Jan	10,833,705.00	45,180,961.61	56,014,666.61
Additions	6,922,995.00	1,062.50	6,924,057.50
Disposals	0.00	-210,910.18	-210,910.18
As at 31 Dec	17,756,700.00	44,971,113.93	62,727,813.93

Accumulated depreciation as at 1 Jan	5,312,323.00	15,011,967.63	20,324,290.63
Additions	681,753.00	5,237,869.83	5,919,622.83
Disposals	0.00	-210,910.18	-210,910.18
As at 31 Dec	5,994,076.00	20,038,927.28	26,033,003.28
Carrying amount as at 31 Dec	11,762,624.00	24,932,186.65	36,694,810.65

	2023
in euros	Internally generated in tangible assets	Purchased intangible assets	Total intangible assets
Accumulated historical cost as at 1 Jan	7,676,705.00	45,248,209.14	52,924,914.14
Additions	3,157,000.00	3,922.06	3,160,922.06
Disposals	0.00	-71,169.59	-71,169.59
As at 31 Dec	10,833,705.00	45,180,961.61	56,014,666.61

Accumulated depreciation as at 1 Jan	3,999,561.00	9,918,754.10	13,918,315.10
Additions	1,312,762.00	5,164,383.11	6,477,145.11
Disposals	0.00	-71,169.58	-71,169.58
As at 31 Dec	5,312,323.00	15,011,967.63	20,324,290.63
Carrying amount as at 31 Dec	5,521,382.00	30,168,993.98	35,690,375.98

Regular depreciations are recorded under the area of activity associated with the asset. No unscheduled impairment losses were recognised in the year under review (previous year: 26,200.00 euros).

In connection with the development of internally generated intangible assets, development costs totalling 6,922,995.00 euros were capitalised (previous year: 3,157,000.00 euros), as the requirements of IAS 38.57 were met in full.

5. Leases

The development of right-of-use assets and lease liabilities is as follows:

Development of lease liabilities

	2024
in euros	Rented buildings	Vehicles	Data centres	Total
As at 1 Jan	16,511,832.33	1,256,082.57	162,783.45	17,930,698.35
Additions	10,410,756.09	879,000.02	233,585.34	11,523,341.45
Lease payments	-6,088,134.79	-745,196.84	-219,561.24	-7,052,892.87
Interest expense	421,370.19	47,560.61	6,049.30	474,980.10
As at 31 Dec	21,255,823.82	1,437,446.36	182,856.85	22,876,127.03
	2023
in euros	Rented buildings	Vehicles	Data centres	Total
As at 1 Jan	17,018,624.49	750,884.70	887,836.35	18,657,345.54

Additions 4,254,934.68 996,962.01 0.00 5,251,896.69 Lease payments -4,942,079.32 -516,020.35 -736,022.39 -6,194,122.06 Interest expense 180,352.48 24,256.21 10,969.49 215,578.18 As at 31 Dec 16,511,832.33 1,256,082.57 162,783.45 17,930,698.35

For a maturity analysis of the lease liabilities as at 31 December 2024, see Note 10 Liabilities. Expenses for short-term leases totalled 14,118.00 euros in 2024 (previous year: 29,118.00 euros). Expenses for low-value leases amounted to 196,041.87 euros in the 2024 financial year

Development of right-of-use assets

(previous year: 147,169.43 euros).

	2024
in euros	Rented buildings	Vehicles	Data centres	Total
As at 1 Jan	16,004,731.06	1,257,862.00	114,149.24	17,376,742.30
Additions	10,410,756.09	879,000.02	233,585.34	11,523,341.45
Depreciation and amortisation	-5,750,812.10	-716,950.38	-169,180.75	-6,636,943.23
As at 31 Dec	20,664,675.05	1,419,911.64	178,553.83	22,263,140.52

	2023
in euros	Rented buildings	Vehicles	Data centres	Total
As at 1 Jan	16,509,659.00	894,723.01	884,299.45	18,288,681.46
Additions	4,254,934.68	996,962.01	0.00	5,251,896.69
Depreciation and amortisation	-4,759,862.62	-633,823.02	-770,150.21	-6,163,835.85
As at 31 Dec	16,004,731.06	1,257,862.00	114,149.24	17,376,742.30

Presentation of undiscounted payment obligations from existing lease agreements

in euros	31 Dec 2024	31 Dec 2023
Up to 1 year	6,523,312.10	5,608,353.99
1 to 5 years	16,894,147.89	10,214,636.63
More than 5 years	456,755.20	3,104,021.76
Total	23,874,215.19	18,927,012.38

Payments amounting to 20,985,887.40 euros (previous year: 2,950,504.80 euros) may be due in the next few years for rental options not yet recognised in the balance sheet.

6. Goodwill

The breakdown of the goodwill carrying amount by segment is as follows:

		2024		2023
in euros	Public Sector	Business Sector	Total	Public Sector	Business Sector	Total
Accumulated historical cost as at 1 Jan	46,327,901.69	1,299,700.00	47,627,601.69	46,327,901.69	1,299,700.00	47,627,601.69
Change in the consolidated Group	0.00	0.00	0.00	0.00	0.00	0.00
Additions	0.00	0.00	0.00	0.00	0.00	0.00
Disposals	0.00	0.00	0.00	0.00	0.00	0.00
As at 31 Dec	46,327,901.69	1,299,700.00	47,627,601.69	46,327,901.69	1,299,700.00	47,627,601.69

Accumulated depreciation as at 1 Jan	0.00	0.00	0.00	0.00	0.00	0.00
Additions	0.00	0.00	0.00	0.00	0.00	0.00
Disposals	0.00	0.00	0.00	0.00	0.00	0.00
As at 31 Dec	0.00	0.00	0.00	0.00	0.00	0.00
Carrying amount as at 31 Dec	46,327,901.69	1,299,700.00	47,627,601.69	46,327,901.69	1,299,700.00	47,627,601.69

Goodwill was allocated to the cash-generating units based on expected synergies from the respective business combination. These cash-generating units represent the lowest reporting level in the Group at which goodwill can be monitored by the management for internal management purposes. The cash-generating units correspond to the segments.

secunet Group is split into two divisions: the Public Sector division and the Business Sector division.

In testing goodwill for impairment in accordance with IAS 36, the recoverable amount of the individual cash-generating unit is determined by its value in use. The test takes place annually as at 31 December. The value in use is calculated from the discounted cash flows of the relevant unit. Cash flows are derived from the EBIT determined as part of the annual planning prepared by the Management Board and approved by the Supervisory Board. This is reconciled to Noplat (net operating profit less adjusted taxes) and adjusted for depreciation and investments. A discount rate (WACC) of 9.25% was used for these calculations (previous year: 10.80%).

A risk-free interest rate (based on market data) of 2.50% (previous year: 2.55%), a market risk premium of 6.75% (previous year: 7.5%) and a beta factor of 1.0 (previous year: 1.1) are used to calculate the discount rate. Since the Company largely operates in the European Economic Area, standardised parameters are used for all cash-generating units. The underlying projections employed for the test are based on a period of three years and take into account past experience and the management's expectations regarding the future development of the market, while also considering an average growth rate over the detailed planning period of 5.2% in the Public segment and 23.7% in the Business segment. Projections further into the future are made by extrapolating cash flows in perpetuity, while factoring in a growth rate of 0.5% (previous year: 0.5%) for value in use.

As the discounted cash flows exceeded the carrying amounts of the goodwill, no impairment of goodwill was necessary. As part of a sensitivity analysis, the risk premium was increased by 1% and flat-rate discounts of 20% were applied to the expected cash flows from the individual cash-generating units. Even under these conditions there was no need for impairment with regard to any of the goodwill allocated to the cash-generating units.

in euros	31 Dec 2024	31 Dec 2023
Trade goods	51,819,678.70	47,059,012.03
Finished goods	69,749.01	54,517.70
Work in progress	792,165.75	457,123.49
Advance payments	1,171,247.50	463,063.82
Total	53,852,840.96	48,033,717.04

7. Inventories

Trade goods are measured at historical cost calculated using a sliding average.

The production costs of finished goods and work in progress are valued at the cost of acquisition of the materials used and the cost of production.

During the reporting year, value adjustments for trade goods resulted in an expense in the amount of 4,452 thousand euros (previous year: 612 thousand euros).

8. Non-current financial assets

The premium reserve shares from reinsurance contracts shown under non-current financial assets amount to 6,306,820.30 euros (previous year: 6,438,407.00 euros). Regular contributions increase the value; payments for pension payments reduce the value. In 2024, a profit arose from the valuation measures of the insurance companies at the end of the year.

These reinsurance contracts deal with the reinsurance of the existing defined benefit obligations related to current and former secunet employees from pension commitments assumed from previous employers. The existing reinsurance contracts are not plan assets as defined under IAS 19. Premium reserve shares reported under non-current assets represent reimbursements in accordance with IAS 19. Fair value of the premium reserve is measured by the insurance company and, for the vast majority of reinsurance capital, recognised actuarial processes are followed in this respect (cash method using swap interest rates plus issuerspecific risk premiums).

9. Deferred taxes

The Group has loss carryforwards totalling 17,518 thousand euros for corporate tax and 18,305 thousand euros for trade tax (previous year: 7,883 thousand euros for corporate tax and 8,835 thousand euros for trade tax) which, as in the previous year, are exclusively attributable to domestic companies.

No deferred tax assets were formed on losses amounting to 3,696 thousand euros (previous year: 3,666 thousand euros), as it is not expected that these loss carryforwards will be realised in the short to medium term. They do not expire. Deferred tax claims not recognised totalled 1,184 thousand euros (previous year: 1,174 thousand euros). No value adjustments were made to deferred tax assets recognised in previous years (previous year: value adjustment of 320 thousand euros).

Deferred tax assets of 4,395 thousand euros (previous year: 1,500 thousand euros) were recognised for corporate tax losses of 13,821 thousand euros and trade tax losses of 14,608 thousand euros (previous year: 4,217 thousand euros for corporate tax and 5,169 thousand euros for trade tax). There is sufficient substantial evidence of future taxable earnings to allow capitalisation. The losses do not expire.

A tax rate of 31.97%, or 16.14% for partnerships, was used to calculate deferred taxes (previous year: 31.97%, or 16.14% for partnerships). The tax rate for deferred taxes includes trade tax and corporate tax plus solidarity surcharge.

The breakdown of deferred taxes recognised in the balance sheet is as follows:

in euros	31 Dec 2024	31 Dec 2023
Deferred tax assets
from provisions for pensions	836,734.51	935,850.14
from goodwill	7,325.29	12,131.02
from intangible assets	4,156.10	12,468.30
from tangible fixed assets	14,151.20	14,420.71
from leases as defined by IFRS 16	124,592.52	177,113.48
from loss carryforwards	4,394,852.63	1,499,669.27
from other items	470,189.75	589,599.68
	5,852,002.00	3,241,252.60
Deferred tax liabilities
from trade receivables and contract assets	-36,284.36	-73,401.84
from intangible assets	-11,034,618.25	-10,608,554.71
from goodwill	-79,418.60	-65,282.74
from tangible fixed assets	-13,303.36	-22,513.59
from other items	-65,922.35	-236,598.33
	-11,229,546.92	-11,006,351.21
Total	-5,377,544.92	-7,765,098.61

Balance sheet entry

Deferred tax assets of 4,426 thousand euros (previous year: 2,588 thousand euros) and deferred tax liabilities of 9,328 thousand euros (previous year: 8,866 thousand euros) were formed for items with a term of more than 12 months.

No deferred taxes were recognised on temporary differences amounting to 2 thousand euros (previous year: 1 thousand euros) in connection with shares in subsidiaries.

The changes in deferred taxes in the income statement may be summarised as follows:

Income statement for expenses / income

in euros	1 Jan – 31 Dec 2024	1 Jan – 31 Dec 2023
Deferred tax assets
from provisions for pensions	50,282.42	-43,187.31
from goodwill	-4,805.73	-4,805.73
from intangible assets	-8,312.20	-12,468.30
from tangible fixed assets	-269.51	-57,659.50
from leases as defined by IFRS 16	-52,520.96	62,518.29
from loss carryforwards	2,895,183.36	542,148.59
from other items	-119,409.93	-23,161.64
	2,760,147.45	463,384.40
Deferred tax liabilities
from trade receivables and contract assets	37,117.48	-17,094.04
from intangible assets	-426,063.54	749,733.60
from goodwill	-14,135.86	-14,135.86
from tangible fixed assets	9,210.23	-22,513.59
from other items	170,675.98	297,355.66
	-223,195.71	993,345.77
Income from deferred taxes	2,536,951.74	1,456,730.17

In the 2024 financial year, a deferred tax expense of 149,398.05 euros was recorded under other comprehensive income / loss (previous year: deferred tax income of 230,216.93 euros).

10. Liabilities

The intercompany payables relate to trade accounts payable, and amount to 151,549.96 euros (previous year: 173,410.58 euros). The carrying amounts of trade payables and other liabilities correspond to the nominal value.

Other current liabilities break down as follows:

in euros	31 Dec 2024	31 Dec 2023
Payable value-added tax	5,671,751.93	12,976,415.64
Contingent purchase price payment	0.00	8,491,643.00
Payable wage income tax and church tax	1,258,806.80	1,204,298.98
Payable social security contributions	6,712.83	15,656.51
Other liabilities	337,532.74	250,670.51
Total	7,274,804.30	22,938,684.64

The maturities of the liabilities are as shown below:

	Total		Remaining term up to 1 year		Remaining term of 1 year to 5 years		Remaining term of over 5 years
in euros	31 Dec 2024	31 Dec 2023	31 Dec 2024	31 Dec 2023	31 Dec 2024	31 Dec 2023	31 Dec 2024	31 Dec 2023
Trade accounts payable	41,611,809.36	32,354,865.81	41,611,809.36	32,354,865.81	0.00	0.00	0.00	0.00
Intercompany payables	151,549.96	173,410.58	151,549.96	173,410.58	0.00	0.00	0.00	0.00
Lease liabilities	22,876,127.03	17,930,698.35	6,299,664.89	5,032,943.46	16,121,723.42	9,841,399.64	454,738.72	3,056,355.25
Liabilities to lenders	4,159,854.35	4,138,899.47	1,289,258.41	1,161,643.18	0.00	0.00	0.00	0.00
Income tax liabilities	760,642.62	51,235.23	760,642.62	51,235.23	0.00	0.00	0.00	0.00
Other liabilities	7,274,804.30	22,938,684.64	7,274,804.30	22,938,684.64	0.00	0.00	0.00	0.00
Contract liabilities	86,351,342.60	75,278,356.51	33,124,992.52	32,522,556.53	53,226,350.08	42,755,799.98	0.00	0.00

Other liabilities in the previous year included a reported earn-out clause of 8.5 million euros in connection with the acquisition of SysEleven GmbH, Berlin. The amount of the earn-out clause payment is based on qualitative and quantitative targets for the financial years 2022 and 2023. The quantitative targets are based on the cumulative minimum values for sales and earnings from the financial years 2022 and 2023. The qualitative targets are made up of criteria from SysEleven GmbH's business operations. In the 2024 financial year, a payment of 8.75 million euros was made under this earn-out clause.

11. Contract balances

The following table presents information on receivables, contract assets and contract liabilities for customer contracts:

in euros	31 Dec 2024	31 Dec 2023
Trade receivables	84,807,157.94	88,896,835.69
Contract assets	3,286,668.57	2,872,998.07
Contract liabilities	86,351,342.60	75,278,356.51

The contract assets include services already rendered under work or service contracts but not yet invoiced to the customer. No value adjustments had to be recognised in this regard in the financial year.

The contract assets are transferred to receivables when the customer is invoiced.

The disclosure of the allocated transaction prices for the remaining performance is waived as no material amounts are to be achieved beyond the financial year 2025.

The contract liabilities include customer payments that are recognised as revenue after the balance sheet date. This item contains transactions where the Group generates cash inflow in advance due to multiple-year maintenance and support contracts and extended warranties or receives advance payments for later supplies or services. The sales revenue is generated over a period corresponding to the maturities reported in Note 10.

The contract liabilities developed as follows in the financial year:

in euros	2024	2023
As at 1 Jan	75,278,356.51	67,794,207.75
Recognised in sales revenue	-32,522,556.53	-30,231,243.38
Additions from payments received	43,595,542.62	37,715,392.14
As at 31 Dec	86,351,342.60	75,278,356.51

12. Provisions for pensions

in euros	2024	2023
Opening balance as at 1 Jan	6,575,285.00	5,604,437.00
Benefits paid	-99,714.00	-79,169.00
Additions	351,857.00	329,914.00
Change not affecting other comprehensive income / loss	-467,307.00	720,103.00
Closing balance as at 31 Dec	6,360,121.00	6,575,285.00

Provisions for pensions and similar liabilities are formed on the basis of the Group company's individual contract commitments towards its employees. 25 current and former employees of secunet Group who were employed at other companies in the past are entitled to a pension (previous year: 25 employees). The 25 pensionable persons consist of 20 candidates, three pension beneficiaries and two recipients of a widow's and orphans' pension.

As a result of business combinations and taking over of employees from other companies, the Company has a variety of pension plans. These can largely be split into two types of plans.

The first type of plan grants the beneficiary a defined percentage between 0.6% and 1.5% of remuneration as an old-age pension, for each year of service. In the second type of plan, the beneficiary is granted a fixed component for the old-age pension.

Both types of plan allow for early retirement taking reductions in benefits into account.

Both plans include a disability pension and a widow's and orphans' pension.

The certificates for the eligible employees of secunet Group as at 31 December 2024 are based on trend assumptions of 3.0% for salary growth (previous year: 3.0%), pension growth of 2.0% p. a. (previous year: 2.0% p. a.), an actuarial interest rate of 3.45% p. a. (previous year: 3.15% p. a.) and a flucuation rate of 5.5% p. a. (previous year: 5.5% p. a.). Professor Klaus Heubeck's 2018 G mortality tables were used as the basis for the calculation.

To determine the actuarial interest rate, a yield curve as at the balance sheet date is derived using bootstrapping based on corporate bonds with an AA rating. The actuarial interest rate was derived from the yield curve based on the actual term of the obligation.

The parameters were set based on the data from December 2024.

		2024		2023
Valuation parameter	Sensitivity	Baseline value	Effect on provisions (in thousand euros)	Baseline value	Effect on provisions (in thousand euros)
Actuarial interest	+ 0.50 %	3.45 %	-455	3.15 %	-500
Actuarial interest	- 0.50 %	3.45 %	510	3.15 %	563
Salary growth	+ 0.25 %	3.00 %	30	3.00 %	40
Salary growth	- 0.25 %	3.00 %	-29	3.00 %	-39
Pension growth	+ 0.25 %	2.00 %	233	2.00 %	246
Pension growth	- 0.25 %	2.00 %	-136	2.00 %	-143
Life expectancy	+ 2 years	Heubeck 2018 G	381	Heubeck 2018 G	407

Sensitivity analysis

The sensitivity calculations are based on the average terms of the pension obligations as at 31 December 2024. Separate calculations were performed for all actuarial parameters considered to be material, so as to separately show the effects on the present value of defined benefit obligations as at 31 December 2024. Since the sensitivity analyses are based on the average duration of expected pension obligations, and expected payment deadlines are therefore not considered, they can only provide rough information or statements on trends.

The evaluation and definition of the parameters are at the discretion of the Management Board.

Changes to the defined benefit obligations in the reporting year were as follows:

in euros	2024	2023
As at 1 Jan	6,575,285.00	5,604,437.00
Current service cost	147,147.00	124,181.00
Interest expense	204,710.00	205,733.00
Actuarial gains and losses from
experience-based adjustments	-168,559.00	104,797.00
changes to biometric assumptions	0.00	-1,610.00
changes to financial assumptions	-298,748.00	616,916.00
Benefits paid	-99,714.00	-79,169.00
As at 31 Dec	6,360,121.00	6,575,285.00

Of the defined benefit obligations, 43.2% (previous year: 63.2%) relate to active claimants. 26.3% (previous year: 14.6%) relate to claimants who have left, 25.5% (previous year: 18.2%) relate to pension beneficiaries, and 5.0% (previous year: 4.0%) to recipients of a widow's and orphans' pension. Pension commitments do not expire.

The weighted average duration of the defined benefit obligations up to 31 December 2024 is 16.0 years (previous year: 17.0 years).

Costs arising from the defined benefit obligations and included in the income statement are broken down as follows:

in euros	2024	2023
Current service cost	147,147.00	124,181.00
Interest expense	204,710.00	205,733.00
Cost for the year	351,857.00	329,914.00

In line with actuarial certificates, expenses arising from the commitments are distributed over the service life of employees and consist of the interest expenses and the service expenses. Interest expenses are included in the financial result, and the service expenses are shown under personnel expenditure in the respective functional areas.

In the reporting year, pension payments of 99,714.00 euros (previous year: 79,169.00 euros) were paid directly by the employer.

The defined benefit obligation is offset by premium reserve shares from reinsurance contracts in the amount of 6,306,820.30 euros (previous year: 6,438,407.00 euros), which do not represent plan assets under IAS 19.

A pension provision of 6,514,234 euros is expected as at 31 December 2025, based on an annual expense of 322,545 euros and planned pension payments of 168,432 euros.

In the reporting year, secunet Group paid contributions of 7,072 thousand euros (previous year: 6,409 thousand euros) into the statutory pension insurance plan, which is regarded as a defined contribution plan. In the case of defined contribution pension plans, there are no further obligations beyond the payment of contributions.

The fair value of the premium reserve from reinsurance contracts – disclosed under noncurrent financial assets – corresponds to the carrying amount. It developed as follows:

in euros	2024	2023
Carrying amount as at 1 Jan	6,438,407.00	6,549,879.00
Incoming payments	60,257.42	61,625.40
Outgoing payments	-119,093.77	-65,571.70
Expenses / income recorded in the income statement	-72,750.35	-107,525.70
Carrying amount as at 31 Dec	6,306,820.30	6,438,407.00

13. Other provisions

The changes in other provisions are shown in the table below:

		Reclassi
1 Jan 2024	Utilisation	fication	Released	Additions	31 Dec 2024


					571,529.00

					551,767.09
					1,585,569.00

1,686,058.24	186.00	-179,549.00	0.00	1,202,169.85	2,708,865.09

11,767,583.00	-11,758,069.00	179,549.00	-10,079.00	18,031,483.00	18,210,467.00
2,558,073.00	-2,558,073.00	0.00	0.00	3,012,606.00	3,012,606.00
1,043,863.68	-1,043,863.68	0.00	0.00	1,505,751.86	1,505,751.86
1,388,760.00	-120,000.00	0.00	-253,000.00	127,000.00	1,142,760.00
296,670.00	-296,670.00	0.00	0.00	0.00	0.00

256,260.43	-256,260.43	0.00	0.00	235,105.28	235,105.28
1,349,485.22	-562,897.42	0.00	-388,490.00	826,719.00	1,224,816.80
18,660,695.33	-16,595,833.53	179,549.00	-651,569.00	23,738,665.14	25,331,506.94
20,346,753.57	-16,595,647.53	0.00	-651,569.00	24,940,834.99	28,040,372.03
	493,498.00 537,321.24 655,239.00	186.00 0.00 0.00	0.00 0.00 -179,549.00	0.00 0.00 0.00	77,845.00 14,445.85 1,109,879.00

The provision formed in the previous year for warranties and goodwill in the product and project business was not utilised in the 2024 financial year.

The provision for asset retirement and maintenance measures essentially involves asset retirement and maintenance measures to be performed by the Company for the leased properties in Essen, Dresden, Hanover and Munich.

Overall provisions have been represented at the level of the expected realisation arising from the risks.

The estimation of the probability of occurrence for the expected realisation of the provisions is at the discretion of the Management Board.

14. Share-based remuneration

A Performance Share Plan I (PSP I) is set up annually for the members of the Management Board. This is a long-term variable remuneration component.

The PSP I is granted in annual tranches with a four-year performance period. At the beginning of each tranche, a number of virtual shares are initially allocated provisionally on the basis of the average share price of the last 30 trading days prior to the allocation date. The number of virtual shares finally allocated to the Management Board members at the end of the term of a tranche depends on the development of the respective performance criteria within the respective performance period. The amount of the payouts is determined by multiplying the adjusted number of virtual shares by the average share price of the last 30 trading days before the end of the four-year performance period. The final number of virtual shares at the time of payment may therefore differ from the number of virtual shares provisionally granted.

The amount of payment for the share-based remuneration is subject to multiple caps. Firstly, the level of achievement for each PSP I target is limited to a maximum of 150%. Secondly, the amount of the payout is capped at 200% of the original allocation value. The final limit to be observed is the maximum remuneration defined for each member of the Management Board.

In the event of the premature departure of a member of the Management Board, the PSP defines good or bad leaver circumstances; upon coming into force, the entitlements are forfeited (bad leaver cases) or continue to exist (good leaver). In the case of continuing entitlements, the payout is essentially made according to the specifications of the PSP I at the end of the performance period.

As part of the Performance Share Plan I, the Management Board was granted the virtual shares shown below for the performance periods:

Performance period	Number of virtual shares granted
2021 – 2024	1,866
2022 – 2025	1,147
2023 – 2026	2,199
2024 – 2027	3,685

The final number of virtual shares at the end of the four-year performance period is determined by the three linked performance criteria of relative total shareholder return (TSR – measure of the development of the value of a shareholding over a certain period of time, in terms of share price development and dividends), achievement of strategic targets and sustainability, for which the Supervisory Board establishes target and threshold values before granting a new tranche.

A recognised financial model ("Monte Carlo simulation") is used to determine the fair values of the virtual shares to be settled in cash, which are the basis for determining the provision as at the balance sheet date. The following parameters were used in the calculation as at 31 December 2024:

Performance Share Plan I for the performance period 2021 – 2024

Parameter	Value
Term	4 years
Share price of secunet AG as at the reporting date	116.40 euros
Dividend paid to date	13.14 euros
Risk-free interest rate (determined by the Svensson method)	–
Expected volatility of the secunet share (derived from historical volatilities)	–
Remaining term	–

Assumptions regarding correlations between the secunet share price and the performance of the TecDAX were determined on the basis of historical share price and index developments. The fair value of the secunet share is 125.08 euros (uncapped) and 125.08 euros (capped).

Performance Share Plan I for the performance period 2022 – 2025

Parameter	Value
Term	4 years
Share price of secunet AG as at the reporting date	116.40 euros
Dividend paid to date	10.60 euros
Risk-free interest rate (determined by the Svensson method)	2.168 %
Expected volatility of the secunet share (derived from historical volatilities)	42.57 %
Remaining term	1 year

Performance Share Plan I for the performance period 2023 – 2026

Parameter	Value
Term	4 years
Share price of secunet AG as at the reporting date	116.40 euros
Dividend paid to date	5.22 euros
Risk-free interest rate (determined by the Svensson method)	2.020 %
Expected volatility of the secunet share (derived from historical volatilities)	47.34 %
Remaining term	2 years

Performance Share Plan I for the performance period 2024 – 2027

Parameter	Value
Term	4 years
Share price of secunet AG as at the reporting date	116.40 euros
Dividend paid to date	2.36 euros
Risk-free interest rate (determined by the Svensson method)	2.016 %
Expected volatility of the secunet share (derived from historical volatilities)	50.42 %
Remaining term	3 years

A Performance Share Plan II (PSP II) was also launched in the 2024 financial year. This is a special remuneration component that depends on the achievement of certain performance components and targets defined in advance by the Supervisory Board on a three-year assessment basis and also on the performance of the secunet AG share price until the end of a further year after the three-year assessment period.

The multi-year special bonus on the basis of a PSP II serves to provide an additional incentive in relation to ambitious strategic targets, in particular targets for successful strategic development.

Initially, a tranche of virtual shares (performance shares) will be allocated on the basis of the Performance Share Plan II approved by the Supervisory Board. This is done by converting the target amount determined at the discretion of the Supervisory Board for the multi-year special bonus for the respective Management Board member into virtual shares according to the initial price of the secunet share (commercially rounded to the nearest whole number of virtual shares). As in the case of the Performance Share Plan I, the initial price corresponds to the average closing price of the secunet share – rounded to two decimal places – on the last 30 trading days before the start of the respective performance period. Here, once again, the virtual shares are allocated on 1 January of the first year for which the multi-year special bonus is to be awarded. The three-year assessment period for the respective tranche also begins at this time. It ends on 31 December of the second following year (three-year performance period).

A total of 7,317 virtual shares were granted in conjunction with the 2024 – 2027 tranche of the PSP II. The final number of virtual shares is determined after the three-year performance period according to the overall degree of achievement of the defined performance targets (sales, EBITDA, free cash flow and total shareholder return). The degree of target achievement for each performance target is limited to 200%.

A final number of virtual shares is determined on the basis of this performance target. The payout amount is determined after a holding period of a further year. For this purpose, the final number of virtual shares is multiplied by the payout price that is to be determined. The payout amount is limited to 200% of the target amount.

Performance Share Plan II for the performance period 2024 – 2027

Parameter	Value
Term	4 years
Share price of secunet AG as at the reporting date	116.40 euros
Dividend paid to date	2.36 euros
Risk-free interest rate (determined by the Svensson method)	2.016 %
Expected volatility of the secunet share (derived from historical volatilities)	50.45 %
Remaining term (performance measurement) + 1 year holding period	3 years

A provision of 1,821 thousand euros (previous year: 655 thousand euros) was recognised as a liability for share-based remuneration as at the balance sheet date. An expense of 1,166 thousand euros (previous year: 100 thousand euros) was recognised.

15. Equity

The development of the Group's equity is shown in the consolidated statement of changes in equity.

As in the previous year, secunet AG holds 30,498 treasury shares as at the balance sheet date. This corresponds to a share of 0.469% of the subscribed capital.

The subscribed capital remains unchanged at 6,500,000.00 euros. It is divided into 6,500,000 bearer shares without par value. All shares are fully paid. Calculated on Group profit for the period attributable to the shareholders of secunet AG of 27,940,106.76 euros, diluted and undiluted earnings per share were 4.32 euros per share (6,469,502 shares), compared with 4.51 euros (6,469,502 shares) in the previous year.

The minority interests developed as follows in the financial year:

in euros	2024	2023
Opening balance as at 1 Jan	96,179.91	244,698.07
Share in net income	-12,407.84	-148,518.16
Closing balance as at 31 Dec	83,772.07	96,179.91

The number of shares outstanding remained unchanged, at 6,469,502 shares. Each share grants the holder one voting right and, in the event of a distribution, an equivalent dividend entitlement.

secunet AG's capital reserves were unchanged from the previous year, with 1,902,005.80 euros of the total resulting from payments by the shareholder before the transformation of secunet AG into a public limited company. The price premium paid in the initial public offering accounts for 20,020,000.00 euros of the total. The capital reserves are available – subject to statutory regulations – for the purposes of offsetting any losses incurred and for capital increases from the Company's own funds.

The other reserves consist of the reserve for treasury shares, amounting to -103,739.83 euros (previous year: -103,739.83 euros), and the other comprehensive income / loss.

The reserve for treasury shares consists of the historical cost of the shares of the Company held by the Group. The Company currently holds 30,498 of its own shares.

Other comprehensive income / loss consists of currency conversion differences from the currency conversion of financial statements of foreign subsidiaries, actuarial gains and losses as part of pension provision calculation as well as deferred taxes.

Revenue reserves increased by 110,026,191.28 euros to 122,710,681.16 euros compared to the previous year's figure. This increase was based on the Group profit for the period attributable to the shareholders of secunet AG of 27,952,514.60 euros, less the dividend payments of 15,268,024.72 euros paid during the reporting year.

Appropriation of the balance sheet profit

From the balance sheet profit of 15,268,024.72 euros reported for the 2023 financial year in the Annual Financial Statements under commercial law, dividends of 2.36 euros per share (amounting to a total of 15,268,024.72 euros) were distributed in the 2024 financial year in accordance with the resolution of the Annual General Meeting on 23 May 2024.

secunet AG's Annual Financial Statements under commercial law for the 2024 financial year show net income for the year of 35,295,327.75 euros. The Management Board and the Supervisory Board have decided to deposit an amount of 17,633,587.29 euros from this sum into other revenue reserves. There is a balance sheet profit of 17,661,740.46 euros under commercial law for 31 December 2024.

The Management Board will propose to the Annual General Meeting that a regular dividend of 2.73 euros per dividend-bearing share be distributed on the dividend-bearing share capital of 6,469,502.00 euros (corresponding to a regular distribution of 50% of the net profit for the year), i. e. a total of 17,661,740.46 euros. When determining the share capital entitled to a dividend, the total of 30,498 treasury shares was deducted. For the remaining balance sheet profit in the amount of 0.00 euros, the transfer to other revenue reserves is proposed.

in euros	2024
Balance sheet profit at 1 Jan 2024	15,268,024.72
Dividend payment in 2024 for 2023	-15,268,024.72
Net income for the year 2024	35,295,327.75
Transfer to other revenue reserves	-17,633,587.29
Balance sheet profit at 31 Dec 2024	17,661,740.46
Proposal for the appropriation of distributable earnings
Dividend payment in 2025	17,661,740.46
Transfer to other revenue reserves	0.00
Carryforward	0.00

Notes on the income statement

16. Sales revenue

secunet Group realises its sales revenue entirely within the framework of contracts with customers.

The following overview breaks down sales by geographical characteristics, main revenue streams and revenue recognition.

	Public Sector		Business Sector		Group
in thousand euros	2024	2023	2024	2023	2024	2023
Geographical allocation
Domestic	329,608.9	310,119.0	36,673.1	48,419.7	366,282.0	358,538.7
Abroad	40,062.1	34,657.0	40.9	489.2	40,103.0	35,146.2
Total	369,671.0	344,776.0	36,714.0	48,908.9	406,385.0	393,684.9
Revenue generation
Consultancy business	46,152.7	37,119.0	6,689.0	6,832.6	52,841.7	43,951.6
Product business	323,518.3	307,657.0	30,025.0	42,076.3	353,543.3	349,733.3
Total	369,671.0	344,776.0	36,714.0	48,908.9	406,385.0	393,684.9
Recognition of sales revenue
Over time	93,959.7	84,926.0	25,722.9	25,866.5	119,682.6	110,792.5
At a point in time	275,711.3	259,850.0	10,991.1	23,042.4	286,702.4	282,892.4
Total	369,671.0	344,776.0	36,714.0	48,908.9	406,385.0	393,684.9

Domestic sales revenue totalled 366,282.0 thousand euros (previous year: 358,538.7 thousand euros), while sales revenue generated abroad was 40,103.0 thousand euros (previous year: 35,146.2 thousand euros). The breakdown of sales revenue is based on the location of the customers.

Approximately 270 million euros of this sales revenue is attributable to the Group's major customer as defined in IFRS 8.34. This sales revenue was generated in the Public Sector division. No other individual customer accounted for 10% or more of the Group's sales revenues in 2024.

17. Presentation of selected expenses according to cost types

With the exception of materials expenses, which must always be included under cost of sales, all the cost types are recorded under the cost of sales, the selling expenses, the development costs and the general administrative costs. The following amounts are recorded for the cost types listed below:

in euros	2024	2023
Expenses for raw materials, consumables and operating materials	184,005,241.54	185,607,790.98
Cost of purchased services	29,392,536.23	25,652,732.39
Materials expenses	213,397,777.77	211,260,523.37
Wages and salaries	98,050,323.57	82,301,462.41
Social security costs	15,258,052.31	13,296,966.46
Expenses for retirement pensions	153,858.85	126,443.23
Personnel expenditure	113,462,234.73	95,724,872.10
Depreciations (scheduled)	17,791,253.50	17,459,808.39

18. Research and development costs

Research and development costs for the financial year amounted to 13,687,038.46 euros (previous year: 10,340,995.05 euros).

All expenses were attributable to development projects that did not fully meet the criteria set out in IAS 38.57 for the justification of mandatory capitalisation.

19. Interest income / expense

In the 2024 financial year, interest income of 771,256.94 euros (previous year: 1,888.35 euros) was generated. The amount is mainly attributable to interest on call deposits and fixed-term deposits with banks (previous year: default interest on trade receivables).

The interest expense for 2024 of 1,370,377.40 euros (previous year: 896,624.50 euros) mainly consists of interest to banks and lessors (278,927.12 euros, previous year: 465,730.45 euros), interest on pension provisions (204,710.00 euros, previous year: 205,733.00 euros), the compounding of the earn-out liability (389,000 euros; previous year: 0.00 euros) and interest expense in connection with lease accounting under IFRS 16 (474,980.10 euros, previous year: 215,578.18 euros). The remaining amount mainly relates to interest on other non-current provisions and interest on tax arrears.

20. Income taxes

In the reporting year, current taxes of 16,521,659.53 euros were incurred (previous year: 14,544,806.90 euros). This includes taxes for previous years in the amount of 78,391.53 euros (previous year: 147,107.00 euros). For deferred taxes see Note 9.

The income tax expense is derived from the theoretical tax expense. A tax rate of 31.97% (previous year: 31.97%) is applied to the earnings before taxes. The tax expense arising from the application of the tax rate for the Group is derived as follows:

in euros	2024	2023
Group profit before tax	41,924,814.55	42,089,562.87
Expected tax expense	-13,403,363.21	-13,456,033.25
Tax effect from the change in tax rates	-35,746.00	-28,935.00
Trade tax adjustments	-153,642.00	-139,658.00
Value adjustment on deferred taxes on loss carryforwards	0.00	-307,230.00
Prior-year taxes	-78,391.53	-147,107.00
Permanent differences	-124,052.00	845,458.00
Non-deductible expenses	-37,177.00	-38,447.00
Other items	-152,336.05	183,875.52
Effective tax expense	-13,984,707.79	-13,088,076.73

As at 31 December 2024, the tax rates used to calculate deferred tax assets and liabilities were unchanged compared with the previous year.

The effective tax rate in the reporting year, based on the Group profit before tax, was 33.4% (previous year: 31.1%).

21. Cash flow statement

The cash flow statement shows the change in cash and cash equivalents during the year under review. A distinction is made between cash flows from operating business, investment and financing activities. Cash and cash equivalents comprise cash in hand and bank balances.

The cash flow from operating activities was determined using the indirect method.

The changes in liabilities from financing activities are as follows:

31 Dec 2024	Beginning of the period	Cash effective additions	Non-cash additions	Cash effective disposals	Non-cash interest	End of period
Liabilities to banks	156,250.00	0.00	0.00	-156,853.51	603.51	0.00
Other liabilities	3,982,649.47	1,329,673.63	0.00	-1,397,464.70	244,995.95	4,159,854.35
Lease liabilities	17,930,698.35	0.00	11,523,341.45	-7,052,892.87	474,980.10	22,876,127.03
Total	22,069,597.82	1,329,673.63	11,523,341.45	-8,607,211.08	720,579.56	27,035,981.38

31 Dec 2023	Beginning of the period	Cash effective additions	Non-cash additions	Cash effective disposals	Non-cash interest	End of period
Liabilities to banks	468,750.00	0.00	0.00	-312,500.00	0.00	156,250.00
Other liabilities	1,941,397.47	2,740,085.82	0.00	-811,223.58	112,389.76	3,982,649.47
Lease liabilities	18,657,345.54	0.00	5,036,318.51	-5,978,543.88	215,578.18	17,930,698.35
Total	21,067,493.01	2,740,085.82	5,036,318.51	-7,102,267.46	327,967.94	22,069,597.82

22. Segment reporting

secunet Group is split into two divisions: the Public Sector division and the Business Sector division. Both divisions are shown separately for the purposes of segment reporting, as they meet at least one of the quantitative thresholds defined in IFRS 8.13.

Segment report 2024

in thousand euros	Public Sector	Business Sector	secunet 2024
Segment revenue	369,671	36,714	406,385
Cost of sales	-284,283	-24,775	-309,058
Selling expenses	-22,221	-6,576	-28,797
Research and development costs	-7,214	-6,473	-13,687
Administrative costs	-11,153	-1,162	-12,315
Segment result (EBIT)	44,791	-2,265	42,526
Interest result			-599
Income from investments			0
Group profit before tax			41,927
Goodwill	46,328	1,300	47,628

Segment report 2023

in thousand euros	Public Sector	Business Sector	secunet 2023
Segment revenue	344,776	48,909	393,685
Cost of sales	-265,839	-37,819	-303,658
Selling expenses	-20,292	-5,760	-26,052
Research and development costs	-6,992	-3,349	-10,341
Administrative costs	-9,175	-1,475	-10,650
Segment result (EBIT)	42,478	506	42,984
Interest result			-895
Income from investments			0
Group profit before tax			42,089
Goodwill	46,328	1,300	47,628

secunet has a market-oriented organisational structure: two divisions – Public Sector and Business Sector – are respectively geared towards the needs of public clients and international organisations on the one hand, and to the target group of private companies on the other hand, offering consultancy services, products and solutions.

The Public Sector division offers its customers the SINA product family. These are solutions (software, hardware and management) for the cryptographically highly secure processing, transmission and storage of classified information of varying degrees of confidentiality. Additionally it offers public customers a wide range of IT security products and services, from IT security consulting and training to products for electronic passports, automated (biometric) border control systems, the ELSTER electronic tax return system and the equipment of large infrastructures with high-security technology and public key infrastructures.

The Business Sector division offers IT security consulting and solutions for the healthcare market and to meet the specific requirements of companies in the private sector. The range of solutions in the healthcare market consists mainly of the secunet konnektor for connection to the telematics infrastructure (TI) in the healthcare sector. The consulting services for private sector companies range from security assessments (known as penetration tests) via security consulting (for security policies and their implementation, for example) up to support for certification projects. The customer-specific solutions in the Business Sector are focused particularly on providers and operators of critical infrastructures, such as telecommunications companies, energy and utility companies, and on the automotive industry, as well as on companies with network-controlled, digital production and service processes (Industry 4.0). The portfolio contains, for example, the eID PKI Suite solution, which is used to generate, use and manage digital certificates. The certificates serve the purpose of authenticating users and technical components as well as signing and encrypting data and messages. Also included is the secunet edge product, which protects networked sensors, machines and systems in Industry 4.0 against cyber attacks.

The accounting principles for the segments are identical to those used for the Consolidated Financial Statements. Using apportionments, expenses (for example, overhead costs) that are not directly allocable to the reportable segments are allocated to the reportable segments.

The segments are managed on the basis of the segment results.

With the exception of non-essential components, the segments' assets are focused on the domestic market. There were no significant changes to the segment assets as at the balance sheet date.

Further details on sales revenue can be found in Note 16.

In segment reporting, the general administrative costs as well as other operating expenditure and income from the profit and loss account are summarised under administrative costs.

The selling expenses are combined with the net impairment loss on trade receivables and contract assets.

23. Other disclosures

Employees

In the 2024 financial year, the Group had an average of 1,185 employees (1,062 permanent employees and 123 temporary workers; previous year: 1,133 employees (1,014 permanent employees and 119 temporary workers)).

Obligations

As at 31 December 2024, secunet had purchase obligations consisting mainly of short-term contracts for the purchase of inventories and services that were concluded before the balance sheet date.

The total amount of payments required for the aforementioned obligations as at 31 December is distributed over the respective years as follows:

in euros
2025	31,620,502.34
2026	1,542,071.79
2027	133,026.50
2028	2,690,038.78
Following years	0.00
Total	35,985,639.41

Capital management

The capital management of secunet Group is geared primarily to the provisions and requirements of company law. The aim is to ensure that all Group companies can operate as going concerns. Where no special provisions dictate otherwise, the equity for tax purposes is the same as the balance sheet equity. In all other cases the balance sheet equity is adjusted in line with regulatory or contractual requirements. The Group is not subject to any minimum equity requirements.

The Group's equity (including non-controlling interests) as at 31 December 2024 was 150,833,262.92 euros (previous year: 137,843,271.93 euros).

Financial instruments

Risks from financial instruments

The risks arising from financial instruments relate to liquidity, default and market risks.

Liquidity risks

To ensure that it has sufficient funds at its disposal, the Group prepares a liquidity plan as part of its three-year planning. This is then compared against each set of month-end figures and subsequently analysed.

The finance department informs the CFO of the current level of available funds on a daily basis. In conjunction with a permanent reminder function, this ensures a high cash reserve at all times.

As at the balance sheet date, there was a framework credit agreement totalling 30 million euros (previous year: framework credit agreement amounting to 30 million euros). Of this amount, 1.787.571,77 euros (previous year: 1,777,643.68 euros) had been utilised for guarantees as at 31 December 2024.

A further guaranteed credit line totalling 6.0 million euros existed as at the balance sheet date (previous year: 6.0 million euros), of which 5.3 million euros (previous year: 4.1 million euros) has been drawn down.

At the end of the year, the Group had cash and cash equivalents amounting to 57,682,113.94 euros at its disposal (previous year: 41,269,674.54 euros). Current financial liabilities stood at 43,052,617.73 euros (previous year: 42,181,562.57 euros).

Default risks

Default risks, or risks that counterparties cannot meet their payment obligations on time, are addressed with approval and control processes.

The Group also assesses the solvency of its customers on a regular basis.

The maximum amount of the default risks arising for the Group corresponds to its total receivables. The Group is not exposed to any unusual default risks in respect of individual contracting partners or groups of contracting partners. Default risks are recognised through valuation allowances.

There are no concentrations of default risks in respect of individual customers. The overall default risk is estimated to be low.

An analysis of the trade receivables that were overdue can be found in the overview under Note 2.

Market risks

The Group generates the majority of its sales in the European currency area. The risks resulting from exchange rate fluctuations are therefore not significant. Fixed interest rates are agreed for the Company's interest-bearing call deposits and time deposits. Due to the high level of cash and cash equivalents, no financing through loans is required. Risks resulting from changes in interest rates can therefore also be regarded as low.

Other notes on financial instruments

During the reporting year, there were no reclassifications of financial assets between the measurement categories under IFRS 9. With the exception of the earn-out clause (contingent purchase price obligation), no financial assets and financial liabilities were measured at fair value through profit or loss (FVTPL).

The carrying amounts of current financial assets and liabilities as well as non-current trade receivables represent an appropriate approximation of fair value for the purposes of IFRS.

For financial instruments measured at amortised cost, expenses of 699 thousand euros (previous year: 0 thousand euros) due to impairments and write-downs, and income of 0 thousand euros (previous year: 83 thousand euros) due to write-ups were reported in the 2024 financial year.

Additional notes on financial instruments

The carrying amounts and fair values of the financial instruments reported in the balance sheet are as follows:

31 Dec 2024	Carrying amounts
in euros	Mandatory as FVTPL	At amortised cost	Not allocated to any IFRS 9 category	Financial liabilities at amortised cost
Financial assets measured at fair value
Non-current financial assets	0.00	0.00	6,306,820.30	0.00
Financial assets not measured at fair value
Cash and cash equivalents	0.00	57,682,113.94	0.00	0.00
Trade receivables	0.00	84,807,157.94	0.00	0.00
Intercompany financial assets	0.00	42,680.84	0.00	0.00
Other current and non-current assets	0.00	1,333,501.85	0.00	0.00
	0.00	143,865,454.57	0.00	0.00
Financial liabilities measured at fair value
Other current and non-current liabilities	0.00	0.00	0.00	0.00
Financial liabilities not measured at fair value
Trade accounts payable	0.00	0.00	0.00	41,611,809.36
Intercompany payables	0.00	0.00	0.00	151,549.96
Current and non-current liabilities from loans	0.00	0.00	0.00	4,159,854.35
Other current and non-current liabilities	0.00	0.00	0.00	0.00
	0.00	0.00	0.00	45,923,213.67

Carrying

		Fair value		Carrying amounts
Total fair values	Level 3	Level 2	Level 1	Total carrying amounts
6,306,820.30	0.00	6,306,820.30	0.00	6,306,820.30
0.00	0.00	0.00	0.00	57,682,113.94
0.00	0.00	0.00	0.00	84,807,157.94
0.00	0.00	0.00	0.00	42,680.84
0.00	0.00	0.00	0.00	1,333,501.85
0.00	0.00	0.00	0.00	143,865,454.57

0.00	0.00	0.00	0.00	0.00

0.00	0.00	0.00	0.00	41,611,809.36
0.00	0.00	0.00	0.00	151,549.96
4,159,854.35	0.00	4,159,854.35	0.00	4,159,854.35
0.00	0.00	0.00	0.00	0.00
4,159,854.35	0.00	4,159,854.35	0.00	45,923,213.67

Additional notes on financial instruments

The carrying amounts and fair values of the financial instruments reported in the balance sheet are as follows:

31 Dec 2023	Carrying amounts
in euros	Mandatory as FVTPL	At amortised cost	Not allocated to any IFRS 9 category	Financial liabilities at amortised cost
Financial assets measured at fair value
Non-current financial assets	0.00	0.00	6,438,407.00	0.00
Financial assets not measured at fair value
Cash and cash equivalents	0.00	41,269,674.54	0.00	0.00
Trade receivables	0.00	88,896,835.69	0.00	0.00
Intercompany financial assets	0.00	1,234,850.54	0.00	0.00
Other current and non-current assets	0.00	409,299.26	0.00	0.00
	0.00	131,810,660.03	0.00	0.00
Financial liabilities measured at fair value
Other current and non-current liabilities	8,491,643.00	0.00	0.00	0.00

Financial liabilities not measured at fair value
Trade accounts payable	0.00	0.00	0.00	32,354,865.81
Intercompany payables	0.00	0.00	0.00	173,410.58
Current and non-current liabilities from loans	0.00	0.00	0.00	4,138,899.47
Other current and non-current liabilities	0.00	0.00	0.00	0.00
	0.00	0.00	0.00	36,667,175.86

Carrying

		Fair value
Total carrying amounts Level 1	Level 2	Level 3	Total fair values
6,438,407.00 0.00	6,438,407.00	0.00	6,438,407.00
41,269,674.54 0.00	0.00	0.00	0.00
88,896,835.69 0.00	0.00	0.00	0.00
1,234,850.54 0.00	0.00	0.00	0.00
409,299.26 0.00	0.00	0.00	0.00
131,810,660.03 0.00	0.00	0.00	0.00

8,491,643.00 0.00	0.00	8,491,643.00	8,491,643.00

32,354,865.81 0.00	0.00	0.00	0.00
173,410.58 0.00	0.00	0.00	0.00
4,138,899.47 0.00	4,138,899.47	0.00	4,138,899.47
0.00 0.00	0.00	0.00	0.00
36,667,175.86 0.00	4,138,899.47	0.00	4,138,899.47

Net profit / loss from financial instruments for the two financial years was as follows:

in euros	2024	2023
Loans and receivables
Interest result	771,256.94	1,888.35
Losses from derecognised receivables	-469,108.09	-113,947.37
Gains on receivables written off	1,459.80	8,392.84
Impairment losses (–) / impairment reversals (+)	-231,388.26	83,673.53
	72,220.39	-19,992.65
Financial assets measured at fair value through profit or loss
Interest result	-72,750.35	-107,525.70
Total	-529.96	-127,518.35

Corporate Governance

The Management Board and Supervisory Board issued the declaration pursuant to Section 161 AktG in respect of secunet AG and made it permanently available to the shareholders on the Company's website (https://www.secunet.com/en/about-us/investors/corporate governance).

Corporate bodies

In the reporting year, the Company's Management Board comprised the following members:

» Qualified industrial engineer Axel Deininger
» Qualified engineer Torsten Henn
» Dr-Ing Kai Martius
» Qualified business economist (FH) Thomas Pleines (until 31 May 2024)
» Diplom-Kauffrau (business administration) Jessica Nospers (from 1 June 2024)

Fees for auditors of Consolidated Financial Statements

In the financial year, the following fees paid to the auditors of the Consolidated Financial Statements, BDO AG Wirtschaftsprüfungsgesellschaft, were recognized.

in thousand euros	2024	2023
Audit services	286	227
Other certification services	95	48
Tax advisor services	0	0
Other services	0	0
Total	381	275

The total fee charged by the Company's auditors is broken down into audit services and other assurance services in the corresponding disclosure in the Consolidated Financial Statements of secunet Security Networks AG.

For secunet Security Networks AG and the companies it controls, other assurance services were provided mainly for services in connection with the auditor's review of the half-year report, the economic audit of the Sustainability Statement and the substantive audit of the Management Board remuneration report.

Related party disclosures

Transactions with related persons

The remuneration of key management personnel breaks down into the following categories pursuant to IAS 24:

in thousand euros	31 Dec 2024	31 Dec 2023
Management Board
Short-term employee benefits	2,031.3	1,474.3
Post-employment benefits	36.7	65.4
Other long-term employee benefits	0.0	0.0
Share-based remuneration	1,150.3	99.9
Total	3,218.3	1,639.6

Supervisory Board
Short-term employee benefits	142.5	142.5

The service cost resulting from the pension provisions for active members of the Management Board and the past service cost, if applicable, are reported as post-employment benefits. The disclosure of share-based remuneration refers to the expense from share-based remuneration in the financial year.

Provisions for pensions for members of the Management Board (IFRS) are recognised in the amount of 487 thousand euros (previous year: 1,396 thousand euros). According to the regulations of the German Commercial Code (HGB), these provisions amount to 639 thousand euros (previous year: 1,764 thousand euros).

Provisions for pensions for former members of the Management Board (IFRS) are recognised in the amount of 2,066 thousand euros (previous year: 1,251 thousand euros). According to the regulations of the German Commercial Code (HGB), these provisions amount to 2,533 thousand euros (previous year: 1,450 thousand euros).

Pension payments for former members of the Management Board were made in the amount of 50.6 thousand euros (previous year: 50.1 thousand euros).

Former members of the Management Board received fees of 18.6 thousand euros (previous year: 12.9 thousand euros) in connection with consultancy contracts.

The total remuneration of the active members of the Management Board pursuant to Section 314 (1) no. 6a of the German Commercial Code (HGB) for their work in the reporting year amounted to 3,825 thousand euros (previous year: 1,776 thousand euros). This includes the basic remuneration, fringe benefits and benefits in kind, short-term variable remuneration and the expense for long-term variable remuneration recognised in the financial year. For the long-term variable remuneration, provisional virtual shares were granted within the framework of the 2024 – 2027 tranche, the fair value of which amounted to 227 thousand euros at the time of allocation. For the long-term variable remuneration, provisional virtual shares were granted in accordance with the 2024 – 2027 tranche of the PSP II, the fair value of which amounted to 1,566 thousand euros at the time of allocation.

For further information on share-based remuneration, please refer to the explanations in Note 14.

A provision of 809 thousand euros (previous year: 403 thousand euros) was recognised for short-term variable remuneration in the financial year. The payment is measured according to the target achievement determined by the Supervisory Board on the basis of the applicable Management Board remuneration system and is scheduled for April 2025. The determination is made using the financial performance criteria of EBITDA and sales revenue on an equally weighted basis. For the 2024 financial year, the EBITDA target was set at 52 million euros and the sales target at 390 million euros.

If the target value for a set target is reached, the target achievement level is 100% in each case. The minimum value forms the lower end of the target corridor, at which the target achievement level is 50% for the respective target. The maximum value forms the upper end of the target corridor, at or above which the target achievement level is 200% for the respective target. If the value achieved in respect of a target falls below the minimum value, the target achievement level for this target corresponds to 0%. If the value achieved in respect of a target exceeds the minimum value but does not reach the target value, or if the value achieved exceeds the target value but does not reach the maximum value, the target achievement level for the target in question is determined by linear interpolation between the respective minimum and target values or between the respective target and maximum values.

In the 2024 financial year, members of the Management Board held 1,000 shares (previous year: 1,000 shares) in secunet Security Networks AG. As in the previous year, members of the Supervisory Board held no shares in secunet AG.

Supervisory Board remuneration for the reporting year totalled 142.5 thousand euros (previous year: 142.5 thousand euros). In addition, the employee representatives on the Supervisory Board receive remuneration at a normal market rate for their work.

Transactions with related companies of MC Familiengesellschaft mbH

secunet AG is a majority holding of Giesecke + Devrient GmbH, Munich, which has a 75.12% stake in the Company. secunet AG is included in the Consolidated Financial Statements of MC Familiengesellschaft mbH, Munich.

The following transactions were carried out in the specified period with group companies of MC Familiengesellschaft mbH on the usual market terms:

1. Sales revenues resulting from services performed for affiliated companies in the MC Familiengesellschaft Group

in euros	31 Dec 2024	31 Dec 2023
Parent company
Giesecke + Devrient GmbH, Munich	1,315.22	0.00
Other affiliated companies
Veridos GmbH, Berlin	385,776.22	1,815,179.19
Giesecke + Devrient Currency Technologies GmbH, Munich	198,111.08	226,591.96
Giesecke + Devrient advance52, Munich	58,916.44	170,510.38
Giesecke + Devrient ePayments GmbH, Munich	44,138.04	42,831.95
Giesecke + Devrient Group Services GmbH & Co. KG, Munich	24,842.83	475,989.30
Papierfabrik Louisenthal GmbH, Gmund am Tegernsee	10,367.85	25,139.36
Giesecke & Devrient MS India Private Limited, New Delhi	7,738.56	8,010.00
Giesecke + Devrient Malaysia SDN BHD, Kuala Lumpur	4,835.01	0.00
Veridos Mexico S. A. de C. V., Mexico City	363.24	0.00
Total	736,404.49	2,764,252.14

The sales revenues with affiliated companies of the MC Familiengesellschaft Group are generated within the framework of hardware and service projects.

For projects with affiliated companies in the MC Familiengesellschaft Group, provisions for deferred costs of 0 thousand euros (previous year: 0 thousand euros) were created.

in euros	31 Dec 2024	31 Dec 2023
Parent company
Giesecke + Devrient GmbH, Munich	37,620.09	110,544.08
Other affiliated companies
Giesecke + Devrient Currency Technology FZE, Dubai / UAE	590,736.84	292,230.06
Netcetera AG, Zurich / Switzerland	544,599.98	188,400.00
Giesecke + Devrient ePayments GmbH, Munich	250,471.50	1,297,161.80
Giesecke + Devrient ePayments Finland Oy, Helsinki / Finland	247,538.91	0.00
Giesecke + Devrient Immobilien Management GmbH, Munich	51,673.53	54,689.04
Giesecke + Devrient Group Services GmbH & Co. KG, Munich	26,190.53	25,427.70
Giesecke + Devrient Currency Technology GmbH, Munich	6,047.03	0.00
Veridos GmbH, Berlin	4,778.52	13,404.80
Giesecke + Devrient Currency Technology Africa Ltd., Lagos /Nigeria	3,352.75	0.00
Total	1,763,009.68	1,981,857.48

2. Services purchased from affiliated companies in the MC Familiengesellschaft Group

3. Receivables from affiliated companies in the MC Familiengesellschaft Group

in euros	31 Dec 2024	31 Dec 2023
Other affiliated companies
Veridos GmbH, Berlin	38,329.90	1,077,629.49
Giesecke + Devrient advance52, Munich	4,350.94	24,424.76
Giesecke + Devrient Currency Technologies GmbH, Munich	0.00	61,957.33
Giesecke + Devrient Service GmbH & Co. KG, Munich	0.00	54,300.82
Giesecke + Devrient ePayments GmbH, Munich	0.00	12,744.90
Papierfabrik Louisenthal GmbH, Gmund am Tegernsee	0.00	3,793.24
Total	42,680.84	1,234,850.54

Receivables from Group companies comprise 42,680.84 euros as trade receivables (previous year: 1,234,850.54 euros).

4. Payables to affiliated companies in the MC Familiengesellschaft Group

in euros	31 Dec 2024	31 Dec 2023
Parent company
Giesecke + Devrient GmbH, Munich	2,321.41	30,896.48
Other affiliated companies
Giesecke + Devrient Currency Technology FZE, Dubai / UAE	63,339.56	39,449.70
Netcetera AG, Zurich / Switzerland	57,800.00	50,400.00
Giesecke + Devrient ePayments Finland Oy, Helsinki / Finland	22,155.53	0.00
Giesecke + Devrient Immobilien Management GmbH, Munich	4,329.46	5,423.33
Giesecke + Devrient ePayments GmbH, Munich	1,604.00	1,030.40
Giesecke + Devrient Group Services GmbH & Co. KG, Munich	0.00	30,258.96
Veridos GmbH, Berlin	0.00	15,951.71
Total	151,549.96	173,410.58

Payables to Group companies consist entirely of trade accounts payable.

Events after the balance sheet date

There were no events after the balance sheet date.

The Management Board

Essen, 25 March 2025

Axel Deininger Torsten Henn

Dr Kai Martius Jessica Nospers

Independent auditor's report

To the secunet Security Networks Aktiengesellschaft, Essen

Report on the audit of the consolidated financial statements and of the combined management report

Audit opinions

We have audited the consolidated financial statements of secunet Security Networks Aktiengesellschaft, Essen, and its subsidiaries (the Group), which comprise the consolidated balance sheet as at 31 December 2024, consolidated income statement, consolidated statement of comprehensive income, consolidated statement of changes in equity and consolidated cash flow statement for the financial year from 1 January 2024 to 31 December 2024, and notes to the consolidated financial statements, including a summary of significant accounting policies.

In addition, we have audited the combined management report (report on the position of the Company and the Group) of secunet Security Networks Aktiengesellschaft, Essen, for the financial year from 1 January 2024 to 31 December 2024. In accordance with German legal requirements, we have not audited the content of those parts of the combined management report specified in the "OTHER INFORMATION" section.

In our opinion, on the basis of the knowledge obtained in the audit,

» the accompanying consolidated financial statements comply, in all material respects, with the IFRSs as adopted by the EU, and the additional requirements of German commercial law pursuant to Section 315e (1) HGB [Handelsgesetzbuch: German Commercial Code] and, in compliance with these requirements, give a true and fair view of the assets, liabilities, and financial position of the Group as of 31 December 2024, and of its financial performance for the financial year from 1 January 2024 to 31 December 2024.
» the accompanying combined Management Report as a whole provides an appropriate view of the Group's position. In all material respects, this combined management report is consistent with the consolidated financial statements, complies with German legal requirements and appropriately presents the opportunities and risks of future development. Our audit opinion on the combined management report does not cover the contents of those parts of the combined management report specified in the "OTHER INFORMATION" section.

Pursuant to Section 322 (3), sentence 1 HGB, we declare that our audit has not led to any reservations relating to the legal compliance of the consolidated financial statements and of the combined Management Report.

Basis for the audit opinions

We conducted our audit of the consolidated financial statements and of the combined Management Report in accordance with Section 317 HGB and EU Audit Regulation No. 537/2014 (referred to subsequently as "EU Audit Regulation") and in compliance with German Generally Accepted Standards for Financial Statement Audits promulgated by the Institut der Wirtschaftsprüfer [Institute of Public Auditors in Germany] (IDW). Our responsibilities under those requirements and principles are further described in the "AUDITOR'S RESPONSIBILITIES FOR THE AUDIT OF THE CONSOLIDATED FINANCIAL STATEMENTS AND OF THE COMBINED MANAGEMENT REPORT" section of our auditor's report. We are independent of the Group entities in accordance with the requirements of European law and German commercial and professional law, and we have fulfilled our other German professional responsibilities in accordance with these requirements.

In addition, in accordance with Article 10 (2), point (f) of the EU Audit Regulation, we declare that we have not provided non-audit services prohibited under Article 5 (1) of the EU Audit Regulation.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinions on the consolidated financial statements and on the combined management report.

Key audit matters in the audit of the consolidated financial statements

Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the consolidated financial statements for the financial year from 1 January 2024 to 31 December 2024. These matters were addressed in the context of our audit of the consolidated financial statements as a whole, and in forming our audit opinion thereon; we do not provide a separate audit opinion on these matters.

We have determined the following matters to be the key audit matters to be communicated in our auditor's report:

» 1. Revenue recognition
» 2. Goodwill impairment

1. Revenue recognition

Matter

Sales revenue amounting to 406.4 million euros is reported in the income statement in the consolidated financial statements of secunet Security Networks Aktiengesellschaft.

secunet Group generates revenue from the sale of hardware products and software licences, which it recognises as at the date or in the period during which the power of disposition transfers to the customer. If at that time further services are agreed with the customer, particularly for maintenance, updates and extended warranty commitments, sales revenue is realised for the period in which it arises over the term of the agreement. To that end, the individual components are allocated in the agreement to separate performance obligations and the agreed transaction price is allocated to the individual performance obligations according to the relative individual selling prices. Furthermore, secunet Group realises sales revenue from the provision of specialised services relating to consulting on the implementation of comprehensive IT security solutions on the basis of work hours performed as at the reporting date as well as the development of software based on the percentage of completion.

Due to the structure of the customer base, which largely comprises public entities such as public authorities, ministries and defence organisations, the number of orders and accordingly the volume of work contracted and performed is relatively greater in the fourth quarter of a given financial year than in the other quarters.

In light of the large number of business transactions at the end of the financial year, combined with the different contractual agreements, there is a material risk that the sales revenue in the financial year ended is not allocated to the correct period. Against this background, this matter was of particular significance for our audit.

The Company's disclosures relating to sales revenue are contained in the section "General principles" of the notes and in Section 16 "Sales revenue".

Auditor's response and observations

As part of this audit, we obtained an understanding of the underlying contractual agreements and assessed them with regard to the time at which revenue can be recognised in accordance with the rules of IFRS 15. Also, during our audit, we used IT-based audit techniques to assess, among other things, the appropriateness and effectiveness of the Company's established internal control system with respect to order acceptance and invoicing to ensure full and correct recognition of sales revenue as well as the allocation of that revenue to the correct periods. We consulted and evaluated the corresponding contractual documents to assess the recognition of revenue, and primarily compared invoices for revenue, which were selected on a test basis for sales revenue which was realised in December 2024 and January 2025, against the associated orders, contracts, external delivery documentation, acceptance certificates and timesheets. Moreover, we obtained balance confirmations for trade receivables on a test basis. In instances where we did not receive responses with respect to the requested sales transactions, we reviewed these on the basis of alternative audit procedures, particularly by comparing sales revenue against the aforementioned external documents.

We were able to satisfy ourselves that the systems and processes in place, as well as the established controls, are appropriate overall for the purpose of ensuring that sales revenue is allocated to the correct periods.

2. Goodwill impairment

Matter

The Consolidated Financial Statements of secunet Security Networks Aktiengesellschaft (hereinafter referred to as "secunet AG") show goodwill totalling 47.6 million euros, which accounts for 13.2% (previous year: 47.6 million euros, 14.5%) of the consolidated balance sheet total.

Cash-generating units with goodwill are subjected to an impairment test by the company as at 31 December of each financial year and additionally if there are indications of reduced recoverability. The recoverable amount based on the value in use is determined using a valuation model based on the discounted cash flow method. If the carrying amount of a cash-generating unit is higher than the recoverable amount, an impairment loss is recognised in the amount of the difference.

The assessment of the recoverability of goodwill is complex and requires numerous estimates and discretionary decisions by the executive directors, particularly with regard to the amount of future cash surpluses, the growth rate for the forecast of cash flows beyond the detailed planning period and the discount rate to be used. Due to the significance of the amount of goodwill for the consolidated financial statements of secunet AG and the significant uncertainties associated with the measurement, this is a key audit matter.

The Company's disclosures on the recoverability of goodwill can be found in the notes to the financial statements under "General principles" and Section 6 "Goodwill".

Auditor's response and observations

As part of our audit, we assessed the appropriateness of the key assumptions and parameters subject to judgement as well as the calculation method of the impairment tests with the involvement of our valuation specialists. We obtained an understanding of the planning system and the planning process as well as the key assumptions made by the executive directors in the planning. We reconciled the forecast of future cash surpluses in the detailed planning period with the annual plan approved by the Supervisory Board and the three-year plan prepared by the executive directors and satisfied ourselves of the Company's adherence to the plan on the basis of an analysis of plan /actual variances in the past and in the current financial year. We have verified the assumptions underlying the planning and the growth rates assumed in the forecast of cash flows beyond the detailed planning period by comparing them with current industry-specific market expectations. In addition, we critically scrutinised the discount rates used on the basis of the average cost of capital of a peer group. Our audit also included the sensitivity analyses performed by secunet AG. With regard to the effects of possible changes in the weighted average costs of capital (WACC) and the EBIT margin in the terminal value, our valuation experts have also carried out their own sensitivity analyses.

Overall, we were able to satisfy ourselves that the assumptions made by the executive directors in performing the impairment test and the valuation parameters used are reasonable and within an acceptable range.

Other Information

Management and the Supervisory Board are responsible for the other information. The other information comprises:

» the combined sustainability statement contained in the section "Combined sustainability statement of the Company and the Group" of the combined sustainability statement.
» the separately published declaration on corporate governance pursuant to Sections 289f and 315d HGB, to which reference is made in the section "Management and Control – Reference to the Corporate Governance Statement pursuant to Sections 289f HGB and 315d HGB" of the combined management report.
» the separately published remuneration report within the meaning of Section 162 AktG, to which reference is made in the section "Remuneration report pursuant to Section 162AktG" of the combined management report.
» the information contained in the combined management report that is not part of the management report and has been labelled as unaudited. These include the reporting contained in the section "Risk management and internal control system", subsection "Statement on the appropriateness and effectiveness of governance systems".
» the remaining parts of the annual report, with the exception of the audited consolidated financial statements and combined management report and our auditor's report.

Our audit opinions on the consolidated financial statements and on the combined management report do not cover the other information, and consequently we do not express an audit opinion or any other form of assurance conclusion thereon.

In connection with our audit of the consolidated financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information

» is materially inconsistent with the consolidated financial statements, with the combined management report or our knowledge obtained in the audit, or
» otherwise appears to be materially misstated.

If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this context.

Responsibilities of the executive directors and the Supervisory Board for the consolidated financial statements and the combined management report

The executive directors are responsible for the preparation of the consolidated financial statements that comply, in all material respects, with IFRSs as adopted by the EU and the additional requirements of German commercial law pursuant to Section 315e (1) HGB and that the consolidated financial statements, in compliance with these requirements, give a true and fair view of the assets, liabilities, financial position and financial performance of the Group. In addition, the executive directors are responsible for such internal control as they have determined necessary to enable the preparation of consolidated financial statements that are free from material misstatement, whether due to fraud (i. e. fraudulent accounting manipulations and misstatements of assets) or error.

In preparing the consolidated financial statements, the executive directors are responsible for assessing the Group's ability to continue as a going concern. They also have the responsibility for disclosing, as applicable, matters related to going concern. In addition, they are responsible for financial reporting based on the going concern basis of accounting unless there is an intention to liquidate the Group or to cease operations, or there is no realistic alternative but to do so.

Furthermore, the executive directors are responsible for the preparation of the combined management report that, as a whole, provides an appropriate view of the Group's position and is, in all material respects, consistent with the consolidated financial statements, complies with German legal requirements, and appropriately presents the opportunities and risks of future development. In addition, the executive directors are responsible for such arrangements and measures (systems) as they have considered necessary to enable the preparation of a combined management report that is in accordance with the applicable German legal requirements, and to be able to provide sufficient appropriate evidence for the assertions in the combined management report.

The Supervisory Board is responsible for overseeing the Group's financial reporting process for the preparation of the consolidated financial statements and of the combined management report.

Auditor's responsibilities for the audit of the consolidated financial statements and of the combined management report

Our objectives are to obtain reasonable assurance about whether the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and whether the combined management report as a whole provides an appropriate view of the Group's position and, in all material respects, is consistent with the consolidated financial statements and the knowledge obtained in the audit, complies with the German legal requirements and appropriately presents the opportunities and risks of future development, as well as to issue an auditor's report that includes our audit opinions on the consolidated financial statements and on the combined management report.

Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with Section 317 HGB and the EU Audit Regulation and in compliance with German Generally Accepted Standards for Financial Statement Audits promulgated by the Institut der Wirtschaftsprüfer (IDW) will always detect a material misstatement. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these consolidated financial statements and this combined management report.

We exercise professional judgement and maintain professional scepticism throughout the audit. We also:

» identify and assess the risks of material misstatement of the consolidated financial statements and of the combined management report, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our audit opinions. The risk of not detecting material misstatements resulting from fraud is higher than the risk of not detecting material misstatements resulting from errors, as fraud may involve collusion, forgery, intentional omissions, misleading representations or the overriding of internal controls.
» obtain an understanding of internal control relevant to the audit of the consolidated financial statements and of arrangements and measures (systems) relevant to the audit of the combined management report in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an audit opinion on the effectiveness of these systems.
» evaluate the appropriateness of accounting policies used by the executive directors and the reasonableness of estimates made by the executive directors and related disclosures.
» conclude on the appropriateness of the executive directors' use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Group's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in the auditor's report to the related disclosures in the consolidated financial statements and in the combined management report or, if such disclosures are inadequate, to modify our respective audit opinions. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the Group to cease to be able to continue as a going concern.
» evaluate the presentation, structure and content of the consolidated financial statements as a whole, including the disclosures, and whether the consolidated financial statements present the underlying transactions and events in a manner that the consolidated financial statements give a true and fair view of the assets, liabilities, financial position and financial performance of the Group in compliance with IFRSs as adopted by the EU and the additional requirements of German commercial law pursuant to Section 315e (1) HGB.
» obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the Group to express audit opinions on the consolidated financial statements and on the combined management report. We are responsible for the direction, supervision and performance of the Group audit. We remain solely responsible for our opinions.
» evaluate the consistency of the combined management report with the consolidated financial statements, its conformity with German law, and the view of the Group's position it provides.
» perform audit procedures on the prospective information presented by the executive directors in the combined management report. On the basis of sufficient appropriate audit evidence we evaluate, in particular, the significant assumptions used by the executive directors as a basis for the prospective information, and evaluate the proper derivation of the prospective information from these assumptions. We do not express a separate opinion on the prospective information and on the assumptions used as a basis. There is a substantial unavoidable risk that future events will differ materially from the prospective information.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with the relevant independence requirements, and communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and, where relevant, the actions taken or safeguards implemented to address threats to our independence. From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the consolidated financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter.

Other legal and regulatory requirements

Report on the assurance on the electronic rendering of the consolidated financial statements and the combined management report, prepared for publication purposes in accordance with § 317 (3a) HGB

Assurance opinion

We have performed an assurance engagement in accordance with Section 317 (3a) HGB to obtain reasonable assurance about whether the reproduction of the consolidated financial statements and the combined management report (hereinafter the "ESEF documents") contained in the electronic file "secunet_AG_KA_KLB_ESEF_2024_12_31.zip" and prepared for publication purposes complies in all material respects with the requirements of Section 328 (1) HGB for the electronic reporting format ("ESEF format"). In accordance with German legal requirements, this assurance engagement only extends to the conversion of the information contained in the consolidated financial statements and the combined management report into the ESEF format and therefore relates neither to the information contained within this reproduction nor to any other information contained in the above-mentioned electronic file.

In our opinion, the reproduction of the consolidated financial statements and the combined management report contained in the above-mentioned attached electronic file and prepared for publication purposes complies in all material respects with the requirements of Section 328 (1) HGB for the electronic reporting format. We do not express any opinion on the information contained in this reproduction nor on any other information contained in the above-mentioned electronic file beyond this reasonable assurance conclusion and our audit opinion on the accompanying consolidated financial statements and the accompanying combined management report for the financial year from 1 January 2024 to 31 December 2024 contained in the "Report on the Audit of the Consolidated Financial Statements and on the Combined Management Report" above.

Basis for the assurance opinion

We conducted our assurance engagement on the reproduction of the consolidated financial statements and the combined management report contained in the above-mentioned attached electronic file in accordance with Section 317 (3a) HGB and the IDW Assurance Standard: Assurance in Accordance with Section 317 (3a) HGB on the Electronic Reproduction of Financial Statements and Management Reports Prepared for Publication Purposes (IDW PS 410 (06.2022)). Accordingly, our responsibilities are further described below in the "Group Auditor's Responsibilities for the Assurance Engagement on the ESEF Documents" section. Our auditing practice has applied the requirements of the IDW Quality Management Standards, which implement the IAASB's International Standards on Quality Management.

Responsibilities of the executive directors and the Supervisory Board for the ESEF documents

The executive directors of the Company are responsible for the preparation of the ESEF documents including the electronic reproduction of the consolidated financial statements and the combined management report in accordance with Section 328 (1), sentence 4, no. 1 HGB and for the tagging of the consolidated financial statements in accordance with Section 328 (1), sentence 4, no. 2 HGB.

In addition, the executive directors of the Company are responsible for such internal control as they have considered necessary to enable the preparation of ESEF documents that are free from material non-compliance with the requirements of Section 328 (1) HGB for the electronic reporting format, whether due to fraud or error.

The Supervisory Board is responsible for overseeing the preparation of the ESEF documents as part of the financial reporting process.

Auditor's responsibilities for the assurance work on the ESEF documents

Our objective is to obtain reasonable assurance about whether the ESEF documents are free from material non-compliance with the requirements of Section 328 (1) HGB, whether due to fraud or error. We exercise professional judgement and maintain professional scepticism throughout the audit. We also:

» identify and assess the risks of material non-compliance with the requirements of Section 328 (1) HGB, whether due to fraud or error, design and perform assurance procedures responsive to those risks, and obtain assurance evidence that is sufficient and appropriate to provide a basis for our assurance conclusion.
» obtain an understanding of internal control relevant to the assurance engagement on the ESEF documents in order to design assurance procedures that are appropriate in the circumstances, but not for the purpose of expressing an assurance conclusion on the effectiveness of these controls.
» evaluate the technical validity of the ESEF documents, i. e. whether the electronic file containing the ESEF documents meets the requirements of the Delegated Regulation (EU) 2019/815 in the version applicable as at the balance sheet date on the technical specification for this electronic file.
» evaluate whether the ESEF documents enable an XHTML reproduction with content equivalent to the audited consolidated financial statements and to the audited combined management report.
» evaluate whether the tagging of the ESEF documents with Inline XBRL technology (iXBRL) in accordance with Articles 4 and 6 of the Delegated Regulation (EU) 2019/815 in the version applicable as at the balance sheet date enables an appropriate and complete machine-readable XBRL copy of the XHTML reproduction.

Further information pursuant to Article 10 of the EU Audit Regulation

We were elected as auditor at the Annual General Meeting on 23 May 2024. We were engaged by the Supervisory Board on 19 September 2024. We have been the Group auditor of secunet Security Networks Aktiengesellschaft, since the 2023 financial year.

We declare that the opinions expressed in this audit opinion are consistent with the additional report to the audit committee pursuant to Article 11 of the EU Audit Regulation (audit report).

Other matter – use of the auditor's report

Our audit opinion should always be read in conjunction with the audited consolidated financial statements and the audited combined management report as well as the audited ESEF documents. The consolidated financial statements and the combined management report converted into the ESEF format – including the versions to be entered in the central register of companies – are merely electronic reproductions of the audited consolidated financial statements and the audited combined management report and do not replace them. In particular, the ESEF report and our audit opinion contained therein can only be used in conjunction with the audited ESEF documents provided in electronic form.

German public auditor responsible for the engagement

The German Public Auditor responsible for the engagement is Dr Marcus Falk.

Essen, 26 March 2025

BDO AG Wirtschaftsprüfungsgesellschaft

signed Marc Fritz signed Dr Marcus Falk Wirtschaftsprüfer Wirtschaftsprüfer (German Public Auditor) (German Public Auditor)

Responsibility statement

"To the best of our knowledge, and in accordance with the applicable accounting principles, the Consolidated Financial Statements give a true and fair view of the assets, liabilities, financial position and results of operations of the Group, and the Group Management Report includes a true and fair presentation of the development and performance of the business and the position of the Group, together with a description of the principal opportunities and risks associated with the expected development of the Group."

Essen, 25 March 2025

Axel Deininger Torsten Henn

Dr Kai Martius Jessica Nospers

4.Annual Financial Statements

of secunet Security Networks Aktiengesellschaft, Essen

246	Balance sheet
247	Income statement
248	Notes
266	Independent auditor's report
278	Responsibility statement

245

Annual Financial Statements

of secunet Security Networks Aktiengesellschaft, Essen

Balance sheet

(according to HGB) as at 31 December 2024

Assets

Note	31 Dec 2024	31 Dec 2023

	923,505.00	1,154,060.00
	7,501,278.00	6,879,027.69
	89,040,595.04	80,499,152.04
1	97,465,378.04	88,532,239.73

2	55,579,671.50	50,521,853.28
3	86,404,294.70	96,583,853.94
4	53,819,380.22	35,177,432.79
	195,803,346.42	182,283,140.01
5	24,059,251.15	16,727,936.08

	317,327,975.61	287,543,315.82

Liabilities

in euros	Note	31 Dec 2024	31 Dec 2023
A. Equity
Subscribed capital		6,500,000.00	6,500,000.00
Nominal value of treasury shares		-30,498.00	-30,498.00
I. Issued capital		6,469,502.00	6,469,502.00
II. Capital reserves		21,656,305.42	21,656,305.42
III. Retained earnings
Other retained earnings		109,250,451.13	91,616,863.84
IV. Net accumulated profit		17,661,740.46	15,268,024.72
Total equity	6	155,037,999.01	135,010,695.98
B. Provisions	7	37,293,050.28	29,489,300.64
C. Liabilities	8	47,046,902.25	60,609,157.99
D. Deferred income and accrued expenses	9	77,950,024.07	62,434,161.21

Total liabilities		317,327,975.61	287,543,315.82

Income statement

(according to HGB) for the period from 1 January 2024 to 31 December 2024

in euros	Note	1 Jan – 31 Dec 2024	1 Jan – 31 Dec 2023
Sales revenue	10	389,294,367.67	372,412,474.82
Decrease / increase of unfinished services, work in progress & finished goods		1,617,532.18	-1,001,277.74
Other operating income	11	3,652,549.39	1,242,483.90
Materials expenses	12	-208,304,001.65	-209,904,858.98
Personnel expenses	13	-94,788,570.02	-80,082,223.90
Depreciation and amortisation of intangible fixed assets and tangible fixed assets	14	-4,120,805.78	-4,344,413.32
Other operating expenses	15	-36,285,290.15	-34,887,410.26
Income from equity investments	16	0.00	2,665,414.63
Financial result	17	630,021.38	-1,072,033.86
Income taxes	18	-16,444,870.00	-14,191,401.58
Earnings after taxes		35,250,933.02	30,836,753.71

Other taxes	18	44,394.73	-312,275.99
Net income for the year		35,295,327.75	30,524,477.72

Transfer to other retained earnings		-17,633,587.29	-15,256,453.00
Net accumulated profit	19	17,661,740.46	15,268,024.72

Notes

regarding secunet Security Networks Aktiengesellschaft for the 2024 financial year (according to HGB)

General principles

secunet Security Networks Aktiengesellschaft in Essen, Germany (hereinafter referred to as "secunet AG" or the "Company") is a large public liability company within the meaning of Section 267 (3), sentences 1 and 2 of the German Commercial Code (Handelsgesetzbuch, HGB) and is entered in the Commercial Register at Essen Local Court (Reg. No. 13615).

The Annual Financial Statements of secunet AG are prepared in accordance with the regulations of the HGB and taking the supplementary provisions of the German Stock Corporation Act (Aktiengesetz, AktG) into account.

The valuations as at 31 December 2023 were adopted unchanged.

The financial statements have been prepared on the assumption that the Company is a going concern.

The income statement is based on the total expenditure format.

In order to enhance the clarity and transparency of the reporting, the balance sheet and the income statement combine certain individual items, which are reported in depth and explained in the Notes. In addition to the standard breakdown under commercial law, the item "Premium reserve shares from reinsurance contracts" was added to the item "Financial assets" in the "Changes in fixed assets" overview (Appendix to the Notes).

Assets and liabilities are always valued individually as at the reporting date.

Assets and liabilities are recognised at the time of the transfer of economic or legal ownership. Expenses and income for the financial year are recognised in the annual financial statements irrespective of the timing of the corresponding payments. All foreseeable risks and losses that have arisen up to the reporting date are recognised. Profits are only recognised if they are realised on the reporting date.

Accounting and valuation methods

Recognition and measurement are performed according to the principles set out below:

Assets

Fixed assets

Intangible and tangible fixed assets

The purchased intangible fixed assets are capitalised at their historical costs upon acquisition and are depreciated on a scheduled straight-line basis over their expected useful life. The useful life is between 3 and 5 years. An impairment loss is recognised in the event of expected permanent impairment. Using the option permitted under Section 248 (2), sentence 1 HGB, development costs are not capitalised.

Under this item, goodwill purchased during the 2016 financial year is being depreciated on a straight-line basis over a useful life of ten years in accordance with Section 253 (3), sentence 4 HGB, as the expected useful life cannot be estimated reliably.

Assets were acquired as part of an asset deal as of 1 July 2017. The assets and liabilities acquired are recognised at the fair value, and the purchase price in excess of this value has been reported as goodwill. This goodwill will be depreciated on a straight-line basis over an average remaining useful life of nine years, since the software purchased as part of the asset deal must be retained for a customer project with an average lifetime of nine years.

Property, plant and equipment are measured at the lower of historical cost or fair value if a long-term impairment is expected and are depreciated on a straight-line basis over the expected useful life. The useful life is between 3 and 10 years. In the event of permanent impairment, intangible assets and property, plant and equipment were written down to the lower fair value. If the reasons for the impairment losses cease to apply in subsequent years, the impairment losses are reversed up to a maximum of the amortised cost (excluding goodwill).

Fixed assets with historical costs of less than 1,000.00 euros (low-value fixed assets) are divided into two groups. Since the 2018 financial year, assets with historical costs of up to 250.00 euros have been written off to their full amount in the year of purchase. Assets with historical costs between 250.00 euros (previously 150.00 euros) and 1,000.00 euros are placed in a so-called "collective item" and written off in the year of purchase and over the next four years on a straight-line basis.

Financial assets

Shares in affiliated companies and holdings are recognised at historical cost.

Value adjustments to the lower fair value are made if there is likely to be a permanent impairment. Lower valuations are retained unless a higher carrying amount up to a maximum of the original historical cost is required.

Loans to affiliated companies and to companies in which there is a participating interest are shown at nominal value.

Reinsurance contracts are measured at fair value.

Current assets

Inventories are measured at historical cost or production cost or at the lower fair value on the balance sheet date. This was determined using the flat-rate method, retrograde valuation of the sales price. The production cost of unfinished services as well as work in progress and finished goods includes not only the directly allocable costs, but also necessary material and production overheads as well as general administrative expenses. Voluntary social security contributions, occupational pension expense and interest on borrowings are not carried as an asset. The principles of loss-free valuation are applied.

The advance payments are calculated and recognised at nominal value.

Trade goods are measured at the lower of historical cost calculated using a sliding average and fair value.

Receivables and other assets are measured at nominal value less appropriate discounts for identifiable individual risks. The general credit risk is taken into account by means of a general loan loss provision of 1%.

Cash in hand and bank balances are measured at their nominal value.

Expenses prior to the balance sheet date, insofar as they represent expenses for a specific period after the balance sheet date, are reported under prepaid expenses and accrued income.

Liabilities

Equity is recognised and presented in accordance with Section 272 HGB.

Provisions

Provisions for pensions and similar liabilities are determined in accordance with the expert opinion of an actuary, based on the projected one-off contribution method ("Projected Unit Credit Method"), using Professor Klaus Heubeck's 2018 G mortality tables. An actuarial interest rate of 1.93% (previous year: 1.88%) was calculated for the valuation, which in accordance with the provisions of Section 253 (2), sentence 2 HGB was derived in December 2024 from the average market interest rate of the past 10 financial years (previous year: 10) with an assumed residual term of 15 (previous year: 15) years, projected to 31 December 2024.

Applying an average market interest rate from the past seven financial years published by the German Bundesbank of 1.97% (previous year: 1.78%), this would lead to an obligation in the amount of 8,062,835.00 euros as at 31 December 2024. The difference in relation to the pension provisions evaluated with an average market interest rate from the past ten financial years (1.93%) stood at 55,015.00 euros as at 31 December 2024 (previous year: 146,855.00 euros); this amount must be taken into account in determining the amount blocked for distribution purposes (Section 253 (6), sentence 2 HGB).

The impact on income from the change to the actuarial interest rate is recorded in the financial result. Furthermore, the valuation of direct pension obligations is based on the assumption of 3.0% dynamic growth of eligible remuneration (previous year: 3.0%), 2.0% dynamic adjustment of current pensions (previous year: 2.0%) and a fluctuation of 6.0% (previous year: 5.5%) on average.

In accordance with the valuation rules of Section 253 (1), sentence 2 HGB, provisions for pensions must be reported at their settlement value with effect from 2010.

The amount required to be allocated to the pension provisions was calculated as at the transition date of 1 January 2010. The difference at that time from the revaluation of the obligations totalled 746,432 euros. With reference to the option provided for under Article 67 (1), sentence 1 of the Introductory Act to the German Commercial Code (Einführungsgesetz zum Handelsgesetzbuch, EGHGB), secunet AG allocated the amount of 49,763.00 euros (1/15 minimum allocation p. a.) to other operating expenditure in the 2021 financial year. As at 31 December 2024, there is no longer a shortfall.

The other provisions take into account all recognisable risks and uncertain obligations and are measured at the settlement value required according to prudent business judgement. Future price and cost increases are taken into account if there is sufficient objective evidence that they will occur. Provisions with a remaining term of more than one year are discounted at the average market interest rate of the past seven financial years with a matching term, as determined and published by the German Bundesbank. The settlement value of the provision for warranties is calculated on the basis of a loss ratio determined in the past, which is applied to the items in the warranty period.

Liabilities

The liabilities are recognised at their settlement value.

Earnings prior to the balance sheet date that represent income for a certain period after this date are reported under deferred income and accrued expenses.

Assets and liabilities in foreign currencies are translated at the respective mean spot exchange rate at the time of initial measurement.

Assets and liabilities denominated in foreign currencies are translated at the mean spot exchange rate at the time of initial measurement. Assets and liabilities in foreign currencies with a remaining term of up to one year are subsequently measured at the mean spot exchange rate on the reporting date. In the case of a remaining term of more than one year, the realisation principle (Section 252 (1) no. 4 half-sentence 2 HGB) and the acquisition cost principle (Section 253 (1) sentence 1 HGB) were observed.

Deferred taxes

The table below shows asset and liability surpluses of secunet AG.

in euros	Assets	Liabilities
Fixed assets	18,307.00	0.00
Financial assets	0.00	-258,679.00
Goodwill	92,980.00	0.00
Provisions for pensions	1,398,680.00	0.00
Other provisions	402,806.00	0.00
Total	1,912,773.00	-258,679.00

A tax rate of 31.97% (previous year: 31.97%) is applied. Using the option permitted under Section 274 (1), sentence 2 HGB, deferred tax assets were not posted in the balance sheet. Using the option permitted under Section 274 (1) sentence 3 HGB, deferred taxes are shown netted.

Income statement

The sales revenue is recognised once the service has been provided or the risk associated with the products sold has passed to the customer. Services are usually invoiced on the basis of the hours worked. For mixed transactions, the recognition criteria must be applied separately for each partial delivery. Satisfaction of a performance obligation in project business is basically defined by means of acceptance protocols.

Sales revenue is shown less value-added tax and any discounts when the sale of goods or services has taken place and the risks and rewards associated with ownership have been substantially transferred.

Notes to the balance sheet and income statement

1. Fixed assets

The breakdown of and changes in secunet AG's fixed assets can be found in the statement of fixed assets. The statement of fixed assets is included as an Appendix to the Notes.

The ownership of shares can be shown as follows at the balance sheet date:

Company	Registered office	Equity holding	Equity as at 31 Dec 2024	Net income for 2024
secunet International GmbH & Co. KG	Essen	100 %	100 kEUR	2,900 kEUR
secunet International Management GmbH	Essen	100 %	65 kEUR	8 kEUR
secustack GmbH i. L.	Dresden	51 %	219 kEUR	25 kEUR
finally safe GmbH	Essen	100 %	48 kEUR	-1 kEUR
stashcat GmbH	Hanover	100 %	-2,426 kEUR	-422 kEUR
SysEleven GmbH	Berlin	100 %	-7,619 kEUR	-6,771 kEUR

secunet Inc., Austin, Texas, USA, 100% participation; the equity and net income for the year have not been disclosed due to the secondary importance of the company.

2. Inventories

in euros	31 Dec 2024	31 Dec 2023
Unfinished services	3,257,615.75	2,769,662.78
Work in progress	792,165.75	457,123.49
Finished goods	69,749.01	54,517.70
Trade goods	50,288,893.49	46,781,002.99
Advance payments	1,171,247.50	459,546.32
Total	55,579,671.50	50,521,853.28

The increase in the levels of trade goods at the balance sheet date was due to efforts to ensure the short to medium-term delivery capacity of the product business.

3. Receivables and other assets

in euros	31 Dec 2024	31 Dec 2023
Trade receivables	77,250,170.63	81,449,463.26
Intercompany receivables	7,304,055.67	8,783,575.89
of which trade receivables	7,304,055.67	6,101,652.97
of which other assets	0.00	2,681,922.92
Other assets	1,850,068.40	6,350,814.79
Total	86,404,294.70	96,583,853.94

Trade receivables include receivables of 0.00 euros (previous year: 0.00 euros) with a remaining term of more than one year.

As in the previous year, the remaining term of all other receivables and other assets was up to one year.

4. Cash in hand and bank balances

The liquid funds comprise cash in hand and bank balances amounting to a total of 53,819,380.22 euros (previous year: 35,177,432.79 euros).

5. Prepaid expenses and accrued income

Prepaid expenses include accruals of 24,059,251.15 euros (previous year: 16,727,936.08 euros). These are mainly short and long-term advance payments for product services sold as part of customer projects.

6. Equity

The share capital is 6,500,000.00 euros. It is divided into 6,500,000 bearer shares without par value.

In total, the Company continues to hold 30,498 treasury shares as at the balance sheet date (previous year: 30,498 shares). They correspond to an arithmetical value of 0.469% or 30,498 euros of the share capital (previous year: 0.469%). The nominal value of the treasury shares was openly offset against share capital.

The treasury shares were purchased at their nominal value as part of a share option programme for secunet employees in the years from 2001 to 2002.

The Annual General Meeting on 23 May 2024 resolved to appropriate the balance sheet profit of 15,268,024.72 euros for the 2023 financial year to pay out a dividend. As of 28 May 2024, a payment of 2.36 euros per share (6,469,502 individual shares) was made, making a total of 15,268,024.72 euros.

17,633,587.29 euros (= 49.98%) of the net income for the year 2024 totalling 35,295,327.75 euros will be deposited in the other revenue reserves in accordance with Section 58 (2), sentence 1 AktG.

The balance sheet profit as at 31 December 2024 is therefore 17,661,740.46 euros (previous year: 15,268,024.72 euros).

The majority shareholder, Giesecke + Devrient GmbH, Munich, holds a stake of 75.12% in secunet AG.

7. Provisions

in euros	31 Dec 2024	31 Dec 2023
Provisions for pensions and similar liabilities	8,117,850.00	8,103,809.00
Provisions for taxes	589,703.00	0.00
Other provisions	28,585,497.28	21,385,491.64
Total	37,293,050.28	29,489,300.64

The breakdown of other provisions is shown in the table below:

in euros	31 Dec 2024	31 Dec 2023
Non-current provisions
Provisions for anniversary bonuses	485,304.00	480,796.00
Long-term provision for share-based remuneration	1,585,569.00	655,239.00
Asset retirement and maintenance measures	504,357.07	453,434.95
Current provisions
Annual employee bonuses	16,947,970.28	11,167,691.00
Commissions	1,200,915.75	1,147,514.00
Warranties	992,000.00	1,238,000.00
Outstanding incoming invoices	1,371,914.20	1,547,316.18
Accrued holidays	2,648,916.00	2,224,044.00
Deferred costs	0.00	230,000.00
Accounting and auditing costs	282,820.00	214,500.00
Current provision for share-based remuneration	235,650.72	0.00
Professional association contributions	235,105.28	255,650.00
Other	2,094,974.98	1,771,306.51
Total	28,585,497.28	21,385,491.64

For the 2024 financial year, the provision for commissions comprises payments due for the distribution of SINA licences, Elster sticks and connectors.

The warranty provisions pertain to a provision for obligations arising from a three-year warranty agreement for specific SINA core modules in the amount of 992,000.00 euros.

The provision for asset retirement and maintenance measures essentially involves asset retirement and maintenance measures to be performed by the Company for leased properties in Dresden, Essen, Munich and Hanover.

8. Liabilities

in euros	31 Dec 2024	31 Dec 2023
Advance payments received on account of orders	930,298.42	8,144,158.50
Trade accounts payable	37,915,249.81	26,789,385.09
Intercompany payables	184,960.55	2,597,929.62
of which trade receivables	184,960.55	2,597,929.62
Other liabilities	8,016,393.47	23,077,684.78
of which taxes	7,662,124.25	14,312,821.84
of which relating to social security	6,712.83	10,129.20
Total	47,046,902.25	60,609,157.99

	Maturity dates
Type of liabilities (in euros)	up to one year 2024	of more than one year 2024	of which more than five years 2024	up to one year previous year	of more than one year previous year	of which more than five years previous year
Advance payments received on account of orders	930,298.42	0.00	0.00	8,144,158.50	0.00	0.00
Trade accounts payable	37,915,249.81	0.00	0.00	26,789,385.09	0.00	0.00
Intercompany payables	184,960.55	0.00	0.00	2,597,929.62	0.00	0.00
of which trade receivables	184,960.55	0.00	0.00	2,597,929.78	0.00	0.00
Other liabilities	8,016,393.47	0.00	0.00	23,077,684.78	0.00	0.00
of which taxes	7,662,124.25	0.00	0.00	14,312,821.84	0.00	0.00
of which relating to social security	6,712.83	0.00	0.00	10,129.20	0.00	0.00
Total	47,046,902.25	0.00	0.00	60,609,157.99	0.00	0.00

9. Deferred income and accrued expenses

Deferred income and accrued expenses include deferred income of 77,950,024.07 euros (previous year: 62,434,161.21 euros). This increasingly relates to income from the provision of services after the reporting date for the growing support business.

10. Sales revenue

The sales revenue was generated in the following regions:

in euros	2024	2023
Domestic	369,876,051.50	357,362,035.92
Abroad	19,418,316.17	15,050,438.90
Total	389,294,367.67	372,412,474.82

This sales revenue can be attributed to the divisions as follows:

in euros	2024	2023
Public	352,386,263.38	323,359,351.41
Business	36,908,104.29	49,053,123.41
Total	389,294,367.67	372,412,474.82

11. Other operating income

The other operating income of 3,652,549.39 euros mainly includes public project grants (2,005,123.68 euros), reimbursements from damages (73,352.00 euros), income from the release of provisions (1,391,519.25 euros), actuarial income from the adjustment of old-age and survivors' insurance premium reserve (78,808.35 euros) and other income (103,746.11 euros).

Income from currency conversion stood at 28,585.42 euros (previous year: 81,389.17 euros).

Of the other operating income, 1,391,519.25 euros (38.10%) (previous year: 90,428.11 euros) relates to other periods and results from the release of provisions.

12. Material expenses

in euros	2024	2023
Cost of purchased goods	182,172,438.92	186,293,125.62
Cost of purchased services	26,131,562.73	23,611,733.36
Total	208,304,001.65	209,904,858.98

13. Personnel expenditure

in euros	2024	2023
Wages and salaries	82,165,836.29	68,653,475.17
Social security costs	12,463,814.13	10,943,099.66
Expenses for retirement pensions	-14,476.94	422,637.75
Expenses for support	173,396.54	63,011.32
Total	94,788,570.02	80,082,223.90

14. Depreciation and amortisation of intangible and tangible fixed assets and financial assets

Depreciation and amortisation are broken down by individual item in the statement of fixed assets (see Appendix to the Notes). Unscheduled impairment losses totalling 0.00 euros (previous year: 624,946.76 euros) were recognised in the year under review.

15. Other operating expenses

in euros	2024	2023
secunet Group services	4,136,469.37	3,764,044.71
Rental costs	6,422,990.43	6,169,754.20
Inspection, consulting, legal protection	2,266,597.27	2,472,464.43
Travel expenses	3,213,811.40	2,910,957.96
Sales commission	1,764,079.04	1,264,486.54
Addition to other provisions	978,105.75	1,766,403.83
Advertising costs	2,612,370.14	2,434,327.46
Ancillary personnel expenses	1,566,745.38	1,708,543.38
Communication costs	2,258,735.65	1,703,396.60
Company car costs	1,368,144.05	1,218,591.85
Maintenance costs	1,703,338.88	1,396,685.58
Other third-party services	1,599,322.86	2,300,247.51
Entertainment and representation	456,308.70	416,434.50
Insurance premiums	531,918.72	458,166.66
Fees	387,296.59	263,192.09
Licences and concessions	2,462,090.98	2,184,654.69
Extraordinary items arising in relation to BilMoG – Revaluation of pension provisions	49,763.00	49,763.00
Other costs	2,507,201.94	2,405,295.29
Total	36,285,290.15	34,887,410.28

Expenses in connection with currency conversion stood at 112,479.28 euros (previous year: 63,708.26 euros).

16. Income from equity investments

Income from equity investments includes the net income for the year of secunet International GmbH & Co. KG, Essen, in the amount of 0.00 euros (previous year: 2,665,414.63 euros).

17. Financial result

in euros	2024	2023
Income from other securities and loans classified as financial assets	0.00	11.15
Other interest and similar income	1,146,284.89	152,973.43
of which from affiliated companies	376,472.91	152,384.85
Depreciation of financial assets – all affiliated companies	0.00	-624,946.76
Interest and similar expenses	-516,263.51	-600,071.68
of which from interest accrued during the year	-91,676.37	-147,209.13
Total	630,021.38	-1,072,045.01

18. Taxes

in euros	2024	2023
Income taxes	16,444,870.00	14,191,401.58
Other taxes	-44,394.73	312,275.99
Total	16,400,475.27	14,503,677.57

The income taxes relate predominantly to the 2024 financial year. Income totalling 58,770.73 euros is unrelated to the accounting period.

19. Appropriation of the balance sheet profit

Proposal for the appropriation of distributable earnings

From the balance sheet profit of 15,268,024.72 euros reported for the 2023 financial year, dividends of 2.36 euros per share (totalling 15,268,024.72 euros) were distributed in the 2024 financial year in accordance with the resolution of the Annual General Meeting on 23 May 2024.

secunet AG's Annual Financial Statements under commercial law for the 2024 financial year show net income for the year of 35,295,327.75 euros. Of this sum, 17,633,587.29 euros (= 49.96%) will be transferred to the other revenue reserves in accordance with Section 58 (2), sentence 1 AktG. This results in a balance sheet profit of 17,661,740.46 euros.

The Management Board will propose to the Annual General Meeting that a regular dividend of 2.73 euros per dividend-bearing share be distributed on the dividend-bearing share capital of 6,469,502.00 euros (corresponding to a regular distribution of around 50% of the net profit for the year), i. e. a total of 17,661,740.46 euros. When determining the share capital entitled to a dividend, the total of 30,498 treasury shares was deducted.

in euros	2024
Balance sheet profit at 1 Jan 2024	15,268,024.72
Dividend payment in 2024	-15,268,024.72
Net income for the year 2024	35,295,327.75
Transfer to other revenue reserves	-17,633,587.29
Balance sheet profit at 31 Dec 2024	17,661,740.46
Proposal for the appropriation of distributable earnings
Dividend payment in 2025	-17,661,740.46
Carryforward	0.00

Other notes

Employees

The average headcount over the year was 869 (previous year: 830). In addition, 116 temporary staff (previous year: 110) were also employed, making a total of 985 (previous year: 940) employees excluding members of the Management Board.

Other financial liabilities

As at the balance sheet date, other financial liabilities totalled 17,345,953.44 euros. They consisted mainly of the nominal amount of liabilities arising from office tenancy agreements and lease agreements for company vehicles, of which 4,953,685.25 euros have less than one year to run and 12,392,268.19 euros are due within a period of between one year and five years. There are no liabilities that fall due after more than five years. An amount of 85,931.52 euros is attributable to liabilities to affiliated companies. This is due within one year.

Open purchase orders

As at 31 December 2024, there were liabilities with regard to open purchase orders for goods and services in the amount of 32,936,895.09 euros.

The total amount of payments required for the aforementioned liabilities as at 31 December 2024 is distributed over the respective years as follows:

in euros
2025	28,571,758.02
2026	1,542,071.79
2027	133,026.50
2028	2,690,038.78
Following years	0.00
Total	32,936,895.09

Contingent liabilities

The Company has contingent liabilities in the amount of 3,531.00 euros (previous year: 3,203.00 euros) from a debt entry and release agreement with secunet International GmbH & Co. KG, Essen, with regard to secured direct commitments (pension, anniversary and death benefit obligations) to employees, which were transferred to the respective company as part of the transfer of operations in accordance with Section 613a of the German Civil Code (BGB) with effect from 1 January 2018.

It is not expected that these contingent liabilities will be realised due to the current economic situation of the subsidiary.

Group affiliation

Through Giesecke + Devrient GmbH, Munich, the Company is an affiliated company of MC Familiengesellschaft mbH, Munich, which prepares the Consolidated Financial Statements for the largest group of companies. Additionally, the Company is included in the Consolidated Financial Statements of Giesecke + Devrient GmbH, Munich. Giesecke + Devrient GmbH prepares the Consolidated Financial Statements for the smallest group of companies. The Consolidated Financial Statements are published in the central register of companies.

Auditors' fees

The total fee charged by the Company's auditors is broken down in the corresponding item in the Consolidated Financial Statements of Security Networks AG into audit services and other assurance services.

For secunet Security Networks AG and the companies it controls, other assurance services were provided mainly for services in connection with the inspection of the internal control and risk management system, the economic audit of the non-financial statement and the substantive audit of the Management Board remuneration report.

Other

The total remuneration of the active members of the Management Board pursuant to Section 285 no. 9 of the German Commercial Code (HGB) for their work in the reporting year amounted to 3,041,358.15 euros (previous year: 1,776,436.07 euros). This includes the basic remuneration, fringe benefits and non-cash benefits, the short-term variable remuneration and the fair value at the time of allocation for the long-term variable remuneration (PSP I tranche 2024 – 2027 and PSP II tranche 2024 – 2027).

For the long-term variable remuneration, provisional virtual shares were granted within the framework of the 2021 – 2024, 2022 – 2025, 2023 – 2026 and 2024 – 2027 tranches of PSP I, the fair value of which amounted to 545,098.00 euros, 373,669.66 euros, 309,421.29 euros and 226,826.85 euros, respectively, at the time of allocation. For the 2024 – 2027 tranche of PSP II, the fair value at the time of allocation amounted to 783,211.68 euros.

A provision of 808,500.00 euros was recognised for short-term variable remuneration in the financial year. The payment is measured according to the target achievement determined by the Supervisory Board on the basis of the applicable Management Board remuneration system and is scheduled for April 2025. The determination is made using the financial performance criteria of EBITDA and sales revenue on an equally weighted basis.

For former members of the Management Board, liabilities from pension commitments amounted to 2,532,749.00 euros as at the reporting date (previous year: 1,450,092.00 euros).

Pension payments for former members of the Management Board were made in the amount of 50,618.00 euros (previous year: 50,117.00 euros).

Former members of the Management Board received fees of 18,611.00 euros (previous year: 12,888.00 euros) in connection with consultancy contracts.

Supervisory Board remuneration in the year under review totalled 142,500.00 euros (previous year: 142,500.00 euros). In addition, the employee representatives on the Supervisory Board who are employees of the Group received salaries as part of their employment contracts. The level of remuneration corresponded to appropriate remuneration for corresponding functions and tasks within the Group.

Members of the Management Board held 1,000 shares in the Company as at the reporting date (previous year: 1,000 shares).

The members of the Supervisory Board held no shares in the Company as at the reporting date.

The Management Board and Supervisory Board issued the declaration pursuant to Section 161 AktG in respect of secunet AG. This has been made permanently available to shareholders on the Company's website (www.secunet.com) under >> About Us >> Investors >> Corporate Governance.

Declarations pursuant to Section 160 (1), no. 8 AktG:

Voting rights are held in the Company as at the balance sheet date for 2024. The following disclosures are based on those disclosures made by the parties subject to notification obligations in accordance with Section 33 (1) of the German Securities Trading Act (Wertpapierhandelsgesetz, WpHG).

11 October 2012: Publication of voting-right notices in accordance with Section 21 (1) WpHG (old version)

MC Familiengesellschaft mbH, headquartered in Tutzing, Germany informed us in accordance with Section 21 (1) WpHG on 9 October 2012 that the MC Familiengesellschaft mbH share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, exceeded the thresholds of 3%, 5%, 10%, 15%, 20%, 25%, 30%, 50% and 75% of the voting rights on 8 October 2012, and on this date totalled 79.43% (corresponding to 5,163,102 voting rights).

Of these, in accordance with Section 22 (1), sentence 1, no. 1 WpHG, 78.96% are attributable to MC Familiengesellschaft mbH (corresponding to 5,132,604 voting rights) via Giesecke + Devrient Gesellschaft mit beschränkter Haftung, Munich, and 0.47% (corresponding to 30,498 voting rights) via secunet Security Networks AG, Essen.

12 February 2009: Publication of a voting-right notice in accordance with Section 21 (1) WpHG (old version)

Giesecke & Devrient Holding GmbH, Munich, Germany, informed us in accordance with Section 21 (1) WpHG on 10 February 2009 that its share of the voting rights in secunet Security Networks AG, Kronprinzenstrasse 30, 45128 Essen, Germany, ISIN: DE0007276503, exceeded the thresholds of 5%, 10%, 25%, 50% and 75% on 30 November 2006 and amounted to 76.38% (corresponding to 4,964,958 voting rights) as of that date.

Of these, 50% + 1 share (corresponding to 3,250,001 voting rights) are attributable to Giesecke & Devrient Holding GmbH pursuant to Section 22 (1), sentence 1, no. 1 WpHG via Giesecke & Devrient GmbH, Munich, and 26.38% (corresponding to 1,714,957 voting rights) pursuant to Section 22 (2) WpHG via RWTÜV AG, Essen.

Corporate bodies

Management Board

» Qualified industrial engineer Axel Deininger, Chairman of the Management Board / CEO
» Torsten Henn, Member of the Management Board / COO
» Dr Kai Martius, Member of the Management Board / CTO
» Qualified business economist Thomas Pleines, Chief Financial Officer / CFO (until 31 May 2024)
» Diplom-Kauffrau (business administration) Jessica Nospers, Chief Financial Officer / CFO (from 1 June 2024)

Supervisory Board

Dr Ralf Wintergerst, Baldham Chairman

Chairman of the Management Board and CEO of Giesecke + Devrient GmbH, Munich

Other directorships:

» Veridos GmbH (Chairman)
» Netcetera AG, Zurich, Switzerland (President of the Board of Directors until 17 April 2024; member of the Board of Directors from 18 April 2024)

Dr oec Peter Zattler, Grünwald

Vice Chairman (until 23 May 2024) Member of the Supervisory Board (from 23 May 2024)

Member of the Management Board of Giesecke + Devrient GmbH, Munich (until 30 April 2024)

Other directorships:

» Veridos GmbH, Berlin (until 30 April 2024)
» Veridos Matsoukis S. A., Athens, Greece (until 30 April 2024)

Dr rer pol Elmar Legge, Schermbeck

Member of the Supervisory Board (until 23 May 2024)

Member of the Management Board of the GREIF Foundation, Mülheim an der Ruhr

Other directorships:

» AKTAIOS GmbH, Essen (Chairman)
» RWTÜV GmbH, Essen (Chairman)
» Albert-Schweitzer-Einrichtungen gGmbH, Dinslaken

Jörg Marx, Dresden

Employee representative

Dipl.-Informatiker (computer science), secunet Security Networks AG, Essen

No other directorships

Gesa-Maria Rustemeyer, Berlin

Employee representative

Head of Legal, secunet Security Networks AG, Essen

No other directorships

Jan Thyen, Munich Vice Chairman (since 23 May 2024)

Member of the Management Board of Giesecke + Devrient GmbH, Munich (since 1 May 2024)

Other directorships:

» Veridos GmbH, Berlin (since 1 May 2024)
» Netcetera AG, Zurich / Switzerland

Professor Dr-Ing Günter Schäfer, Berlin Member of the Supervisory Board

University professor, University of Technology, Ilmenau

No other directorships

Events after the balance sheet date

There were no events after the balance sheet date.

Essen, 25 March 2025

Axel Deininger Torsten Henn

Dr Kai Martius Jessica Nospers

Changes in fixed assets

of secunet Security Networks Aktiengesellschaft in the financial year 2024 (Appendix to the Notes)

			Historical costs
in euros	1 Jan 2024	Additions	Reclassifi cations	Disposals	31 Dec 2024
A. Intangible fixed assets
Acquired concessions, industrial property rights and similar rights and values, and licences to such rights	120,000.00	0.00	0.00	0.00	120,000.00
Acquired software	4,874,984.95	1,062.50	0.00	-210,910.18	4,665,137.27
Goodwill	3,795,966.00	0.00	0.00	0.00	3,795,966.00
Intangible assets under construction	0.00	480,795.00	0.00	0.00	480,795.00
Intangible fixed assets, total	8,790,950.95	481,857.50	0.00	-210,910.18	9,061,898.27
B. Tangible fixed assets
Other equipment, factory and office equipment	26,441,180.24	4,125,451.92	75,331.69	-1,177,781.57	29,464,182.28
Assets under construction	75,331.69	0.00	-75,331.69	0.00	0.00
Tangible fixed assets, total	26,516,511.93	4,125,451.92	0.00	-1,177,781.57	29,464,182.28
C. Financial assets
Shares in affiliated companies	73,601,761.11	0.00	0.00	0.00	73,601,761.11
Shares in affiliated partnerships	108,231.00	0.00	0.00	0.00	108,231.00
Loans to affiliated companies	3,813,550.26	8,600,000.00	0.00	0.00	12,413,550.26
Premium reserve shares from reinsurance contracts	7,326,067.00	139,065.77	0.00	-197,622.77	93,391,052.37
Financial assets, total	84,849,609.37	8,739,065.77	0.00	-119,093.77	93,469,581.37
Total fixed assets	120,157,072.25	13,346,375.19	0.00	-1,507,785.52	131,995,661.92

	Accumulated depreciations			Carrying amounts
	1 Jan 2024 Additions	Disposals	31 Dec 2024	31 Dec 2024	31 Dec 2023

	120,000.00 0.00	0.00	120,000.00	0.00	0.00
3,953,535.95	620,792.50	-210,910.18	4,363,418.27	301,719.00	921,449.00
3,563,355.00	91,620.00	0.00	3,654,975.00	140,991.00	232,611.00
	0.00 0.00	0.00	0.00	480,795.00	0.00
7,636,890.95	712,412.50	-210,910.18	8,138,393.27	923,505.00	1,154,060.00

19,637,484.24	3,408,393.28	-1,082,973.24	21,962,904.28	7,501,278.00	6,803,696.00
	0.00 0.00	0.00	0.00	0.00	75,331.69
19,637,484.24	3,408,393.28	-1,082,973.24	21,962,904.28	7,501,278.00	6,879,027.69

3,736,907.07	0.00	0.00	3,736,907.07	69,864,854.04	69,864,854.04
	0.00 0.00	0.00	0.00	108,231.00	108,231.00
	613,550.26 0.00	0.00	613,550.26	11,800,000.00	3,200,000.00
	0.00 0.00	0.00	0.00	7,267,510.00	7,326,067.00
4,350,457.33	0.00	0.00	4,350,457.33	89,040,595.04	80,499,152.04

31,624,832.52	4,120,805.78	-1,293,883.42	34,451,754.88	97,465,378.04	88,532,239.73

Changes in fixed assets

of secunet Security Networks Aktiengesellschaft in the financial year 2024 (Appendix to the Notes)

Independent auditor's report

To the secunet Security Networks Aktiengesellschaft, Essen

Report on the audit of the annual financial statements and of the combined management report

Audit opinions

We have audited the annual financial statements of secunet Security Networks Aktiengesellschaft, Essen, which comprise the balance sheet as of 31 December 2024, and the income statement for the financial year from 1 January 2024 to 31 December 2024, as well as notes to the annual financial statements, including the recognition and measurement policies presented therein.

In our opinion, on the basis of the knowledge obtained in the audit,

» the accompanying annual financial statements comply, in all material respects, with the requirements of German commercial law applicable to business corporations and give a true and fair view of the assets, liabilities and financial position of the Company as of 31 December 2024 and of its financial performance for the financial year from 1 January 2024 to 31 December 2024 in compliance with German Legally Required Accounting Principles, and
» the accompanying combined management report as a whole provides an appropriate view of the Company's position. In all material respects, this combined management report is consistent with the annual financial statements, complies with German legal requirements and appropriately presents the opportunities and risks of future development. Our audit opinion on the combined management report does not cover the contents of those parts of the combined management report specified in the "OTHER INFORMATION" section.

Pursuant to Section 322 (3), sentence 1 HGB [Handelsgesetzbuch: German Commercial Code], we declare that our audit has not led to any reservations relating to the legal compliance of the annual financial statements and of the combined management report

Basis for the audit opinions

We conducted our audit of the annual financial statements and of the combined management report in accordance with Section 317 HGB and EU Audit Regulation No. 537/2014 (referred to subsequently as "EU Audit Regulation") and in compliance with German Generally Accepted Standards for Financial Statement Audits promulgated by the Institut der Wirtschaftsprüfer [Institute of Public Auditors in Germany] (IDW). Our responsibilities under those requirements and principles are further described in the "AUDITOR'S RESPONSIBILITIES FOR THE AUDIT OF THE ANNUAL FINANCIAL STATEMENTS AND OF THE COMBINED MANAGEMENT REPORT" section of our auditor's report. We are independent of the Company in accordance with the requirements of European law and German commercial and professional law, and we have fulfilled our other German professional responsibilities in accordance with these requirements.

We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinions on the annual financial statements and on the combined management report.

Key audit matters in the audit of the annual financial statements

Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the annual financial statements for the financial year from 1 January 2024 to 31 December 2024. These matters were addressed in the context of our audit of the annual financial statements as a whole, and in forming our audit opinion thereon, we do not provide a separate audit opinion on these matters.

We have determined the following matters to be the key audit matters to be communicated in our auditor's report:

» 1. Revenue recognition
» 2. Impairment of shares in affiliated companies

1. Revenue recognition

Matter

Sales revenue amounting to 389 million euros is reported in the income statement in the annual financial statements of secunet Security Networks Aktiengesellschaft. On the one hand, secunet Security Networks Aktiengesellschaft generates sales revenue from the sale of hardware products and software licences, which it recognises at the time the service is rendered and the risks transfer to the customer. If at that time further services are agreed with the customer, particularly for maintenance, updates and extended warranty commitments, the realisation criteria for each component are applied separately.

Furthermore, secunet Security Networks Aktiengesellschaft realises sales revenue from the provision of specialised services relating to consulting on the implementation of comprehensive IT security solutions as well as the development of software, essentially on the basis of work hours performed as at the reporting date.

The Company's disclosures relating to revenue are contained in the section "Accounting and valuation methods" of the notes to the financial statements and in Section 10 "Sales revenue".

Auditor's response and observations

As part of our audit, we used IT-based audit techniques to assess, among other things, the appropriateness and effectiveness of the Company's established internal control system with respect to the full and correct recognition of sales revenue as well as the allocation of that revenue to the correct periods. Furthermore, we obtained an understanding of the underlying contractual agreements and assessed them with regard to the time at which revenue can be recognised. We consulted and evaluated the corresponding contractual documents to assess the recognition of revenue, and primarily compared invoices for revenue, which were selected on a test basis for sales revenue which was realised in December 2024 and January 2025, against the associated orders, contracts, external delivery documentation, acceptance certificates and timesheets.

Moreover, we obtained transaction confirmations for trade receivables on a test basis. In instances where we did not receive responses with respect to the requested sales transactions, we reviewed these on the basis of alternative audit procedures, particularly by comparing sales revenue against the aforementioned external documents.

We were able to satisfy ourselves that the systems and processes put in place by the executive directors, as well as the established controls, are appropriate overall for the purpose of ensuring that sales revenue is allocated to the correct periods.

2. Impairment of shares in affiliated companies

Matter

In the Annual Financial Statements of secunet Security Networks Aktiengesellschaft (hereinafter referred to as "secunet AG"), shares in affiliated companies (69,973 thousand euros; previous year 69,973 thousand euros) are recognised under financial assets, which together account for 22% of the balance sheet total.

The assessment of the recoverability of shares in affiliated companies is a matter of judgement and is essentially carried out on the basis of forecasts of the future earnings situation of the subsidiaries. These forecasts are each based on a three-year plan and are highly dependent on estimates of future cash inflows, taking into account growth rates and the cost of capital.

Due to the significance of the amount of the shares in affiliated companies for the annual financial statements of secunet AG and the significant uncertainties associated with the measurement, this is a key audit matter.

secunet AG's disclosures on shares in affiliated companies are contained in the sections "Accounting and valuation methods" and "Notes to the balance sheet" in the explanatory notes to the financial statements.

Auditor's response and observations

As part of our audit, we assessed the appropriateness of the key assumptions and parameters subject to judgement as well as the calculation method of the impairment tests with the involvement of our valuation specialists. We examined the discretionary decisions and estimates made by the executive directors of secunet AG in the context of the assessment of the recoverability of shares in affiliated companies and, in particular, obtained an understanding of the proper derivation of the basis for the discretionary decisions and estimates made. Firstly, we gained an understanding of the planning system and the planning process and reviewed the consistency of the existing plans of the subsidiaries approved by the shareholders' meeting, taking into account the economic market environment. We also assessed the appropriateness of the valuation methods used for the impairment tests of the shares in affiliated companies, which are based on the use of discounted cash flow models with weighted average cost of capital.

Overall, we were able to satisfy ourselves that the assumptions made by the executive directors in performing the valuation of investment and the valuation parameters used are reasonable and within an acceptable range.

Other information

Management and the Supervisory Board are responsible for the other information. The other information comprises:

» the combined non-financial statement contained in the section "Combined non-financial statement of the Company and the Group" of the combined management report.
» the separately published declaration on corporate governance pursuant to Sections 289f and 315d HGB, to which reference is made in the section "Management and Control – Reference to the Corporate Governance Statement pursuant to Sections 289f HGB and 315d HGB" of the combined management report.
» the separately published remuneration report within the meaning of Section 162 AktG, to which reference is made under the key financial performance indicators in the section "Management system and key performance indicators" of the combined management report.
» the information contained in the combined management report that is not part of the management report and has been labelled as unaudited. These include the reporting contained in the section "Risk management and internal control system", subsection "Statement on the appropriateness and effectiveness of governance systems".
» the remaining parts of the annual report, with the exception of the audited annual financial statements, the annual financial statements and management report and our auditor's report.

Our audit opinions on the annual financial statements and on the combined management report do not cover the other information, and consequently we do not express an audit opinion or any other form of assurance conclusion thereon. .

In connection with our audit it is our responsibility to read the other information and, in doing so, consider whether the other information

» is materially inconsistent with the annual financial statements, with the combined management report or our knowledge obtained in the audit, or
» otherwise appears to be materially misstated.

If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this context.

Responsibilities of the executive directors and the Supervisory Board for the annual financial statements and the combined management report

Management is responsible for the preparation of the annual financial statements that comply, in all material respects, with the requirements of German commercial law applicable to business corporations, and that the annual financial statements give a true and fair view of the assets, liabilities, financial position and financial performance of the Company in compliance with German Legally Required Accounting Principles. In addition, the executive directors are responsible for such internal control as they, in accordance with German Legally Required Accounting Principles, have determined what is necessary to enable the preparation of annual financial statements that are free from material misstatement, whether due to fraud (i.e. fraudulent accounting manipulations and misstatements of assets) or error.

In preparing the annual financial statements, the executive directors are responsible for assessing the Company's ability to continue as a going concern. They also have the responsibility for disclosing, as applicable, matters related to going concern. In addition, they are responsible for financial reporting based on the going concern basis of accounting, provided no actual or legal circumstances conflict therewith.

Furthermore, the executive directors are responsible for the preparation of the combined management report that as a whole provides an appropriate view of the Company's position and is, in all material respects, consistent with the annual financial statements, complies with German legal requirements, and appropriately presents the opportunities and risks of future development. In addition, the executive directors are responsible for such arrangements and measures (systems) as they have considered necessary to enable the preparation of a combined management report that is in accordance with the applicable German legal requirements, and to be able to provide sufficient appropriate evidence for the assertions in the combined management report.

The Supervisory Board is responsible for overseeing the Company's financial reporting process for the preparation of the annual financial statements and of the combined management report.

Auditor's responsibilities for the audit of the annual financial statements and of the combined management report

Our objectives are to obtain reasonable assurance about whether the annual financial statements as a whole are free from material misstatement, whether due to fraud or error, and whether the combined management report as a whole provides an appropriate view of the Company's position and, in all material respects, is consistent with the annual financial statements and the knowledge obtained in the audit, complies with the German legal requirements and appropriately presents the opportunities and risks of future development, as well as to issue an auditor's report that includes our audit opinions on the annual financial statements and on the combined management report.

Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with Section 317 HGB and in compliance with German Generally Accepted Standards for Financial Statement Audits promulgated by the Institut der Wirtschaftsprüfer (IDW) will always detect a material misstatement. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these annual financial statements and this combined management report.

We exercise professional judgement and maintain professional scepticism throughout the audit. We also:

» identify and assess the risks of material misstatement of the annual financial statements and of the combined management report, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our audit opinions. The risk of not detecting material misstatements resulting from fraud is higher than the risk of not detecting material misstatements resulting from errors, as fraud may involve collusion, forgery, intentional omissions, misleading representations or the overriding of internal controls.
» obtain an understanding of internal control relevant to the audit of the annual financial statements and of arrangements and measures (systems) relevant to the audit of the management report in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of these systems.
» evaluate the appropriateness of accounting policies used by the executive directors and the reasonableness of estimates made by the executive directors and related disclosures.
» conclude on the appropriateness of management's use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Company's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in the audit opinion to the related disclosures in the annual financial statements and in the combined management report or, if such disclosures are inadequate, to modify our respective opinions. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the Company to cease to be able to continue as a going concern.
» evaluate the presentation, structure and content of the annual financial statements as a whole, including the disclosures, and whether the annual financial statements present the underlying transactions and events in a manner that the annual financial statements give a true and fair view of the assets, liabilities, financial position and financial performance of the Company in compliance with German Legally Required Accounting Principles.
» evaluate the consistency of the combined management report with the annual financial statements, its conformity with German law, and the view of the Company's position it provides.
» perform audit procedures on the prospective information presented by the executive directors in the combined management report. On the basis of sufficient appropriate audit evidence we evaluate, in particular, the significant assumptions used by the executive directors as a basis for the prospective information, and evaluate the proper derivation of the prospective information from these assumptions. We do not express a separate opinion on the prospective information and on the assumptions used as a basis. There is a substantial unavoidable risk that future events will differ materially from the prospective information.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the annual financial statements of the current reporting period and are therefore the key audit matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter.

Other legal and regulatory requirements

Report on the assurance on the electronic rendering of the annual financial statements and the combined management report, prepared for publication purposes in accordance with § 317 (3a) HGB

Assurance opinion

We have performed an assurance engagement in accordance with Section 317 (3a) HGB to obtain reasonable assurance about whether the reproduction of the annual financial statements and the combined management report (hereinafter the "ESEF documents") contained in the electronic file "secunet_AG_JA_LB_ESEF_2024_12_31.zip" and prepared for publication purposes complies in all material respects with the requirements of Section 328 (1) HGB for the electronic reporting format ("ESEF format"). In accordance with German legal requirements, this assurance engagement only extends to the conversion of the information contained in the annual financial statements and the combined management report into the ESEF format and therefore relates neither to the information contained within this reproduction nor to any other information contained in the above-mentioned electronic file.

In our opinion, the reproduction of the annual financial statements and the management report contained in the above-mentioned attached electronic file and prepared for publication purposes complies in all material respects with the requirements of Section 328 (1) HGB for the electronic reporting format. We do not express any opinion on the information contained in this reproduction nor on any other information contained in the above-mentioned electronic file beyond this reasonable assurance conclusion and our audit opinion on the accompanying annual financial statements and the accompanying combined management report for the financial year from 1 January 2024 to 31 December 2024 contained in the "REPORT ON THE AUDIT OF THE ANNUAL FINANCIAL STATEMENTS AND ON THE COMBINED MANAGEMENT REPORT" above.

Basis for the assurance opinion

We conducted our assurance engagement on the reproduction of the annual financial statements and the combined management report contained in the above-mentioned attached electronic file in accordance with Section 317 (3a) HGB and the IDW Assurance Standard: Assurance in Accordance with Section 317 (3a) HGB on the Electronic Reproduction of Financial Statements and Management Reports Prepared for Publication Purposes (IDW PS 410 (06.2022)). Accordingly, our responsibilities are further described below in the "Auditor's Responsibilities for the Assurance Engagement on the ESEF Documents" section. Our auditing practice has applied the requirements of the IDW Quality Management Standards, which implement the IAASB's International Standards on Quality Management.

Responsibilities of the executive directors and the Supervisory Board for the ESEF documents

The executive directors of the Company are responsible for the preparation of the ESEF documents including the electronic reproduction of the annual financial statements and the combined management report in accordance with Section 32 (1), sentence 4, no. 1 HGB.

The Supervisory Board is responsible for overseeing the preparation of the ESEF documents as part of the financial reporting process.

Auditor's responsibilities for the assurance work on the ESEF documents

» identify and assess the risks of material non-compliance with the requirements of Section 328 (1) HGB, whether due to fraud or error, design and perform assurance procedures responsive to those risks, and obtain assurance evidence that is sufficient and appropriate to provide a basis for our assurance conclusion.
» obtain an understanding of internal control relevant to the assurance engagement on the ESEF documents in order to design assurance procedures that are appropriate in the circumstances, but not for the purpose of expressing an assurance conclusion on the effectiveness of these controls.
» evaluate the technical validity of the ESEF documents, i.e. whether the electronic file containing the ESEF documents meets the requirements of the Delegated Regulation (EU) 2019/815 in the version applicable as at the balance sheet date on the technical specification for this electronic file.
» evaluate whether the ESEF documents enable an XHTML reproduction with content equivalent to the audited annual financial statements and to the audited combined management report.

Further information pursuant to Article 10 of the EU Audit Regulation

We were elected as auditor at the Annual General Meeting on 23 May 2024. We were engaged by the Supervisory Board on 19 September 2024. We have been the auditor of secunet Security Networks Aktiengesellschaft, Essen since the 2023 financial year.

We declare that the opinions expressed in this audit opinion are consistent with the additional report to the audit committee pursuant to Article 11 of the EU Audit Regulation (long-form audit report).

Other matter – use of the auditor's report

Our audit opinion should always be read in conjunction with the audited annual financial statements and the audited combined management report as well as the audited ESEF documents. The annual financial statements and the combined management report converted into the ESEF format – including the versions to be entered in the central register of companies – are merely electronic reproductions of the audited annual financial statements and the audited combined management report and do not replace them. In particular, the ESEF report and our audit opinion contained therein can only be used in conjunction with the audited ESEF documents provided in electronic form.

German public auditor responsible for the engagement

The German Public Auditor responsible for the engagement is Dr Marcus Falk.

Essen, 26 March 2025

BDO AG Wirtschaftsprüfungsgesellschaft

signed Marc Fritz signed Dr Marcus Falk Wirtschaftsprüfer Wirtschaftsprüfer (German Public Auditor) (German Public Auditor)

Responsibility statement

"To the best of our knowledge, and in accordance with the applicable accounting principles, the Annual Financial Statements give a true and fair view of the assets, liabilities, financial position and results of operations of the Company, and the Management Report includes a true and fair review of the development and performance of the business and the position of the Company, together with a description of the principal opportunities and risks associated with the expected development of the Company."

Essen, 25 March 2025

Axel Deininger Torsten Henn

Dr Kai Martius Jessica Nospers

5.Other Information

280 Remuneration report pursuant to Section 162 AktG
322 Independent auditor's report on the audit of the remuneration report pursuant to Section 162 of the German Stock Corporation Act (AktG)
324 Assurance report of the independent German public auditor on a limited assurance engagement in relation to the Group Sustainability Statement
330 Service

279

Remuneration report pursuant to Section 162 AktG

The remuneration report explains the remuneration of former and current members of the Management Board, the remuneration of members of the Supervisory Board of secunet Security Networks Aktiengesellschaft (hereinafter "secunet AG") in accordance with the Articles of Association in the 2024 financial year and the other benefits paid to the current members of the Management Board. It contains detailed information on the remuneration system which is necessary for understanding the disclosures, covering the remuneration of and benefits paid to members of the Management Board, the remuneration of members of the Supervisory Board and explanations of how the remuneration promotes the longterm development of secunet AG. Preparation of the remuneration report in accordance with Section 162 AktG is the responsibility of the Management Board and the Supervisory Board. The remuneration report and the auditor's report on the substantive audit carried out are available on the secunet AG website (www.secunet.com under >> About Us >> Investors >> Corporate Governance). Information on the respective current remuneration systems can also be found on the website.

Remuneration system of the members of the Management Board

Resolution on the approval of the remuneration system for the previous financial year 2023

The remuneration system, which has been in effect since the 2021 financial year, was presented for approval for the first time at the Annual General Meeting on 12 May 2021. The remuneration system presented was adopted with an approval rate of 97.44%. Pursuant to the provisions of Section 120a AktG, the Supervisory Board must present the remuneration system for approval at the Annual General Meeting whenever there is a significant change, but at least every four years.

There were no changes to the Management Board remuneration system in the 2023 financial year. The remuneration report prepared for the 2023 financial year in accordance with Section 162 AktG on the remuneration granted and owed to the current and former members of the Management Board and Supervisory Board of secunet AG in the 2023 financial year was approved by the Annual General Meeting on 23 May 2024 with a majority of 97.18% of the capital represented in accordance with Section 120a (4) AktG.

The Management Board and Supervisory Board see this vote as confirmation of the format of secunet AG's remuneration report, which will therefore essentially be retained for this remuneration report for 2024.

Remuneration system of the Management Board as of the 2024 financial year

On the occasion of a review of the remuneration of the members of the Management Board, the Supervisory Board resolved on 20 March 2024 to adjust the remuneration system with effect from 1 January 2024, in particular to introduce an additional, optional special bonus component with a multi-year assessment basis at the discretion of the Supervisory Board, which is intended to provide the opportunity for additional incentivisation of members of the Management Board to achieve ambitious targets (in particular with regard to value enhancement).

The new remuneration system will apply with effect from 1 January 2024 to all members of the Management Board whose employment contracts are newly concluded, extended or adjusted accordingly from the date on which this remuneration system is submitted to the Annual General Meeting for a resolution on the approval of the remuneration system. Remuneration entitlements for periods prior to 1 January 2024, including those from previously relevant regulations on variable remuneration, are based on the respective underlying contracts of the members of the Management Board, which were still concluded on the basis of the 2021 Management Board remuneration system.

The remuneration system in place since the 2024 financial year was submitted to the Annual General Meeting on 23 May 2024 for approval and approved with an approval rate of 93.20%.

General principles of remuneration

The system for the remuneration of Management Board members makes a significant contribution to implementation of the corporate strategy of secunet AG. The structure of the individual remuneration components is to be linked to the achievement of key Company targets. In this respect, Management Board remuneration is based in particular on longterm and sustainable growth, increased profitability, competitiveness and sustainability targets. Besides key financial indicators, it also takes non-financial performance indicators into account, which are equally essential to the long-term and sustainable success of the Company. These incentives align the interests of the Management Board with those of shareholders, employees, customers and other stakeholders for the benefit of the Company's successful development. The remuneration system also ensures that the members of the Management Board are remunerated appropriately according to their performance and respective area of responsibility.

When structuring the remuneration of the Management Board, the Supervisory Board takes into account the following principles in particular:

» Promotion of the corporate strategy
» Long-term and sustainable development
» Appropriateness
» Pay for performance
» Alignment with shareholder interests
» Market conformity
» Consistency of the remuneration system

Procedures for establishing, implementing and reviewing the remuneration system

General procedure

The remuneration system for the Management Board is determined by the Supervisory Board pursuant to the provisions of Sections 87 (1), 87a, and 107 (3), sentence 7 of the Stock Corporation Act. The Supervisory Board may, if necessary, make use of external consultants for developing the system. When appointing remuneration consultants, particular attention is paid to their independence.

In structuring the remuneration system, due consideration is given to the appropriateness of Management Board remuneration. When determining the variable remuneration parameters, the Supervisory Board also ensures consistency with the remuneration system in relation to the employees of secunet AG by fundamentally applying at least partially identical performance criteria for the variable remuneration of employees as for the Management Board.

The requirements of the German Stock Corporation Act and the recommendations of the German Corporate Governance Code in the version adopted on 28 April 2022 (GCGC 2022) for handling conflicts of interest in the Supervisory Board are also observed in the establishment, implementation and review of the remuneration system. Members of the Supervisory Board are required to disclose any potentially conflicting interests. In such cases, the members concerned shall not be involved in the items subject to conflict.

The present system for remuneration of the members of the Management Board of secunet AG has been in force since 1 January 2024. Remuneration granted and owed is based on the respective underlying contracts of the Management Board members.

Determination of the appropriate target remuneration by the Supervisory Board for the 2024 financial year

In keeping with the remuneration system, the Supervisory Board determines the amount of the total target remuneration for the individual members of the Management Board as well as the assessment basis or performance criteria for the variable remuneration components. In this context, care is taken to ensure that the total target remuneration is commensurate with the duties and performance of the Management Board member as well as the situation of the Company, is geared towards the long-term and sustainable development of the Company and does not exceed the customary remuneration without special reasons. When assessing the customary level of remuneration of the respective Management Board member, both the comparable external corporate environment (horizontal comparison) and the internal Company remuneration (vertical comparison) are taken into account:

Horizontal comparison

In horizontal terms, reference is made to an appropriate comparison group (so-called peer group) when determining the remuneration level. Generally, the peer group is selected using the criteria of sales, market capitalisation, balance sheet total, company location, number of employees and sector comparability. Against the background of the Company's specialisation in IT security solutions, the Supervisory Board normally takes into account a representative number of comparable IT companies headquartered in Germany as the peer group.

Vertical comparison

In the vertical comparison, the appropriateness of the remuneration is reviewed with due regard to the remuneration of the group of senior executives (in the sense of the first level below the Management Board without the central divisions (secunet Services and staff departments)) and the relevant total workforce, also taking into account the development of remuneration over time.

The target remuneration of the Management Board members for the 2024 financial year is as follows:

Remuneration component (in euros)	Deininger (full member of the Manage ment Board from 1 January 2018 to 31 May 2019, Chairman of the Manage ment Board since 1 June 2019)	Henn (full member of the Manage ment Board since 1 June 2019)	Dr Martius (full member of the Manage ment Board since 1 June 2019)	Pleines (full member of the Manage ment Board until 31 May 2024)	Nospers (full member of the Manage ment Board since 1 June 2024)
Basic remuneration	320,000.00	231,249.96	231,249.96	104,166.65	145,833.31
Fringe benefits 1	39,600.00	26,179.23	28,805.13	10,685.85	17,382.87
Short-term variable remuneration	155,000.00	111,667.00	111,667.00	41,667.00	70,000.00
Long-term variable remuneration – LTI I	165,000.00	119,583.00	119,583.00	45,833.00	75,833.00
Long-term variable remuneration – LTI II	320,000.00	250,000.00	250,000.00	-	223,958.33
Pension benefits 2	35,933.00	22,583.33	22,583.33	-	22,500.00
Total	1,035,533.00	761,262.52	763,888.42	202,352.50	555,507.51

1 In the case of fringe benefits, the actual value of the financial year is used, as no cap amount has been established here.

2 Deininger and Pleines: allocation in accordance with IFRS to the pension provisions for direct pension commitments; Henn, Dr Martius and Nospers: pension remuneration for indirect pension commitments

Due to an increase in the basic remuneration and an increase in the previous components of the short-term and long-term variable remuneration as well as the inclusion of a multi-year special bonus, target remuneration increased by an average of 39% compared to the previous year. Excluding the special multi-year bonus, the increase amounts to 11%.

The options existing in the remuneration system for deviating from the remuneration system were not exercised in determining the target remuneration for the financial year nor in determining the remuneration granted and owed.

The Supervisory Board considers the remuneration for the 2024 financial year to be appropriate.

Overview of the remuneration system structure

The remuneration of the members of the Management Board comprises performance-based and non-performance-based components. An overview of the remuneration system is outlined below:

Remuneration system at a glance

Remuneration component		Purpose	Contractual design
Non-performance based components	Basic remuneration	Assurance of an appropriate income under consideration of the portfolio or duties of the board member	Fixed contractually agreed remuneration paid in twelve equal monthly instalments
	Fringe benefits	Assumption of costs / compensation for disadvantages	Benefits in kind and other benefits; essentially the remuneration in the event of illness, and death grants.	granting of private use of company cars and insurance allowances (accident insurance, allowances for health, long-term care and pension insurance), conclusion of a D & O insurance policy as well as continued payment of
	Pension commitment	Establishment of private pension assets	Different pension commitments depending on the date of joining the Management Board: lifelong pension with surviving dependants' benefits or payment of a monthly pension contribution.
			For one Management Board member who was already appointed to the Company's Management Board in 1999, a defined benefit pension commitment applies in accord ance with the pension scheme of Rheinisch-Westfälischer TÜV (RWTÜV) in its currently valid version, with the pensionable remuneration as the assessment parameter being individually capped.
			For the Management Board member appointed in 2017, a defined contribution: a module-based pension com mitment in the form of a direct commitment with a fixed annual pension module applies.
				For the other members of the Management Board who joined after this date and for any new Management Board members joining in the future who are to be remu nerated in accordance with this remuneration system, a defined contribution plan applies, which is generally im plemented externally and provides for an annual pension contribution in the amount of a specific percentage of the contractually regulated pensionable annual income.
Performance-based components	Short-term (one-year) variable remuneration	Achievement of Com pany targets for the current financial year	Type	Bonus (paid in cash)
		Focus on the opera tional success of the Company and steady cash flow
			Assessment period	Financial year
			Bonus cap	200% of target achievement 200% payment of target value

Remuneration component		Purpose	Contractual design
Performance-based components	Short-term (one-year) variable remuneration	Achievement of Com pany targets for the current financial year Focus on the opera tional success of the Company and steady cash flow	Type	Bonus (paid in cash)
			Performance criteria	Financial Company targets related to the financial year (e. g. earnings target (EBITDA) and growth target (sales)), where the targets and their weighting can be redefined for each financial year
			Possibility of adjustment for special effects / possibility of adjustment in the event of extraordi nary developments	Possibility of adjusting the target achievement meas urement for special effects; adjustment by decreasing or increasing the calculated bonus by up to 20% possible in the event of extraordinary developments, but limited by the bonus cap; if the calcu lated payout amount is zero, an increase to up to 10% of the target bonus amount can be made
			Payout	In the following financial year, one month after approval of the Consolidated Financial Statements for the respective previous financial year
	Long term (multi-year) variable remuneration	Incentive to sustain ably increase the Company's success Special considera tion of shareholder interests Alignment with the capital market performance of secunet AG, e. g. in comparison with a benchmark index	Plan type	Virtual (forward-looking) Performance Share Plan I (cash payout)
			Assessment period	Four years
			Limitation / Cap	150% of target achievement 200% payment of target amount
			Performance criteria	Capital market target, e. g. relative total shareholder return (TSR) compared to benchmark index
				Strategic targets
				Environmental, social, governance (ESG) targets / sustainability targets

	Purpose	Contractual design
Long term (multi-year) variable remuneration	Incentive to sustain ably increase the Company's success Special considera tion of shareholder interests Alignment with the capital market performance of secunet AG, e. g. in comparison with a	Plan type	Virtual (forward-looking) Performance Share Plan (cash payout)
	benchmark index	Possibility of adjustment for special effects / possibility of adjustment in the event of extraordi nary developments	Possibility of adjusting the target achievement meas urement for special effects; adjustment by decreasing or increasing the calculated PSP payout amount by up to 20% possible in the event of extraordinary developments, but limited by the cap; if the calculated PSP payout amount is zero, an increase to up to 10% of the target amount of Performance Share Plan I can be made
		Payout	Payment in cash with the next possible salary state ment after approval of the Company's Consolidated Financial Statements follow ing the end of the respective performance period, but not later than 31 December of the financial year following the end of the performance period
Multi-year special bonus based on a Performance Share Plan II	Creation of additional incentives to achieve certain strategic goals in the long term and increase the Company's value growth	Type	Special bonus based on a virtual (forward-looking) Performance Share Plan II (paid out in cash) Not a regular variable remu neration component: award ed only at the discretion of the Supervisory Board, based on a separate special bonus agreement with a member of the Management Board
		Assessment period for performance criteria Holding period with performance linked to the share price	Three years Number of virtual shares after the end of the three-year assessment period are held for one year from the end of the assessment period and paid out after the end of the one-year period according to the share price
		Maximum target achievement	200 %
		Payout cap	200 % of the target amount

Remuneration component		Purpose	Contractual design
	Multi-year special bonus based on a Performance Share Plan II	Creation of additional incentives to achieve certain strategic goals in the long term and increase the Company's value growth	Type	Special bonus based on a virtual (forward-looking) Performance Share Plan II (paid out in cash) Not a regular variable remu neration component: award ed only at the discretion of the Supervisory Board, based on a separate special bonus agreement with a member of the Management Board
			Performance criteria	Four strategic key performance indicators: • Sales, • EBITDA, • Free Cash Flow (FCF) and • TSR versus benchmark index. Other strategically rele vant KPIs of the respective Management Board portfolio can be provided in addition to or instead of the afore mentioned key performance
				indicators, but at least 4 per formance criteria in total
			Possibility of adjustment for special effects / possibility of adjustment in the event of extraordi nary developments	Adjustment by decreasing or increasing the calculated PSP payout amount by up to 20% possible in the event of extraordinary develop ments, but limited by the cap; if the calculated PSP payout amount is zero, an increase to up to 10% of the target amount of Performance Share Plan II can be made
			Payout	Payment in cash with the next possible salary statement after approval of the Com pany's Consolidated Financial Statements following the end of the holding period
Other remuneration arrangements	Maximum remuneration	Inappropriate levels of disbursement are avoided	The maximum possible remuneration amount under and at 1,250,000 euros gross per year (including any tion may be agreed contractually	this remuneration system is set at 1,650,000 euros gross per year for the Chairman of the Management Board annually prorated multi-year special bonus based on a Performance Share Plan II) for each of the other members of the Management Board; a lower maximum remunera
	Malus and clawback	Compliance Rectification of incorrect bases	Partial or complete reduction (malus) or recovery duty	(clawback) of the variable remuneration if the variable remuneration is determined on the basis of incorrect data or in case of intentional or grossly negligent breach of
	Early termination of contract	Limitation of inappropriately high severance payments in case of (early) termination of contract	Linking clause with severance pay entitlement (limited to max. two years' salary or remuneration for the remaining term) So-called good leaver / bad leaver arrangements in relation to outstanding tranches under the Performance Share Plan I and in relation to multi-year special bonuses on the basis of a Performance Share Plan II in the event of departure before the end of the assessment period or holding period

Structure of the remuneration elements in detail

The remuneration system comprises all non-performance-based (fixed) and performance-based (variable) remuneration components, the sum of which constitutes the total remuneration of the respective Management Board members and is presented below in its individual components. The non-performance-based fixed remuneration consists of basic remuneration as well as benefits in kind and other benefits (so-called fringe benefits) as well as pension benefits. The performance-based remuneration of the Management Board members comprises a short-term and a long-term variable component. The short-term variable remuneration is paid in the form of a bonus. The long-term variable remuneration is based on a (virtual) Performance Share Plan I and – at the discretion of the Supervisory Board – possibly also a multi-year special bonus based on a Performance Share Plan II.

In this remuneration structure, the target level of long-term variable remuneration exceeds the target level of short-term variable remuneration.

In years for which no multi-year special bonus is awarded on the basis of a Performance Share Plan II, the basic remuneration amounts to between 50% and 55% of the target direct remuneration (i. e. excluding fringe benefits and company pension benefits), depending on the member of the Management Board. The short-term variable remuneration (bonus) represents approximately 21% to 25% of the target direct remuneration (i. e. excluding fringe benefits and company pension benefits), while the long-term variable remuneration (Performance Share Plan) contributes between approximately 23% and 26% to the target direct remuneration (i. e. excluding fringe benefits and company pension benefits), thereby ensuring that long-term variable remuneration exceeds short-term variable remuneration in the target amounts (i. e. for 100% target achievement).

The share of the fixed remuneration components in the total target remuneration for one year (i. e. including fringe benefits and company pension benefits) thus lies, in years without a multi-year special bonus, between 55% and 62%, with the performance-based variable remuneration components being set at the value for 100% target achievement, while the variable remuneration components account for between 38% and 45% of the total target remuneration.

In years for which an additional multi-year special bonus is awarded on the basis of a Performance Share Plan II, the basic remuneration amounts to between about 43% and 46% of the target direct remuneration (i. e. excluding fringe benefits and company pension benefits 3 ), depending on the member of the Management Board, and the short-term variable remuneration (bonus) in this case corresponds to approx. 18% to 21% of the target direct remuneration (i. e. excluding fringe benefits and company pension benefits), while the long-term variable remuneration based on Performance Share Plan I and the multi-year special bonus based on a Performance Share Plan II (the latter estimated at one third of the target amount) contributes between approximately 36% and 37% to the target direct remuneration (i. e. excluding fringe benefits and company pension benefits), though in this case, i. e. taking into account the multi-year special bonus based on a Performance Share Plan II, the long-term variable remuneration exceeds the short-term variable remuneration even more significantly in the target amounts (i. e. with 100% target achievement).

³ On the basis of an IAS 19 valuation

The share of the fixed remuneration components in the total target remuneration for a year (i. e. including fringe benefits and company pension benefits) is thus between around 47% and 51% in years to which a pro rata multi-year special bonus based on a Performance Share Plan II is allocated (where the performance-related variable remuneration components are recognised at the value for 100% target achievement), while the variable remuneration components, including a pro rata multi-year special bonus based on a Performance Share Plan II, account for between approx. 49% and 53% of the total target remuneration.

Minor shifts of a few percentage points may occur due to fluctuating valuations of the pension costs and fringe benefits (which, for the purposes of the percentage shares of the target total remuneration stated here, were set at a lump sum amount based on past experience with a small supplement) and pension costs.

	Financial year	Year 3	Year 4
Non-performance-based remuneration 55-62% of the target total remunera tion in years without a multi-year special bonus / 43-46% of the target total remuneration for years with a multi-year special bonus	Fixed remuneration (basic remuneration/ fringe benets/ pension commitment)
Performance-based remuneration 47-51% of the target total remunera tion in years without a multi-year special bonus / 49-53% of the target total remuneration in years with a multi-year special bonus	Short-term variable remuneration (bonus)
	Long-termvariable remuneration (Performance Share Plan)
	Optional multi-year special bonus	performance	One-year holding period linked to the share price

Non-performance-based (regular) remuneration

Basic remuneration

The basic remuneration is a fixed cash remuneration based on the full year and paid in twelve equal monthly instalments. The amount of the respective basic remuneration is based on the role on the Management Board (Chairman, Vice Chairman, ordinary member), the area of responsibility, the experience and the position of the respective Management Board member.

The basic remuneration for 2024 is as follows:

Basic remuneration (in euros)	2024	2023
Deininger (Chairman of the Management Board since 1 June 2019)	320,000.00	270,000.00
Henn (full member of the Management Board since 1 June 2019)	231,249.96	205,000.00
Dr Martius (full member of the Management Board since 1 June 2019)	231,249.96	205,000.00
Pleines (full member of the Management Board until 31 May 2024)	104,166.65	250,000.00
Nospers (full member of the Management Board since 1 June 2024)	145,833.31	-
Total	1,032,499.88	930,000.00

Fringe benefits

In addition, each member of the Management Board receives benefits in kind and other benefits (so-called fringe benefits). These essentially include the granting of private use of company cars, continued payment of remuneration in the event of illness and allowances for insurance. In particular, Management Board members receive accident insurance as well as allowances for private health, long-term care and pension insurance and participate in a D & O insurance policy (with the usual deductible provided for by law). In addition, a death grant is paid to their dependants in the event of their death. All members of the Management Board are essentially entitled to the same benefits in kind, although the amount may vary depending on their personal situation. The taxes attributable to the pension and accident insurance allowances are borne by the Company. The Supervisory Board may grant other or additional fringe benefits customary in the market, such as the possibility of private use of company mobile devices or, in the case of newly appointed members, the assumption of relocation costs.

Pension commitment (benefits in the event of regular termination of employment)

The Company provides a pension commitment to the members of the Management Board. Depending on the date of appointment of the Management Board member, there are performance-related, contribution-related and indirect commitments. In particular, the following agreements have been made:

The pension commitment for the Chairman of the Management Board, Mr Deininger, is based on a direct commitment from 2017 with a fixed annual pension component (defined contribution), which is credited to a personal pension account. The pension module allocated annually to the pension account is determined on the basis of a fixed notional pension contribution and an age-related actuarial transformation factor valid at the time of annual allocation. The sum of the earned pension components results in the pension capital to which the Management Board member is entitled upon reaching the age of 67 and which at the same time forms the assessment basis for pension benefits to be paid prematurely, namely due to early retirement benefits (from the age of 62 at the earliest), disability benefits and benefits to surviving dependants in the event of death.

If the Management Board member leaves the Management Board prior to the occurrence of a pension event, the entitlement to pension benefits achieved at that time shall be maintained in the amount of the pension modules earned at that time. Irrespective of this, there is a minimum survivor benefit, which in principle amounts to twice the relevant annual fixed salary of the Management Board member in accordance with the employment contract when the insured event occurs. In the event of early retirement before the requirements for the payment of a pension benefit are met, the minimum survivor benefit based on twice the annual fixed salary last paid by the Company is multiplied by the ratio of the actual length of service from entry into service to the possible length of service up to the fixed retirement age. In principle, the Management Board member can choose between payment as a onetime capital benefit or as a regular monthly pension, where in the latter case the Company can redefine the implementation method (for example, through a pension fund). In addition, the Management Board member is entitled to pension benefits from a previous pension commitment as an employee (in the form of a defined contribution plan).

Mr Pleines' pension is based on a defined benefit pension commitment from 1999 in accordance with the pension scheme of Rheinisch-Westfälischer TÜV in the currently valid version, from which he is entitled to a retirement pension or, if applicable, to an early retirement pension upon reaching a certain age limit or an occupational or disability pension or a widower's / widow's pension, with the pensionable remuneration as the assessment parameter being individually capped.

	Pension cost		Defined benefit obligation (DBO)
in euros	2024	2023	2024	2023
Current members of the Management Board
Deininger	35,933.00	36,678.00	487,066.00	458,775.00
Pleines	-	28,690.00	-	937,162.00
Gesamt	35,933.00	65,368.00	487,066.00	1,395,937.00
Members of the Management Board who left during the financial year
Pleines	0.00	-	857,845.00	-

The allocations to pension provisions determined in accordance with IFRS regulations and the total amounts accrued under IFRS are shown in the following table.

For the other members of the Management Board, there are indirect pension commitments in the form of a lifelong pension with surviving dependants' benefits, which is managed externally. For these purposes, secune AG pays an annual contribution (2024: 67,666.66 euros; previous year: 24,400 euros) in the amount of 6% of the fixed annual salary (basic remuneration) plus the target value of the short-term one-year variable remuneration (bonus) and plus the target value of the long-term variable remuneration (Performance Share Plan I) (previous year: 4% of the fixed annual amount plus the target value of the short-term one-year variable remuneration). The pension commitment comprises old-age pension benefits and benefits to surviving dependants in the event of death. In the event of the premature departure of a Management Board member, any pension benefit is maintained. The amount of the entitlement acquired up to that point corresponds to the benefits from the reinsurance exempted from premium payment at the time of departure. With regard to payment of the pension benefit, the member of the Management Board can generally choose between payment as a one-time capital benefit or as a regular monthly pension, with the Management Board member and his surviving dependants remaining bound by the decision regarding payment once it has been made. In the event of death of the Management Board member before drawing an old-age pension benefit, the surviving spouse as beneficiary receives a one-off capital payment as a survivor benefit. Regular pension benefits are increased annually by at least 1% of their last payment amount, commencing one year after the start of payment. If profit participation from the reinsurance policy taken out by the provident fund results in a higher adjustment, this higher adjustment shall be granted.

Performance-based (variable) remuneration

The variable remuneration is intended to promote sustainable development of the Company and the ambitious strategic orientation of secunet AG by focusing on both short-term and long-term success. The performance-related variable remuneration consists of the shortterm bonus and the long-term variable remuneration from the Performance Share Plan I and, if applicable, a multi-year special bonus based on a Performance Share Plan II.

The parameters for short-term (bonus) and long-term (Performance Share Plan I and, if applicable, multi-year special bonus based on a Performance Share Plan II) variable remuneration differ primarily with regard to the assessment period and the respective performance criteria. While the bonus is based exclusively on financial performance criteria, the Performance Share Plan also takes into account non-financial targets (in particular ESG or sustainability targets) over a four-year assessment period. In the case of any multi-year special bonus based on a Performance Share Plan II, ambitious strategic value enhancement targets based on at least four measurable KPIs over an assessment period of three years are also taken into account; any multi-year special bonus based on a Performance Share Plan II is also linked to the share price performance during a one-year holding period following the assessment period for the performance criteria.

When selecting the respective performance criteria, the Supervisory Board pays attention to measurability, at least in the case of the financial performance criteria, as well as to strategic relevance, which means the key performance indicators are geared in particular to the growth and increase in profitability of secunet AG. To the extent that non-financial performance criteria are assessed on a discretionary basis, the Supervisory Board shall ensure that the assessment is transparent. The consideration of various performance categories under the Performance Share Plan I ensures a holistic and comprehensive representation of the Company's success.

When measuring target achievement, the Supervisory Board can adjust the targets underlying the financial performance criteria of all variable remuneration components (including any multi-year special bonus based on a Performance Share Plan II) for effects from special factors, in particular effects from or in connection with transactions, from the reduction in the number of consolidated companies or other changes in the scope of consolidation, restructuring measures (including in the years following the restructuring) and strategic reorganisations. The Supervisory Board can also adjust for one-off special effects for which the Management Board is not responsible, which were not budgeted and are therefore not included in the calculation of the target values.

In addition, even after the relevant performance criteria and targets have been set, the Supervisory Board may, in justified special cases, take appropriate account of extraordinary developments when determining target achievement for all variable remuneration components (including any multi-year special bonus based on a Performance Share Plan II). In the event of extraordinary developments, this may lead to an increase (but not exceeding the respective cap for the variable remuneration component) as well as to a reduction of the variable remuneration component by up to 20% in each case; if the variable remuneration component is zero, the Supervisory Board may increase it to up to 10% of the respective target amount in order to take appropriate account of extraordinary developments. Extraordinary developments during the year include, in particular, unusually far-reaching changes in the economic environment, provided that neither they nor their concrete effects were foreseeable. In contrast, any normal fluctuations in market developments are not considered to be extraordinary developments. The option of reduction pursuant to Section 87 (2) of the German Stock Corporation Act shall remain unaffected.

Short-term variable remuneration (bonus)

The one-year variable remuneration (bonus) aims to reward the respective contribution to the operational implementation of secunet AG's strategy within a specific financial year.

The target achievement for the bonus in the 2024 financial year is determined on the basis of the financial targets for the Company, namely the earnings target (Group EBITDA; previous year: Group EBIT) and the growth target (Group sales revenue). The Company's financial targets as well as the relevant financial target values are set annually with the approval of annual planning. For the 2024 financial year, the EBITDA target was set at 52.0 million euros and the sales target at 390.0 million euros. Both targets are weighted equally (50% each). Performance measurement for each of the defined performance targets is based on the ratio of the achieved result at the end of the financial year to the respective planned target. The bonus is based on a target amount defined in the employment contract, assuming 100% target achievement. The total payout amount from the bonus is capped at 200% of the target amount (bonus cap).

Before the beginning of each financial year, the Supervisory Board determines for each target a target value derived from the budget (with 100% target achievement being assumed if this is reached) as well as a target corridor with a minimum value and a maximum value. If the target value for a set target is reached, the target achievement level is 100% in each case. The minimum value forms the lower end of the target corridor, at which the target achievement level is 50% for the respective target. The maximum value forms the upper end of the target corridor, at or above which the target achievement level is 200% for the respective target. If the value achieved in respect of a target falls below the minimum value, the target achievement level for this target corresponds to 0%. If the value achieved in respect of a target exceeds the minimum value but does not reach the target value, or if the value achieved exceeds the target value but does not reach the maximum value, the target achievement level for the target in question is determined by linear interpolation between the respective minimum and target values or between the respective target and maximum values.

In accordance with the relative weighting of the target categories, an overall target achievement level is determined from the calculated individual target achievement levels, on the basis of which the payout amount, limited by the bonus cap, is calculated with the aid of the bonus target amount:

Total target achievement level x bonus target amount = bonus payout amount (not exceeding the bonus cap)

Target achievement is determined for each year as part of the Consolidated Financial Statements of secunet Group. Any bonus shall be paid for the respective past financial year in the month following the approval of the Consolidated Financial Statements in the financial year following the financial year to which the bonus relates.

Short-term variable remuneration (bonus) Achievement of targets for the financial performance criteria

Company financial target	Weighting	Threshold value for 50% target achievement	Target value for 100% target achievement	Threshold value for 200% target achievement	Result 2024	Target achievement in %
EBITDA (in million euros)	50 %	43.30	52.00	62.40	60.30	179.9 %
Sales (in million euros)	50 %	357.50	390.00	422.50	406.40	150.3 %

For the 2024 financial year, this results in the following overall target achievement for the bonus:

		Target achievement EBIT (50%	Target achievement Sales revenue	Overall target
in euros	Target amount	weighting)	(50% weighting)	achievement	Bonus amount
Deininger (Chairman of the Management Board since 1 June 2019)	155,000.00	180 %	150 %	165.1 %	255,905.00
Henn (full member of the Management Board since 1 June 2019)	111,667.00	180 %	150 %	165.1 %	184,361.67
Dr Martius (full member of the Management Board since 1 June 2019)	111,667.00	180 %	150 %	165.1 %	184,361.67
Pleines (full member of the Management Board until 31 May 2024)	41,667.00	180 %	150 %	165.1 %	68,791.67
Nospers (full member of the Management Board since 1 June 2024)	70,000.00	180 %	150 %	165.1 %	115,570.00
Total	490,001.00	180 %	150 %	165.1 %	808,990.01

The bonus is paid in the subsequent year following the approval of the Consolidated Financial Statements.

Payment of the short-term variable remuneration for the 2023 financial year

The short-term variable remuneration paid after the approval of the 2023 Consolidated Financial Statements on 20 March 2024 for the 2023 financial year is to be included in the remuneration granted and owed in the 2024 financial year in accordance with Section 162 (1) AktG.

The short-term variable remuneration for the 2023 financial year is based on the remuneration system that has been in force since the 2021 financial year.

For the 2023 financial year, Group EBIT was set at 43.0 million euros (target achievement of 58% with a target EBIT of 50.0 million euros) and Group sales revenue at 393.7 million euros (target achievement of 130% with a target sales revenue of 374.9 million euros). This led to bonus payments as follows:

in euros	Target amount	Target achievement EBIT (50% weighting)	Target achievement Sales revenue (50% weighting)	Overall target achievement	Bonus amount
Deininger (Chairman of the Management Board since 1 June 2019)	130,000.00	58 %	130 %	93.8 %	121,951.00
Henn (full member of the Management Board since 1 June 2019)	100,000.00	58 %	130 %	93.8 %	93,808.00
Dr Martius (full member of the Management Board since 1 June 2019)	100,000.00	58 %	130 %	93.8 %	93,808.00
Pleines (Full member of the Management Board until 31 May 2024)	100,000.00	58 %	130 %	93.8 %	93,808.00
Total	430,000.00	58 %	130 %	93.8 %	403,375.00

The payment was made in April 2024.

Long-term variable remuneration (Performance Share Plan I)

Overview of the functional principle of the Performance Share Plan I

The Performance Share Plan I of secunet AG implements the recommendations of the GCGC 2022 with regard to the granting of share-based variable remuneration components, including the four-year blocking period for long-term remuneration components (GCGC 2022).

The Performance Share Plan I is divided into three consecutive steps, beginning with the allocation of virtual shares, followed by the measurement of target achievement during the four-year forward-looking performance period, and ending with determination of the payout amount.

In the first step, a tranche of virtual shares (performance shares) is allocated annually. This is done by converting the contractually agreed target amount into virtual shares in accordance with the initial price of the secunet share (commercially rounded to the nearest full number of virtual shares). The initial price corresponds to the average Xetra closing price of the secunet share – rounded to two decimal places – on the last 30 trading days before the start of the respective performance period. Allocation of the virtual shares takes place on 1 January of each year. The four-year assessment period for the respective tranche also begins at this time. It ends on 31 December of the third following year (four-year performance period).

For the performance share tranches issued or current in the 2024 financial year, the virtual shares (performance shares) shown in the following overview were provisionally allocated to the members of the Management Board:

Long-term variable remuneration – allocated virtual shares

LTI tranche 2024	Allocation value (€)	Allocation price (€) (Ø price of the secunet share)	Number of provisionally allocated virtual shares	Maximum pos sible number of virtual shares (150% target achievement)
Deininger (Chairman of the Management Board since 1 June 2019)	165,000.00	142.69	1,156	1,734
Henn (full member of the Management Board since 1 June 2019)	119,583.00	142.69	838	1,257
Dr Martius (full member of the Management Board since 1 June 2019)	119,583.00	142.69	838	1,257
Pleines (Full member of the Management Board until 31 May 2024)	45,833.00	142.69	321	482
Nospers (full member of the Management Board since 1 June 2024)	75,833.00	142.69	531	797
Total	525,832.00	142.69	3,684	5,527
	Allocation	Allocation price (€) (Ø price of the	Number of provisionally allocated	Maximum pos sible number of virtual shares (150% target

LTI tranche 2023	value (€)	secunet share)	virtual shares	achievement)
Deininger (Chairman of the Management Board since 1 June 2019)	140,000.00	209.29	669	1,004
Henn (full member of the Management Board since 1 June 2019)	105,000.00	209.29	502	753
Dr Martius (full member of the Management Board since 1 June 2019)	105,000.00	209.29	502	753
Pleines (Full member of the Management Board until 31 May 2024)	110,000.00	209.29	526	789
Total	460,000.00	209.29	2,199	3,299

LTI tranche 2022	Allocation value (€)	Allocation price (€) (Ø price of the secunet share)	Number of provisionally allocated virtual shares	Maximum pos sible number of virtual shares (150% target achievement)
Deininger (Chairman of the Management Board since 1 June 2019)	140,000.00	400.98	349	523
Henn (full member of the Management Board since 1 June 2019)	105,000.00	400.98	262	393
Dr Martius (full member of the Management Board since 1 June 2019)	105,000.00	400.98	262	393
Pleines (Full member of the Management Board until 31 May 2024)	110,000.00	400.98	274	411
Total	460,000.00	400.98	1,147	1,720

LTI tranche 2021	Allocation value (€)	Allocation price (€) (Ø price of the secunet share)	Number of provisionally allocated virtual shares	Maximum pos sible number of virtual shares (150% target achievement)
Deininger (Chairman of the Management Board since 1 June 2019)	140,000.00	246.43	568	852
Henn (full member of the Management Board since 1 June 2019)	105,000.00	246.43	426	639
Dr Martius (full member of the Management Board since 1 June 2019)	105,000.00	246.43	426	639
Pleines (Full member of the Management Board until 31 May 2024)	110,000.00	246.43	446	669

In the second step, performance is measured on the basis of the performance targets in three performance categories, taking into account their relative weighting over a forward-looking performance period of four years.

In the third step, the final number of virtual shares is determined according to the overall target achievement level and the payout amount is calculated on this basis. For this purpose, the annual target achievement levels for the four years of the performance period are first determined. These are derived from the sum of the target achievement levels for the three performance categories, taking into account their relative weighting, with the target achievement level for each performance target being limited to 150%. The average overall target achievement level for the performance period is then determined on the basis of the annual target achievement levels.

The payout amount corresponds to the product of the final number of performance shares and the sum of the arithmetic mean of the Xetra closing prices on the last 30 trading days before the end of the performance period (commercially rounded to two decimal places) and the dividends paid per share during the performance period. No interest is calculated for the dividends, nor are they reinvested. The payout amount is limited to 200% of the target amount. In the event of a capital increase from Company funds or a capital reduction without repayment of contributions, the number of performance shares allocated shall increase or decrease in the same proportion as the total amount of the share capital. In the case of other measures under company law that affect the value of a share, the Supervisory Board shall adjust the initially allocated number of performance shares in such manner as is reasonably necessary to take account of the relevant measure.

In principle, the annual measurement of the performance targets over the four-year performance period is carried out as follows:

The payout amount will be paid with the next possible salary statement after approval of the Company's Consolidated Financial Statements following the end of the respective performance period, but not later than 31 December of the financial year following the end of the performance period.

Performance criteria of the Performance Share Plan I in detail

The Performance Share Plan links target achievement to three performance categories, namely (i) a capital market target, generally based on the relative total shareholder return (TSR) compared to a peer group, (ii) at least one strategic target and (iii) sustainability targets or environmental, social, governance (ESG) targets. These three performance categories are in principle weighted at (i) 30%, (ii) 40%, (iii) 30%. The specific targets within the performance categories and their weighting in relation to each other can be redefined with each new performance period (new individual targets can be defined annually for the sustainability and ESG targets).

The three performance criteria are summarised as follows:

Performance criteria	Influence on the corporate strategy
Capital market, e. g. relative TSR (generally 30%)	For example, relative performance measurement and incentivisation for long-term outperformance on the capital market
Strategic target (generally 40%)	For example, incentivising profitable and profit-oriented management
	For example, generating long-term and sustainable growth by achieving the strategic targets of secunet AG
ESG / Sustainability (generally 30%)	Holistic implementation of the sustainability strategy relevant to secunet AG, taking account of employee interests, com pliance structures and environmental and social issues by setting relevant sustainability targets on an annual basis

» The capital market target is included in the long-term variable remuneration with a basic weighting of 30% and is an external performance criterion geared to the capital market. In particular, the relative total shareholder return comes into consideration as the capital market target. This takes into account the share price performance of secunet AG plus notionally reinvested gross dividends during the four-year assessment period compared to a benchmark index.

The relative performance measurement of the TSR directly links the interests of the Management Board with those of the shareholders. In this way, long-term outperformance on the capital market and thus the attractiveness of the capital investment for shareholders are particularly incentivised. In principle, the TecDAX is to be used as the benchmark index for measuring the TSR, as long as this constitutes an adequate peer group for secunet AG as an IT service company. However, the Supervisory Board may also use a different suitable stock exchange index as a benchmark if the Company were to be listed in another index in the future.

To calculate the TSR of the secunet AG share and the relevant benchmark index, the arithmetic mean of the Xetra closing prices over the last 30 trading days before the start of each year of the performance period and over the last 30 trading days before the end of the respective year of the performance period is determined for each year of the performance period. The annual TSR of the secunet AG share thus calculated is compared with the annual TSR of the benchmark index. The notionally reinvested gross dividends of the secunet shares are also taken into account when determining the arithmetic mean of the closing prices at the end of the respective year.

TSR target achievement is 100% if the TSR performance of the secunet share equals the TSR performance of the benchmark index. If the TSR performance of the secunet share is 10 percentage points below the TSR performance of the benchmark index, the target achievement is 50% (minimum threshold). If the TSR performance of the secunet share is 15 percentage points or more above the TSR performance of the benchmark index, the target achievement is 150% (cap). If the TSR performance falls below the minimum threshold, the target achievement is 0%. The levels of target achievement between the defined reference values are determined by linear interpolation. When each new tranche of performance shares is issued, the Supervisory Board may redefine the target or threshold values for determining the target achievement levels.

» As a further performance category, strategic objectives are included in the assessment, generally with a weighting of 40%. The strategic objective is initially based on the strategic target of sales growth in the sense of a sustainable increase in the share of business both in the private sector and in the international environment. The background to this is the incentive to align secunet AG in a profit-oriented manner and thus ensure longterm profitability. In this context, appropriate account is taken of secunet AG's strategic orientation, particularly with regard to securing and expanding its good market position with German public authorities, expanding business in the (national) private sector as well as internationalisation.

Against this backdrop, the strategic target is initially assessed on the basis of the planned sales figures in the Business and International segments. For this purpose, target sales values are set for these segments as well as a minimum threshold and a maximum threshold. If the sales volume falls below the minimum threshold, the target achievement is 0%. If the minimum threshold is reached, the target achievement for the strategic target is 50%. If the target value is reached, the target achievement level is 100%. If the maximum threshold is reached or exceeded, the target achievement is 150% (cap). Between the individual target or threshold values, the level of target achievement is determined by linear interpolation.

When each new tranche of performance shares is issued, the Supervisory Board may redefine the specific strategic targets – including targets other than the aforementioned sales growth targets – or the thresholds for determining the target achievement levels.

» As an integral element of corporate strategy, the topic of sustainability is also reflected in the long-term variable remuneration as a performance criterion, generally with a weighting of 30%. As an innovation and market leader in the field of IT security solutions, secunet AG is committed to the goal of contributing to societal development and economic sustainability – particularly in the thematic cluster of IT security and combating cybercrime – through high-performance software and hardware products and services as well as state-of-the-art corporate structures. In doing so, the Supervisory Board focuses primarily on the needs of the employees, an effective compliance strategy and consideration of environmental and social issues.
» Against this backdrop, the Supervisory Board usually defines up to three different sustainability or ESG targets each year. Examples include diversity targets within the workforce, junior staff development and the attractiveness of secunet AG as an employer, occupational health and safety, as well as training and further education goals. Attention to environmental concerns or the creation and maintenance of compliance structures, for example, can also be included in the performance category.

The progress of the corresponding measures in the area of the relevant annual sustainability targets is assessed at yearly intervals (in particular on the basis of a sustainability report) and the respective performance of the Management Board member is evaluated on a scale from 50% to 150%, with the aim of achieving the ability to measure target achievement as far as possible. To the extent that measurability of target achievement is not ensured, the Supervisory Board shall determine target achievement in relation to all sustainability /ESG targets at its due discretion. If the minimum performance of 50% of the sustainability targets set is not achieved, the target achievement is 0%. It is not possible to exceed the 150% threshold.

The following presentation shows the annual target achievement levels of the performance criteria for the PSP tranches valid in the 2024 financial year. There were no changes in the performance categories in the 2024 financial year compared with the previous year.

PSP tranche 2024	Performance criterion	Weighting	Threshold value for 50% target achieve ment	Target value for 100% target achieve ment	Threshold value for 150% target achieve ment	Result 2024	Annual target achieve ment for 2024
Capital market	Total shareholder return (TSR)	30 %	= -10 %	0 %	15 %	-20.8 %	– %
Strategy	Sales revenue of Business and International segments (in million euros)	40 %	= 50	75	100	77	104.4 %
ESG	Increase in employee satisfaction by implement ing two projects derived from the employee survey conducted in 2021	10 %	Formulation and docu mentation of project goals and timeframes	Develop ment of concepts for implemen tation	Implemen tation of derived measures	Develop ment of concepts for implemen tation	150.0 %
	Net Promoter Score (NPS)	10 %	= -13	2	17	17	150.0 %
	Reduction of the CO2 value (t / employee)	10 %	= 4.14	3.55	2.96	1	150.0 %
Annual target achievement level							86.76 %

PSP tranche 2023	Performance criterion	Weighting	Threshold value for 50% target achieve ment	Target value for 100% target achieve ment	Threshold value for 150% target achieve ment	Result 2024	Average target achieve ment
Capital market	Total shareholder return (TSR)	30 %	= -10 %	0 %	15 %	-21 %	– %
Strategy	Sales revenue of Business and International segments (in million euros)	40 %	= 50	75	100	77	117.0 %
	Employee satisfaction	10 %	= 3.02	2.59	2.16	2.35	127.9 %
ESG	Net Promoter Score (NPS)	10 %	= -13	2	17	17	150.0 %
	Reduction of the CO2 value (t / employee)	10 %	= 4.36	3.74	3.12	1	150.0 %
Annual target achievement level							89.59 %
PSP tranche 2022	Performance criterion	Weighting	Threshold value for 50% target achieve ment	Target value for 100% target achieve ment	Threshold value for 150% target achieve ment	Result 2024	Average target achieve ment
Capital market	Total Shareholder Return (TSR)	30 %	= -10 %	0 %	15 %	-21 %	– %
Strategy	Sales revenue of Business and International segments (in million euros)	40 %	= 50	75	100	77	108.5 %
ESG	Increase in employee satisfaction by implement ing two projects derived from the employee survey conducted in 2021	10 %	Formulation and docu mentation of project goals and timeframes	Develop ment of concepts for implemen tation	Implemen tation of derived measures	Develop ment of concepts for implemen tation	142.6 %
	Net Promoter Score (NPS)	10 %	= -13	2	17	17	150.0 %
	Reduction of the CO2 value (t / employee)	10 %	= 4.60	3.94	3.28	1	150.0 %
Annual target achievement level							87,65 %
PSP tranche 2021	Performance criterion	Weighting	Threshold value for 50% target achieve ment	Target value for 100% target achieve ment	Threshold value for 150% target achieve ment	Result 2024	Average target achieve ment
Capital market	Total Shareholder Return (TSR)	30 %	= -10 %	0 %	15 %	-21 %	38 %
Strategy	Sales revenue of Business and International segments (in million euros)	40 %	= 50	75	100	77	113.1 %
	Employee satisfaction	10 %	= 3.02	2.59	2.16	2.35	144.5 %
ESG	Net Promoter Score (NPS)	10 %	= -13	2	17	17	150.0 %
	Reduction of the CO2 value (t / employee)	10 %	= 4.84	4.15	3.46	1	150.0 %
Annual target achievement level							100.94 %

The overall target achievement derived above is multiplied by the number of phantom shares provisionally allocated in order to calculate the number of phantom shares finally allocated. The associated payout amount corresponds to the product of the final number of performance shares and the sum of the arithmetic mean of the Xetra closing prices on the last 30 trading days before the end of the performance period (commercially rounded to two decimal places) and the dividends paid per share during the performance period.

PSP tranche 2021 –	Target	Allocation	Number of provisional	Target achievement	Final number of allocated	Payout	Payout
payout amount	amount	price	virtual shares	level	virtual shares	price	amount
Current members of the Management Board
Deininger (Chairman of the Man agement Board since 1 June 2019)	140,000.00	246.43	568	100.94 %	573	123.84	70,960.32
Henn (full member of the Management Board since 1 June 2019)	105,000.00	246.43	426	100.94 %	430	123.84	53,251.20
Dr Martius (full member of the Management Board since 1 June 2019)	105,000.00	246.43	426	100.94 %	430	123.84	53,251.20
Former members of the Management Board
Pleines (full member of the Management Board
until 31 May 2024)	110,000.00	246.43	446	100.94 %	450	123.84	55,728.00
Total	460,000.00	246.43	1,866	100.94 %	1,883	123.84	233,190.72

Ms Nospers was not yet a member of the Management Board of secunet AG in the 2021 financial year, so she will not receive any payment from the tranche set up for the Management Board at that time.

The payment will be made in April 2025.

Multi-year special bonus (Performance Share Plan II)

Overview of the functional principle of the Performance Share Plan II

The Supervisory Board may, at its discretion and with a view to strategically ambitious targets of the company, provide for an additional long-term variable, share-based special remuneration component based on a Performance Share Plan II for all or individual members of the Management Board, which is dependent on the achievement of certain performance criteria and targets defined in advance by the Supervisory Board on a three-year assessment basis (three financial years) and also on the share price performance of the secunet AG share until the end of a further year after the three-year assessment period (multi-year special bonus).

Such a multi-year special bonus is granted for the three-year assessment period and subsequent one-year holding period. The total remuneration of the individual members of the Management Board must be commensurate with the Company's situation, even taking into account such a multi-year special bonus.

The multi-year special bonus based on a Performance Share Plan II is not a regular remuneration component, and is therefore not part of the regular target remuneration, but a component that can be awarded by the Supervisory Board at its discretion. The multi-year special bonus based on a Performance Share Plan II serves to provide an additional incentive in relation to ambitious strategic targets, in particular targets for successful strategic development.

The performance criteria for the multi-year special bonus are derived from the strategic objectives of secunet AG and are based on at least four relevant key performance indicators, in particular sales revenue, EBITDA, free cash flow (FCF) and total shareholder return (TSR) (compared to a benchmark index, with the provisions of Performance Share Plan I applying accordingly to the calculation of TSR). Different key performance indicators for the respective Management Board portfolio can also be provided in addition to or instead of the aforementioned key performance indicators.

Similar to the Performance Share Plan I (as a long-term variable control component), the Performance Share Plan II is divided into four successive steps, starting firstly with the allocation of virtual shares, followed secondly by the measurement of target achievement during the three-year, forward-looking performance period, thirdly by the further link to the share price performance of the secunet AG share during a further subsequent year and fourthly by determination of the payout amount.

In the first step, a tranche of virtual shares (performance shares) will be allocated annually on the basis of the Performance Share Plan II approved by the Supervisory Board. This is done by converting the target amount determined at the discretion of the Supervisory Board for the multi-year special bonus for the respective Management Board member into virtual shares according to the initial price of the secunet share (commercially rounded to the nearest whole number of virtual shares). As in the case of the Performance Share Plan I, the initial price corresponds to the average closing price of the secunet share – rounded to two decimal places – on the last 30 trading days before the start of the respective performance period. Here, once again, the virtual shares are allocated on 1 January of the first year for which the multi-year special bonus is to be awarded. The three-year assessment period for the respective tranche also begins at this time. It ends on 31 December of the second following year (three-year performance period).

In the 2024 financial year, the members of the Management Board were provisionally allocated the virtual shares (performance shares) shown in the following overview on the basis of the Performance Share Plan II:

	Allocation value (€)	Allocation price (€) (Ø price of the secunet share)	Number of provisionally allocated virtual shares	Maximum possible num ber of virtual shares (200% target)
Deininger (Chairman of the Management Board since 1 June 2019)	320,000.00	142.69	2,243	4,486
Henn (full member of the Management Board since 1 June 2019)	250,000.00	142.69	1,752	3,504
Dr Martius (full member of the Management Board since 1 June 2019)	250,000.00	142.69	1,752	3,504
Nospers (full member of the Management Board since 1 June 2024)	223,958.33	142.69	1,570	3,140
Total	1,043,958.33	142.69	7,317	14,634

In the second step, performance is measured on the basis of at least four key indicators, taking into account their relative weighting over a forward-looking performance period of four years.

The final virtual number of shares is then determined according to the overall target achievement level. For this purpose, the annual target achievement levels for the three years of the performance period are first determined. These are derived from the sum of the target achievement levels for the minimum of four key performance indicators, taking into account their relative weighting, with the target achievement level for each key performance indicator being limited to 200%. The average overall target achievement level for the performance period is then determined on the basis of the weighted annual target achievement levels. The final number of virtual shares is calculated by multiplying the calculated overall target achievement level by the initial number of virtual shares allocated on the basis of the Performance Share Plan II as a calculation parameter.

The number of virtual shares calculated in this way is held virtually for a further year immediately following the end of the assessment period (holding period). The payout amount is determined once the holding period has expired. This corresponds to the product of the final number of performance shares calculated at the end of the three-year performance period and the sum of the arithmetic mean of the closing prices on the last 30 trading days before the end of the one-year holding period that follows the performance period (commercially rounded to two decimal places) and the dividends paid per share during the performance period and the holding period. No interest is calculated for the dividends, nor are they reinvested. The payout amount is limited to 200% of the target amount.

In the event, prior to the expiry of the holding period, of a capital increase from Company funds or a capital reduction without repayment of contributions, the number of performance shares allocated shall increase or decrease in the same proportion as the total amount of the share capital. In the case, prior to the expiry of the holding period, of other measures under company law that affect the value of a share, the Supervisory Board shall adjust the initially allocated number of performance shares in such manner as is reasonably necessary to take account of the relevant measure.

In principle, the annual measurement of the performance targets over the three-year performance period is carried out as summarised in the following overview:

The payment amount is paid with the next possible salary statement after approval of the Company's Consolidated Financial Statements following the end of the holding period.

n + 1

n + 2

level

Performance criteria of the Performance Share Plan II in detail

The Performance Share Plan II is generally based on at least four key performance indicators for target achievement, namely (i) sales (revenue), (ii) EBITDA, (iii) FCF and (iv) TSR (compared to a benchmark index, with the provisions of Performance Share Plan I applying accordingly to the calculation of TSR). Different key performance indicators for the respective Management Board portfolio can also be provided in addition to or instead of the aforementioned key performance indicators. These relevant key performance indicators are weighted equally and determined by the Supervisory Board for three years. At the beginning of the assessment period, the Supervisory Board also defines in advance the respective target and threshold values for each year of the three-year assessment period. There is no annual adjustment of the key performance indicators and /or the respective target or threshold values.

» The TSR generally (i. e. in the case of four performance criteria) has a 25% weighting in the multi-year special bonus based on a Performance Share Plan II and is an external performance criterion aligned with the capital market. It takes into account the share price performance of secunet AG plus notionally reinvested gross dividends during the three-year assessment period compared to a benchmark index.

The explanations under Performance Share Plan I apply accordingly for the TSR under Performance Share Plan II, with the following deviation with regard to the target achievement assessment in order to take account of the exceptional nature of Performance Share Plan II:

TSR target achievement is generally 100% if the TSR performance of the secunet share equals the TSR performance of the benchmark index. If the TSR performance of the secunet share is 10 percentage points below the TSR performance of the benchmark index, the target achievement is generally 50% (minimum threshold).

If the TSR performance of the secunet share is 15 percentage points or more above the TSR performance of the benchmark index, the target achievement is generally 200% (cap). If the TSR performance falls below the minimum threshold, the target achievement is 0%. The levels of target achievement between the defined reference values are determined by linear interpolation. When each new tranche of performance shares on the basis of a Performance Share Plan II is issued, the Supervisory Board may redefine the target or threshold values for determining the target achievement levels for the TSR.

» Other key performance indicators used to calculate the multi-year special bonus are generally included (equally weighted):
- Group free cash flow (FCF); this key performance indicator can be used to assess how the funds freely available to the company have changed in conjunction with secunet AG's strategic development. The members of the Management Board are incentivised by ambitious targets for this key performance indicator to keep the funds that are not required for either the operating business or investments stable or to increase them. This key performance indicator thus also serves to harmonise the interests of the Management Board and shareholders.
- Group EBITDA as an integral performance indicator for measuring value enhancement.
- Group revenue (sales).

The Supervisory Board sets a target value, a minimum threshold value and a maximum threshold value for each of these aforementioned key performance indicators (FCF, EBITDA, sales) in advance for all three years of the assessment period. If the sales volume falls below the minimum threshold, the target achievement is 0%. If the minimum threshold is reached, the target achievement for the target is 50%. If the target value is reached, the target achievement level is 100%. If the maximum threshold is reached or exceeded, the target achievement is 200% (cap). Between the individual target or threshold values, the level of target achievement is determined by linear interpolation.

When each new tranche of performance shares on the basis of a Performance Share Plan II is issued, the Supervisory Board may redefine the target or threshold values for determining the target achievement levels.

Target amount Payout amount: Cap: 200% of target amount Final number of performance shares One-year holding period Sum of the arithmetic mean of the closing prices on the last 30 trading days before the end of the one-year holding period x nal number of performance shares Targets: (3-year performance period) 0-200% target achievement per KPI 25% Ø Sales + 25% Ø EBITDA 25% Ø FCF + = > + + 25% Ø TSR

The functional principle of the Performance Share Plan II

5. Other Information

307

The following table shows the target achievement levels of the performance criteria for the tranche granted in the 2024 financial year under Performance Share Plan II:

Performance criterion	Weighting	Minimum threshold 50% (in million euros)	Target value for 100% target achievement (in million euros)	Maximum threshold 200% (in million euros)	Result 2024 (in million euros)	Annual target achievement for 2024
Sales	25 %	370	390	430	406.4	141.0 %
EBITDA	25 %	48	52	60	60.3	200.0 %
Free cash flow (FCF)	25 %	26	30	38	38.2	200.0 %
Total shareholder return (TSR)	25 %	= -10 %	0	15 %	-20.76 %	– %
Annual target achievement level						135.25 %

Other provisions relevant to remuneration

Amount and determination of maximum remuneration

The variable remuneration is intended to appropriately reflect both opportunities and risks of the Management Board's activities. If the targets are not met, the entire variable remuneration may be forfeited. If, on the other hand, the targets are exceeded by a wide margin, the payout is capped at 200% of the respective target amount in the subsequent financial years.

Taking into account the new version of Section 87a (1), sentence 2, no. 1 of the German Stock Corporation Act as well as the GCGC 2022, the Supervisory Board has also set an amount as the upper limit for the maximum total remuneration (overall cap) per Management Board member. This maximum total remuneration represents the highest value that may accrue to a member of the Management Board for a financial year in accordance with this remuneration system and includes all fixed and variable remuneration components. The amount of the maximum total remuneration is therefore composed of the basic remuneration, the one-year and multi-year variable remuneration components, fringe benefits and the expense for benefits under the company pension scheme, including allocations to pension provisions. Severance payments are not included in the maximum remuneration. The maximum possible remuneration determined by the Supervisory Board under this remuneration system is thus 1,650,000 euros gross per year for the Chairman of the Management Board and 1,250,000 euros gross per year for each of the other full members of the Management Board. A lower maximum remuneration may be agreed contractually. No use was made of this within the framework of the current Management Board service agreements.

Compliance with the maximum remuneration for members of the Management Board

Compliance with the maximum remuneration of the members of the Management Board must therefore be reviewed in two steps.

The first step is to review compliance with the maximum limit for variable remuneration set out in the applicable remuneration system.

Both the current Management Board remuneration system and the Management Board remuneration system valid from 1 January 2021 to 31 December 2023 provided for a cap of 200% on the payment of variable remuneration components. The following tables show compliance with the maximum amounts for the payments made in 2024 for variable remuneration components.

Current members of the Management Board	Target remuneration	Max.	Payout
Deininger (Chairman of the Management Board since 1 June 2019)	130,000.00	260,000.00	121,951.00
Henn (full member of the Management Board since 1 June 2019)	100,000.00	200,000.00	93,808.00
Dr Martius (full member of the Management Board since 1 June 2019)	100,000.00	200,000.00	93,808.00
Former members of the Management Board
Pleines (full member of the Management Board until 31 May 2024)	100,000.00	200,000.00	93,808.00

In a second step, compliance with the overall cap must be checked.

The determination of the actual total remuneration (and thus compliance with the maximum remuneration) for the 2024 financial year cannot be reviewed or assured until 2028, as only then will the final remuneration component for the 2024 financial year be established and accrue to the Management Board member.

No maximum remuneration was defined for the former Management Board member Dr Baumgart. Dr Baumgart received consultancy fees in addition to the current pension benefits. This was contractually granted and owed to him at a daily rate of 1,500 euros. The contract does not provide for any further maximum limits in terms of amount.

Malus and clawback provisions

The remuneration system approved by the Annual General Meeting on 23 May 2024 gives the Supervisory Board the option of reducing variable remuneration components (including any multi-year special bonus based on a Performance Share Plan II) that have not yet been paid out and / or reclaiming variable remuneration components that have already been paid out if the contractual requirements are met.

In the event of a breach of duty that has led to or would justify a legally effective extraordinary termination, or in the event of a grossly negligent or intentional breach by a member of the Management Board of one of his material duties of care within the meaning of Section 93 of the German Stock Corporation Act, the Supervisory Board may reduce the variable remuneration components (bonus or payout amounts under the Performance Share Plan) at its due discretion (if necessary also to "zero"): malus.

If the variable remuneration components in question have already been paid out, the Supervisory Board may, at its due discretion and in accordance with the contractual preconditions, demand partial or full return of the amounts of variable remuneration paid out: clawback.

If variable remuneration components were determined or paid out on the basis of incorrect data (for example, due to incorrect Consolidated Financial Statements), the Supervisory Board may correct the determination or reclaim remuneration components already paid out that are affected by the incorrect data.

In the event of breaches of duty in the aforementioned sense, the reduction or recovery shall in principle apply to the variable remuneration for the year in which the significant breach of duty was committed. In the case of a multi-year special bonus based on a Performance Share Plan II, the multi-year special bonus based on a Performance Share Plan II can be reduced or reclaimed if the significant breach of duty was committed within the three-year assessment period. The clawback period ends one year after payment of the respective variable remuneration component. Recovery is also still possible if the term of office or the employment relationship with the respective Management Board member has already ended.

Any obligation of the Management Board member to pay damages to secunet AG remains unaffected by the reduction or recovery of variable remuneration components.

For the 2024 financial year, there are no circumstances giving rise to the need to make use of the above-mentioned provisions.

Third-party benefits

No member of the Management Board has been promised or granted any remuneration in the financial year by a third party in respect of his activity as a member of the Management Board.

Remuneration due to internal and external mandates

Any remuneration received by a member of the Management Board for activities in corporate bodies (for example, supervisory boards, advisory boards, executive boards, management) of companies in which the Company holds an interest, which are in a group relationship with the Company, or which the member performs at the request of the Company, shall be offset against the remuneration of the Management Board member in accordance with this remuneration system. In the event of the acceptance of supervisory board mandates outside the Group, the Supervisory Board shall decide whether and to what extent any remuneration paid for such mandates is to be offset.

No remuneration was offset in the 2024 financial year.

Benefits upon premature termination of contract

Contract term and premature termination

The employment contracts of the members of the Management Board are concluded for a fixed term covering the period of appointment. When appointing members of the Management Board, the Supervisory Board observes in particular the legal requirements of Section 84 of the German Stock Corporation Act. In accordance with the provisions of company law, the employment contracts do not provide for the possibility of ordinary termination; the right of both parties to terminate for good cause without notice (cf. Section 626 (1) of the German Civil Code) remains unaffected, however. Additionally, according to the Management Board service contracts, personal suitability is a prerequisite for Management Board activity; this also includes a positive result of the official security clearance.

The Supervisory Board is entitled to revoke the appointment to the Management Board for good cause within the meaning of Section 84 (4), sentence 1 of the German Stock Corporation Act. In this case and in the event that the Management Board member for his part resigns from office for good cause prematurely and unilaterally, the employment contract shall automatically terminate upon the expiry of a notice period in accordance with statutory periods of notice, but no later than the end of the regular term of office of the Management Board member.

In the event of a Management Board member's appointment being revoked or resignation from office for good cause for which the Company is responsible, the employment contracts for the Management Board members provide for a severance payment, the amount of which shall be limited to the remuneration for the remaining term of the employment contract, but no more than two years' total remuneration (severance payment cap). In other cases of premature termination, too, any payments shall be limited to a maximum of two years' total remuneration or the remuneration for the remaining term of the employment contract. Calculation of the severance payment or severance payment cap is based on the total remuneration for the financial year preceding the premature termination of the Management Board activity and, under certain circumstances, on the expected total remuneration for the current financial year. No severance payment shall be made in the event of extraordinary termination by the Company for good cause or in the event of premature termination of the Management Board activity at the request of the Management Board member or if the result of the security clearance is negative for good cause for which the Management Board member is responsible.

For certain departure situations (so-called bad leaver cases), performance shares for performance periods that have not yet expired and a multi-year special bonus based on a Performance Share Plan II for performance periods or holding periods that have not yet expired are forfeited without compensation.

In the event of premature termination of the employment contract due to death or permanent disability, the performance shares already granted (based on Performance Share Plan I or II) whose four-year performance period (or three-year performance and one-year holding period) has not yet expired are converted into a payout amount and paid out early as an exception. The payout amount corresponds to the respective allocation value (i. e. the target value) of the relevant tranche of the Performance Share Plan I or II.

In all other cases where the Management Board member leaves before the end of an unexpired performance period or holding period, the overall target achievement level for the respective plan tranche is determined unchanged (pro rata temporis) after the regular end of the performance period. The final number of performance shares determined in this way is then converted into a PSP payout amount or, in the case of the multi-year special bonus based on a Performance Share Plan II, converted into a PSP payout amount after the holding period has expired, and paid out (subject to a full or partial reduction in accordance with the malus and clawback rules) on the regular due date.

Appointment or departure during the year

If a member of the Management Board joins or leaves the board during an ongoing financial year, the total remuneration – including the short-term variable remuneration and the allocation value under the long-term Performance Share Plan – shall be reduced pro rata temporis in accordance with the length of the employment relationship in the relevant financial year. For certain departure situations (so-called bad leaver cases), performance shares for performance periods that have not yet expired shall lapse without compensation.

If a member of the Management Board joins during a current performance period or leaves before the end of the holding period, any multi-year special bonus based on a Performance Share Plan II is reduced pro rata temporis in accordance with the duration of the employment relationship during the three-year assessment period and the one-year holding period.

If a Management Board member is unable to work for more than six months (not necessarily consecutively) in a calendar year due to illness or if the Management Board employment relationship is suspended for more than six months in a calendar year for other reasons, the provisional number of performance shares allocated on the basis of Performance Share Plan I for the corresponding financial year or on the basis of the Performance Share Plan II for the three-year assessment period and the one-year holding period, is reduced pro rata temporis from the seventh month by 1/12 (Performance Share Plan I) or 1/48 (Performance Share Plan II) for each full month of suspension or incapacity to work.

Deviations from the remuneration principles

The Supervisory Board may temporarily deviate from the remuneration system if this is necessary in the interests of the welfare of secunet AG. Extraordinary developments in this sense include, in particular, unusually far-reaching changes in the economic environment. Generally unfavourable market developments are explicitly not regarded as extraordinary developments.

However, such deviations from the remuneration system are only possible through a corresponding Supervisory Board resolution. In particular, the latter shall establish the extraordinary circumstances and the necessity of a deviation.

Temporary deviations in this sense are possible with regard to the performance criteria for the short-term and long-term variable remuneration elements (including those for any multi-year special bonus based on a Performance Share Plan II) and the total maximum remuneration as well as the relationship between fixed and variable remuneration components (including any multi-year special bonus based on a Performance Share Plan II) and also the temporary expenses for extraordinary fringe benefits.

If an adjustment of the existing remuneration components is not sufficient to restore the incentive effect of the remuneration of the Management Board member, the Supervisory Board retains the option of temporarily granting additional remuneration components in the event of extraordinary developments within the term of the Management Board contracts.

Furthermore, the Supervisory Board has the right to grant special payments to newly appointed members of the Management Board to compensate for salary losses from a previous employment relationship or to cover costs arising from a change of location.

Individual remuneration of the members of the Management Board in the 2024 financial year (disclosure pursuant to Section 162 AktG)

Remuneration granted and owed to the current members of the Management Board in the past financial year pursuant to Section 162 AktG

The following table shows the fixed and variable remuneration components granted and owed to the current members of the Management Board in the past financial year, including the relative share pursuant to Section 162 AktG. These are the basic remuneration paid out in the financial year, the fringe benefits accrued in the financial year and the one-year variable remuneration components for 2024 paid out in the financial year. By definition, ongoing expenses for pension commitments are not taken into account.

	Deininger Full member of the Management Board from 1 January 2018 to 31 May 2019, Chairman of the Management Board since 1 June 2019

	2024		2023
	in euros	in %	in euros	in %
Non-performance-based remuneration
Basic remuneration	320,000	66.5 %	270,000	61.0 %
Fringe benefits	39,600	8.2 %	28,369	6.4 %
Pension remuneration	–	– %	–	– %
Total	359,600	74.7 %	298,369	67.4 %
Performance-based remuneration
One-year variable remuneration
Financial year 2022	–	– %	144,482	32.6 %
Financial year 2023	121,951	25.3 %	–	– %
Total	121,951	25.3 %	144,482	32.6 %
Total remuneration	481,551	100.0 %	442,851	100.0 %

	Henn
	Full member of the Management Board since 1 June 2019
		2024		2023
	in euros	in %	in euros	in %
Non-performance-based remuneration
Basic remuneration	231,250	61.9 %	205,000	57.9 %
Fringe benefits	26,179	7.0 %	25,874	7.3 %
Pension remuneration	22,583	6.0 %	12,200	3.4 %
Total	280,012	74.9 %	243,074	68.6 %

Performance-based remuneration
One-year variable remuneration
Financial year 2022	–	– %	111,140	31.4 %
Financial year 2023	93,808	25.1 %	–	– %

Total	93,808	25.1 %	111,140	31.4 %

Total remuneration	373,820	100.0 %	354,214	100.0 %

	Dr Martius
	Full member of the Management Board since 1 June 2019
		2024		2023
	in euros	in %	in euros	in %
Non-performance-based remuneration
Basic remuneration	231,250	61.4 %	205,000	57.5 %
Fringe benefits	28,805	7.7 %	28,308	7.9 %
Pension remuneration	22,583	6.0 %	12,200	3.4 %
Total	282,638	75.1 %	245,508	68.8 %

Performance-based remuneration
One-year variable remuneration
Financial year 2022	–	– %	111,140	31.2 %
Financial year 2023	93,808	24.9 %	–	– %

Total	93,808	24.9 %	111,140	31.2 %

Total remuneration	376,446	100.0 %	356,648	100.0 %

Nospers
Full member of the Management Board since 1 June 2024
2024		2023
in euros	in %	in euros	in %

145,833	78.5 %	–	– %
17,383	9.4 %	–	– %
22,500	12.1 %	–	– %
185,716	100.0 %	–	– %



–	– %	–	– %
–	– %	–	– %

–	– %	–	– %

185,716	100.0 %	–	– %

Remuneration granted and owed to former members of the Management Board in the past financial year pursuant to Section 162 AktG

	Pleines
	full member of the Management Board until 31 May 2024
	2024			2023
	in euros	in %	in euros	in %
Non-performance-based remuneration
Basic remuneration	104,167	49.9 %	250,000	64.5 %
Fringe benefits	10,686	5.1 %	26,689	6.9 %
Pension remuneration	–	– %	–	– %
Total	114,853	55.0 %	276,689	71.4 %

Performance-based remuneration
One-year variable remuneration
Financial year 2022	–	– %	111,140	28.7 %
Financial year 2023	93,808	45.0 %	–	– %

Total	93,808	45.0 %	111,140	28.7 %

Total remuneration	208,661	100.0 %	387,829	100.0 %

	Dr. Baumgart 4
	2024			2023
	in euros	in %	in euros	in %
Other
Retirement pension benefits	50,618	73.1 %	50,117	79.5 %
Fees for consulting services	18,611	26.9 %	12,888	20.5 %
Total remuneration	69,229	100.0 %	63,005	100.0 %

4 Member of the Management Board from 31 May 1999 to 31 January 2001; Chairman of the Management Board from 1 February 2001 to 31 May 2019

Supervisory Board remuneration in the 2024 financial year

General

The provisions and remuneration for the members of the Supervisory Board are set out in Article 17 of the Articles of Association of secunet Security Networks AG, which are permanently accessible to the public on the Internet. The Supervisory Board remuneration is reviewed at appropriate time intervals. The time expected to be spent on exercising the office as well as the usual practice at companies of comparable size and complexity and in a similar industry are taken into account when doing so.

At the Annual General Meeting on 23 May 2024, a resolution was passed to change the remuneration of the members of the Supervisory Board and to amend the Articles of Association accordingly. The approval rate was 99.99%. The remuneration applies for the first time for the financial year beginning on 1 January 2024. Article 17 of the Articles of Association, as amended by the resolution of the Annual General Meeting on 12 May 2021, was to be applied for the last time to the fiscal year ending on 31 December 2023.

Remuneration system of the Supervisory Board

The remuneration system of the Supervisory Board as set out in the Articles of Association is designed to attract and retain highly qualified members for the Supervisory Board. This promotes the efficiency of the Supervisory Board's work and the long-term development of secunet AG.

The members of the Supervisory Board receive a remuneration of 25,000 euros on completion of the financial year. The Chairman of the Supervisory Board receives double this amount (50,000 euros), the Deputy Chairman of the Supervisory Board receives 1.5 times this amount (37,500 euros). Proven expenses and any value-added tax payable by the members are reimbursed in addition.

For their work in committees of the Supervisory Board, the members receive an additional annual remuneration of 7,500 euros per committee. The Chairman of the Audit Committee shall receive an additional annual remuneration of 15,000.00 euros. The Chairman of the other committee(s) shall receive an additional annual remuneration of 10,000 euros.

If changes are made within the Supervisory Board during the year, and in the case of adjustments to remuneration during the year, remuneration is paid on a pro rata basis.

According to Article 17 (5) of the Articles of Association, the members of the Supervisory Board may receive further remuneration, provided that this is resolved by the Annual General Meeting with the required majority.

In addition, the members of the Supervisory Board are covered by a D & O insurance policy taken out in the interest of the Company for an appropriate amount. The premiums for this are paid by the Company. There is a deductible, for the amount of which the Supervisory Board members may take out private insurance.

Since the remuneration of Supervisory Board members does not consist of variable, but rather of fixed components only, there is no need to determine a maximum total remuneration.

The following table shows the remuneration granted and owed to current and former Supervisory Board members in the 2024 financial year pursuant to Section 162 AktG. The payment in the financial year is made for the remuneration of the previous year in each case. The remuneration paid is divided between the remuneration for Supervisory Board activities and the remuneration for committee activities as shown in the following table. Meeting fees were not paid for either year.

Remuneration for the Supervisory Board activities

	2024
	Remuneration for Supervisory Board activities		Remuneration for committee activities		Total remuneration for Supervisory Board activities
	in euros	in %	in euros	in %	in euros	in %
Dr Wintergerst (Chairman)	30,000.00	86%	5,000.00	14 %	35,000.00	100 %
Dr Zattler (Deputy Chairman)	22,500.00	82 %	5,000.00	18 %	27,500.00	100 %
Dr Legge (Member of the Supervisory Board) 5	15,000.00	75 %	5,000.00	25 %	20,000.00	100 %
Marx (Member of the Supervisory Board) ⁶	15,000.00	75 %	5,000.00	25 %	20,000.00	100 %
Rustemeyer (Member of the Supervisory Board) ⁷	15,000.00	75%	5,000.00	25 %	20,000.00	100 %
Professor Dr Schäfer (Member of the Supervisory Board)	15,000.00	75 %	5,000.00	25 %	20,000.00	100 %
Total remuneration	112,500.00	79%	30,000.00	21 %	142,500.00	100 %

5 Dr Legge resigned from the Supervisory Board on 24 May 2024. The remuneration received in 2024 for the 2023 financial year is still recognised here.

6 Member of the Supervisory Board since 15 May 2019, employee representative

7 Member of the Supervisory Board since 15 May 2019, employee representative

	2023
		Remuneration for Supervisory Board activities		Remuneration for committee activities	Total remuneration for Supervisory Board activities
	in euros	in %	in euros	in %	in euros	in %
Dr Wintergerst (Chairman)	30,000.00	86%	5,000.00	14 %	35,000.00	100 %
Dr Zattler (Deputy Chairman)	22,500.00	82 %	5,000.00	18 %	27,500.00	100 %
Dr Legge (Member of the Supervisory Board)	15,000.00	75 %	5,000.00	25 %	20,000.00	100 %
Marx (Member of the Supervisory Board)	15,000.00	75 %	5,000.00	25 %	20,000.00	100 %
Rustemeyer (Member of the Supervisory Board)	15,000.00	75%	5,000.00	25 %	20,000.00	100 %
Professor Dr Schäfer (Member of the Supervisory Board)	15,000.00	75 %	5,000.00	25 %	20,000.00	100 %
Total remuneration	112,500.00	79%	30,000.00	21 %	142,500.00	100 %

In the 2024 financial year, proven expenses amounting to 1,576.82 euros (previous year: 1,400.74 euros) were reimbursed.

Apart from the work performed by the employee representatives under their employment contracts, the members of the Supervisory Board did not perform any personal services, such as consulting or agency services, for secunet AG or its subsidiaries in the 2024 financial year and therefore did not receive any additional remuneration for such services.

Comparative presentation of remuneration and earnings development

The following comparative presentation shows the annual change in the remuneration granted and owed to current and former members of the Management Board and Supervisory Board as well as the development of the Company's earnings and the remuneration of secunet AG employees on a full-time equivalent basis.

For the comparison with the development of the average remuneration of employees, the average remuneration of permanent, domestic employees is taken as a basis – since comparable remuneration structures can be assumed here. If employees also receive remuneration as a member of the Supervisory Board of secunet AG, this remuneration has not been taken into account. To ensure comparability, the remuneration of part-time employees was extrapolated to the full-time equivalent.

The remuneration of the employees includes the agreed fixed salaries, including benefits in kind for company cars as well as the bonuses and coronavirus payments paid in the financial year.

Comparative presentation of remuneration and earnings development for members of the Management Board

	Remu neration granted and owed in 2024	Remu neration granted and owed in 2023	Change 2024 vs. 2023		Change 2023 vs. 2022		Change 2022 vs. 2021		Veränderung 2021 ggü. 2020
	in kEUR	in kEUR	in kEUR	in %	in kEUR	in %	in kEUR	in %	in kEUR	in %
Current members of the Management Board
Deininger	481.6	442.9	38.7	9 %	-112.7	-20 %	-94.1	-14 %	52.7	9 %
Henn	373.8	354.2	19.6	6 %	-88.1	-20 %	-100.4	-19 %	145.8	37 %
Dr Martius	376.4	356.6	19.8	6 %	-91.7	-20 %	-100.6	-18 %	126.2	30 %
Nospers	185.7	–	–	– %	–	– %	–	– %	–	– %
Former members of the Management Board
Dr Baumgart	69.2	63.0	6.2	10 %	-12.7	-17 %	-9.1	-11 %	-84.8	-50 %
Pleines	208.7	387.8	-179.1	-46 %	-86.3	-18 %	-136.0	-22 %	37.6	7 %
Employees
Ø salary of employees	81.3	74.3	7.0	9 %	-2.9	-4 %	1.5	2 %	4.0	6 %
Earnings development
Group profit (in million euros)	27.9	29.0	-1.1	-4 %	-2.3	-7 %	-11.6	-27 %	7.9	23 %
secunet AG net income for the year (in million euros)	35.3	30.5	4.8	16 %	-6.4	-17 %	-6.6	-15 %	10.7	33 %

Comparative presentation of remuneration and earnings development for members of the Supervisory Board

	Remu neration granted and owed in 2024	Remu neration granted and owed in 2023	Change 2024 vs. 2023		Change 2023 vs. 2022		Change 2022 vs. 2021		Veränderung 2021 ggü. 2020
	in kEUR	in kEUR	in kEUR	in %	in kEUR	in %	in kEUR	in %	in kEUR	in %
Current members of the Supervisory Board
Dr Wintergerst	35.0	35.0	0.00	– %	4.6	15 %	6.4	27%	2.9	14 %
Dr Zattler	27.5	27.5	0.00	– %	4.8	21 %	6.7	42 %	1.5	10 %
Dr Legge	20.0	20.0	0.00	– %	3.6	22 %	4.4	37 %	1.5	14 %
Marx	20.0	20.0	0.00	– %	3.6	22 %	4.4	37 %	4.4	58 %
Rustemeyer	20.0	20.0	0.00	– %	3.6	22 %	4.4	37 %	4.4	58 %
Professor Dr Schäfer	20.0	20.0	0.00	– %	3.6	22 %	4.4	37 %	1.5	14 %
Employees
Ø salary of employees	81.3	74.3	7.0	9 %	-2.9	-4 %	1.5	2 %	4.0	6 %
Earnings development
Group profit (in million euros)	27.9	29.0	-1.1	-4 %	-2.3	-7 %	-11.6	-27 %	7.9	23 %
secunet AG net income for the year (in million euros)	35.3	30.5	4.8	16 %	-6.4	-17 %	-6.6	-15 %	10.7	33 %

Independent auditor's report on the audit of the remuneration report pursuant to Section 162 of the German Stock Corporation Act (AktG)

To secunet Security Networks Aktiengesellschaft, Essen

We have audited the remuneration report of secunet Security Networks AG, Essen prepared in accordance with Section 162 of the German Stock Corporation Act (AktG) for the financial year from 1 January 2024 to 31 December 2024 including the related disclosures.

Responsibilities of the executive directors and the Supervisory Board

The executive directors and the Supervisory Board of secunet Security Networks AG, Essen are responsible for the preparation of the remuneration report, including the related disclosures, in compliance with the requirements of Section 162 AktG. The executive directors and the Supervisory Board are also responsible for such internal controls as they deem necessary to enable the preparation of a remuneration report, including the related disclosures, that is free from material misstatement, whether due to fraud or error.

Auditor's responsibilities

Our responsibility is to express an opinion on this remuneration report, including the related disclosures, based on our audit. We conducted our audit in accordance with generally accepted standards in Germany for the audit of financial statements set out by the Institute of Public Auditors in Germany (IDW). Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the remuneration report, including the related disclosures, is free from material misstatement.

An audit involves performing procedures to obtain audit evidence about the valuations and the related disclosures contained in the remuneration report. The audit procedures are selected at the auditor's due discretion. This includes assessing the risks of material misstatement – whether due to fraud or error – of the data in the remuneration report including the related disclosures. In assessing these risks, the auditor considers the internal control system relevant to the preparation of the remuneration report, including the related disclosures. The objective is to plan and perform audit procedures that are appropriate in the specific circumstances, but not to express an audit opinion on the effectiveness of the Company's internal control system. An audit also includes an assessment of the accounting principles used and the reasonableness of accounting estimates made by the executive directors and the Supervisory Board, as well as an evaluation of the overall presentation of the remuneration report, including the related disclosures.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Audit opinion

In our opinion, based on the findings of our audit, the remuneration report for the financial year from 1 January 2024 to 31 December 2024, including the related disclosures, complies in all material respects with the accounting provisions of Section 162 AktG.

Other matter – Formal audit of the remuneration report

The substantive audit of the remuneration report described in this auditor's report includes the formal audit of the remuneration report required by Section 162 (3) of the German Stock Corporation Act (AktG), including the issuance of a report on this audit. As we express an unqualified audit opinion on the substantive audit of the remuneration report, this audit opinion includes the conclusion that the disclosures pursuant to Section 162 (1) and (2) AktG have been made in all material respects in the remuneration report.

Engagement terms and liability

The auditor's report is exclusively for secunet Security Networks AG, Essen, informing on the result of the audit, and liability is limited in accordance with the "Special Engagement Terms of BDO AG Wirtschaftsprüfungsgesellschaft" of 1 March 2021 and the "General Engagement Terms for German Public Auditors and Public Audit Firms" issued by the IDW on 1 January 2017 (www.bdo.de/auftragsbedingungen) as agreed with the Company.

It was explicitly agreed that third parties would not be included in the scope of protection in the audit agreement with the client. We therefore do not assume any responsibility towards third parties.

Essen, 26 March 2025

BDO AG Wirtschaftsprüfungsgesellschaft

Fritz Dr. Falk Wirtschaftsprüfer Wirtschaftsprüfer (German Public Auditor) (German Public Auditor)

Assurance report of the independent German public auditor on a limited assurance engagement in relation to the Group Sustainability Statement 1

To the secunet Security Networks AG, Essen

Assurance conclusion

We have conducted a limited assurance engagement on the Group Sustainability Statement, included in section "Group Sustainability Statement" of the group management report, of secunet Security Networks AG, Essen (hereinafter referred to as "secunet" or "the Company") for the financial year from 1 January 2024 to 31 December 2024. The Group Sustainability Statement was prepared to fulfil the requirements of Directive (EU) 2022/2464 of the European Parliament and of the Council of 14 December 2022 (Corporate Sustainability Reporting Directive, CSRD) and Article 8 of Regulation (EU) 2020/852 as well as Articles 315b and 315c in conjunction with Articles 289b to 289e of the German Commercial Code (HGB) for a group non-financial statement.

References to the Group's website, contained in the Group Sustainability Statement (see appendix to this Assurance Report) are not subject to our assurance engagement.

Based on the procedures performed and the evidence obtained as part of our limited assurance engagement, nothing has come to our attention that causes us to believe that the accompanying Group Sustainability Statement, is not prepared, in all material respects, in accordance with the requirements of the CSRD and Article 8 of Regulation (EU) 2020/852, Articles 315b and 315c in conjunction with Articles 289b to 289e HGB for a combined non-financial statement and the supplementary criteria presented by the executive directors of the Company. This assurance conclusion includes that nothing has come to our attention that causes us to believe that:

¹ We have performed a limited assurance engagement on the German version of the Group Sustainability Statement and issued an Independent Practitioner's Report in German language, which is authoritative. The following text is a translation of the original German Independent Practitioner's Report.

» the accompanying Group Sustainability Statement does not comply, in all material respects, with the European Sustainability Reporting Standards (ESRS), including that the process carried out by the entity to identify information to be included in the Group Sustainability Statement (the materiality assessment) is not, in all material respects, in accordance with the description set out in section "ESRS 2: General Disclosures" of the Group Sustainability Statement, or
» the disclosures in the Group Sustainability Statement do not comply, in all material respects, with Article 8 of Regulation (EU) 2020/852.

We do not express an assurance conclusion on references to the Group's Website in the Group Sustainability Statement (see appendix to this Assurance Report).

Basis for the assurance conclusion and opinion

We conducted our assurance engagement in accordance with International Standard on Assurance Engagements (ISAE) 3000 (Revised): Assurance Engagements Other Than Audits or Reviews of Historical Financial Information issued by the International Auditing and Assurance Standards Board (IAASB).

The procedures in a limited assurance engagement vary in nature and timing from, and are less in extent than for, a reasonable assurance engagement. Consequently, the level of assurance obtained is substantially lower than the assurance that would have been obtained had a reasonable assurance engagement been performed.

Our responsibilities under ISAE 3000 (Revised) are further described in the section "German Public Auditor's Responsibilities for the Assurance Engagement on the Group Sustainability Statement".

We are independent of secunet in accordance with the requirements of European law and German commercial and professional law, and we have fulfilled our other German professional responsibilities in accordance with these requirements. Our audit firm has applied the requirements for a system of quality control as set forth in the IDW Quality Management Standard issued by the Institute of Public Auditors in Germany (IDW): Requirements for Quality Management in the Audit Firm (IDW QMS 1 (09.2022)). We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our assurance conclusion and opinion.

Responsibilities of the executive directors and the Supervisory Board for the Group Sustainability Statement

The executive directors are responsible for the preparation of the Group Sustainability Statement in accordance with the requirements of the CSRD and the applicable German legal and other European requirements as well as with the supplementary criteria presented by the executive directors of the Company and for designing, implementing and maintaining such internal control that they have considered necessary to enable the preparation of the Group Sustainability Statement in accordance with these requirements that is free from material misstatement, whether due to fraud (i. e., fraudulent sustainability reporting in the Group Sustainability Statement) or error.

This responsibility of the executive directors includes establishing and maintaining the materiality assessment process, selecting and applying appropriate reporting policies for preparing the Group Sustainability Statement, as well as making assumptions and estimates and ascertaining forward-looking information for individual sustainability-related disclosures.

The Supervisory Board is responsible for overseeing the process for the preparation of the Group Sustainability Statement.

Inherent limitations in preparing the Group Sustainability Statement

The CSRD and the applicable German legal and other European requirements contain wording and terms that are subject to considerable interpretation uncertainties and for which no authoritative, comprehensive interpretations have yet been published. As such wording and terms may be interpreted differently by regulators or courts, the legality of measurements or evaluations of sustainability matters based on these interpretations is uncertain.

These inherent limitations also affect the assurance engagement on the Group Sustainability Statement.

German public auditor's responsibilities for the assurance engagement on the Group Sustainability Statement

Our objectives are to express a limited assurance conclusion, based on the assurance engagement we have conducted, on whether any matters have come to our attention that cause us to believe that the Group Sustainability Statement, has not been prepared, in all material respects, in accordance with the CSRD, the applicable German legal and other European requirements and the supplementary criteria presented by the Company's executive directors, and to issue an assurance report that includes our assurance conclusion on the Group Sustainability Statement.

As part of an assurance engagement in accordance with ISAE 3000 (Revised), we exercise professional judgment and maintain professional skepticism. We also:

» obtain an understanding of the process used to prepare the Group Sustainability Statement, including the materiality assessment process carried out by the entity to identify the disclosures to be reported in the Group Sustainability Statement.
» identify disclosures where a material misstatement due to fraud or error is likely to arise, design and perform procedures to address these disclosures and obtain limited assurance to support the assurance conclusion. The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting a material misstatement resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations or the override of internal control. In addition, the risk of not detecting a material misstatement in information obtained from sources not within entity's control (value chain information) is ordinarily higher than the risk of not detecting a material misstatement in information obtained from sources within the entity's control, as both the entity's executive directors and we as practitioners are ordinarily subject to restrictions on direct access to the sources of the value chain information.
» consider the forward-looking information, including the appropriateness of the underlying assumptions. There is a substantial unavoidable risk that future events will differ materially from the forward-looking information.

Summary of the procedures for the limited assurance engagement by the German public auditor

A limited assurance engagement involves the performance of procedures to obtain evidence about the sustainability information. The nature, timing and extent of the selected procedures are subject to our professional judgment.

In performing our limited assurance engagement, we:

» evaluated the suitability of the criteria as a whole presented by the executive directors in the Group Sustainability Statement.
» inquired of the executive directors and relevant employees involved in the preparation of the Group Sustainability Statement about the preparation process, including the materiality assessment process carried out by the entity to identify the disclosures to be reported in the Group Sustainability Statement, and about the internal controls relating to this process.
» evaluated the reporting policies used by the executive directors to prepare the Group Sustainability Statement.
» evaluated the reasonableness of the estimates and related information provided by the executive directors. If, in accordance with the ESRS, the executive directors estimate the value chain information to be reported for a case in which the executive directors are unable to obtain the information from the value chain despite making reasonable efforts, our assurance engagement is limited to evaluating whether the executive directors have undertaken these estimates in accordance with the ESRS and assessing the reasonableness of these estimates, but does not include identifying information in the value chain that the executive directors were unable to obtain.
» performed analytical procedures and made inquiries in relation to selected information in the Group Sustainability Statement.
» considered the presentation of the information in the Group Sustainability Statement.
» considered the process for identifying taxonomy-eligible and taxonomy-aligned economic activities and the corresponding disclosures in the Group Sustainability Statement.

Restriction of use

We draw attention to the fact that the assurance engagement was conducted for the Company's purposes and that the assurance report is intended solely to inform the Company about the result of the assurance engagement. Consequently, it may not be suitable for any other purpose than the aforementioned. Accordingly, the assurance report is not intended to be used by third parties for making (financial) decisions based on it. Our responsibility is to the Company alone. We do not accept any responsibility to third parties. Our assurance conclusion is not modified in this respect.

Engagement terms

This engagement is based on the "Special Terms and Conditions of BDO AG Wirtschaftsprüfungsgesellschaft" dated January 1, 2024, agreed with the Company as well as the "General Engagement Terms for Wirtschaftsprüferinnen, Wirtschaftsprüfer and Wirtschaftsprüfungsgesellschaften (German Public Auditors and Public Audit Firms)" dated January 1, 2024, issued by the IDW (www.bdo.de/engagement-terms-conditions).

Essen, March 26, 2025

BDO AG Wirtschaftsprüfungsgesellschaft

Fritz Dr. Falk German Public Auditor German Public Auditor

Appendix to the assurance report: unassured elements of the Group Sustainability Statement

References to the Group's website, contained in the Group Sustainability Statement (see appendix to this Assurance Report) were not subject to our assurance engagement. The information to which these references pertain has not been substantively audited by us.

Service

Locations

Headquarters Essen

secunet Security Networks AG Kurfürstenstraße 58 45138 Essen Phone: + 49 201 54 54 - 0 Fax: + 49 201 54 54 - 1000

Berlin

secunet Security Networks AG Alt-Moabit 96 10559 Berlin

Berlin SysEleven GmbH Boxhagener Straße 80 10245 Berlin

Bonn

secunet Security Networks AG Dreizehnmorgenweg 6 53175 Bonn

Dresden

secunet Security Networks AG Ammonstraße 74 01067 Dresden

Frankfurt

secunet Security Networks AG Mergenthalerallee 77 65760 Eschborn

Hamburg

secunet Security Networks AG Osterbekstraße 90 b 22083 Hamburg

Hanover

stashcat GmbH Schiffgraben 47 30175 Hanover

Ilmenau

secunet Security Networks AG Werner-von-Siemens-Straße 6 98693 Ilmenau

Munich

secunet Security Networks AG Konrad-Zuse-Platz 2 - 12 81829 Munich

Paderborn

secunet Security Networks AG Hauptstraße 35 33178 Borchen

Siegen

secunet Security Networks AG Weidenauer Straße 223 - 225 57076 Siegen

Stuttgart

secunet Security Networks AG Neue Brücke 3 70173 Stuttgart

Training Centre Dresden

secunet Security Networks AG Ammonstraße 74 01067 Dresden

Financial calendar

28 March 2025 Annual Report 2024

13 May 2025 Group Quarterly Statement as at 31 March 2025

28 May 2025 Annual General Meeting 2025

12 August 2025 Half-Year Financial Report 2025

12 November 2025 Group Quarterly Statement as at 30 September 2025

Imprint

Issued by secunet Security Networks AG Kurfürstenstraße 58 45138 Essen

Phone: + 49 201 54 54 - 0 e-mail: [email protected] www.secunet.com

Investor Relations Phone: + 49 201 54 54 - 3426 e-mail: [email protected]

Press Phone: + 49 201 54 54 - 1234 e-mail: [email protected]

Concept, design and setting sam waikiki GbR, Hamburg www.samwaikiki.de

Text secunet Security Networks AG

Information

This Annual Report contains statements regarding the future performance of secunet Group, as well as economic and political developments. These statements are opinions that we have formed based on the information currently available to us. Should the assumptions on which these statements are based not be applicable or should further risks arise, the actual results may deviate from the results currently expected. We cannot therefore offer any guarantee as to the accuracy of these statements.

Due to rounding, it is possible that individual figures in this annual report may not add up precisely to the totals provided and percentages presented may not accurately reflect the absolute values to which they relate.

For better readability, we predominantly use the grammatically masculine form in this report. References to persons always apply to all genders involved: male, female, diverse.

All the brand and trade names or product names mentioned in this report are the property of the corresponding holder. This applies in particular for DAX, MDAX, SDAX, TecDAX and Xetra as registered trademarks and property of Deutsche Börse AG.

This Annual Report was published on 28 March 2025. It is available in German and English. Both versions are available for download at www.secunet.com. The German version is legally binding in cases of doubt.

secunet Security Networks AG Kurfürstenstraße 58 45138 Essen

Phone: + 49 201 54 54 - 0 Fax: + 49 201 54 54 - 1000

e-mail: [email protected] Internet: www.secunet.com

AI Terminal

secunet Security Networks AG

386_rns_2025-03-28_4d266915-6e0a-49ca-b99d-634d2794bdfa.pdf

Key Figures

secunet Group overview (according to IFRS)

Long-term development of sales and EBIT

Public Sector

Digital sovereignty for state and society

Business Sector

Secure digitalisation in industry and healthcare

secunet – protecting digital infrastructures

Contents

Annual Report 2024

1. To the Shareholders

2. Management Report

3. Consolidated Financial Statements

4. Annual Financial Statements

5. Other Information

1.To the Shareholders

Foreword by the Management Board

Dear shareholders, customers, business partners and friends of the company,

Financial year 2024 closed with record sales revenue once again

Strategic highlights

State secrets secure in the cloud

State secrets secure on smartphones

State secrets safe from quantum computers

VS telephony without borders

Digitalisation in the healthcare sector

Looking ahead

Expression of thanks

Supervisory Board report

Dear Shareholders, Ladies and Gentlemen,

Supervision and examination methods

Meetings of the Supervisory Board

Corporate Governance

Committee work

Audit Committee

Technology and Innovation Committee

Annual Financial Statements and Consolidated Financial Statements for 2024

Expression of thanks

SPOTLIGHT

Cloud transformation in public administration

Bundesdruckerei and secunet cooperate on sovereign cloud offerings for the public sector

secunet continues to invest in cloud platform

SPOTLIGHT

EU funding programme 8ra (IPCEI-CIS) Edge cloud on the horizon

Edge and cloud combined

Central components for 8ra

Security and open source

Hot phase of cloudification

Dr Elisabeth Rieger

SPOTLIGHT

Post-quantum cryptography That crucial "quantum" of security

"Store now, decrypt later"

Already protected against quantum computers

Security through quantum physics

Practical challenges

Additional protection through innovative technology

Conclusion: PQC and its helpers

Social Days

From the desk to the shovel

SPOTLIGHT

The secunet share

Stock market development

The secunet share

Dividend and proposed dividend

Annual General Meeting

Shareholder structure

Communication with the capital market

Analyst coverage

Share price development 1 January 2024 – 31 December

Key figures and trading data

Master data and indices

Corporate Governance Statement

Management and supervisory structure

Supervisory Board

Management Board

Targets for the appointment of women

Diversity and long-term succession planning for the Management Board

Corporate governance guidelines