Annual Report 2019

Key Figures

of secunet Group (according to IFRS)

in million euros	2019	2018	Change in %
Sales	226.9	163.3	39
EBIT	33.2	26.9	23
EBT	32.9	26.6	24
Net income for the year	22.2	17.8	25
Earnings per share (in euros)	3.44	2.77	24
Balance sheet total	186.8	145.2	29
Equity 1	78.0	69.5	12
Cash and cash equivalents	64.5	56.1	15
Liabilities	84.7 2	54.1	57
Loans	-	-	-
Cash flow from operating activities	31.2	7.7	405
Investments in intangible assets and property, plant and equipment	8.3	6.6	26
Dividend per share in euros 2	1.56 3	2.04	-24
Order book (IFRS)	78.5	79.7	-2
Permanent employees as at 31 Dec	588	525	12

1 Including non-controlling interests

2 The Group adopted IFRS 16 for the first time as at 1 January 2019. Due to the transitional provision applied, the comparative figures have not been restated.

3 Subject to the resolution of the Annual General Meeting

Long-term development of sales and EBIT

Public Sector

Solutions for e-government and high security

Processes and IT infrastructure for public customers are particularly challenging in terms of information security. The secunet Public Sector division offers advice to national and international public-sector and defence customers, using state-of-the-art products and services that can be tailored to customers' needs, as well as individual security solutions. These meet the requirements of modern administration, allow sovereign tasks to be performed and correspond to the high-security requirements for the protection of classified information.

Business Sector

IT security for companies and industry solutions

Attacks on company networks, industrial espionage, cyber crime and data protection necessitate intelligent IT security solutions. The secunet Business Sector division supports its customers in the secure use of Information and Communication Technologies in internal IT, in core business and "embedded" in products and services. The core competence of the Business Sector division is in the development and production of flexible security solutions, which can be integrated into existing IT landscapes without influencing ongoing business processes and can be adjusted to technical development.

secunet is one of the leading German providers of high-quality IT security. In close dialogue with its customers – companies, public authorities and international organisations – secunet develops high-performance products and advanced IT security solutions. secunet therefore does not merely secure its customers' IT systems, it also delivers intelligent process optimisation and achieves sustainable added value.

Annual Report 2019

6	Foreword by the Management Board
10	Supervisory Board Report
14	The secunet Share
16	Corporate Governance Report
22	Management Report
54	Consolidated Financial Statements
96	Independent Auditor's Report on the Consolidated Financial Statements
101	Responsibility Statement
102	Annual Financial Statements
118	Independent Auditor's Report on the Annual Financial Statements
123	Responsibility Statement
124	Limited Assurance Report of the Independent Auditor regarding the Combined Non-Financial Statement
126	Service

secunet completed the year 2019 with excellent results

Dear shareholders, customers, staff and friends of secunet,

The 2019 financial year was a year of records

secunet Group once again achieved outstanding results in the past financial year. For example, we were able to increase sales revenues by 63.6 million euros or 39% from 163.3 million euros in 2018 to 226.9 million euros in the past financial year. The growth was mainly generated in the product business, where it resulted primarily from the rollout of the secunet healthcare connector to medical practices in Germany. This one-off effect enabled us to achieve record sales revenues in 2019.

Parallel to the increase in revenues, the earnings before interest and taxes (EBIT) rose significantly from 26.9 million euros in 2018 to 33.2 million euros in the past financial year. We thus continued our sustainably profitable growth course for the sixth year in succession.

The strong revenue growth in 2019 is largely due to the increase in sales revenues with the secunet konnektor, which are attributed to the Business Sector division. Until the end of 2018, the Business Sector division's portfolio was focused on commercial companies, with providers of critical infrastructures and the automotive industry as its core target groups. With the rollout of the secunet konnektor, a major expansion was achieved in the healthcare market. Accordingly, revenues in the Business Sector rose by 41 million euros from 16.1 million euros in 2018 to 57.1 million euros in the past financial year 2019. As a result, the Business Sector's contribution to Group

sales revenues grew from 10% in the previous year to 25% in the 2019 financial year. The Business Sector division achieved earnings before interest and taxes (EBIT) of 5.6 million euros in the 2019 financial year after 0.7 million euros in the previous year.

Revenues also grew in the Public Sector division, whose products and services are geared towards public clients within and outside Germany, as well as international organisations. The Public Sector portfolio comprises the SINA product business, solutions for automated border control systems (e. g. eGates), consultancy and development. Starting from an already high level of 147.2 million euros in 2018, sales revenues in the Public Sector rose by 15% or 22.6 million euros to 169.8 million euros. Here, too, growth was driven by the product business. EBIT in the Public Sector division increased from 26.2 million euros in 2018 to 27.6 million euros in the past financial year.

At the beginning of 2019, we expected sales revenues to be only slightly higher than the previous year, with EBIT down slightly year-on-year. The results we actually achieved in the 2019 financial year surpassed our own expectations. We are very pleased to have once again set new sales revenue and EBIT records.

We enable our shareholders to participate in the Company's success over the long term

Our shareholders benefit from the excellent operating results in the form of rising dividends and increasing share capital.

secunet AG generated a net income of 20.2 million euros in the 2019 financial year, as against 14.7 million euros in the previous year. The Management Board and Supervisory Board will propose to the Annual General Meeting that 10.1 million euros be distributed to the shareholders through payment of a regular dividend of 1.56 euros per dividend-bearing share (corresponding to a regular distribution of 50 percent of net income for the year). This represents a 24 percent decrease in the total dividend compared to the previous year. In view of developments relating to the corona epidemic, which are not

yet foreseeable, we are refraining from paying a special dividend for the 2019 financial year, as was granted in the previous year. Our goal is to provide our shareholders with sustainable and reliable dividend income.

The asset position of our shareholders – the value of their shares – also improved significantly in the course of 2019. The price of the secunet Security Networks AG share rose by 53.5% between 2 January 2019 (91.2 euros) and 31 December 2019 (140.0 euros). This led to an increase in the market value of the Company from 592.8 million euros to 910.0 million euros. The secunet share has also proven to be an investment with outstanding performance in the long-term perspective. Anyone who had bought shares at the beginning of the past decade at the Xetra opening price of 7.6 euros (4 January 2010) registered a substantial increase in value of more than 1.742% on 30 December 2019, in addition to the dividends paid during that period, significantly outperforming the German stock indices.

secunet is well prepared for the future

At the beginning of 2020, secunet has an excellent market standing and is well positioned for further growth.

The Public Sector division affords us a stable basis. One key factor here is the comprehensive product range, which we are constantly revising and expanding in line with the requirements of our customers in this segment: this includes, for example, the SINA product family, the solutions for automated border control and the security infrastructure for the ELSTER electronic tax return system. Additionally, these products and our high-quality consultancy services have enabled us to build up a sustainable partnership with our customers. This is also substantiated by the fact that we continue to be one of the few IT security partners of the Federal Republic of Germany. We expect further growth impetus to come from the Public Sector division in future too.

In the Business Sector, we also aim to grow in the long term. One target segment addressed by this division is the healthcare market. In the 2019 financial year, we achieved an initial major success with the rollout of the secunet konnektor to medical practices in Germany. For the future we anticipate further growth, for example, from expansion of the system infrastructure to include pharmacies and hospitals – corresponding hardware components (data centre connector) have already been approved. The industrial segment is a further target market of the Business Sector division. With our secunet edge product, among others, we have an attractive, promising portfolio for our customers in this area.

We continue to strive for international growth. Our current target markets are the countries of the European Union and EU organisations as well as the Middle East. We expect additional growth in the Far East and with the NATO organisations.

Where there are worthwhile candidates, we will supplement our organic growth through targeted acquisitions, and we are continuously assessing M&A activities in this area.

Our thanks go to our employees

With their strong commitment and motivation, our highly qualified employees in the areas of consulting and development deliver trustworthy solutions and intelligent concepts to our customers, thereby contributing to the sales in the service business.

Equally, the fast-growing product business would not be possible without the dedicated employees in all contributing areas, who perform their tasks with great enthusiasm.

In no small part, it is the employees in the areas of administration and services who ensure that the secunet organisation functions well and smoothly in the long term.

Without the untiring dedication of the entire workforce, we could not have achieved our excellent business results in 2019. We would thus like to offer our staff our express thanks for this outstanding performance.

Profitable growth remains our objective

IT security is still a growth market. Both private companies and government organisations continue to focus on maintaining and improving IT security and combating cyber threats in whatever form. The topics of IT security or cyber security, information security and data protection also remain constantly in the public spotlight. They accompany every discussion on technical and socio-political developments. We are working on the assumption that the digital transformation of society will not be successful without supporting information security and data protection measures. We therefore expect both government agencies and private sector companies to invest extensively in technical infrastructures and organisation. Accordingly, we continue to anticipate a high volume of demand for trusted, high-quality IT security.

Our strategy remains based on the three pillars of securing and expanding our good market position with German authorities, expanding business in the private sector and internationalisation.

secunet Group is well positioned at the beginning of 2020. At the end of December 2019, the order book of 78.5 million euros is at the same high level as in the previous year (79.7 million euros).

The current financial year 2020 nevertheless presents us with challenges:

After several record years in succession, the benchmark for further growth is moving ever higher.

Since the beginning of 2020, the coronavirus epidemic has become the dominant risk for further economic development. It can be assumed that the coronavirus will also impact the business performance of secunet Group. However, we are not yet in a position to assess the extent to which the associated effects will be reflected in our business results.

For the current financial year 2020, we anticipate a slight decline in revenue compared with 2019 and expect earnings before interest and taxes (EBIT) to be slightly down on the previous year.

We will continue to focus all our energies on the successful further development of secunet Group in the interests of all stakeholders.

Axel Deininger Torsten Henn

Dr Kai Martius Thomas Pleines

Supervisory Board Report

Dear Shareholders,

We can look back on an exceptionally successful financial year 2019. secunet Security Networks AG has continued to develop well in its established markets and has achieved initial impressive successes in the target market of healthcare. The Company is thus well-equipped to address the challenges of the future and enjoy further growth. The Company's strategic orientation, focusing on high-quality, trustworthy cyber security solutions for an increasingly broad range of applications, is fully supported by its Supervisory Board.

In the reporting year, the Supervisory Board performed in full the tasks assigned to it by law and by the Company's Articles of Association and rules of procedure. We have monitored and advised the Management Board in its management of the Company on the basis of the detailed written and oral reports submitted by the Management Board. Furthermore, between the Supervisory Board meetings, there was also a regular exchange of information between the Chairman of the Supervisory Board and the Chairman of the Management Board as well as the other members of the Management Board. The Supervisory Board was always informed quickly and comprehensively about all events and measures of material importance to the Company, in particular about the strategy, corporate planning including financial, investment and personnel planning, the profitability of the Company and the business development of the Company and the Group as well as the risk situation, risk management and compliance. The Supervisory Board was directly involved at an early stage in all decisions of fundamental importance to the Company and discussed these intensively and in detail with the Management Board. Insofar as the approval of the Supervisory Board was required for decisions or measures of the Management Board in accordance with the law, the Articles of Association or the rules of procedure, the members of the Supervisory Board approved these after intensive examination and discussion.

Supervision and examination methods

The Supervisory Board has mainly based its examination on

» the regular reports of the Management Board as provided for by law and the Management Board's rules of procedure,
» the separate reports submitted by the Management Board in specific circumstances and
» the supplementary explanations provided by the Management Board and the auditors.

Each of the reports was submitted to all members of the Supervisory Board. Where the Management Board submitted business measures to the Supervisory Board for approval, the submission to the Supervisory Board was in each case accompanied by a presentation of the main points to be considered in taking a decision. During the 2019 financial year, the Supervisory Board saw no occasion for individual members of the Supervisory Board or particular experts to inspect or examine the books or records of the Company.

Meetings of the Supervisory Board

Four regular meetings were held in the reporting year: on 27 March, 15 May, 18 September and 27 November 2019.

All members of the Supervisory Board attended all meetings of the Supervisory Board held during their respective tenure in the past financial year.

In addition, the Supervisory Board passed written circular resolutions between the meetings as required. The Management Board also kept the Supervisory Board informed about projects and plans of particular importance to the Company in the periods between the meetings, by means of detailed written reports. The Supervisory Board discussed with the Management Board any financial information arising over the course of the year, before its publication.

In all meetings, the Management Board reported to us on the current business performance of secunet Security Networks AG. We also dealt in detail with all relevant issues concerning business planning, investment planning, the development of earnings and liquidity, the risk situation, risk management and compliance. Furthermore, we examined in detail the Management Board's assessments regarding market events and the further development and long-term strategy focus of the Company, and discussed these topics in depth with the Management Board. We additionally focused on the key organisational and personnel changes.

At all Supervisory Board meetings, we were briefed on the Company's risk situation, risk management and compliance, including the compliance organisation set up by the Management Board.

At the financial statements review meeting on 27 March 2019, the Supervisory Board primarily dealt with the Financial Statements and the combined Management Report for secunet AG and the Group as at 31 December 2018, as well as the report of the Supervisory Board and the agenda and proposed resolutions for the Annual General Meeting on 15 May 2019. The Supervisory Board reviewed and adopted or approved the Annual Financial Statements, the Consolidated Financial Statements and the combined Management Report of the Company and the Group after discussing them in detail with the auditors present, who reported on the key results of their examination.

At its meeting on 27 March 2019, the Supervisory Board also discussed ongoing M&A projects. The Supervisory Board additionally addressed matters pertaining to the Management Board. We discussed and approved amendments to the rules of procedure for the Management Board. Furthermore, we undertook a self-evaluation of our activities with the aim of further improving the efficiency of the latter (efficiency review).

On 27 March 2019 we also dealt with the funding of a research project with the TU Ilmenau. Supervisory Board member Professor Dr Günter Schäfer is a university professor at the Technical University of Ilmenau and therefore, due to a potential conflict of interest, did not participate in the Supervisory Board's discussions and resolutions on this matter.

At the meeting on 15 May 2019, which was the constituent meeting of the Supervisory Board following the Annual General Meeting, the Supervisory Board re-elected Mr Ralf Wintergerst as Chairman of the Supervisory Board and Dr Peter Zattler as Vice Chairman. Mr Wintergerst and Dr Zattler abstained from voting on the election of their respective persons as Chairman and Vice Chairman of the Supervisory Board. The Supervisory Board then addressed the current business situation and the strategic goals of the company and discussed these with the Management Board.

The current business situation and the strategic goals of the Company were once again the main focus of our discussions at the meeting on 18 September 2019. The Management Board and Supervisory Board discussed in depth the anticipated market developments and the resulting potential for the Company. The Management Board also briefed us on the status of possible M&A projects.

In the meeting on 27 November 2019, the Supervisory Board focused in particular on the current business situation and the future strategic and operational development of the Company. The status of ongoing M&A projects was also addressed and Management Board matters were dealt with. In addition, the Supervisory Board discussed the annual and budget planning for 2020, as well as the three-year budget plan, and approved them. Another topic at this meeting was corporate governance issues, particularly the declaration of compliance with the German Corporate Governance Code pursuant to Section 161 of the German Stock Corporation Act.

Corporate Governance

The Supervisory Board and Management Board act in the knowledge that good corporate governance is an important basis for the success of the Company. We place great importance on implementation of the German Corporate Governance Code, and the application and further development of corporate governance standards within the Company are closely monitored.

At the Supervisory Board meeting on 27 November 2019, the Supervisory Board issued a Declaration of Conformity in accordance with Section 161 of the German Stock Corporation Act. Further information on the corporate governance of the Company and the Group can be found in the Corporate Governance Report (Declaration on Corporate Governance) section of this Annual Report. The current Declaration of Conformity is also reproduced there. The Declaration of Conformity can also be accessed on the Company's website.

Ralf Wintergerst

The Supervisory Board has established concrete appointment targets for its own composition and has approved a skills profile for the full Supervisory Board. Both are described in further detail in the Corporate Governance Report.

The Supervisory Board strives to continually improve the efficiency of its activities. On an annual basis, the review of the Supervisory Board's efficiency is also included as a separate item on the agenda for the meetings of the Supervisory Board.

The members of the Supervisory Board are responsible for the training and further development measures required for their tasks, such as those relating to changes in the legal framework and new technologies, and are supported in this by the Company. Internal information events on topics and issues that are relevant to the Company are also offered for targeted professional development.

Changes to the Supervisory Board and Management Board

There were personnel changes on both the Management Board and the Supervisory Board in the 2019 financial year.

Mr Axel Deininger took over as Chairman of the Management Board of secunet Security Networks AG with effect from 1 June 2019. The previous Chairman of the Management Board, Dr Rainer Baumgart, retired, as planned, with effect from 31 May 2019 on reaching the age of 65. The Supervisory Board would like to take this opportunity to thank Dr Baumgart for his important contribution to the development of secunet.

Moreover, the Management Board was expanded: two new members were appointed to the Management Board with effect from 1 June 2019: Mr Torsten Henn and Dr Kai Martius. Both had already worked as managers of secunet Security Networks AG for many years before their appointment to the Management Board.

There were personnel changes on the Supervisory Board due to the expiry of the regular tenure of all Supervisory Board members at the end of the Annual General Meeting on 15 May 2019 and because secunet Security Networks AG is now subject to the One-Third Participation Act. The applicability of this law presupposes the employment of generally more than 500, but not more than 2,000 employees and leads to the requirement that one third of the Supervisory Board members have to be employee representatives, i. e. in the case of secunet Security Networks AG, two of a total of six Supervisory Board members have to be elected by the employees.

Accordingly, Mr Ralf Wintergerst, Dr Peter Zattler, Professor Dr Günter Schäfer and Dr Elmar Legge were re-elected to the Supervisory Board as shareholder representatives at the Annual General Meeting on 15 May 2019. The tenure of Mr Wolf-Rüdiger Moritz and Mr Hans-Joachim Kunz as members of the Supervisory Board expired as at the end of the Annual General Meeting on 15 May 2019. The Supervisory Board would like to thank Mr Moritz and Mr Kunz for their good collaboration and commitment. Furthermore, the statutory election procedure was completed on 13 March 2019 with the election to the secunet Security Networks AG Supervisory Board of Ms Gesa-Maria Rustemeyer and Mr Jörg Marx as employee representatives.

Annual Financial Statements and Consolidated Financial Statements for 2019

The auditors, KPMG AG Wirtschaftsprüfungsgesellschaft, Düsseldorf branch, audited the Annual Financial Statements prepared by the Management Board in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Consolidated Financial Statements prepared in accordance with International Financial Reporting Standards (IFRS), as applicable in the EU, for the 2019 financial year as well as the combined Management Report of the Group and the Company, including the accounting records, and issued an unqualified audit opinion in each case. As part of this audit, the auditors also determined whether the Management Board has set up an appropriate monitoring system, the design and handling of which is suitable for early identification of any developments endangering the continued existence of the Company. The Supervisory Board awarded the audit mandate in accordance with the resolution passed by the Annual General Meeting on 15 May 2019.

The auditors also examined the report on relations with affiliated companies prepared by the Management Board for the 2019 financial year in accordance with Section 312 AktG and relating to the existing majority shareholding of Giesecke + Devrient GmbH, Munich, and issued the following unqualified opinion: "Based on our audit and evaluation conducted in accordance with our professional duties, we hereby confirm that 1. the factual information contained in this report is correct, 2. the consideration provided by the Company in respect of the legal transactions mentioned in the report was not inappropriately high."

The financial statement documents, the proposed appropriation of balance sheet profits, the report on relations with affiliated companies and the auditors' reports were distributed to all members of the Supervisory Board without delay following their preparation. At the financial statements review meeting on 27 March 2020, the aforementioned financial statements and reports, as well as the proposed profit appropriation, were discussed and examined in detail by the Supervisory Board in the presence of the auditors, who gave a report on the main findings of their audit. The review by the Supervisory Board also included the non-financial declaration in accordance with Sections 315b and 315c in conjunction with 289c to 289e HGB for secunet Security Networks AG and the Group.

Based on the final results of its own examination, the Supervisory Board had no objections to the Financial Statements, the combined Management Report for the Group and the Company, the report on relations with affiliated companies, including the final statement of the Management Board contained therein, or the auditors' reports. The Supervisory Board therefore endorsed the findings of the audit of the financial statements and approved the financial statements of secunet Security Networks AG and the consolidated Group as compiled by the Management Board as at 31 December 2019; the Annual Financial Statements of secunet Security Networks AG were thus adopted on 27 March 2020.

The Supervisory Board also examined the Management Board's proposed profit appropriation, which envisages a dividend of 1.56 euros for each eligible share, with regard to the liquidity of the Company as well as its financial and investment planning in conjunction with the as yet unforeseeable developments relating to the corona epidemic. The proposed appropriation of profits is in line with the Company's interests and takes into account the interests of the shareholders. After having examined and weighed up all the arguments, the Supervisory Board approves the profit appropriation proposal.

Expression of thanks

The extremely good results of secunet Security Networks AG for the 2019 financial year are due to the outstanding performance of the Management Board and the workforce of the Company and the Group. On behalf of the Supervisory Board, I would like to thank the members of the Management Board and all employees.

Essen, 27 March 2020

The Supervisory Board

Ralf Wintergerst

The secunet Share

Trading year 2019: a good year despite uncertainties

After a disappointing trading year in 2018, the global equity market recovered in 2019 and performed well. However, economic concerns and fears of a recession, Brexit and not least the US-China trade conflict remained dominant issues on the financial markets. Given these uncertainties, the major central banks stepped up their expansionary monetary policies and increased their balance sheets. Overall, the abundant liquidity provided a boost to global share prices.

The German stock indices too recorded price gains. The leading German index DAX rose by about 25 percent and the TecDAX by about 23 percent. Both the MDAX and the SDAX even showed an increase of around 31 percent.

Continuing good performance of the secunet share

The price of the secunet Security Networks AG share rose by 53.5 percent between 2 January 2019 (91.2 euros) and 31 December 2019 (140.0 euros). This led to an increase in the market value of the Company from 592.8 million euros to 910.0 million euros. After rising prices in the first half of the year and a prolonged sideways trend in the second, the share price reached a new all-time high of 148.5 euros on 12 December as a result of the increased forecast for the past financial year.

The secunet share has also proven to be an investment with outstanding performance in the long-term perspective. Anyone who had bought shares at the beginning of the past decade at the Xetra opening price of 7.6 euros (4 January 2010) registered a substantial increase in value of more than 1740 percent on 31 December 2019, in addition to the dividends paid during that period, thus significantly outperforming the German stock indices.

With the dividend for the 2018 financial year, secunet Security Networks AG again continued its long-term dividend policy of recent years in 2019. The Company's shareholders participated in the Company's success more strongly than ever before, through the distribution of a regular dividend of 1.13 euros per share and a special dividend of 0.91 euros per share, thus totalling 2.04 euros per share.

The Management Board and the Supervisory Board of secunet AG will propose to the Annual General Meeting the distribution of 10.1 million euros to shareholders through the payment of a regular dividend of 1.56 euros per dividend-bearing share (corresponding to a regular distribution of 50 percent of net income for the year).

Shareholder structure remains stable

Munich-based Giesecke & Devrient (G&D) GmbH has held a direct stake of 78.96 percent in secunet AG since 2009. A significant stake in secunet Security Networks AG is also held by Ingrid and Christiane Weispfenning, who together have a 3.95 percent share of the voting rights in secunet Security Networks AG, alongside Axxion S. A. (3.18 percent) and Frankfurter Investmentgesellschaft mit variablem Kapital (SICAV), which holds a 2.81 percent stake.

secunet itself holds a further 0.47 percent of the shares (30,498 individual shares), while the remaining 10.63 percent are in free float.

Lower trading volume

The average daily trading volume of secunet stock on Xetra, in terms of the number of shares, decreased to 1,041 shares in the past financial year, compared with a daily average of 1,699 secunet shares traded in the previous year.

High attendance at Annual General Meeting

Attendance at the 2019 Annual General Meeting corresponded to around 83% of the share capital. Each of the items on the agenda received more than 99% approval. The resolution on the appropriation of profit, which provided for the distribution of a regular dividend of 1.13 euros and a special dividend of 0.91 euros per dividend-bearing share (previous year: 1.20 euros), was adopted with 99.9% of the votes.

Shareholders receive comprehensive information

The cultivation of investor relations plays an important role at secunet. Great emphasis is placed on keeping the public promptly supplied with transparent, comprehensive and consistent information.

secunet provides its shareholders with comprehensive information on secunet Security Networks AG and its

business performance. All information published by secunet is made available to shareholders in a timely manner on the Company's website (www.secunet.com). The website also contains financial reports and presentations in addition to the current financial calendar. Furthermore, shareholders and other interested parties can contact Investor Relations by phone on +49 201 54 54-12 27 or via e-mail at [email protected] to clarify any questions they may have.

Share price performance 1 January – 31 December 2019 Index, price 1 January 2019 = 100

secunet stock information

Shareholder structure 2019

Reuters ticker symbol	YSNG.DE
Bloomberg ticker symbol	YSN
WKN (German security identification number)	727650
ISIN	DE0007276503
Class of share	Ordinary bearer shares with no par value
Share capital in euros	6,500,000
Share capital in units	6,500,000

To our Shareholders 15

Corporate Governance Report

Declaration of Corporate Governance

An effective and transparent organisation, as well as responsible and reliable corporate governance is very important at secunet Security Networks AG. The Company's Management Board and Supervisory Board firmly believe that good corporate governance is key to the continued success of the Company on the market.

The term Corporate Governance describes the regulatory framework for the management and supervision of companies. In a general sense, this framework must be designed in such a way that the Management Board and Supervisory Board work to ensure that the company continues to exist and creates value sustainably. Recommendations and proposals for how this requirement can be implemented in the management and supervision of companies are summarised in the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK). The Code serves the purpose of increasing trust in companies listed on the German stock exchange.

The Management Board and Supervisory Board of secunet Security Networks AG therefore regularly check the implementation of the German Corporate Governance Code at secunet Security Networks AG. In the 2019 financial year, the Management Board and Supervisory Board of secunet Security Networks AG once again carefully deliberated on the recommendations and proposals of the German Corporate Governance Code, in the version applicable in the 2019 financial year, as amended on 7 February 2017. The Declaration of Conformity set out below regarding the German Corporate Governance Code was agreed on the basis of these deliberations. This declaration is permanently available on our website and constantly updated to reflect any amendments.

In accordance with Item 3.10 of the German Corporate Governance Code in the version applicable in the 2019 financial year and with Section 289f of the German Commercial Code (Handelsgesetzbuch, HGB), the Management Board and Supervisory Board give the following report:

Management and supervisory structure

secunet Security Networks AG is subject to German stock corporation law. As a German public limited company, it has a dual management and supervisory structure consisting of a Management Board and a Supervisory Board. The Management Board consisted initially of three members in the 2019 financial year and then of four members with effect from 1 June 2019. The Supervisory Board is made up of six members. The Management Board and Supervisory Board work together closely and on the basis of mutual trust in their management and supervision of the Company.

Supervisory Board

The Supervisory Board performs the tasks assigned to it by law and by the Company's Articles of Association. It supervises and advises the Management Board with regard to the management of the Company. At regular intervals, the Supervisory Board discusses business performance and planning, as well as the strategy and its implementation. It discusses the half-year financial reports and quarterly updates with the Management Board before their publication, and approves the Annual Financial Statements of secunet Security Networks AG and the Group, taking into consideration the audit reports prepared by the auditors and its own examination. The Supervisory Board monitors the accounting process, the effectiveness of the internal control system, risk management and internal audit, as well as the auditing of the financial statements. Its tasks and responsibilities also include appointing members to the Management Board. Management Board decisions of fundamental importance, such as major acquisitions, disposals and financial measures, require the consent of the Supervisory Board. An extraordinary meeting of the Supervisory Board is convened as and when necessary should significant events arise. The Supervisory Board has drawn up rules of procedure for its work. Its Chairman coordinates the work carried out within the Supervisory Board, chairs its meetings and represents its interests externally. The Supervisory Board strives to continually improve the efficiency of its activities. In the 2019 financial year, the review of the Supervisory Board's efficiency was again included as a separate item on the agenda for the meetings of the Supervisory Board.

In accordance with the Articles of Association, the Supervisory Board of secunet Security Networks AG comprises six members. Until the end of the 2019 Annual General Meeting, the Supervisory Board consisted solely of shareholder representatives. Since it became foreseeable in the 2018 financial year that secunet security Networks AG would now generally have more than 500 but not more than 2,000 employees and thus be subject to the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz – DrittelbG), one third of the Supervisory Board must now consist of employee representatives. The Management Board of the Company instigated the change in the

composition of the Supervisory Board by initiating status proceedings in October 2018 and the procedure for election of employee representatives to the Supervisory Board in December 2018. The latter procedure was concluded on 13 March 2019 with the election of two employee representatives, Ms Gesa-Maria Rustemeyer and Mr Jörg Marx. At the 2019 Annual General Meeting, Mr Ralf Wintergerst, Dr Peter Zattler, Professor Dr Günter Schäfer and Dr Elmar Legge were elected to the Supervisory Board as the four shareholder representatives.

The knowledge, skills and professional experience required to fulfil the remit are taken into account when drawing up the nominations for election to the Supervisory Board. In addition, the Supervisory Board has defined specific targets for its composition in accordance with Item 5.4.1 of the German Corporate Governance Code in the version applicable in the 2019 financial year, and has drawn up a skills profile for the entire Board. The purpose of the skills profile is to ensure that the members of the Supervisory Board possess all the knowledge and experience considered essential in light of the activities of secunet Group. Furthermore, an age limit of 70 years is planned for members of the Supervisory Board.

Taking into account the Company's specific situation, the Supervisory Board strives to achieve diversity among candidates with the requisite professional and personal qualifications when its members are elected. The Supervisory Board therefore looks for international experience, independence and an appropriate degree of female representation among suitable candidates. In accordance with the recommendation in Item 5.4.1 of the German Corporate Governance Code in the version applicable in the 2019 financial year, at least one seat on the full Supervisory Board was reserved for a female member in the Supervisory Board elections held in 2019 in connection with the reconstitution of the Supervisory Board as a result of the One-Third Participation Act coming into effect.

One or more Supervisory Board members should also have many years of special experience abroad, acquired as a result of working abroad or due to a foreign country of origin. In addition, the Supervisory Board should include what it considers an appropriate number of independent members within the meaning of Item 5.4.2 of the German Corporate Governance Code in the version applicable in the 2019 financial year. Furthermore, on the basis of the resolutions passed by the Supervisory Board, the latter should include one independent member within the meaning of Item 5.4.2 of the German Corporate Governance Code in the version applicable in the 2019 financial year. In the opinion of the Supervisory Board, this requirement is currently met by the member Dr Elmar Legge. Until the Supervisory Board was reconstituted in May 2019, the Supervisory Board had another member, Mr Wolf-Rüdiger Moritz, who, in the Supervisory

Board's assessment, was independent within the meaning of Item 5.4.2 of the German Corporate Governance Code in the version applicable in the 2019 financial year. At least one member of the Supervisory Board should possess many years of international experience.

At its meeting on 4 May 2017, the Supervisory Board resolved the aforementioned objectives for its composition for the period until 30 June 2022 and took them into account in its election proposals to the 2019 Annual General Meeting.

The composition of the Supervisory Board complied with the specifications of the skills profile both before and after the Supervisory Board elections in 2019. The Supervisory Board members possessed and possess the professional and personal qualifications deemed necessary. They were and are all familiar with the sector in which the Company is active and had and have the essential knowledge, skills and experience for the Company.

The Supervisory Board does not have any committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the formation of committees.

Management Board

The Management Board, as the body responsible for managing the Company, conducts the Company's business under its own responsibility and in the Company's interests. Its aim is to increase the enterprise value on a sustainable basis. In particular, it determines the principles of the Company's policy and is also responsible for developing the Company's strategy, for planning and setting the Company's budget, for allocating resources, and for controlling and managing the Company's corporate and business divisions. Specific measures described in the Management Board's rules of procedure require the approval of the Supervisory Board. The Management Board is responsible for preparing the Company's quarterly updates, the Company's half-year financial reports, the Annual Financial Statements of secunet Security Networks AG, and the Consolidated Financial Statements.

The Management Board works closely with the Supervisory Board. It informs the Supervisory Board regularly, comprehensively and without delay – by means of written and verbal reports – of all issues important to the Company as a whole with regard to strategy and strategy implementation, planning, business performance, the financial and earnings situation, and entrepreneurial risks. The Supervisory Board is involved without delay in all decisions fundamental to the Company.

Targets for the appointment of women

The Supervisory Board has implemented the requirements of the legislation that came into force on 1 May 2015 regarding the equal participation of women and men in management positions.

At its meeting on 4 May 2017, the Supervisory Board established a target of 17 percent for the Supervisory Board, relating to the implementation period from 1 July 2017 to 30 June 2022, which corresponds to the goal of electing one woman to the Supervisory Board. The Supervisory Board took this target into account in its election proposals to the Annual General Meeting in May 2019.

At the same meeting on 4 May 2017, the Supervisory Board also maintained the previously determined target of zero percent for the Management Board relating to the implementation period up to 31 May 2019, because no expansion of the Management Board in this period was intended at the time of the decision. Against the background of the expansion of the Management Board implemented as of 1 January 2018 through the appointment of Mr Axel Deininger, the Supervisory Board again addressed the targets for composition of the Management Board at its meeting on 27 March 2019, in particular the targets for the participation of women, and decided to retain the target of zero percent with regard to the proportion of women on the Management Board for the implementation period up to 31 May 2019 and beyond that up to 31 May 2020. This is essentially due to the fact that the search for suitable female candidates remains challenging in the current market environment and in secunet Security Networks AG's areas of business, and therefore a higher target cannot at present be regarded as realistic from the point of view of the Supervisory Board. Mr Torsten Henn and Dr Kai Martius were appointed to the Management Board with effect from 1 June 2019.

With regard to the two management levels below the Management Board, the Management Board set the following targets for the period from 1 July 2017 to 30 June 2022: zero percent for the first level and eleven percent for the second level. In view of the small size of the Company, the limited number of management positions and the associated low level of fluctuation, the Management Board is of the opinion that more ambitious targets would currently not be realistic. However, the Management Board reiterates its intention to move towards a higher proportion of management positions being held by women to the greatest extent possible.

In the 2019 financial year, the proportion of women at the second management level below the Management Board was 8 percent (previous year: 10.5 percent).

Responsible risk management

Good corporate governance also means that the Company must take a responsible approach to risk. Systematic risk management as part of our value-oriented Group management ensures that risks are identified and evaluated at an early stage, and that risk positions are optimised. The Management Board reports regularly to the Supervisory Board on the current development of key risks. Details of risk management at secunet Security Networks AG can be found in the combined Management Report. It also contains the report on the key characteristics of the internal control and risk management system relating to accounting.

Transparent corporate governance

Transparency in corporate governance is very important to the Management Board and Supervisory Board of secunet Security Networks AG. Shareholders, all participants in the capital market, financial analysts, shareholder associations and the media are provided with comprehensive, regular and up-to-date information regarding the Company's position and key changes to the Company's business.

secunet Security Networks AG reports to its shareholders four times a year on business performance and on the financial and earnings situation, and makes all reports and information permanently available to shareholders on the Company's website at www.secunet.com. The dates for regular financial reporting are listed in the financial calendar. If any circumstances arise at secunet Security Networks AG that might significantly influence the stock market price of secunet Security Networks AG, these are disclosed in ad hoc announcements in accordance with the legal requirements. The financial calendar and ad hoc announcements are available to view on the website of secunet Security Networks AG under >> The Company >> Investor Relations >> Financial News and Reports.

Shareholders and Annual General Meeting

The shareholders of secunet Security Networks AG may exercise their rights, including voting rights, at the Annual General Meeting. Shareholders can exercise their voting rights at the Annual General Meeting themselves or choose an agent or Company proxy bound by their instructions to exercise the voting rights. The Annual General Meeting takes place in the first eight months of the financial year. The Chairman of the Supervisory Board normally chairs the Annual General Meeting. Ahead of the Annual General Meeting, shareholders receive comprehensive information about the past financial year and about the individual items on the agenda of the upcoming meeting by way of the Annual Report and invitation to the meeting. All relevant documents and information on the Annual General Meeting, together with the Annual Report, are also available on our website.

In accordance with the provisions of law, the auditors are appointed by the Annual General Meeting. At the Annual General Meeting on 15 May 2019, the Düsseldorf branch of the auditing firm KPMG AG Wirtschaftsprüfungsgesellschaft was appointed as auditors for secunet Security Networks AG and Group auditors for secunet Group for the 2019 financial year, and was therefore selected to perform an audit review of the Condensed Financial Statements and the Interim Management Report of secunet Security Networks AG and secunet Group as at 30 June 2019.

Shareholders are notified of important dates by means of a financial calendar published in the Annual Report, in the quarterly updates and on the Company's website.

Further detailed information about secunet Security Networks AG is available on our website at www.secunet.com.

Corporate governance guidelines

The Articles of Association of secunet Security Networks AG form the basis of our Company. The Company's Articles of Association, the current Declaration of Conformity, the Declarations of Conformity for previous years and further corporate governance documents can be found online at www.secunet.com under >> The Company >> Investor Relations >> Corporate Governance.

The Management Board has introduced a Code of Conduct for the Company and its employees, summarising the business principles of secunet Security Networks AG. These principles are a crucial part of how secunet Security Networks AG sees itself, and of the expectations that it strives to meet. The Code of Conduct sets down standards of conduct for dealing with all the economic, legal and moral challenges that we face in our day-to-day business activities, and is intended to serve as a benchmark and guide when working with customers, suppliers and other business partners, as well as for our conduct towards our competitors. It also governs our conduct in financial matters and trading in secunet shares, their derivatives and other financial instruments. The Company has set up a compliance unit to handle questions arising in connection with the Code of Conduct.

In accordance with the provisions of Item 4.1.3, sentence 3 of the German Corporate Governance Code in the version applicable in the 2019 financial year, the Company has provided its employees with an opportunity to report, under protection, legal violations within the Company by means of an electronic whistleblower system. This option is also available to third parties.

Management Board and Supervisory Board remuneration

secunet Security Networks AG complies with statutory regulations and the recommendations of the German Corporate Governance Code in the version applicable in the 2019 financial year and discloses the remuneration of each individual member of the Management Board. In this Annual Report (more specifically, in the remuneration report, which forms part of the Management Report), we detail the remuneration of the members of the Management Board and Supervisory Board.

Information on stock option programmes and similar securities-based incentive systems

No stock option programmes or similar securities-based incentive systems exist for members of corporate bodies or employees of the Company.

Notification of transactions under Article 19 of the European Market Abuse Regulation (managers' transactions)

Article 19 of the European Market Abuse Regulation (EU) No. 596 / 2014 requires members of corporate bodies (Supervisory Board / Management Board) and certain executives, as well as closely related parties, to disclose transactions in secunet shares or related financial instruments where the sum total of such transactions reaches or exceeds 20,000 euros (until 31 December 2019: 5,000 euros) within a single calendar year. Disclosures regarding managers' transactions (directors' dealings) are also published on our website under Investor Relations. No managers' transactions were reported in the 2019 financial year, in which the threshold of 5,000 euros was applicable.

Accounting and auditing of the financial statements

secunet Security Networks AG prepares its Consolidated Financial Statements and Consolidated Interim Financial Statements in accordance with the International Financial Reporting Standards (IFRS) as applicable in the EU. The Annual Financial Statements of secunet Security Networks AG are prepared in accordance with German commercial law (HGB) and the German Stock Corporation Act. The Annual and Consolidated Financial Statements are compiled by the Management Board and audited by the auditors and the Supervisory Board. Quarterly updates and the half-year financial report are discussed by the Management Board and Supervisory Board prior to their publication.

secunet Security Networks AG's Consolidated and Annual Financial Statements have been audited by KPMG AG Wirtschaftsprüfungsgesellschaft, Düsseldorf branch, the auditors appointed by the 2019 Annual General Meeting. The audits were performed in accordance with Section 317 HGB and with due consideration for the generally accepted standards for the audit of financial statements in Germany promulgated by the Institute of Public Auditors in Germany (IDW). The undersigned auditors for the Annual Financial Statements and Consolidated Financial Statements of secunet Security Networks AG are Mr Martin C Bornhofen and Dr Dominic Sommerhoff.

It was also contractually agreed with the auditors that they inform the Supervisory Board without delay of any potential grounds for exclusion or bias and of any findings or occurrences of significance to the Supervisory Board's remit that came to light during the auditing of the financial statements.

The Condensed Consolidated Interim Financial Statements and the Interim Group Management Report as at 30 June 2019 were subjected to an audit review by KPMG AG Wirtschaftsprüfungsgesellschaft.

Declaration of Conformity under Section 161 of the German Stock Corporation Act dated 27 November 2019

The management and supervisory boards of companies listed on the German stock exchange are legally obliged, in accordance with Section 161 of the German Stock Corporation Act (Aktiengesetz, AktG), to annually declare whether the official recommendations of the Government Commission on the German Corporate Governance Code applicable at the time of making the declaration have been fulfilled and will be fulfilled. The Company is furthermore required to disclose which recommendations of the Code have not been applied or will not be applied and to explain the reasons for this. This Declaration of Conformity is printed in full below, with explanations. The Declaration of Conformity can also be found on secunet Security Networks AG's website under >> The Company >> Investor Relations >> Corporate Governance. The Declarations of Conformity issued in the last five years are permanently available on the website.

The Company complies with, and will continue to comply with, the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version of 7 February 2017 applicable in the 2019 financial year and published by the German Ministry of Justice in the official part of the Federal Gazette on 24 April 2017, with the following exceptions:

3.8, para. 3

A similar deductible shall be agreed upon in any D&O policy for the Supervisory Board.

Explanation: The secunet Supervisory Board conducts its business with the utmost sense of responsibility. A deductible would not give rise to any additional improvement or incentive.

5.1.2, para. 2, sentence 3

An age limit for members of the Management Board shall be specified.

Explanation: secunet Security Networks AG does not stipulate an age limit for Management Board members, as the age of the particular Management Board member is not a blanket criterion for suitability to hold a position on the Management Board. An age limit would therefore generally limit the selection of suitable candidates to an unreasonable degree.

5.3.1 Depending on the specifics of the enterprise and the number of its members, the Supervisory Board shall form committees with sufficient expertise.

Explanation: The Supervisory Board of secunet Security Networks AG has no committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the formation of committees.

5.3.2 The Supervisory Board shall set up an Audit Committee.

Explanation: The Supervisory Board consists of six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Due to the number of Supervisory Board members and the composition of the Supervisory Board, setting up a separate Audit Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to accounting, risk management, compliance and the auditing of the financial statements.

5.3.3

The Supervisory Board shall form a Nomination Committee.

Explanation: The Supervisory Board of secunet Security Networks AG consists of only six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Due to the number of Supervisory Board members and the composition of the Supervisory Board, setting up a separate Nomination Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to the nomination of suitable candidates for the Supervisory Board's proposals to the Annual General Meeting for the election of Supervisory Board members. An additional Nomination Committee has therefore not been set up.

5.4.1, para. 2, sentence 1

The Supervisory Board shall specify concrete objectives regarding its composition which, whilst considering the specifics of the enterprise, take into account the international activities of the enterprise, potential conflicts of interest, the number of independent Supervisory Board members within the meaning of number 5.4.2, an age limit and a regular limit to Supervisory Board members' term of office, both to be specified, as well as diversity.

Explanation: The Supervisory Board of secunet Security Networks AG has not specified a regular limit for the term of office on the Supervisory Board. In the view of the Supervisory Board such a restriction is not necessary with regard to efficient operation of the Board, especially since the Board's work may benefit from the experience of long-standing members.

5.4.6, para. 1, sentence 2

The status as Chair or membership of a committee shall also be taken into consideration when specifying the remuneration of Supervisory Board members.

Explanation: Since the Supervisory Board has no committees, there is currently no question of a special chairmanship and committee membership remuneration.

secunet Security Networks AG

Essen, 27 March 2020

For the Management Board For the Supervisory Board

Management Report

Combined Management Report on the position of the Company and the Group for the 2019 financial year

1	Principles of the Group	23
1.1	Business model and Group structure 1.1.1 Business model of the Group	23 23
	1.1.2 Group and organisational structure	23
	1.1.3 Products and services	24
	1.1.4 Key sales markets	24
1.2	Corporate management	24
1.3	Research and development – innovation report	25

2	Economic Report	25
2.1	Framework conditions for the overall economy
	and for relevant sectors	25
2.2	Assessment of business performance in 2019	26
	2.2.1 Business performance of secunet Group 26
	2.2.2 Business performance of secunet AG	26
2.3	Situation	27
	2.3.1 Results of operations of the Group 2.3.2 Results of operations of secunet AG	27 28
	2.3.3 Financial and net asset situation of the
	Group	29
	2.3.4 Financial and net asset situation of
	secunet AG	31
	2.3.5 Investments of the Group	32
	2.3.6 Investments of secunet AG	32
	2.3.7 Order book of the Group	32
	2.3.8 Order book of secunet AG	32
2.4	Employees	33
3	Forecast, Opportunity and Risk
	Report	33
3.1	Risk report	33
	3.1.1 Risk management objectives and
	methods	33
	3.1.2 Individual risks	34
3.2	Opportunities	37
	3.2.1 Growth through increasing awareness	37
	3.2.2 Growth due to increasing regulation	37
	3.2.3 Growth through new markets	37
	3.2.4 Growth through acquisitions	38
3.3	Overview of risks and opportunities	38
3.4	Forecast	38
4	Risk Reporting with regard to the

5	Description of the Key Features of
	the Accounting-related Internal
	Control and Risk Management
	System (Section 289 (4) and
	Section 315 (4) HGB)	40

5.1 Elements of the internal control and risk

6	Takeover-related Information: Information and Explanatory Report provided by the Management Board in line with Section 289a (1) and Section 315a (1) HGB	41
5.5	Restrictive details	40
5.4	Key regulatory and controlling activities for ensuring the correctness and reliability of accounting within the Group	40
5.3	Specific Group accounting-related risks	40
5.2	Use of IT systems	40
	management system	40

7	Management and Control –
	Reference to the Declaration of
	Corporate Governance pursuant
	to Section 289f (1) HGB	42

8 Combined Non-financial Statement of the Company and the Group 42

Environmental matters	47

	47
data protection	46
Social matters: information security and
8.3.5 Training and further education	45
(working hours and locations)	45
8.3.4 Life phase-oriented working models
8.3.3 Occupational health and safety	45
staff development	44
8.3.2 Employer appeal, recruiting and junior
8.3.1 Diversity and principles of conduct	44
Employee matters	44
Business model	44
About this statement	42
	Combating corruption and bribery

9.1	Remuneration report		48
	9.1.1	Remuneration of the Management Board 48
	9.1.2	Remuneration of the Supervisory Board	52
9.2		Management Board report pursuant to
		Section 312 (3) AktG	53
9.3		Forward-looking statements	53

Use of Financial Instruments 39

1 Principles of the Group

1.1 Business model and Group structure

1.1.1 Business model of the Group

secunet Group (hereinafter referred to as "secunet") and secunet Security Networks Aktiengesellschaft, Essen (hereinafter referred to as "secunet AG") offer products, solutions and consulting services in the field of IT security. secunet has specialised in IT high security, complex solutions and demanding projects in which technologies and processes are combined. These are the areas of IT security where applications are developed and offered for professional use, e. g. high-security cryptographic systems, public key infrastructures (PKI), secure electronic identities (eID) and infrastructure components for the healthcare sector. The range of solutions is mainly geared towards large-scale infrastructures. Customers usually receive tailored solutions matching their individual requirements, even if they are based on standard applications.

1.1.2 Group and organisational structure

In Germany, secunet Group comprises secunet AG and the subsidiaries secunet Service GmbH (100%), secunet International GmbH & Co. KG (100%) as well as secunet International Management GmbH (100%), all headquartered in Essen. secustack GmbH (51%) has its registered office in Dresden. Furthermore, secunet Group also includes the subsidiaries secunet s. r. o. in Prague, Czech Republic, finally safe GmbH in Essen and secunet Inc. in Austin, Texas, USA. The subsidiaries secunet s. r. o. and finally safe GmbH are in liquidation.

International marketing activities for the SINA product family are bundled in secunet International GmbH & Co. KG. As the general partner of secunet International GmbH & Co. KG, secunet International Management GmbH is responsible for the management of secunet International GmbH & Co. KG. secunet Service GmbH incorporates the administrative activities of secunet Group. Almost all functions supporting the operational units of secunet AG are centralised in the service company. As an internal service provider, the company takes responsibility for services such as accounting, controlling, staff and logistics.

The focus of finally safe GmbH was on visualising network communication, achieving higher network resistance and faster recognition of advanced forms of attack. The early warning system "Advanced Security Analytics Platform" can be used to detect and analyse weaknesses and attacks in a network. This results in comprehensive protection against possible future attacks by closing security gaps and vulnerabilities in good time, while also enabling automatic detection of irregularities through continuous analysis of the network. These activities are being continued by secunet Security Networks AG.

secustack GmbH is a company that was jointly founded on 26 March 2019 by secunet Security Networks AG and Cloud & Heat Technologies GmbH; it commenced operations in May 2019. It develops user-friendly cloud solutions with a very high level of security. The solutions are based on the leading open-source cloud platform OpenStack and expand it to include additional security mechanisms. In this way, the data of a cloud infrastructure user are always exclusively accessible to this user. Target groups for secustack's solutions include public authorities, R&D facilities, companies in the Industry 4.0 environment, power utilities, hospitals and banks.

secunet has eleven locations in Germany: Berlin, Bonn, Dresden, Essen (headquarters), Frankfurt, Hamburg, Ilmenau, Munich, Paderborn, Siegen and Stuttgart. Consulting and development projects are handled at these sites in close collaboration with our customers. In Dresden, secunet also runs a training centre which is principally used for training users and administrators on the SINA secure inter-network architecture.

secunet has a market-oriented organisational structure: two divisions – Public Sector and Business Sector – are respectively geared towards the needs of public clients and international organisations on the one hand, and to the target group of private companies on the other hand, offering consultancy services, products and solutions.

One aspect of the Public Sector division's offering to its customers is the SINA product family, encompassing solutions (software, hardware and management) for highly secure, cryptographic processing, transmission and storage of classified information with different confidentiality levels. Additionally it offers public customers a wide range of IT security products and services, from IT security consulting and training to products for electronic passports, automated (biometric) border control systems, the ELSTER electronic tax return system and the equipment of large infrastructures with high-security technology and public key infrastructures.

The Business Sector division offers IT security consulting and solutions for the healthcare market and to meet the specific requirements of companies in the private sector. In the 2019 financial year, the range of solutions in the healthcare market consisted mainly of the secunet konnektor for connection to the telematics infrastructure (TI) in the healthcare sector, which was approved at the end of 2018. The consulting services for private sector companies range from security assessments (known as penetration tests) via security consulting (for security policies and their implementation, for example) up to support for certification projects. The customer-specific solutions in the Business Sector are focused on providers and operators of critical infrastructures, such as telecommunications companies, energy and utility companies, as well as on the

automotive industry. The portfolio contains, for example, the eID PKI Suite solution, which is used to generate, use and manage digital certificates. The certificates serve the purpose of authenticating users and technical components as well as signing and encrypting data and messages. Also included is the secunet edge product, which protects networked sensors, machines and systems in Industry 4.0 against cyber attacks.

The business results from the international distribution of SINA products are attributable to secunet International GmbH & Co. KG and are allocated to the Public Sector segment in secunet Group.

Within the divisions, the organisation has a process-oriented design and aims to optimise operations for the relevant markets and customers.

Giesecke + Devrient GmbH, Munich, is the majority shareholder with a direct holding of 78.96%, and is the parent company of secunet AG. The Giesecke + Devrient Group (hereinafter referred to as "G+D") is a leading international technology group based in Munich. The company, which was founded in 1852, develops, produces and sells products and solutions that deal with security for payment processes as well as identity, connectivity and data security.

1.1.3 Products and services

The secunet product portfolio comprises hardware, software and services. The services include specialist consulting on IT security, software development and the development and implementation of comprehensive security solutions. When it comes to hardware and software, secunet operates across the entire value chain, from design and development through to integration, operations, maintenance and support of products. secunet's core competence is the application of cryptographic procedures in system solutions.

1.1.4 Key sales markets

The target markets for secunet's products and services are public clients and the private sector. The target group for public clients served by the Public Sector division includes governmental organisations, organisations in the defence sector (including organisations such as NATO), EU organisations, security authorities and border police. In the private sector, secunet's Business Sector targets the customer segments of finance, insurance and energy, utilities, telecommunications and manufacturing / production industries, automotive manufacturers and suppliers, as well as the healthcare sector.

The Company's main geographical sales area is Germany. To date, secunet's distribution activities abroad have focused on EU countries, NATO member states and the Middle East.

1.2 Corporate management

Management of secunet Group and secunet AG by the secunet AG Management Board is based on key financial performance indicators, the most important being sales revenue and EBIT in each case. The Management Board obtains comprehensive information about the state of business and these key performance indicators at its twice-monthly meetings. The Management Board regularly liaises with senior executives who have operational responsibility to discuss any distribution, product management and project management measures that may be required.

1.3 Research and development – innovation report

The research and development activities of secunet Group and secunet AG aim at improving and innovating processes, products and solutions. In this way secunet stays abreast of the growing need of its customers for higher security in existing infrastructures as well as for solutions dealing with threats in new technical environments.

secunet's innovation efforts are built on three supporting strategic approaches:

» Promoting a culture of innovation,
» Collaboration and partnerships with customers and suppliers, various universities and associations, and
» Bundling of competences with product managers who support developments from innovation management through to the creation of market-ready products.

In addition, secunet employees are members of many national and international standardisation bodies and committees, where a valuable exchange of expertise takes place, continually building up employees' skills and ensuring that secunet participates extensively in technological developments at an early stage.

secunet's operational research and development activities for products and solutions for the public sector are almost exclusively conducted on behalf of customers, which means that the resultant costs can largely be invoiced to customers. Starting with the development in the Business Sector division of the secunet konnektor for the healthcare sector, secunet has made higher self-financed investments in research and development since the 2018 financial year.

In the 2019 financial year, the main development activities related to the SINA Communicator H, an innovative solution for high-security telephony. For the SINA Communicator, 2.8 million euros was invested in research and development. In the 2019 financial year, a further 0.3 million euros was invested in development of the secunet konnektor for data centres – particularly for use in hospitals.

Altogether, 3.1 million euros was invested in research and development in the 2019 financial year (previous year: 5.0 million euros).

2 Economic Report

2.1 Framework conditions for the overall economy and for relevant sectors

secunet Group is predominantly active in the German market and is therefore primarily affected by the framework conditions of the overall economy in Germany. Real gross domestic product (GDP) rose by 0.6% in 2019. Following growth of 1.5% in the previous year, overall economic output thus grew less strongly. The weaker underlying economic trend was primarily due to a decline in export-dependent industry, while domestically oriented sectors continued to provide a boost. At the same time, the German government continued its expansive fiscal policy to stimulate the economy. This goes hand in hand with stable development of public budgets. Government investment is increasing noticeably, with one of the main focuses being on digital infrastructure. The commercial situation of secunet Group is being positively influenced by these framework conditions.

Market statistics for the IT sector are compiled by the Bitkom industry association (German Association for Information Technology, Telecommunications and New Media).

The market for information technology is growing. In 2018 and 2019, the sector grew by 3.5% and 2.9% respectively (source: Bitkom). The following developments in the sector can be observed:

» The hardware market is growing, but this growth is characterised by changes in level due to (replacement) procurement cycles: strong expansion of 2.7% in 2018 was followed by a low growth rate of 0.5% in 2019.
» The market for software is consistently expanding by well over 6%.
» Growth in IT services is lower and continues running at a level of 2.4%.

Security remains an important issue for the IT market. Various data scandals and cyber attacks have had a very strong publicity effect and have made the issue of "cyber security" a higher priority for many. With the advance of digitalisation, protecting IT systems against threats of espionage and sabotage is becoming ever more important.

Consequently, the German federal government has developed a cyber security strategy, the guidelines of which aim to render the risks associated with digital transformation manageable. Government agencies and companies are to work together in various fields of action. Among other things, IT security research is to be promoted, certifications and approvals strengthened and a platform created for the reliable exchange of confidential information.

There is also an increasing awareness of this topic among companies in the private sector. Current surveys (Allianz Risk Barometer 2020) show that cyber incidents are considered to be the greatest global business risk for companies. According to the Global Risks Report 2020 published by the World Economic Forum, cyber attacks and the failure of information infrastructures rank among the top 10 risks worldwide. The material damage resulting from cyber crime for companies in Germany in 2018 is estimated by the German Federal Criminal Police at 100 billion euros, while the damage worldwide over the same period is estimated at 600 billion dollars. The topic has also been additionally boosted by the German IT Security Act (IT-Sicherheitsgesetz, ITSiG). This legislation demands that providers and operators of critical infrastructure appropriately safeguard their IT systems using the latest technology and report IT security incidents.

Specific market statistics for IT security conclude that the market for IT security is growing faster than the overall market for hardware, software and IT services. In the completed year 2019, companies in Germany spent an estimated 4.6 billion euros on hardware, software and services in the field of IT security – an all-time high and 10% more than in the previous record year 2018 (source: Bitkom). Worldwide, market growth is expected to be similarly high, with the market volume set to reach 124 billion dollars in 2019 (source: Statista).

secunet Group is therefore operating within an environment that is conducive to corporate growth, both in the overall economy and its own sector.

2.2 Assessment of business performance in 2019

2.2.1 Business performance of secunet Group

Due to the very high business results already achieved in 2018, which made further growth appear challenging, the secunet Management Board expected a slight increase in Group sales revenue for the 2019 financial year at the time of publication of the 2018 Annual Report. Due to the rollout of the secunet konnektor in medical practices, a disproportionately high increase in sales revenue was anticipated in the Business Sector division and a corresponding rise in this segment's contribution to Group sales revenues. At the same time, due to price and wage developments, the Management Board expected EBIT to be slightly lower than the previous year.

The sales revenues associated with the rollout of the secunet konnektor have greatly exceeded expectations. At the same time, the other divisions also achieved considerable increases in revenues compared with the

2018 financial year. In accordance with the increased revenue volume, EBIT also exceeded the expectations presented in the 2018 Annual Report by far. In line with the forecast contained in the 2018 Annual Report, the Business Sector's contribution to sales revenues and EBIT increased significantly.

Against the backdrop of the considerable increase in sales revenues already achieved in the first quarter of 2019 and the positive outlook for the financial year as a whole, the Management Board of secunet raised its forecast for the year for secunet Group at the beginning of May 2019 to sales revenues of around 190 million euros and earnings before interest and taxes (EBIT) of around 30 million euros.

With announcements on 11 September 2019 and 12 December 2019, the Management Board increased its forecast for 2019 again, first to sales revenues of around 210 million euros and an EBIT of 32 million euros, then to sales revenues of around 230 million euros and an EBIT of 35 million euros. The forecast increases were made against the background of continued good business results in the second half of 2019 and major projects and call-offs from framework agreements in December 2019, which were not initially foreseeable.

The actual business performance significantly exceeded the sales revenue and EBIT forecast published with the 2018 Annual Report. In the 2019 financial year, secunet Group achieved sales revenue of 226.9 million euros (previous year: 163.3 million euros) and an EBIT of 33.2 million euros (previous year: 26.9 million euros). This marked yet another record result. The results were thus slightly below the most recently published forecast. This was primarily attributable to the fact that several small to medium-sized projects had not yet been invoiced. Earnings were also impacted by non-recurring expenses, such as the impairment of an inventory.

The Management Board assesses secunet Group's business performance in 2019 as outstanding.

2.2.2 Business performance of secunet AG

The forecast for secunet AG was subject to the same risks and opportunities as those of secunet Group. Accordingly, at the time of publication of the 2018 Annual Report, the Management Board was anticipating a slight increase in sales revenue and a moderate decrease in EBIT.

In the 2019 financial year, secunet AG too achieved a strong increase in business results with sales revenues of 221.6 million euros (previous year: 161.2 million euros) and EBIT of 33.8 million euros (previous year: 22.6 million euros).

The Management Board assesses secunet AG's business performance in 2019 as outstanding.

2.3 Situation

2.3.1 Results of operations of the Group

The income statement for secunet Group in accordance with IFRS, as applicable in the EU, is presented according to the cost-of-sales method.

2.3.1.1 Sales revenue performance

In the 2019 financial year, the sales revenue of secunet Group grew by 63.6 million euros or 39%, from 163.3 million euros in the previous year to 226.9 million euros. While utilisation of consulting capacities remained high, the corresponding service revenues were down slightly on the previous year's level. Tangible growth was primarily achieved in the product business (sales revenue from trade goods, licences, maintenance and support).

Both the Public Sector and Business Sector divisions contributed to the increase in sales revenue.

Compared to the previous year, sales revenue in the Public Sector division rose by 15%, or 22.6 million euros, from 147.2 million euros to 169.8 million euros. The proportion of secunet Group's sales revenue which was attributable to the Public Sector division in the 2019 financial year was thus 75% (previous year: 90%).

In the Business Sector division, the rollout of the secunet konnektor for integration into the telematics infrastructure for the electronic health card in medical practices led to a strong increase in sales revenues. These rose from 16.1 million euros in the 2018 financial year to 57.1 million euros in the completed reporting year. As a result, the Business Sector's contribution to Group sales grew from 10% in the previous year to 25% in the 2019 financial year.

Sales revenues from projects with the Giesecke + Devrient Group fell from 0.8 million euros in the 2018 financial year to 0.4 million euros in the year under review, thus remaining at a low level.

At 17.4 million euros, sales of secunet products and solutions outside Germany were down slightly by 2% or 0.4 million euros on the previous year's level of 17.8 million euros. As a result, the contribution of sales outside Germany to Group sales fell from 11% in the previous year to 8%.

2.3.1.2 Earnings performance

The earnings before interest and taxes (EBIT) of secunet Group increased by 23% compared to the previous year, rising from 26.9 million euros to 33.2 million euros. This improvement in EBIT resulted primarily from increased sales revenue in the product business.

Key cost items in secunet Group

in thousand euros	2019	2018
Cost of sales	171,389	115,567
Selling expenses	15,580	14,088
General administrative costs	6,515	5,779

The following individual developments arose, in terms of costs:

In the reporting year, the cost of sales increased by 55.8 million euros, or 48%, from 115.6 million euros in the 2018 financial year to 171.4 million euros. The increase is directly linked to the development of sales revenue in the product business: materials expenses rose disproportionately compared with sales revenue. Materials expenses include the purchase of commodities for use in products, as well as third-party services received. Furthermore, increased personnel expenditure, arising mainly from expansion of the workforce, has also had an effect in this area. Additionally, depreciation and amortisation affect the expenses for own development work capitalised in previous years, especially for the secunet konnektor, and amortisation of software acquired within the scope of the initial consolidation of finally safe GmbH.

The selling expenses increased by 1.5 million euros, or 11%, from 14.1 million euros in the previous year to 15.6 million euros, primarily due to the increase in personnel expenses.

General administrative costs increased by 0.7 million euros, or 12%, to 6.5 million euros compared to the prior-year figure of 5.8 million euros. This growth was due mainly to higher personnel expenditure.

EBIT in the Public Sector division rose by 5% from 26.2 million euros in the previous year to 27.6 million euros in the 2019 financial year. The increase in earnings is disproportionately low compared to the growth of sales revenue. This is attributable to a strong increase in the cost of sales.

EBIT in the Business Sector division grew by 4.9 million euros or more than 700% from 0.7 million euros in the 2018 financial year to 5.6 million euros in the year under review. This was primarily due to the very strong increase in sales revenues as a result of the rollout of the healthcare connector.

Income from interest in secunet Group fell by 24%, or 22 thousand euros, from 92 thousand euros in the 2018 financial year to 70 thousand euros in the reporting year. This income resulted primarily from short-term loans provided during the year by secunet AG to its parent company Giesecke + Devrient GmbH, Munich. Once again, fewer loans were issued in the 2019 financial year than in the previous year. Interest expenses increased from 135 thousand euros to 363 thousand euros. The increase is due primarily to accounting in accordance with the rules of IFRS 16. Overall, the interest result changed from -43 thousand euros to -293 thousand euros.

The earnings before taxes were 32.9 million euros in the 2019 financial year, having totalled 26.6 million euros in the 2018 financial year, corresponding to an increase of 6.3 million euros or 24%. Tax on the earnings increased from 8.8 million euros in the 2018 financial year to 10.7 million euros in the 2019 financial year. The increase of 1.9 million euros in tax expenditure was due to the higher earnings. The tax ratio was 32% in 2019 (previous year: 33%).

As a result, secunet Group generated consolidated net income of 22.2 million euros in the 2019 financial year, corresponding to a year-on-year increase of 4.4 million euros, or 25% (17.8 million euros). Of this amount, 22.3 million euros is attributable to the shareholders of secunet AG and -0.1 million euros to non-controlling interests (minority shareholders of secustack GmbH) (previous year: -0.1 million euros, minority shareholders of finally safe GmbH). Diluted and undiluted earnings per share in 2019 stood at 3.44 euros, compared with 2.77 euros in the previous year.

2.3.2 Results of operations of secunet AG

In the annual financial statements of secunet AG issued pursuant to commercial law, the income statement is presented using the nature of expense method.

In the 2019 financial year, secunet AG generated sales revenue of 221.6 million euros, having achieved 161.2 million euros in the previous year, an increase of 60.4 million euros or 37%. Other operating income increased from 1.5 million euros in the 2018 financial year to 3.8 million euros in the year under review. The increase mainly resulted from a grant for development expenses of 1.6 million euros and the contribution of a manufacturer to a product exchange amounting to 0.5 million euros.

The change in inventories in the 2019 financial year amounts to 728 thousand euros (previous year: 348 thousand euros).

The following developments in the expenditure items can be observed:

Key expenditure items of secunet AG

in thousand euros	2019	2018
Materials expenses	119,535	74,562
Personnel expenses	43,679	39,073
Depreciation and amortisa tion of tangible and intangible
assets	2,661	2,294
Other operating expenses	26,611	24,916

Materials expenses increased by 44.9 million euros, or 60%, from 74.6 million euros in the previous year to 119.5 million euros. The increase is directly linked to the development of sales revenue in the product business. Materials expenses rose disproportionately compared with sales revenue.

In 2019, personnel expenses rose by 12%, or 4.6 million euros, from 39.1 million euros in the previous year to 43.7 million euros in 2019. The increase is accounted for by the growth of the workforce, salary increases and rising variable remuneration.

Depreciation and amortisation of tangible and intangible assets rose by 0.4 million euros, or 17%, from 2.3 million euros in the previous year to 2.7 million euros in the 2019 financial year. The increase results from the further expansion of the Company's property, plant and equipment, mainly office equipment and IT infrastructure.

Other operating expenses increased by 1.7 million euros, or 7%, from 24.9 million euros in the previous year to 26.6 million euros. The increase is mainly attributable to expenses which are charged with a corresponding margin on the original costs of secunet Service GmbH to secunet AG due to the spin-off of the Central Services, Central Sales Coordination and Central Project Management divisions by secunet Service GmbH.

Income from investments includes 63,011.40 euros from the payout of the bank account of secunet SwissIT AG, Solothurn, Switzerland, following the completion of liquidation in June 2019. In the previous year, the net income for the year of secunet International GmbH & Co. KG, Essen, was reported here in the amount of 449,628.64 euros less the 2017 loss carryforward of 1,729.60 euros on account of recognition in the same period.

As a result, the earnings before interest and taxes (EBIT) rose by 39%, or 8.9 million euros, from 22.6 million euros in the 2018 financial year to 31.5 million euros in the past reporting period.

The 2019 financial result totalled -2.9 million euros, compared with -0.5 million euros in the 2018 financial year. The change is due to the extraordinary write-down of the holding in finally safe GmbH by 2.2 million euros.

Accordingly, the earnings before income taxes of secunet AG in the 2019 financial year were 30.9 million euros compared with 22.2 million euros in the previous year. Net income increased from 14.7 million euros in 2018 to 20.2 million euros in the 2019 financial year.

2.3.3 Financial and net asset situation of the Group

The balance sheet is presented in accordance with IFRS, as applicable in the EU. The balance sheet total rose from 145.2 million euros as at 31 December 2018 to 186.8 million euros as at 31 December 2019.

Balance sheet of secunet Group, assets

in euros	31 Dec 2019	31 Dec 2018
Current assets
Cash and cash equivalents	64,492,741.83	56,084,381.70
Trade receivables	44,943,649.78	41,776,937.04
Intercompany financial assets	117,904.76	452,438.07
Contract assets	2,787,251.28	2,648,354.51
Inventories	21,570,841.56	19,348,793.59
Other current assets	1,746,947.30	1,132,135.08
Total current assets	135,659,336.51	121,443,039.99

Non-current assets
Property, plant and equipment	5,718,170.00	4,555,737.00
Right-of-use assets	17,231,604.86	–
Intangible assets	8,172,156.96	5,990,220.00
Goodwill	4,625,031.00	4,625,031.00
Non-current financial assets	6,141,883.00	5,860,888.00
Trade receivables	4,727,008.44	0.00
Deferred taxes	2,303,869.56	1,592,036.82
Other non-current assets	2,205,150.34	1,142,447.60
Total non-current assets	51,124,874.16	23,766,360.42
Total assets	186,784,210.67	145,209,400.41

On the assets side of the balance sheet, the following significant changes can be seen between the two balance sheet dates.

Cash and cash equivalents increased by 15% or 8.4 million euros from 56.1 million euros to 64.5 million euros, primarily due to the improvement in earnings and the change in working capital (inventories, receivables and liabilities).

Current and non-current trade receivables increased by 7.9 million euros, or 19%, from 41.8 million euros to 49.7 million euros. This is due to the increase in sales revenues.

In order to ensure delivery capability for the continually growing product business, the inventory level increased by 2.3 million euros, or 12%, from 19.3 million euros to 21.6 million euros.

The right-of-use assets have been capitalised for the first time due to the initial application of IFRS 16 in 2019. The Group has made use of the option not to adjust the prior-year amounts. The right-of-use assets result from leases for buildings / offices and company cars. They are recognized at cost and depreciated over the term of the lease. Corresponding items are the current and noncurrent lease liabilities on the liabilities side.

The value of intangible assets increased by 2.2 million euros from 6.0 million euros to 8.2 million euros. Reasons for this are the capitalised development costs of intangible assets in connection with the secunet Communicator and the capitalisation of the purchased solutions (software) for various service areas within the Company on account of conversion of the ERP system to SAP Hana in January 2020.

Balance sheet of secunet Group, liabilities

in euros	31 Dec 2019	31 Dec 2018
Current liabilities
Trade accounts payable	27,953,644.22	22,797,180.71
Intercompany payables	280,968.68	283,951.48
Lease liabilities	2,600,883.05	–
Other provisions	13,695,372.45	12,577,879.75
Income tax liabilities	5,446,232.78	6,695,131.05
Other current liabilities	3,621,460.71	4,739,511.25
Contract liabilities	9,960,482.92 8,682,677.88
Total current liabilities	63,559,044.81	55,776,332.12

Non-current liabilities
Lease liabilities	14,936,347.1	–
Deferred taxes	1,883,251.83	1,886,488.94
Provisions for pensions	8,229,598.00	6,781,816.00
Other provisions	356,381.00	321,152.00
Contract liabilities	19,857,502.46	10,927,251.63
Total non-current liabilities	45,263,080.34	19,916,708.57

Equity
Subscribed capital	6,500,000.00	6,500,000.00
Capital reserves	21,922,005.80	21,922,005.80
Other reserves	-2,160,360.07	-1,627,934.01
Revenue reserves	51,192,282.72	42,363,484.81
Equity attributable to parent company owners	77,453,928.45	69,157,556.60
Non-controlling interests	508,157.07	358,803.12
Total equity	77,962,085.52	69,516,359.72

Total liabilities	186,784,210.67	145,209,400.41

The liabilities side of the secunet Group balance sheet indicates the following significant changes when comparing between 31 December 2018 and 31 December 2019:

Trade accounts payable increased by 5.2 million euros or 23% from 22.8 million euros at 31 December 2018 to 28.0 million euros at 31 December 2019. This growth is explained by the general increase in secunet Group's business volume. secunet Group is in a position to meet its payment obligations at all times.

As in the case of the right-of-use assets reported on the assets side, the current and non-current lease liabilities of 17.5 million euros result from the first-time application of IFRS 16. Current and non-current lease payments are recognised at the amount of the future discounted payment obligations. The Group has made use of the option not to adjust the prior-year amounts. The difference between the value of the right-of-use assets shown on the assets side and the value of the lease liabilities shown on the liabilities side of the balance sheet is due to the differences in value between depreciation and discounting.

Other current provisions rose by 1.1 million euros, or 9%, from 12.6 million euros to 13.7 million euros. The main reason for this is the increased recognition of provisions for variable remuneration components, due primarily to expansion of the workforce.

Current and non-current contract liabilities rose by 10.2 million euros from 19.6 million euros as at 31 December 2018 to 29.8 million euros. The increase in this amount is linked to the growing business volume.

Revenue reserves increased from 42.4 million euros in the previous year to 51.2 million euros. This change (8.8 million euros) was essentially based on the portion of the Group consolidated profit for the period attributable to the shareholders of secunet AG of 22.3 million euros and the dividend payment of 13.2 million euros for 2018 paid during the reporting year.

secunet Group's positive result for the 2019 financial year contributes to the increase in equity, compared to the previous year's reporting date, by 8.5 million euros, or 12%, to 78.0 million euros as at 31 December 2019.

secunet did not take out any loans in either the 2018 or the 2019 financial year; all spending was financed with liquid assets. The debt ratio is thus 0%. Guaranteed credit lines concluded by secunet AG with its key relationship banks and totalling 12.0 million euros are available to secunet Group as security for customers within the framework of larger projects and for guarantees, for example for lessors of office space, and remain unchanged from the previous year. As at 31 December 2019, these had been utilised to the amount of 2.4 million euros (previous year: 2.1 million euros).

At 31.2 million euros, cash flow from operating activities for the 2019 financial year rose significantly compared with the figure for the previous year (7.7 million euros). The positive liquidity effect from the improvement in the earnings before taxes is enhanced by the increase in depreciation and liabilities. The only counteracting effect is from the increased tax payments.

Cash outflow primarily for investing activities amounted to 8.5 million euros (previous year: 6.8 million euros). The increase in outflow is mainly attributable to investments in intangible assets and property, plant and equipment, which rose by 1.7 million euros.

Cash outflow for financing activities increased by 6.6 million euros in the 2019 financial year as compared with the 2018 financial year. The change is largely attributable to the fact that in the 2019 financial year, a dividend in the amount of around 13.2 million euros was paid to shareholders of secunet AG for the preceding financial year 2018, compared with 7.8 million euros in the previous year. Furthermore, lease payments of 2.6 million euros, reported for the first time due to the application of IFRS 16, also had an effect.

2.3.4 Financial and net asset situation of secunet AG

The accounting measurement methods in the Annual Financial Statements of secunet AG pursuant to commercial law differ from those for secunet Group – which reports in accordance with IFRS, as applicable in the EU – largely with regard to the presentation of receivables, inventories, provisions for pensions and deferred taxes. A different measurement method is also used for goodwill, which according to the German Commercial Code (HGB) is amortised on a straight-line basis over nine to 15 years, while IFRS only provides for unscheduled impairments following an annual impairment test.

Balance sheet of secunet AG, assets

in euros	31 Dec 2019	31 Dec 2018
A. Fixed assets
I. Intangible fixed assets	2,791,289.43	1,586,970.00
II. Tangible fixed assets	5,416,709.00	4,258,680.00
III. Financial assets	7,787,060.76	8,269,415.21
Total fixed assets	15,995,059.19	14,115,065.21

B. Current assets
I. Inventories	23,307,459.09	20,118,541.00
II. Receivables and other assets	50,026,173.05	45,605,200.53
III. Cash in hand and balances with credit institutions	61,141,900.00	51,070,220.29
Total current assets	134,475,532.14	116,793,961.82

C. Prepaid expenses and accrued income	3,090,266.15	1,728,399.46
Total assets	153,560,857.48	132,637,426.49

On the assets side of the balance sheet of secunet AG, the following significant changes can be seen between the two balance sheet dates 31 December 2018 and 31 December 2019:

Intangible assets increased by 1.2 million euros, or 75%, from 1.6 million euros to 2.8 million euros. The main reason for this is the capitalisation of software and solutions used in the various service areas following introduction of the ERP system SAP Hana in January 2020.

The increase in inventories is the result of an expansion of merchandise inventories to ensure that delivery obligations from the growing product business can be better met.

Receivables and other assets increased by 4.4 million euros or 10%. This is due to the increase in business volume.

Cash and cash equivalents increased by 20%, or 10.0 million euros, from 51.1 million euros to 61.1 million euros due to the change in working capital (inventories, receivables and liabilities).

Balance sheet of secunet AG, liabilities

in euros	31 Dec 2019	31 Dec 2018
A. Equity
Subscribed capital	6,500,000.00	6,500,000.00
Nominal value of treasury shares	-30,498.00	-30,498.00
I. Issued capital	6,469,502.00	6,469,502.00
II. Capital reserves	21,656,305.42	21,656,305.42
III. Revenue reserves
1. Reserve for treasury shares	30,498.00	30,498.00
2. Other revenue reserves	32,872,483.59	22,786,735.42
IV. Net accumulated profit	10,092,423.12	13,197,784.08
Total equity	71,121,212.13	64,140,824.92

B. Provisions	23,950,148.93	24,760,215.27

C. Liabilities	30,347,531.49	26,480,780.23

D. Deferred income and accrued expenses	28,141,964.93	17,255,606.07
Total liabilities	153,560,857.48	132,637,426.49

The liabilities side of the balance sheet indicates the following significant changes:

The main reason for the decline in provisions is the lower allocation to the provision for tax payments due to higher advance payments for 2019 made during the year.

Liabilities increased by 3.9 million euros, or 14%, from 26.5 million euros to 30.3 million euros, mainly due to higher trade payables.

Deferred income rose by 64%, or 10.8 million euros, from 17.3 million euros to 28.1 million euros. The main reason for this is the growing product business and the associated increase in revenues from licences and maintenance, which are deferred over their respective terms.

An amount of 10.1 million euros was transferred to the other revenue reserves from the net income of 20.2 million euros for 2019 in conjunction with the balance sheet profit of 13.2 million euros for the previous year. Taking into account the dividend paid in 2019, in the amount of 13.2 million euros from the balance sheet profit for 2018, the result is a balance sheet profit of 10.1 million euros.

Finally, the Management Board views the earnings, financial and net assets positions of secunet Group and secunet AG as outstanding.

2.3.5 Investments of the Group

The capital expenditure of 8.3 million euros in the 2019 financial year (previous year: 6.8 million euros) mainly consists of the purchase of intangible assets and of property, plant and equipment. In the 2019 financial year, expenditure for this type of investment amounted to 8.3 million euros (previous year: 6.6 million euros). Whereas in the previous year, the development expenses of 4.0 million euros for the secunet konnektor still accounted for the largest share, in 2019 various major software programs were purchased for the service areas in connection with conversion of the ERP system in January 2020 in addition to the development expenses for the SINA Communicator H. Additionally, investments continued to include considerable spending on the procurement of new and replacement hardware, software and other business and operating equipment.

The investments were made from liquid funds.

2.3.6 Investments of secunet AG

The capital expenditure of secunet AG totalled 6.6 million euros in 2019. Of this amount, 5.1 million euros was invested in intangible assets and property, plant and equipment. 1.5 million euros was spent on the acquisition of shares in affiliated companies. In the previous year, capital expenditure amounted to 3.1 million euros, as for the Group.

2.3.7 Order book of the Group

The secunet Group order book in accordance with IFRS amounted to 78.5 million euros at the end of 2019 and was thus at virtually the same level as on the previous year's reporting date (79.7 million euros as at 31 December 2018).

2.3.8 Order book of secunet AG

The secunet AG order book (also in accordance with IFRS) amounted to 66.9 million euros at the end of 2018 and has therefore fallen by 11%, or 8.3 million euros, as compared with the figure of 75.2 million euros at 31 December 2018.

2.4 Employees

At the end of the 2019 financial year, secunet Group had 588 permanent employees. This is 63 persons or around 12% more than at the end of 2018. The Company also employs 72 temporary workers (previous year: 69). The increase in employees primarily took place in the productive areas of development and consulting as well as in distribution.

At year-end 2019, secunet AG employed 494 permanent employees (end of previous year: 437) and 57 temporary workers (end of previous year: 57).

The Management Board is of the opinion that secunet's employees are highly qualified and exceptionally well trained. Our experts have extensive practical experience in project and development work. Furthermore, secunet places considerable emphasis on the further training of its employees to keep their level of knowledge in line with the latest developments in the relevant field.

secunet attaches great importance to cooperative management that takes the needs and qualifications of employees into account. secunet abides by the management principle of "management by objectives" (MBO). MBO is a technique where personnel management is carried out on the basis of agreed objectives. It involves both top-down and bottom-up objectives. The top-down objectives are set by corporate management on the basis of sales and EBIT forecasts. Personal bottom-up objectives are derived from these and agreed between division heads and individual employees. Implementation and assessment of the agreed objectives are monitored annually. The results are then used as a basis for calculating the variable remuneration for employees.

3 Forecast, Opportunity and Risk Report

3.1 Risk report

3.1.1 Risk management objectives and methods

Risk management is carried out in the same way and in parallel for secunet Group and secunet AG. The function presented below and the description of individual risks and opportunities thus apply to both secunet Group and secunet AG.

Risk management at secunet is carried out by a risk committee. This comprises the members of the Management Board and the departmental manager responsible for risk management. The risk committee meets regularly once a quarter. Any developments that could jeopardise the fulfilment of objectives, or which may even threaten the survival of the Company, are subjected to intense analysis, scrutiny and assessment by the risk committee. The aim of doing this is to ensure that information about risks, and the associated financial implications, is detected as early as possible in order to implement suitable measures. The existing opportunities and associated potential for earnings are to be identified and leveraged.

As part of the preparation for meetings of the risk committee, a comprehensive risk inventory takes place in each area of the Company. Following a bottom-up approach, the risks are identified and aggregated, then assessed according to their damage extent and probability of occurrence.

The Company-specific risks surveyed in this manner are then discussed at the risk committee meetings, implementing a top-down approach. The effects of risks and opportunities are not offset against each other. A net presentation is shown when evaluating the potential effects of risks, i. e. the effects of any risk minimisation measures already taken are considered as part of the evaluation. Depending on the probability-weighted damage value of the risks (risk value), the further treatment of the risks is then determined. This ranges from pure documentation where the value is negligible (the probability-weighted damage value in the 2019 financial year was up to 1.25 million euros in EBIT losses) and further observation (monitoring of existing measures – for a risk value of up to 2.6 million euros in the 2019 financial year) to the need to take and monitor measures immediately (reporting threshold – at a probability-weighted damage value of over 2.6 million euros in the 2019 financial year). The value limits defined above are re-determined annually based on the planned annual result. Insofar as the identified risks are quantifiable, the corresponding risk values (relating to the reporting date) are adopted in the reporting system.

Proposals for countermeasures are then drawn up, if required. The Management Board examines these measures and implements them promptly. During the course of the 2019 financial year, several instances of risk were identified and necessitated measures. For the main part, these related to the areas of distribution and production. Operative damage management implemented in each of these cases was able to contribute to reducing the relevant risk value to significantly below the warning threshold in all cases.

The early risk detection and risk management system of secunet AG is being continuously developed and improved.

3.1.2 Individual risks

Since 2019, the risks for secunet Group and thus also for secunet AG as the parent company of the Group have been primarily classified according to their origin in the functional areas of secunet as follows:

» Sales risks: these are risks in all areas connected with distribution. They relate primarily to the functions purchasing and inbound logistics, sales and outbound logistics as well as distribution and marketing.
» Product risks: these are the risks that can arise in connection with products and solutions from secunet. They relate primarily to risks from technical defects or possible security weaknesses in the components used. Also included in this category are risks from the divisions responsible for planning and coordinating the market-readiness of products and solutions from secunet Group.
» Project risks: these are the risks that can arise in connection with development and consulting projects. They mainly include the risks relating to budget planning and subsequent budget compliance.
» Structural risks: these are the risks arising from support functions such as finance and controlling, legal and human resources, and IT. Risks from M&A activities and compliance risks are also recorded here.

In the early risk detection and risk management system for the year 2018, the classification of risks was still based on their impact on the stages of secunet's value creation (risks to the corporate infrastructure, product management risks, distribution risks, risks in production). The revised and optimised classification categorises some risks more strongly according to areas of responsibility (product management and production risks have become product and project risks) while others remain largely unchanged (corporate infrastructure has become structural risks, distribution is now sales).

The coronavirus poses a further risk for business development in 2020. The virus has been spreading further around the world since January 2020. The Management Board is assessing the potential effects of the corona pandemic on secunet Group continuously and with high priority. All aspects of business operations are being examined and evaluated, with appropriate measures being developed where necessary. This applies in particular to outsourced supplies and the work performed on customer premises as well as to secunet Group's own infrastructure and employees. It is not possible to reliably make any meaningful statements for secunet Group in this respect at the time of preparing this report.

As in previous years, the principal risks identified and quantified primarily concern sales risks (acquisition and execution of orders) and project risks (processing of projects).

3.1.2.1 Sales risks

The area of sales risks is dominated by distribution risk. secunet is active in the project business. Many projects relate to infrastructures and solutions that are designed on an individual basis. The IT security infrastructures based on these are often associated with high investment volumes, resulting in a complex and often protracted tendering and decision-making process for the customer. This applies to both Public Sector and Business Sector customers and places great limitations on the ability to plan for sales revenues, leading to a potential associated volatility in secunet's business. The distribution risk is continuously monitored as part of risk management and in the ongoing Management Board meetings and, if necessary, it is countered with suitable measures. These measures for reducing the distribution risk often consist of establishing close contact, and thus ongoing cooperation with the customer, through the use of dedicated key account managers, for example.

Closely linked to distribution risk is the risk factor of customer structure to the extent that secunet conducts the majority of its business with public sector authorities and organisations. The loss of segments of demand from this customer group can have negative effects on sales revenue and earnings. This risk is regularly discussed in depth by the risk committee. Investments in IT, and notably in IT security, are seen as particularly important for the smooth delivery of projects for the public sector, particularly in a world where information technologies play an increasingly important role. The risk of a downturn in demand from public sector customers is therefore constantly monitored, although it is currently considered to be relatively low.

In order to be better placed in the medium term to react to the potential risk of a decline in demand from public sector customers, and in order to reduce and compensate for any resulting decline in sales revenue and earnings, secunet will continue to devote intensive efforts to the expansion of its activities for the private sector target group (Business Sector).

A further risk can be seen in the fact that a large part of the sales revenue is concentrated on a small number of public clients and companies. If one of these major customers is absent for even a short period of time, and the corresponding expected orders are delayed, secunet's attainment of annual objectives may be endangered at the very least. In this case too, the use of key account managers in distribution can help towards risk reduction. Thanks to their close contact with the customer, they can ensure a timely reaction to changes in demand.

Furthermore, the fact that the business results are still heavily influenced by domestic demand is seen as a risk for the further growth of secunet. As a result, the expansion of high-performance international distribution, tapping of new markets and the acquisition of additional customers abroad will remain a focus of efforts for the future development of the Company. One strategic measure is the pooling of international distribution activities in the marketing company founded for this purpose.

The distribution risk at the time of creating this report is classified as negligible.

Sales risks also include warehousing risks. These increase as secunet AG's product business grows. Warehousing risks include the risk associated with the ability to deliver at short notice, which is countered by suitably networked material planning. At the same time, hardware components in particular are becoming obsolete because of accelerating technical progress. Where applicable, inventories lose their value because of this technical ageing process. secunet stays abreast of these risks through professional inventory optimisation. Inventories were written down by 0.6 million euros in the 2019 financial year.

Positive commercial framework conditions in the German market for IT security have attracted new competitors, particularly in recent years. The changing intensity of the competition that this entails is continually monitored and evaluated by secunet. Currently, there are no signs of a negative impact on secunet's market position.

Sales risks aggregated over all the individual risks identified in this area, totalling 0.2 million euros as at the end of December 2019, were classified as negligible.

3.1.2.2 Product risks

The secunet AG product portfolio is concentrated on solutions in the area of cyber security. In the case of the SINA product family in particular, these solutions are protected and approved at a high level in cryptographic terms.

One risk that is evaluated on an ongoing basis in connection with the technical properties of these products is the effect of any possible – as yet undetected – security weaknesses in these solutions. In this context, the focus is on the question of whether and to what extent the security promise made to its customers by secunet in connection with the solution as a whole might be compromised as a result of security holes in individual components.

A comprehensive process of ongoing risk identification and assessment takes place in this area for the purposes of risk minimisation. As part of this process, secunet collects and evaluates findings about potential security risks from a wide range of sources. Even if potential vulnerability of the systems merely seems possible as a result of this evaluation, customers are informed immediately and supported in closing the potential security hole.

This process of monitoring and solving potential technical security risks is implemented in close collaboration with the Company's development and certification partner, the German Federal Office for Information Security (BSI).

In view of the risk minimisation measures in use, the economic risk connected with technical product security is believed to be low.

Potential warranty claims are taken into account by creating appropriate risk provisions.

In conjunction with the development of new products, the following risks are discussed and evaluated regularly:

» Risk of a possible decline in demand: the product fails to prove itself on the market.
» Risk of undesirable technical developments: the product contains defects that lead to warranty claims.
» Risk of failure to complete the product in time: the development project takes considerably more time than estimated.

In the past, secunet primarily developed products and solutions in response to orders to cover specific security needs in the public sector. Its high-security IT solutions are tailored precisely to customers' needs; secunet products are generally not designed without a specific requirement in mind. Most of the products developed by secunet are made to order and are accordingly financed by the customer. Therefore, no development risks exist in terms of potentially waning demand. The risks associated with developing new products that subsequently prove unsuccessful on the market have therefore not been of primary significance for secunet in most product areas.

With the development of the secunet konnektor in the 2018 financial year and due to the volume of the associated investments, risk evaluation has focused more closely on development risks. Similar observations were made in the 2019 financial year with regard to the secunet Communicator in the Public Sector, and the secunet konnektor for data centres and secunet edge in the Business Sector. The focus here is less on the sales prospects associated with the products than on the duration of development and certification. The greatest risk for development projects is underestimation of the time required before new solutions are ready for acceptance. This can lead to expenditure of time and personnel, which limits the profitability of these projects. In order to keep these risks as low as possible, secunet uses extensive project planning and control mechanisms in different locations, paired with a dedicated reporting line. This part of the risk analysis and risk management is identical to the activities that apply for major projects. In the area of development projects, the risk at the time of creating this report is classified as low.

Product risks aggregated over all the individual risks identified in this area, totalling 0.1 million euros as at the end of December 2019, were classified as negligible.

3.1.2.3 Project risks

Major projects: distribution and project management (distribution and production risk)

In addition to the distribution risks for major projects already described under sales risks, there is also a project management risk. In addition, there are specific risks for very long-term major projects.

The project management risk arises after the commissioning of major projects: these projects are characterised by multiple uncertainties in their implementation due to the sheer fact of their size. The risk may then consist of a failure to maintain schedules and project budgets. secunet takes these risks into account by means of a comprehensive project management system, which is used to create regular management reports for project managers, division heads and the Management Board. The risks arising from major projects are continuously monitored – in the same way as development risks – with comprehensive project planning and control mechanisms, in conjunction with a risk-oriented reporting system. In the event of deviation from the set targets, measures to reduce the risk are resolved and implemented immediately. These can consist of making additional capacity available for processing the project or discussing deviations with the customer in order to bring expectations into line with the altered framework conditions.

In very long-term projects that extend over periods of more than five years, there may be additional risks, for example because the solutions implemented reach the end of their technological service life (update problems, problems with outdated technology). Furthermore, a replacement risk may be posed by suppliers who disappear from the market over the course of such projects.

Project risks aggregated over all the individual risks identified in this area, totalling 0.3 million euros as at the end of December 2019, were classified as negligible.

3.1.2.4 Structural risks

Structural risks resulting from support functions such as finance and controlling, legal and human resources, and IT were not identified in the 2019 financial year or were classified as harmless. The same applied to potential compliance risks.

The risks from M&A activities also include investment risk. In this context, the major shareholdings of secunet AG were continuously evaluated in the 2019 financial year. As at the end of 2019, the investment risk was classified as negligible.

3.2 Opportunities

The driving factors outlined below continue to have a positive effect on the future growth of secunet:

3.2.1 Growth through increasing awareness

Increasing sensitivity to IT security issues in recent years has received strong support as a result of reporting in the media on cyber security threats (such as wiretapping cases, attempted and successful hacking of the networks of authorities and companies, attacks on critical infrastructures) over the same time period.

Investigation into the medium to long-term assessment of risk among companies and decision-makers reveals that much greater importance will be placed on cyber security going forward. The issue of cyber security is the focus for a wide range of investigations and seminars, as well as publications derived from them. Cyber incidents are increasingly at the centre of risk assessments – not just those conducted on behalf of authorities, but also by private companies. Cyber incidents have consistently been included in the top three business risks in Germany over the past three years, as identified in the Allianz Risk Barometer 2020, for example; the same picture emerges in the global view. The World Economic Forum's Global Risk Report 2020 also lists cyber attacks and the vulnerability of critical infrastructure among the top 10 risks worldwide.

A positive trend in the demand for high-quality, trustworthy IT security solutions "made in Germany" can be inferred from this. This applies both to authorities, which are adding IT system and infrastructure security to their existing efforts, and to companies, which are countering the now-specific risks of economic / industrial espionage, for example, with appropriate safeguards. An additional group is made up of providers of critical infrastructures for which IT security is becoming ever more important (see also "Growth due to increasing regulation"). With the relevant distribution activities aimed at authorities and companies, secunet intends to participate in this positive development of demand.

The increasing interest in IT security, driven also by prominent media attention, and the subsequent growth in demand are also resulting in increasing competition. This must be taken into account when evaluating opportunities.

3.2.2 Growth due to increasing regulation

The German federal government wants to increase the protection of critical infrastructures such as energy and telecommunications networks as well as that of IT systems. To this end, the German IT Security Act (IT-Sicherheitsgesetz, ITSiG) was passed in July 2015. This results in growth opportunities at different levels:

» The legislation particularly affects operators of critical infrastructures – i. e. facilities that are of central importance to the community – such as energy supply, for example. They are to meet specific IT security requirements. This will result in potential demand for implementation concepts to meet these requirements.
» Furthermore, the role of the BSI has been strengthened by this law and takes into account its growing importance as a central body for IT security. Among other things, the BSI has been empowered to inspect and evaluate IT products and systems on the market with regard to their IT security, and to publish the results if necessary. This could give rise to positive stimulus in the product business of secunet.

A further development of the laws regulating critical infrastructures is expected for the future. Both the specific targets and the sectors covered are to be extended, for example.

3.2.3 Growth through new markets

IT security solutions "made in Germany" enjoy a good reputation around the world due to their quality and trustworthiness. There is rising international demand for corresponding high-quality solutions such as those offered by secunet.

Under the pressure of wiretapping cases and cyber attacks coming to light, demand is likely to stimulate even greater differentiation between producer countries, from which secunet also benefits as a German manufacturer. In addition, many secunet products are approved for use in an international context, for example by the EU and NATO.

The range of products and services from the Business Sector division for customers in the industrial sector is to be expanded abroad, for example for foreign subsidiaries and production facilities of German corporations. To this end, promising potential is being identified and examined.

The expansion of foreign activities via secunet's own distribution and via local multipliers will contribute to leveraging these potentials.

3.2.4 Growth through acquisitions

In addition to organic growth on domestic and foreign markets, secunet has for years pursued the objective of triggering additional growth through M&A activities. Growth in the product area through acquisition of the relevant solution providers is promising. The market for companies with high-quality, reliable IT security solutions for processing classified information – in which secunet is an active player – is split into many small to medium-sized providers. In addition, the M&A business remains characterised by very high price expectations on the part of sellers. The process of identifying promising targets at acceptable prices is time-consuming as a result, but is nonetheless being pursued on an ongoing basis.

3.3 Overview of risks and opportunities

An overview of opportunities and risks which could impact on the further development of secunet Group shows a promising evaluation overall.

The assessment revealed that the risks at the time of creating the report are negligible overall and can thus be controlled, and the identified risks, both individually and as a whole, do not threaten the continued existence of the Group and the Company in terms of illiquidity or excessive debts in the reporting period of at least one year. In the operational management of the Group, measures are continuously being taken to prevent a worsening of the risk situation. At the same time, the utilisation of the opportunities described above is being driven forward by a number of activities. No material risks are present as at the balance sheet date.

The business development of secunet AG is subject to the same risks and opportunities as those of the Group. The presentation and evaluation of risks and opportunities thus also apply in the same way for secunet AG.

3.4 Forecast

During the past financial year, sales revenue and EBIT increased sharply once again, and 2019 consequently ended with outstanding results. The Management Board of secunet AG is fundamentally optimistic about the conditions for good business performance in the coming year 2020. However, the coronavirus represents a risk for the development of business in 2020 that is difficult to assess.

The framework conditions for the 2020 financial year gave reason for optimism before taking the potential effects of the coronavirus into account:

» The macroeconomic growth outlook of the German federal government was positive: growth of 1.1% in the price-adjusted gross domestic product was forecast for the current year.
» For the domestic market, we were still expecting growing demand for IT security. This affects both the Public Sector, i.e. business with public customers, and the Business Sector, which serves companies in both the private sector and the healthcare sector. For 2020, Bitkom predicted growth of 7.5 percent to 4.9 billion euros in spending on hardware, software and services in the IT security sector. secunet will be able to meet this growing demand well in future, with optimised and new services, products and solutions.
» The foreign market holds significant growth potential, which secunet is fundamentally well positioned to leverage. The secunet AG and secunet International GmbH & Co. KG employees in international distribution have many years of experience in the Group and in dealing with international customers.
» During the course of the year, secunet Group again increased its number of productive employees and can therefore translate increasing demand and high capacity utilisation into good business results.
» The efforts to expand national and international defence budgets and the focus on cyber defence justify positive growth expectations.

At the time of preparing this report, the Management Board considers secunet Group and secunet AG to be well positioned and still sees the Company and the Group in a good situation:

» The economic and financial standing of secunet Group and secunet AG is good; growth so far has been achieved profitably, there are no loans, and liquid funds are high.

» The Management Board is of the opinion that secunet has high-performing, motivated and highly qualified employees, providing an excellent basis of expertise.
» The Company's existing product and service portfolio has done well in terms of standing up to competition, and is continuing to expand in close cooperation with customers and their needs. Further additions to the product range will also support future growth.
» secunet believes that secunet's products and solutions have an excellent reputation, the Company is well-known as a provider of high-quality and trustworthy IT security to meet the highest demands and therefore has a stable and reliable (existing) customer structure.

Nevertheless, risks might also be encountered in the coming year:

» secunet is still largely dependent on the procurement activities of the German federal authorities. At the present time, the effects of changing budgetary policy cannot yet be assessed. Negative implications for secunet could include the postponement or cancellation of planned projects.
» Project business also holds both opportunities and risks: the scope of investment decisions for major projects, especially if these are part of a political process, can significantly delay the start of expected procurements. In addition, ongoing major projects always face the potential risk of incalculable delays or budget overruns.
» The great attention focused on the topic of IT security is fuelling the expectation of growing demand. However, driven by the same attention, increasing competition is also apparent, with consequences that cannot yet be foreseen.
» The spread of the coronavirus poses a risk for business development in 2020. The virus has been spreading further around the world since January 2020. The Management Board is assessing the potential effects of the corona pandemic on secunet Group continuously and with high priority. All aspects of business operations are being examined and evaluated, with appropriate measures being developed where necessary. This applies in particular to outsourced supplies and the work performed on customer premises as well as to secunet Group's own infrastructure and employees. According to an estimate by the ifo institute published on 19 March 2020, the German economy could shrink by 1.5 percent in 2020.

It is not possible to make any meaningful statements for secunet Group in this respect at the time of preparing this report.

The excellent business results achieved in the 2019 financial year represent a challenge for further growth – surpassing record results is becoming increasingly difficult. For example, the healthcare sector is no longer expected to experience the kind of extraordinary economic upswing triggered in the 2019 financial year by the rollout of healthcare connectors in medical practices.

For this reason, the company's Management Board is formulating its expectations for secunet Group for the coming 2020 financial year as follows, subject to the further development of the corona epidemic: a slight decline in sales revenue is anticipated. Accordingly, EBIT for secunet Group is expected to be slightly lower than that of the previous year.

The forecast for secunet AG is subject to the same risks and opportunities as those of secunet Group. Accordingly, the Management Board is expecting a slight decline in sales revenue and EBIT for secunet AG.

The effects of the coronavirus epidemic, which has been spreading since the beginning of the year, on the business development of secunet Group cannot be reliably assessed at present – they represent a considerable factor of uncertainty. The Management Board currently sees no need to adjust its expectations regarding the anticipated development in 2020 compared to the November 2019 planning taken into account in the above forecast and approved by the Supervisory Board.

4 Risk Reporting with regard to the Use of Financial Instruments

The financial management of the Company and the Group has a clear focus on the regulations and requirements applicable under corporate law. This ensures that all Group companies can operate as going concerns. The Group and its associated companies were in a position to fulfil their payment obligations at all times. The investment of liquid funds occurs on a strictly risk-minimising basis. The ongoing monitoring of liquid funds and the coordination with liquidity demands serve to ensure the ongoing ability to pay. This is also the main objective of financial management.

5 Description of the Key Features of the Accountingrelated Internal Control and Risk Management System (Section 289 (4) and Section 315 (4) HGB)

5.1 Elements of the internal control and risk management system

secunet Group's internal control system includes all principles, procedures and measures for ensuring the effectiveness, efficiency and correctness of the accounting system and for ensuring compliance with the applicable legal provisions.

secunet Group's internal control system consists of an internal steering system and an internal monitoring system. The Management Board of secunet AG – in its function as the managing body of the Company – has appointed managers responsible for secunet Group's internal controlling system, in particular in the areas of controlling, finance, legal and human resources that are run by secunet Service GmbH.

Process-integrated and process-independent monitoring measures are the cornerstone of secunet Group's internal monitoring system. In addition to manual process controls – such as the dual control principle – automatic IT process controls are also a key feature of the process-integrated measures. Process-integrated monitoring continues to be assured by means of committees such as the risk committee and by specific functions within the Group such as the legal unit.

The risk management system presented here primarily focuses on avoiding the occurrence of damage through risks.

The internal audit department of secunet AG is involved in secunet Group's internal monitoring system through process-independent auditing functions.

5.2 Use of IT systems

At secunet AG, accounting processes are mainly recorded by the ERP system provided by the manufacturer SAP.

5.3 Specific Group accounting-related risks

Specific risks related to Group accounting may result, for example, from the conclusion of unusual or complex transactions that are not routinely performed.

5.4 Key regulatory and controlling activities for ensuring the correctness and reliability of accounting within the Group

The controlling activities for assuring the correctness and reliability of the accounting system include tasks such as the analysis of circumstances and developments using specific analyses of key indicators. The separation of administrative, executive, billing and approval functions, and their performance by different individuals, reduce the possibility of fraudulent actions. The organisational measures also focus on recording restructuring or changes in the business activities of individual divisions in the Group accounting promptly and properly. They also ensure that in the event of changes to the IT systems for the underlying accounting in the affiliated companies, for example, the accounting processes are recorded in their entirety for the relevant periods. The internal control system also ensures the mapping of changes in the economic or legal environment of secunet Group and ensures that the Group accounting is adjusted in line with new legal provisions or amendments to such provisions.

The secunet Group accounting principles, which include compliance with International Financial Reporting Standards (IFRS), ensure that the companies included in the Consolidated Financial Statements of secunet AG follow consistent accounting and measurement policies.

The internal control system measures, which focus on the correctness and reliability of Group accounting, ensure that business transactions are recorded in good time and in accordance with the law and the Articles of Association. It is also ensured that inventories are carried out correctly and that assets and debts are reported, measured and declared appropriately in the Consolidated Financial Statements. Regulatory activities also ensure that reliable and transparent information is made available in the accounting documents.

The German subsidiaries and the parent company prepare their annual financial statements in accordance with German commercial law, the foreign subsidiaries in accordance with the respective national laws. As part of the consolidation process, the financial statements are reconciled by Group Accounting to commercial balance sheet II in accordance with IFRS as applicable in the EU, using uniform standards, and the Consolidated Financial Statements are determined by consolidating capital, liabilities, expenses and income in the aggregate balance sheet and income statement.

5.5 Restrictive details

In spite of the aforementioned internal organisation, control and monitoring structures, individual discretionary decisions, defective controls, criminal actions and other circumstances cannot be ruled out. This may lead to limited effectiveness and reliability of the internal control and risk management system used, to the extent that the Group-wide application of the system cannot absolutely guarantee security regarding the correct, complete and timely recording of facts in the Group accounting and in the annual financial statements of the individual companies.

6 Takeover-related Information: Information and Explanatory Report provided by the Management Board in line with Section 289a (1) and Section 315a (1) HGB

The Management Board of secunet Security Networks AG provides the following information for the 2019 financial year in line with Section 289a (1) and Section 315a (1) HGB:

1. The share capital of secunet Security Networks AG remains unchanged at 6,500,000 euros and is divided into 6,500,000 bearer shares with no par value. Each share entitles the holder to one vote at the Annual General Meeting of secunet Security Networks AG.
1. A restriction on the transfer of secunet shares may apply pursuant to the Foreign Trade and Payments Act (Außenwirtschaftsgesetz, AWG), owing to the products supplied by secunet Security Networks AG. Section 5 (3), no. 2, AWG stipulates that "Restrictions … can in particular be imposed with reference to the acquisition of domestic companies or shares in such companies by foreigners in order to guarantee the essential security interests of the Federal Republic of Germany if the domestic companies … manufacture products with IT security functions to process classified state material or components essential to the IT security function of such products, or have manufactured such products, and still dispose of the technology if the overall product was licensed with the knowledge of the Company by the Federal Office for Information Security." Apart from the restrictions under the AWG, the shareholders of secunet Security Networks AG are not restricted either by German law or by the Company's Articles of Association in their decisions on the acquisition or disposal of the Company's shares. In particular, the acquisition and disposal of shares does not require the approval of the Company's corporate bodies or other shareholders in order to be valid. The voting rights of shareholders are not subject to any restrictions arising either from legislation or the Articles of Association of the Company. The Management Board is not aware of any agreements between shareholders that give rise to restrictions on the transfer of the Company's shares.
1. To the knowledge of the Management Board, approx. 10.38% of the Company shares are free floating. To the Management Board's knowledge, direct and indirect capital holdings exceeding 10% of voting rights are held by Giesecke + Devrient GmbH, Munich, Germany, which has a direct stake of 78.96%. MC Familiengesellschaft mbH, Tutzing, Germany, has an indirect holding of 79.43% in secunet Security Networks AG (including the treasury shares held by secunet Security Networks AG) via its participation in Giesecke + Devrient GmbH. In turn, Verena von Mitschke-Collande, Germany, likewise has an indirect holding of 79.43% in secunet Security Networks AG via her majority holding in MC Familiengesellschaft mbH.
1. secunet Security Networks AG has not issued any shares that grant special rights.
1. Like the rest of the Company's shareholders, employees and a member of the Management Board who hold some of its capital also make their own decisions on the exercise of their voting and control rights and therefore exercise their control rights directly.
1. The Management Board of secunet Security Networks AG is appointed and dismissed in accordance with the applicable legal provisions, in particular Sections 84 and 85 of the German Stock Corporation Act (Aktiengesetz, AktG). The Articles of Association do not contain any special provisions governing the appointment and dismissal either of individual members or of the entire Management Board. The Supervisory Board has sole responsibility for its / their appointment and dismissal. It appoints members of the Management Board for a maximum term of five years. Members may be reappointed or have their term of office extended, in each case for a maximum of five years. In accordance with Section 179 AktG, changes to the Articles of Association require a decision by the Annual General Meeting; changes that only affect the wording may also be conferred to the Supervisory Board. The amendment becomes effective upon entry in the Commercial Register. In accordance with Article 22 of the Articles of Association, the resolutions of the Annual General Meeting require a simple majority of the votes cast, insofar as the Articles of Association or statutory legal provisions do not specify anything to the contrary. Article 10 (5) of the Articles of Association entitles the Supervisory Board to decide on amendments to the Articles of Association that only affect the wording.
1. The Management Board is not authorised to issue new shares. The Articles of Association of secunet Security Networks AG do not provide for a contingent capital increase, nor do they include any authorisation for the Management Board to increase the share capital by issuing new shares in return for capital contribution (approved capital). Furthermore, as set out in Section 71 (1), no. 8, AktG, there is no authorisation to purchase treasury stock. As at 31 December 2019, the Company held 30,498 treasury bearer shares, which it purchased on the basis of an authorisation issued at the Annual General Meeting held on 29 May 2001. As per resolution of the Annual General Meeting on 27 May 2009, the Management Board is entitled to divest these shares on a stock exchange with the agreement of the Supervisory Board. As at 31 December 2019, the Management Board of secunet Security Networks AG had not made use of this authorisation.
1. The Company has no significant agreements that are contingent upon a change of control due to a takeover bid.
1. The Company has concluded no compensation agreements with any members of the Management Board or employees in the event of a takeover bid.

7 Management and Control – Reference to the Declaration of Corporate Governance pursuant to Section 289f (1) HGB

As a German public company limited by shares, secunet AG has a dual management and control structure. The Company and the Group are managed by the Management Board, whose members are appointed by the Supervisory Board. The Supervisory Board advises the Management Board and monitors its conduct of business. A detailed explanation of the management of secunet Group can be found in the Corporate Governance Report of secunet AG. The Declaration of Corporate Governance pursuant to Section 289f (1) HGB and Section 315d HGB can also be found there. The Corporate Governance Report is permanently available via the secunet AG website, at www.secunet.com under >> The Company >> Investor Relations >> Corporate Governance.

In accordance with Section 317 (2), sentence 6, of the German Commercial Code (HGB), the information in the Declaration of Corporate Governance is not included in the audit of the annual and consolidated financial statements.

8 Combined Non-financial Statement of the Company and the Group

8.1 About this statement

With this combined non-financial statement of the Company and the Group, secunet is meeting its obligation to disclose non-financial information for the 2019 financial year as set forth in the "Act to strengthen non-financial reporting by companies in their management reports and group management reports (CSR Directive Implementation Act, CSR-RUG)" pursuant to Sections 315b, 315c in conjunction with 289c – 289e of the German Commercial Code (HGB). The present statement is accessible to the public together with the combined Management Report on the position of the Company and the Group on the secunet website under >> Investor Relations >> Financial Reports and News.

In accordance with Section 317 (2) sentence 4 of the HGB, the information in the combined non-financial statement of the Company and the Group is not included in the audit of the annual and consolidated financial statements. Instead, the combined nonfinancial statement of the Company and the Group has been audited with limited assurance by KPMG AG Wirtschaftsprüfungsgesellschaft in accordance with the requirements of the auditing standard ISAE 3000.

When preparing the combined non-financial statement of the Company and the Group, we adhere to the classification of pertinent matters pursuant to the CSR-RUG (Section 289c HGB) in the selection of relevant aspects and the description of concepts. When choosing the individual topics within these matters, we are guided by the comprehensive lists in the Sustainability Reporting Standards (SRS) framework for non-financial reporting issued by the Global Reporting Initiative (GRI). For the purpose of preparing the combined non-financial statement of the Company and the Group, a dedicated internal process was established in order to analyse and evaluate the sustainability topics with respect to the requirements of the law.

In accordance with the minimum requirements of Section 289c (2), the process of drafting the statement focused on the five aspects "employee matters", "social matters", "anti-corruption and bribery matters", "environmental matters" and "respect for human rights". The basis for selecting the respective content of the statement was a materiality analysis conducted in 2018. This analysis was performed through a dialogue with key stakeholders with regard to these matters within the Company: this involved the Compliance, Purchasing, HR and Quality and Environmental Management departments. On the basis of the materiality analysis, those topics were selected that were deemed relevant to the impact of the Company and the Group on the respective aspects and on the business performance, the operating result and the position of secunet AG and secunet Group.

The results of the materiality analysis conducted in 2018 were reviewed and confirmed in the reporting year. Furthermore, the involvement of external stakeholders is to be evaluated in the coming year.

secunet AG and secunet Group strive to generate a positive impact on the individual aspects and to minimise negative consequences to the greatest extent possible. For this reason, the materiality analysis was followed by a risk analysis of the matters under consideration. To this end, the risks potentially associated with the aspects of the matters were evaluated: the method of evaluating the risk scenarios related to the individual non-financial aspects is consistent with the method used for evaluating corporate risks, which is described in the "Risk management objectives and methods" section of this Management Report. In doing so, net risk values were likewise applied, i. e. the actions taken to minimise risk were also taken into consideration. Principal risks are defined in Section 289c (3), no. 3 and 4, as risks that are associated with the business activity and business relationships of the Company and the Group and are highly likely to have a serious impact on the aspects of the matters. The risk assessment did not identify any significant non-financial risks. The risk analysis was also carried out in collaboration with the stakeholders within the Company.

The report preparation process for the combined non-financial statement of the Company and the Group was concluded by describing the (management) concepts pursued in relation to the material topics.

In accordance with the requirements of the law, the following topics were deemed to be relevant to the combined non-financial statement of the Company and the Group for the 2019 financial year:

Matters pursuant to CSR-RUG	Material topics
Employee matters	Diversity and principles of conduct
	Employer appeal, recruiting and junior staff development
	Occupational health and safety
	Life phase-oriented working models (working hours and locations)
	Training and further education
Social matters	Information security
	Data protection
Combating corruption and bribery	Compliance
Environmental matters	Environmental management

In the materiality analysis carried out in 2019, we came to the conclusion that the aspect of human rights is not material to the content presented in the combined non-financial statement of the Company and the Group. This is due to the fact that, with regard to compliance with human rights in the value chain, our Company and the Group have a significant influence on development and consulting activities only. Furthermore, the majority of our direct suppliers also have their headquarters in Germany or operate in Germany, once again meaning that human rights violations can essentially be precluded by adhering to existing laws.

In the 2019 reporting year, the materiality of human rights was repeatedly discussed and the results confirmed. In particular, the distribution process in third countries was given due consideration. For example, secunet is committed to ensuring that its export of products and solutions is justifiable in terms of human rights. To this end, appropriate internal processes (e. g. preliminary checks under export law) and the Export department have been established.

Against the background of the expected legal regulation on human rights due diligence within the framework of the "Business and Human Rights" National Action Plan (NAP), preparations for monitoring are being made in order to identify the core elements of the action plan in the first step and to strive for implementation in the Group and Company in the second step.

The Management Board of secunet AG discussed the results of the materiality and risk analyses, the concepts described, and also this combined non-financial statement of the Company and the Group and passed it on to the Supervisory Board for review.

8.2 Business model

The business model of secunet Group and secunet AG is described in detail in the "Principles of the Group" section of this combined Management Report for 2019. Responsible conduct, social acceptance and a high degree of integrity are essential preconditions for the economic success of our Company. With this in mind, secunet, as one of the leading German providers of sophisticated IT security, has set itself the goal of contributing to sustainable economic, environmental and societal development.

When decisions are made on measures and management concepts relating to sustainability, relevant non-financial topics are reported to and discussed by the Management Board of secunet AG.

8.3 Employee matters

The creativity, motivation and integrity of our employees are decisive factors for the success of our Company. Their commitment, flexibility and expertise are part and parcel of the strengths our Company has been shown to possess. secunet implements various measures with the aim of providing employees with a working environment that promotes these strengths.

The staff members at secunet are permanent salaried employees working in Consulting, Development, Sales, Product Management, Administration and Services. They are joined by student trainees and interns and, in rare case where there is a specific need for stand-in personnel in administration departments, external staff (e. g. temporary workers). On account of the relative uniformity of these groups, the measures described below apply to all employees.

In addition to the permanent employees, secunet also engages freelancers in certain productive areas in order to overcome capacity bottlenecks or if highly specific expertise is required. Considering that the number of freelancers is low in relation to the permanent employees, the following statements concerning measures or key indicators apply exclusively to the employees defined at the outset.

8.3.1 Diversity and principles of conduct

secunet not only sees diversity in its workforce as a source of personal enrichment, it also sees potential for success in the plurality of its employees. It is very important to us that diversity and equal opportunities are lived out responsibly by all employees and the management and supervisory bodies in all areas of the Group and across all hierarchical levels, genders, religious views and nationalities. There is no formally defined concept for this, but this self-image means that the issue of diversity is taken into account at all levels of the hierarchy.

By treating each other with trust and respect, secunet wants to create the necessary basis for enabling each individual employee to realise his or her full potential and to experience equal treatment and protection of his or her personal rights. All employees, including management and supervisory bodies, must observe the secunet-wide principles of conduct and values of the Code of Conduct. Violations of these principles of conduct and values can be communicated to the appropriate bodies within the Group and Company via internal reporting channels.

In the 2019 financial year, no reports of suspected violations or abuses were submitted via these reporting channels.

8.3.2 Employer appeal, recruiting and junior staff development

The IT sector is growing at a far greater rate than the number of qualified workers available. Competition for the recruitment of experienced employees and junior staff talent is therefore fierce. In light of this, recruiting and junior staff development are becoming critical success factors in the long-term positive development of the Company.

For this reason, secunet is intent on being an appealing employer and maintaining an attractive image. To achieve this goal, secunet is pursuing a number of measures under the leadership of the HR department. Firstly, this takes place through a continuous exchange with the individual employees and the workforce as a whole. Annual review meetings are held in order to assess the performance and level of satisfaction of individual employees. The review meetings are standardised, structured conversations during which the employee and the supervisor assess each other in a form of performance evaluation. At the same time, questions are asked about the employee's level of satisfaction with their work situation, any potential work overload and the desire for personal development. From the information provided it is possible to deduce, amongst other things, whether the employees require training.

Regular surveys are also conducted to gauge employee satisfaction. A new survey was planned for the 2019 reporting year, but this was postponed until 2020 due to organisational changes in the HR department.

Specific measures have been established on the basis of previous survey results, such as the so-called Mobile Office arrangement. By evaluating the employee surveys, it has also been possible to develop skills profiles for employees. These provide transparency about requirements and attributes that are required in order to reach certain career stages.

In order to create an attractive work environment and pleasant working conditions, fringe benefits such as free drinks and fruit, assistance in individual workplace design and the opportunity to lease company bicycles are offered.

8.3.3 Occupational health and safety

It is a matter of course for secunet to comply with all relevant regulations and recognised standards on employee rights. Various measures that have an impact on the occupational health and safety of the workforce are in place. These include statutory occupational health and safety provisions. The occupational health and safety officers and the HR department of secunet, supported by the occupational physician service, carry out a number of measures aimed at minimising work-related physical and mental stress. It is inherent in secunet's business model that most of the employees' tasks are carried out within office buildings and at the employees' desks.

Accident prevention is another important aspect of health promotion to which secunet attaches great importance in its organisation. In the 2019 reporting year, a total of six occupational accidents were registered in the secunet Group (2018: six) and reported to the relevant employers' liability insurance association. An occupational accident is a sudden event of external origin and limited duration, which damages the body and has a causal connection with the work activity at secunet. Occupational accidents also include accidents that occur during a business trip or when travelling between home and work (commuting accident).

secunet also enables its employees to have a free health check with the occupational physician service.

8.3.4 Life phase-oriented working models (working hours and locations)

secunet offers its employees the opportunity to structure and develop their own working hours to meet their individual needs. Within the framework of what is operationally possible, this allows all staff to organise their working hours to meet the work-life balance requirements prevalent in each stage of life. This is supplemented by the Mobile Office arrangement (originating from the employee survey), which allows employees complete freedom to determine their work environment on a dynamic basis. This arrangement can be used on 36 days a year.

8.3.5 Training and further education

Other measures are aimed at junior staff recruitment and continuous development of the existing workforce. This includes the ongoing qualification of permanent employees. Individual training requirements are ascertained and suitable measures put in place within the framework of the annual review meetings.

In 2019, an average of about 1,190 euros was invested in training measures for each employee, compared to an average of around 960 euros in 2018 and an average of 820 euros in 2017. The training measures address technical (content-related) topics and methodological topics (project management, communication, presentation). Management staff at secunet Group and at secunet AG also receive special-purpose training on leadership topics.

Junior staff development and recruiting are also important factors in developing the workforce of secunet Group and secunet AG. secunet operates sites in the vicinity of universities, providing opportunities for regular contact with potential employees of the future. secunet is able to secure employees for the coming years by offering students work placements during their studies, supporting them in writing their final dissertations and much more. Cooperation projects with universities are a further means of establishing networks and expanding the qualified workforce of secunet.

As part of the organisational optimisation in the HR department, secunet has for the first time created a unit responsible for personnel development and talent management. Tasks include the effective management and evaluation of training and further education measures in the workforce.

8.4 Social matters: information security and data protection

secunet makes a contribution to societal issues in the fields of information security and data protection (informational self-determination).

secunet is one of the leading German providers of high-quality IT security. Our products and services are designed to assure information security, in particular by using cryptographic methods. Information security is, in itself, an essential precondition for digitalization based on trust. Moreover, information security lays the foundation for effective data protection. The applicable technical requirements, as set out in the EU GDPR for example, are supplemented by consultative approaches and coupled with organisational measures.

We have structured our internal processes to ensure a high level of data security and data protection. To this end, we have integrated comprehensive measures in our business processes and implemented due diligence processes. We pursue our objectives with the assistance of the IT security officer and data protection officer of secunet Group and secunet AG. secunet AG is certified according to ISO / IEC 27001:2013 and thus meets stringent quality standards with regard to in-house information security. The continuous refinement of associated technical and organisational security measures is indicative of our commitment to providing the greatest possible data protection.

We communicate requirements on data security and data protection to our suppliers via the General Terms and Conditions, which form the basis for the provision of services.

Information security and data protection are of paramount importance in all our dealings with customers. Our IT security partnership with the Federal Republic of Germany as well as the extensive number of secunet products and solutions that have been approved and certified by the Federal Office for Information Security are representative of our excellent services. secunet also works towards ensuring data security and data protection by providing consultative services in the fields of information security systems and data protection. The increase in revenue and the growing proliferation of secunet solutions from year to year, particularly in the public sector, are proof that the number of customers who place their trust in secunet in this regard is rising. One example of how the product portfolio can help assure information security and promote trust in the digital transformation is secunet's contribution to the ELSTER electronic tax return system. On behalf of the Bavarian State Taxation Office, secunet AG has implemented a new security platform for the ElsterOnline portal, which meets stringent security requirements. The solution supports authentication,

encryption and electronic signatures for web applications by means of certificate-based methods. Using these methods paves the way for new, convenient online procedures for virtually all tax-related areas such as, for example, tax returns, income tax cards, income tax and tax account queries.

Another example is the development, integration and technical support of automatic border control systems (eGates). Given the fact that airline passenger numbers are growing, passenger aircraft are getting bigger and the level of security awareness is increasing, the challenges facing personnel, technology and infrastructure at airports around the world are severe. secunet solutions provide the greatest possible comprehensive protection of electronic identities while ensuring reliable verification and identification. They modernise, automate and mobilise ID management.

With the development and certification of the secunet konnektor for medical practices, secunet is transferring its experience in IT security to the healthcare sector. The secunet konnektor serves as a central element for doctors' practices, pharmacies and hospitals, for example, to connect their computer networks to the telematics infrastructure (TI). In the future, the resilient security infrastructure of the secunet konnektor will enable, among other things, the secure and fast retrieval of personal health data (such as previous illnesses), which are immediately required especially in emergency situations.

secunet pays particular attention to anticipating technological developments. The research and development activities of secunet aim at improving and innovating processes, products and solutions. In this way secunet stays abreast of the growing need of its customers for higher security in existing infrastructures as well as for solutions dealing with threats in new technological environments. In the innovation report, secunet describes the strategic innovation efforts in the Group and Company.

8.5 Combating corruption and bribery

Integrity is of paramount importance at secunet. The effective prevention of corruption and bribery is an essential aspect of this. To this end, secunet has implemented a comprehensive compliance management system. The compliance management system is currently geared towards the internal structures of secunet AG and secunet Group. It is also planned to oblige all secunet suppliers to provide a self-declaration in order to identify and document compliance and ethical issues in the upstream value chain.

Various measures are derived from the management team's unwavering commitment to integrity ("tone from the top").

Two examples are training and consultancy services. secunet employees are regularly made aware of and trained in compliance issues. It is mandatory for all employees to take part in classroom training sessions every two years. These are held at least once a year at all major secunet sites.

Compliance officers and the Chief Compliance Officer can be consulted for advice on any compliance issues that go beyond this scope.

Furthermore, there are clear and explicit guidelines on how to deal with conflicts of interest and corruption. At compliance training sessions, attendees are always made aware of the importance of adhering to the guidelines and regulations stipulated by secunet's business partners.

As a matter of principle, secunet does not make monetary or material donations to political organisations, parties or individual politicians. Employees must also ensure that politically motivated donations made in their capacity as private individuals cannot be linked to secunet in any way.

All other donations and expenditure for sponsoring measures require the approval of the Management Board. In the 2019 reporting year, around 76,000 euros was spent on such measures. Sponsoring was primarily related to topic-specific conferences and roundtables serving the exchange of technical and professional information.

Furthermore, in the reporting year 2018, a whistleblower system was implemented, giving customers, suppliers, employees and any other parties involved in the business operations the opportunity to report internal grievances and risks anonymously.

In 2019, the Compliance department received no information about possible cases of corruption. Moreover, no reports were registered with the authorities responsible for secunet and communicated to secunet.

8.6 Environmental matters

secunet is fully aware that resources are not available in endless quantities. secunet Group and secunet AG therefore regard an appropriate environmental policy as desirable.

secunet does not operate any production sites with machinery in a conventional sense. The IT equipment of employees, the in-house computer centres, company vehicles and facilities thus make up what is referred to as the "necessary business equipment" that is required in order to perform our activities. Additionally, packaging material is used when hardware is sold and, at the end of the product life cycle, there is electronic scrap to dispose of. These impacts on the environment are therefore directly linked to our business operations.

Up to now, environmental protection guidelines of a general nature have been in place as part of the Code of Conduct that applies to the entire secunet Group. As stated in the combined non-financial statement of the Company and the Group for the 2018 financial year, secunet has drafted an initial concept for an environmental management system. Findings on individual concepts and measures currently relate to the use of (company) vehicles, energy audits and supplier management. For example, company vehicles with lower CO2 emissions are promoted by means of lower leasing rates. secunet Group is obliged to perform an energy audit pursuant to DIN EN 16247-1. The most recent audit was carried out in September 2019. The next audit will take place in 2023 in accordance with the specified fouryear cycle. Furthermore, secunet obliges its suppliers to comply with legal regulations on the return and environmentally compatible disposal of electrical and electronic equipment as well as regulations on electromagnetic compatibility and to ensure that the resulting obligations are met.

At secunet Group, we also systematically track amendments to the current statutory framework conditions, particularly in the fields of energy and environmental law, which enables us to respond to changing circumstances at any time. Initiating this process was an important milestone on the path to establishing a sustainable environmental management concept.

9 Other Notes

9.1 Remuneration report

The remuneration report summarises the principles used to determine the remuneration of the Management Board of secunet AG and sets out the amount and structure of the income received by its members. It sets out the principles behind, and amount of, the remuneration received by the Supervisory Board, and also provides information on the shareholdings of Management Board and Supervisory Board members.

9.1.1 Remuneration of the Management Board

The Supervisory Board of secunet AG is responsible for determining the remuneration of the Management Board.

In the 2019 financial year, the remuneration package for the members of the Management Board who were active in the 2019 financial year was made up of five components: a fixed annual salary, a variable bonus, a special bonus, ancillary non-cash benefits and a contribution to the retirement pension.

The Management Board remuneration package is broken down as follows:

» The fixed component is paid monthly in the form of a salary.
» The variable component is based on the Company's results. It consists of a short-term component and a long-term component. The short-term component is measured on the basis of sales revenue and EBIT for the current financial year (2019 in this case), while the long-term component is measured based on the average EBIT of the past three financial years (2017 – 2019 in this case).
» At its discretion, the Supervisory Board can award each of the members of the Management Board a special bonus for their exceptional contributions in the financial year.
» Non-cash and other benefits essentially comprise the taxable values of company car usage.
» The retirement pension contributions paid to members of the Management Board are set out in their individual contracts of employment. These pension commitments provide for a life annuity with provision for dependants.

Management Board contracts do not expressly provide for any severance payment in the event that the employment relationship is prematurely terminated. In addition, Management Board contracts do not include any specific regulations to govern the event that a "change of control" occurs – that is when one or several shareholders acting jointly obtain the majority voting rights of secunet AG and exert a dominating influence, causing secunet AG to become a dependent company by means of the conclusion of an intercompany agreement within the meaning of Section 291 of the German Stock Corporation Act (Aktiengesetz, AktG), or in the event of the merger of secunet AG with other companies.

The Management Board members do not receive any additional remuneration for the performance of their duties in the subsidiaries.

Following the recommendations of the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK), the remuneration of the secunet AG Management Board is constituted as follows:

Benefits granted

	Dr Rainer Baumgart 1 Chairman
in euros	2018	2019	2019 (min)	2019 (max)
Fixed remuneration	260,000	108,333	108,333	108,333
Ancillary benefits	31,683	13,380	13,380	13,380
Total	291,683	121,713	121,713	121,713
One-year variable remuneration	60,000	25,000	0	50,000
Multi-year variable remuneration
Profit sharing 2018	100,000
Profit sharing 2019		41,667	0	41,667
Special bonus	100,000	0	0	100,000
Total	260,000	66,667	0	191,667
Pension expense (IFRS)	8,896	0	0	0
Total remuneration	560,579	188,380	121,713	313,380

1 Until 31 May 2019

	Axel Deininger 2 Management Board / Chairman
in euros	2018	2019	2019 (min)	2019 (max)
Fixed remuneration	220,020	240,425	240,425	240,425
Ancillary benefits	26,552	26,785	26,785	26,785
Total	246,572	267,210	267,210	267,210
One-year variable remuneration	50,000	64,584	0	129,168
Multi-year variable remuneration
Profit sharing 2018	100,000	0	0	0
Profit sharing 2019	-	100,000	0	100,000
Special bonus	50,000	100,000	0	100,000
Total	200,000	264,584	0	329,168
Pension expense (IFRS)	14,626	530	530	530
Total remuneration	461,198	532,324	267,740	596,908

2 Appointed Chairman of the Management Board with effect from 1 June 2019

	Thomas Pleines Management Board
in euros	2018	2019	2019 (min)	2019 (max)
Fixed remuneration	220,001	228,750	228,750	228,750
Ancillary benefits	28,148	28,595	28,595	28,595
Total	248,149	257,345	257,345	257,345
One-year variable remuneration	50,000	58,750	0	117,500
Multi-year variable remuneration
Profit sharing 2018	100,000
Profit sharing 2019		100,000	0	100,000
Special bonus	50,000	100,000	0	100,000
Total	200,000	258,750	0	317,500
Pension expense (IFRS)	30,041	36,418	36,418	36,418
Total remuneration	478,190	552,513	293,763	611,263

	Dr Kai Martius 3 Management Board
in euros	2018	2019	2019 (min)	2019 (max)
Fixed remuneration	–	102,083	102,083	102,083
Ancillary benefits	–	16,420	16,420	16,420
Total	–	118,503	118,503	118,503
One-year variable remuneration	–	29,166	0	58,332
Multi-year variable remuneration
Profit sharing 2018	–	–	–	–
Profit sharing 2019	–	58,333	0	58,333
Special bonus	–	75,000	0	100,000
Total	–	162,499	0	216,665
Pension expense (IFRS)	–	–	–	–
Total remuneration	–	281,002	118,503	335,168

3 Appointed to the Management Board with effect from 1 June 2019

	Torsten Henn 3 Management Board
in euros	2018	2019	2019 (min)	2019 (max)
Fixed remuneration	–	102,083	102,083	102,083
Ancillary benefits	–	17,430	17,430	17,430
Total	–	119,513	119,513	119,513
One-year variable remuneration	–	29,166	0	58,332
Multi-year variable remuneration
Profit sharing 2018	–
Profit sharing 2019	–	58,333	0	58,333
Special bonus	–	75,000	0	100,000
Total	–	162,499	0	216,665
Pension expense (IFRS)	–	–	–	–
Total remuneration	–	282,012	119,513	336,178

3 Appointed to the Management Board with effect from 1 June 2019

The following payments were made for the remuneration of the members of the Management Board in the 2019 financial year:

Inflow

	Dr Rainer Baumgart 1 Chairman		Axel Deininger 2 Management Board / Chairman		Thomas Pleines Management Board		Dr Kai Martius 3 Management Board		Torsten Henn 3 Management Board
in euros	2018	2019	2018	2019	2018	2019	2018	2019	2018	2019
Fixed remuneration	260,000	108,333	220,020	240,425	220,001	228,750	–	102,083	–	102,083
Ancillary benefits	31,683	13,380	26,552	26,785	28,148	28,595	–	16,420	–	17,430
Total	291,683	121,713	246,572	267,210	248,149	257,345	–	118,503	–	119,513
One-year variable remuneration	50,010	44,515	41,675	114,996	41,675	104,609	–	51,934	–	51,934
Multi-year variable remuneration
Profit sharing 2018	100,000		100,000	–	100,000		–	–	–
Profit sharing 2019		41,667		100,000		100,000	–	58,333	–	58,333
Special bonus	100,000	0	50,000	100,000	50,000	100,000	–	75,000	–	75,000
Total	250,010	86,182	191,675	314,996	191,675	304,609	–	185,267	–	185,267
Pension expense (IFRS)	8,896	0	14,626	530	30,041	36,418	–	–	–	–
Total remuneration	550,589	207,895	452,873	582,736	469,865	598,372	–	303,770	–	304,780

1 Until 31 May 2019

2 Appointed Chairman of the Management Board with effect from 1 June 2019

3 Appointed to the Management Board with effect from 1 June 2019

Total remuneration of the members of the Management Board in the 2019 financial year was 1,961 thousand euros (previous year: 1,420 thousand euros).

	Dr Baumgart		Deininger		Pleines		Dr Martius		Henn
in euros	2018	2019	2018	2019	2018	2019	2018	2019	2018	2019
Non-performance-based components	291,683	121,713	246,572	267,210	248,149	257,345	–	118,503	–	119,513
Performance-based components	150,010	44,515	91,675	214,996	91,675	204,609	–	126,934	–	126,934
Components entailing long-term incentive	100,000	41,667	100,000	100,000	100,000	100,000	–	58,333	–	58,333
Total remuneration	541,693	207,895	438,247	582,206	439,824	561,954	–	303,770	–	304,780

The pension entitlements of the Management Board members were as follows as at 31 December 2019:

in euros		In accordance with IFRS			In accordance with HGB
	Present value	Current service cost	Past service cost	Obligation amount	Provision	Premium
Dr Baumgart	1,242,739	0	0	984,673	950,337	80,924
Deininger	554,830	530	0	354,064	354,064	63,716
Pleines	1,050,823	36,418	0	721,422	695,676	118,433

As at 31 December 2018, the pension entitlements of the Management Board members were as follows:

	In accordance with IFRS			In accordance with HGB
in euros	Present value	Current service cost	Past service cost	Obligation amount	Provision	Premium
Dr Baumgart	1,106,083	8,896	0	910,616	869,413	125,869
Deininger	428,166	14,626	0	290,348	290,348	290,348
Pleines	837,920	30,041	0	608,138	577,242	95,953

Owing to the right, in accordance with Article 67 (1) and (2) of the Introductory Act to the German Commercial Code (Einführungsgesetz zum Handelsgesetzbuch, EGHGB), to choose to annually add 1 / 15 to the difference resulting from the change in valuation under the German Accounting Law Modernisation Act (Bilanzrechtsmodernisierungsgesetz, BilMoG), there is a shortfall between the amount of the HGB obligation and the provision set aside, totalling 60 thousand euros.

As at 31 December 2019, the members of the Management Board held a total of 880 shares in secunet. No secunet shares were held by members of the Management Board on the same reporting date of the previous year.

The members of the Management Board of the Company were not granted any loans during the reporting period.

Furthermore, in the past financial year no member of the Management Board was promised or granted any benefits by a third party in respect of his activity as a member of the Management Board.

9.1.2 Remuneration of the Supervisory Board

The remuneration of the Supervisory Board is laid down in Article 17 of the Articles of Association of secunet AG. It is based on the tasks and responsibilities of the members of the Supervisory Board.

Remuneration of the Supervisory Board was revised at the Annual General Meeting of secunet AG on 15 May 2019. The members of the Supervisory Board receive a fixed remuneration of 12 thousand euros (previously: 8 thousand euros). The Chairman of the Supervisory Board receives a remuneration of 24 thousand euros (previously 16 thousand euros), and the Vice Chairman of the Supervisory Board receives 16 thousand euros (previously 12 thousand euros). This increases the total annual remuneration of the Supervisory Board from 60 thousand euros to 88 thousand euros. If changes are made within the Supervisory Board during the year, remuneration is granted on a pro-rata basis. Travel expenses associated with Supervisory Board activities are reimbursed separately according to travel expense reports.

For the 2019 financial year, Supervisory Board remuneration totalled 77.8 thousand euros (previous year: 60.0 thousand euros). The increase results from the prorata consideration of the increase in remuneration after the 2019 Annual General Meeting.

For the individual members of the Supervisory Board, the entitlements can be presented as follows:

Remuneration of the Supervisory Board

in euros	2019	2018
Wintergerst	21,063.01	16,000.00
Zattler	14,531.51	12,000.00
Kunz 1	2,958.90	8,000.00
Legge	10,531.51	8,000.00
Marx 2	7,594.52	0.00
Moritz 1	2,958.90	8,000.00
Rustemeyer 2	7,594.52	0.00
Schäfer	10,531.51	8,000.00
	77,764.38	60,000.00

1 Member of the Supervisory Board until 15 May 2019

2 Member of the Supervisory Board since 15 May 2019, employee representative

The members of the Supervisory Board do not receive any loans from the Company.

As on the same reporting date in the previous year, no Supervisory Board members held any secunet shares as at 31 December 2019.

In the year under review, members of the Supervisory Board did not receive any other remuneration or benefits for services provided personally, in particular consulting and agency services.

9.2 Management Board report pursuant to Section 312 (3) AktG

Pursuant to Section 312 (3) AktG, the Management Board has issued a report on the relations with affiliated companies for the 2019 financial year. The report contains the following closing statement: "It is hereby declared that our Company received an appropriate consideration for each of the legal transactions listed. This assessment has been made on the basis of the circumstances known at the time of the reportable proceedings. There were no further reportable legal transactions, measures or omissions in addition to the activities reported."

9.3 Forward-looking statements

This report contains forward-looking statements pertaining to the future development of secunet Group and secunet AG and to economic and political developments. These statements are opinions that we have formed based on the information currently available to us. Should the assumptions on which these statements are based not be applicable or should further risks arise, the actual results may deviate from the results currently expected. We cannot therefore offer any guarantee as to the accuracy of these statements.

Essen, 27 March 2020

Axel Deininger Torsten Henn

Dr Kai Martius Thomas Pleines

Consolidated Financial Statements

of secunet Security Networks Aktiengesellschaft, Essen

Consolidated balance sheet

(according to IFRS) as at 31 December 2019

Assets

in euros	Note	31 Dec 2019	31 Dec 2018 1
Current assets
Cash and cash equivalents	1	64,492,741.83	56,084,381.70
Trade receivables	2, 12	44,943,649.78	41,776,937.04
Intercompany financial assets	2	117,904.76	452,438.07
Contract assets	2, 12	2,787,251.28	2,648,354.51
Inventories	8	21,570,841.56	19,348,793.59
Other current assets	2	1,746,947.30	1,132,135.08
Total current assets		135,659,336.51	121,443,039.99
Non-current assets
Property, plant and equipment	3	5,718,170.00	4,555,737.00
Right-of-use assets	5	17,231,604.86	-
Intangible assets	4	8,172,156.96	5,990,220.00
Goodwill	7	4,625,031.00	4,625,031.00
Non-current financial assets	9	6,141,883.00	5,860,888.00
Trade receivables	2, 12	4,727,008.44	0.00
Deferred taxes	10	2,303,869.56	1,592,036.82
Other non-current assets	2	2,205,150.34	1,142,447.60
Total non-current assets		51,124,874.16	23,766,360.42

Total assets	186,784,210.67	145,209,400.41

Liabilities

in euros	Note	31 Dec 2019	31 Dec 2018 1
Current liabilities
Trade accounts payable	11	27,953,644.22	22,797,180.71
Intercompany payables	11	280,968.68	283,951.48
Lease liabilities	5, 11	2,600,883.05	-
Other provisions	14	13,695,372.45	12,577,879.75
Income tax liabilities	11	5,446,232.78	6,695,131.05
Other current liabilities	11	3,621,460.71	4,739,511.25
Contract liabilities	11, 12	9,960,482.92	8,682,677.88
Total current liabilities		63,559,044.81	55,776,332.12
Non-current liabilities
Lease liabilities	5, 11	14,936,347.05	-
Deferred taxes	10	1,883,251.83	1,886,488.94
Provisions for pensions	13	8,229,598.00	6,781,816.00
Other provisions	14	356,381.00	321,152.00
Contract liabilities	11, 12	19,857,502.46	10,927,251.63
Total non-current liabilities		45,263,080.34	19,916,708.57
Equity
Share Capital	15	6,500,000.00	6,500,000.00
Capital reserves	15	21,922,005.80	21,922,005.80
Other reserves	15	-2,160,360.07	-1,627,934.01
Revenue reserves	15	51,192,282.72	42,363,484.81
Equity attributable to parent company shareholders		77,453,928.45	69,157,556.60
Non-controlling interests	15	508,157.07	358,803.12
Total equity	23	77,962,085.52	69,516,359.72

Total liabilities		186,784,210.67	145,209,400.41

Consolidated income statement

(according to IFRS) for the period from 1 January 2019 to 31 December 2019

in euros	Note	1 Jan – 31 Dec 2019	1 Jan – 31 Dec 2018 1
Sales revenue	16	226,901,500.04	163,286,560.91
Cost of sales		-171,388,831.23	-115,567,445.80
Gross profit on sales		55,512,668.81	47,719,115.11
Selling expenses		-15,579,720.38	-14,087,648.26
Research and development costs	18	-257,096.74	-1,017,187.94
General administrative costs		-6,514,832.57	-5,779,399.10
Impairment reversals / impairment losses on trade receivables and contract assets	2	19,932.61	-75,621.07
Other operating income		122.24	161,340.68
Other operating expenses		-1,406.05	-11,511.00
Earnings before interest and taxes (EBIT)		33,179,667.92	26,909,088.42
Interest income	19	69,557.48	91,803.53
Interest expenses	19	-362,908.42	-135,110.74
Profit and loss portions of associated companies that are accounted for by the equity method		0.00	-226,875.04
Income from investments	6	-31,255.52	0.00
Earnings before tax (EBT)		32,855,061.46	26,638,906.17
Income taxes	20	-10,676,721.80	-8,815,687.35
Group profit for the period		22,178,339.66	17,823,218.82
of which attributable to shareholders of secunet AG		22,270,432.59	17,923,374.06
of which attributable to non-controlling interest	15	-92,092.93	-100,155.24
Earnings per share (diluted / undiluted)	15	3.44	2.77
Average number of shares outstanding (diluted / undiluted), units		6,469,502	6,469,502

1 The Group adopted IFRS 16 for the first time as at 1 January 2019. Due to the transitional provision applied, the comparative figures have not been restated.

Group statement of comprehensive income

(according to IFRS) for the period from 1 January 2019 to 31 December 2019

in euros	Note	1 Jan – 31 Dec 2019	1 Jan – 31 Dec 2018 1
Group profit for the period		22,178,339.66	17,823,218.82
Items not reclassified to the income statement
Revaluation of defined benefit pension plans	13	-1,212,779.00	-106,060.00
Income tax attributable to components of the other comprehensive income / loss		406,246.18	33,843.75
		-806,532.82	-72,216.25
Items that can be reclassified to the income statement
Currency conversion differences (change not affecting income)	15	274,106.76	-8,257.20
Other comprehensive income / loss		-532,426.06	-80,473.45
Consolidated comprehensive income / loss		21,645,913.60	17,742,745.37
of which attributable to shareholders of secunet AG		21,738,006.53	17,842,900.61
of which attributable to non-controlling interest		-92,092.93	-100,155.24

Consolidated cash flow statement

(according to IFRS) for the period from 1 January 2019 to 31 December 2019

in euros	1 Jan – 31 Dec 2019	1 Jan – 31 Dec 2018 1
Cash flow from operating activities
Earnings before tax (EBT)	32,855,061.46	26,638,906.17
Depreciation and amortisation of tangible and intangible fixed assets	6,728,563.97	2,204,621.90
Other non-cash income	-283,610.38	0.00
Change in provisions	1,241,507.70	-1,760,565.30
Book losses on the sale of intangible assets and of property, plant and equipment	1,283.81	11,511.00
Interest result	293,350.94	43,307.21
Change in receivables, contract assets, inventories and other assets	-11,596,826.56	-12,872,194.06
Change in liabilities and contract liabilities	14,243,486.04	926,296.53
Profit and loss portions of associated companies that are accounted for by the equity method	0.00	226,875.04
Tax paid	-12,234,443.74	-7,752,839.23
Cash from operating activities	31,248,373.24	7,665,919.26
Cash flow from investing activities
Purchase of intangible assets and of property, plant and equipment	-8,263,127.87	-6,584,208.07
Proceeds from the sale of intangible assets and of property, plant and equipment	56,797.46	14,769.00
Purchase of financial assets	-61,625.61	-214,395.00
Proceeds from financial assets	95,496.51	0.00
Acquisition of subsidiaries less cash and cash equivalents acquired	-361,664.10	5,537.36
Cash outflow from investing activities	-8,534,123.61	-6,778,296.71
Cash flow from financing activities
Cash received from non-controlling interests	12,250.00	0.00
Payments received for grants	1,601,779.59	0.00
Dividend payment	-13,197,784.08	-7,763,402.40
Repayment portion of lease payments 1	-2,576,041.68	0.00
Interest received	69,557.48	59,114.63
Interest paid	-216,691.42	-20,705.74
Cash outflow from financing activities	-14,306,930.11	-7,724,993.51
Effects of exchange rate changes on cash and cash equivalents	1,040.61	-1,134.01
Change in cash and cash equivalents	8,408,360.13	-6,838,504.97
Cash and cash equivalents at the beginning of the period	56,084,381.70	62,922,886.67
Cash and cash equivalents at the end of the period	64,492,741.83	56,084,381.70

1 The Group adopted IFRS 16 for the first time as at 1 January 2019. Due to the transitional provision applied, the comparative figures have not been restated.

For further explanations, see Note 21

Consolidated statement of changes in equity

(according to IFRS) for the period from 1 January 2019 to 31 December 2019

		Capital
in euros	Share capital	reserves
Equity as at 31 Dec 2017 / 1 Jan 2018	6,500,000.00	21,922,005.80
Adjustment amount due to first-time adoption of IFRS 9
Adjusted as at 1 Jan 2018	6,500,000.00	21,922,005.80
Change in the consolidated Group
Group profit 1 Jan – 31 Dec 2018
Other comprehensive income / loss 1 Jan – 31 Dec 2018
Consolidated comprehensive income 1 Jan – 31 Dec 2018
Dividend payment
Equity as at 31 Dec 2018 / 1 Jan 2019	6,500,000.00	21,922,005.80
Change in the consolidated Group
Group profit 1 Jan – 31 Dec 2019
Other comprehensive income / loss – Change in the consolidated Group
Other comprehensive income / loss 1 Jan – 31 Dec 2019
Miscellaneous other comprehensive income / loss 1 Jan – 31 Dec 2019
Consolidated comprehensive income 1 Jan – 31 Dec 2019
Dividend payment
Equity as at 31 Dec 2019	6,500,000.00	21,922,005.80

Other reserves

Revaluation of defined benefit pension plans

Income tax attributable to components of the other comprehensive income / loss

Currency conversion differences from the currency conversion of financial statements of foreign subsidiaries

Reserve for treasury shares

Equity of secunet AG shareholders

Noncontrolling

For further information on the development of the Group's equity, see Note 15

						Other reserves
Total	Non controlling interests	Equity of secunet AG shareholders	Revenue reserves	Total other reserves	Income tax attributable to compo nents of the other com prehensive income / loss	Revaluation of defined benefit pen sion plans	Currency conversion differences from the currency conversion of financial statements of foreign subsidiaries	Reserve for treasury shares
59,087,334.27	0.00	59,087,334.27	32,212,789.03	-1,547,460.56	682,337.88	-2,120,568.20	-5,490.41	-103,739.83
-11,300.00	0.00	-11,300.00	-11,300.00	0.00	0.00	0.00	0.00	0.00
59,076,034.27	0.00	59,076,034.27	32,201,489.03	-1,547,460.56	682,337.88	-2,120,568.20	-5,490.41	-103,739.83
460,982.48	458,958.36	2,024.12	2,024.12	0.00	0.00	0.00	0.00	0.00
17,823,218.82	-100,155.24	17,923,374.06	17,923,374.06	0.00	0.00	0.00	0.00	0.00
-80,473.45	0.00	-80,473.45	0.00	-80,473.45	33,843.75	-106,060.00	-8,257.20	0.00
18,192,427.85	358,803.12	17,833,624.73	17,914,098.18	-80,473.45	33,843.75	-106,060.00	-8,257.20	0.00
-7,763,402.40	0.00	-7,763,402.40	-7,763,402.40	0.00	0.00	0.00	0.00	0.00
69,516,359.72	358,803.12	69,157,556.60	42,363,484.81	-1,627,934.01	716,181.63	-2,226,628.20	-13,747.61	-103,739.83
-2,403.72	241,446.88	-243,850.60	-243,850.60	0.00	0.00	0.00	0.00	0.00
22,178,339.66	-92,092.93	22,270,432.59	22,270,432.59	0.00	0.00	0.00	0.00	0.00
273,727.30	0.00	273,727.30	0.00	273,727.30	0.00	0.00	273,727.30	0.00
-806,153.36	0.00	-806,153.36	0.00	-806,153.36	406,246.18	-1,212,779.00	379.46	0.00
-532,426.06	0.00	-532,426.06	0.00	-532,426.06	406,246.18	-1,212,779.00	274,106.76	0.00
21,643,509.88	149,353.95	21,494,155.93	22,026,581.99	-532,426.06	406,246.18	-1,212,779.00	274,106.76	0.00
-13,197,784.08	0.00	-13,197,784.08	-13,197,784.08	0.00	0.00	0.00	0.00	0.00
77,962,085.52	508,157.07	77,453,928.45	51,192,282.72	-2,160,360.07	1,122,427.81	-3,439,407.20	260,359.15	-103,739.83

Notes to the Consolidated Financial Statements

for the 2019 financial year (according to IFRS)

General principles

Reporting company

secunet Security Networks Aktiengesellschaft (hereinafter referred to as "secunet AG" or "secunet") is registered with Essen Local Court, Germany (under HRB 13615). It is a listed company in the Prime Standard segment of the regulated market in Frankfurt. The address of the company's registered office is: secunet Security Networks Aktiengesellschaft, Kurfürstenstrasse 58, 45138 Essen, Germany.

secunet Group (hereinafter referred to as "secunet") and secunet Security Networks Aktiengesellschaft, Essen (hereinafter referred to as "secunet AG") offers products, solutions and consulting services in the field of IT security. secunet has specialised in IT high security, complex solutions and demanding projects in which technologies and processes are combined. These are the areas of IT security where applications are developed and offered for professional use, e. g. high-security cryptographic systems, public key infrastructures (PKI), secure electronic identities (eID) and infrastructure components for the healthcare sector. The range of solutions is mainly geared towards large-scale infrastructures. Customers usually receive tailored solutions matching their individual requirements, even if they are based on standard applications.

Declaration of compliance with IFRS

The Consolidated Financial Statements have been prepared in accordance with the International Financial Reporting Standards (IFRS) as applicable in the European Union. The requirements of Sections 315, 315e (1) of the German Commercial Code (Handelsgesetzbuch, HGB) have been met. The IFRS standards used consist of the IFRS as newly issued by the International Accounting Standards Board (IASB), the International Accounting Standards (IAS), and the interpretations of the International Financial Reporting Interpretations Committee (IFRIC) and of the Standing Interpretations Committee (SIC). All standards and interpretations issued by the IASB and applicable at the time of preparation of the

Consolidated Financial Statements have been implemented, provided that they have been endorsed by the EU. In this respect the Consolidated Financial Statements of secunet AG comply with IFRS.

The Consolidated Financial Statements and the combined Management Report – Company and Group Management Report were released by the Management Board on 27 March 2020 following their preparation.

Disclosure

The Consolidated Financial Statements – as well as the Annual Financial Statements of secunet AG – are filed with the operator of the electronic Federal Gazette and subsequently announced there. They are available for download on the website www.secunet.com. They may also be requested from secunet AG at the above address or inspected at the Company's business premises.

Parent company

The parent company is Giesecke + Devrient GmbH based in Munich, Germany. It holds a direct share of 78.96% in secunet AG.

Via the Consolidated Financial Statements of Giesecke + Devrient GmbH, Munich, the Consolidated Financial Statements of secunet AG are included in the Consolidated Financial Statements of MC Familiengesellschaft mbH, Tutzing, which prepares the Consolidated Financial Statements for the largest group of companies. The Consolidated Financial Statements of MC Familiengesellschaft mbH and Giesecke + Devrient GmbH are filed with the operator of the electronic Federal Gazette.

First-time adoption of new and revised standards and interpretations

Compared with the Consolidated Financial Statements as at 31 December 2018, the following new and revised standards and interpretations were to be applied for the first time following the EU endorsement or entry into force of the standard / interpretation:

Standard / interpretation	Key amendment	Entry into force for financial years commenc ing on or after:
New standards
IFRS 16	Leases	1 January 2019
Revised standards
Amendments to IFRS 9	Prepayment Features with Negative Compensation	1 January 2019
Amendments to IAS 28	Long-term Interests in Associates and Joint Ventures	1 January 2019
Amendments to IAS 19	Plan Amendment, Curtailment or Settlement	1 January 2019
Improvements to IFRS 2015 – 2017	Amendments to IFRS 3, IFRS 11, IAS 12 and IAS 23	1 January 2019
Revised interpretations
IFRIC 23	Uncertainty over Income Tax Treatments	1 January 2019

IFRS 16 Leases

The Group applied IFRS 16 as of 1 January 2019 using the modified retrospective method, according to which the cumulative effect of initial application is generally recognized in revenue reserves. Consequently, the comparative information for 2018 has not been adjusted. Details of the changes in accounting methods are set out below. Furthermore, the disclosure requirements in IFRS 16 are not generally applied to the comparative information.

Definition of a lease

Previously, assessment of whether a contract contains a lease was carried out in accordance with IFRIC 4.

The Group now assesses whether a contract constitutes or contains a lease based on the definition of a lease provided under "Leases" in the accounting principles.

In the transition to IFRS 16, the Group has made use of the exemptions for retaining the assessment of which transactions are leases, i. e. during the transition, the Group applies IFRS 16 only to those contracts previously identified as leases. Contracts not identified as leases under the previous regulations were therefore not reviewed to determine whether they constitute a lease under IFRS 16. The definition of a lease according to IFRS 16 is therefore only applied to contracts concluded or amended on or after 1 January 2019.

Lessee

As a lessee, the Group leases all office space and the vehicle fleet used. In the past, all leases were classified as operating leases. In accordance with IFRS 16, rightof-use assets and lease liabilities are recognised in the balance sheet for these leases.

On the date of provision or when a contract containing a lease component is amended, the Group separates the contractually agreed consideration into lease and non-lease components on the basis of the relative stand-alone prices.

In the transition to IFRS 16, lease liabilities were recognised for the contracts previously classified as operating leases. The lease liabilities were measured at the present value of the remaining lease payments and discounted at the Group's incremental borrowing rate as at 1 January 2019. The term-specific incremental borrowing rates applied range from 1.0% to 1.35%.

The right-of-use assets were measured at the amount of the lease liability, adjusted by the amount of the lease payments made in advance or deferred. The right-ofuse assets recognised in this way were tested for impairments. No indications of impairment were identified.

In the transition to the IFRS 16 regulations, the Group has applied the following exemptions:

» Neither right-of-use assets nor lease liabilities were recognised for leases whose term ends within twelve months of the date of first-time application.
» Neither right-of-use assets nor lease liabilities were recognised for leases where the underlying asset is of low value (e. g. office equipment and company bicycles).
» The term of leases was determined retroactively.

Lessor

The Group is not currently active as a lessor.

Effects on the financial statements

In the transition to IFRS 16, the Group recognised rightof-use assets and lease liabilities that were previously off-balance sheet. This did not have an impact on the revenue reserves. The following table summarises the effects at the date of transition (1 January 2019):

in million euros	Rented buildings	Vehicle leasing	Total
Right-of-use assets	18.2	1.1	19.3
Lease liabilities	18.2	1.1	19.3
Revenue reserves	0.0	0.0	0.0

For the reconciliation of liabilities from operating leases as at 31 December 2018 to the lease liabilities recognised in the balance sheet, see the "Leases / other financial liabilities" section (Note 5).

The application of the further modified standards that have not been explained in detail did not have any material impact on the Consolidated Financial Statements.

New accounting rules

The following standards and interpretations had been published at the time the financial statements were prepared but were either not yet required to be applied in accordance with the provisions of the respective standard or interpretation, or had not yet been endorsed by the EU.

Standard / interpretation	Key amendment	First-time adoption
New standards (not yet endorsed by the EU)
IFRS 17	Insurance Contracts	FY 2021
Modified standards (not yet endorsed by the EU)
Amendments to IFRS 3	Definition of a Business	FY 2020
Amended standards (EU endorsement completed by 31 December 2019)
Amendments to IAS 1 and 8	Definition of Material	FY 2020
Framework Amendments to References to the Conceptual Framework in IFRS standards		FY 2020

An early adoption of these standards and interpretations is not planned.

No material effects on the secunet Consolidated Financial Statements are expected to result from adopting the new and revised standards and interpretations.

Accounting principles

The present Consolidated Financial Statements as at 31 December 2019, with the exception of the amendments due to the first-time adoption of new or amended IAS / IFRS provisions above, have been prepared using the same accounting and measurement methods and the same methods of computation as in the previous year. Items in the balance sheet as at 31 December 2019 are classified by maturity. The income statement is based on the cost-of-sales method. In order to improve the clarity of presentation, various items in the consolidated balance sheet and consolidated income statement have been summarised and are explained in the notes.

The Consolidated Financial Statements of secunet AG are presented in euros. All amounts are stated in euros, unless indicated otherwise.

Consolidated Group

In addition to secunet Security Networks Aktiengesellschaft, the Consolidated Financial Statements include all associate companies that are controlled by secunet AG. Control is considered to be in place if secunet has the authority to dispose of the associate company, has a right to variable returns from participation and has the opportunity to use the authority to dispose of the associate company in a way that can influence the variable returns.

The consolidated Group has changed compared to the previous year. As at 31 December 2019, the consolidated Group consisted of the parent company secunet AG and six (previous year: six) fully consolidated subsidiaries.

secunet SwissIT AG, Solothurn, Switzerland, was liquidated and deconsolidated as at 30 June 2019.

secustack GmbH, Dresden, was newly founded and consolidated for the first time as at 1 April 2019.

During the course of the 2019 financial year, the stake in finally safe GmbH was expanded by means of a capital increase. In November, all hitherto non-controlled shares in finally safe GmbH were acquired. As at the reporting date of 31 December 2019, secunet AG now holds 100% of the shares. The company was dissolved with effect from 1 December 2019 and has been in liquidation since this date.

In accordance with IFRS, the subsidiaries report the following figures:

Company	Registered office	Equity holding	Non-controlling interests	Equity as at 31 Dec 2019	Net income for 2019
secunet Service GmbH	Essen	100%	0.00%	883 kEUR	554 kEUR
secunet International GmbH & Co. KG	Essen	100%	0.00%	-505 kEUR	-627 kEUR
secunet International Management GmbH	Essen	100%	0.00%	37 kEUR	7 kEUR
secustack GmbH	Dresden	51%	49.00%	1,037 kEUR	-188 kEUR
finally safe GmbH i. L.	Essen	100%	0.00%	621 kEUR	-856 kEUR
secunet s. r. o. i. L.	Prague / Czech Republic	100%	0.00%	2,240 kCZK	-306 kCZK

The consolidated subsidiaries secunet s. r. o., Prague (Czech Republic) and finally safe GmbH are in liquidation.

Secunet Inc., Austin, Texas (USA), 100% participation, is no longer operational and has not been consolidated since the 2002 financial year on the grounds that it is not material.

The Group's accounting and measurement policies are applied consistently to the financial statements of secunet AG and its subsidiaries included in the Consolidated Financial Statements. The reporting date for secunet AG and for all consolidated companies is 31 December 2019.

The wholly-owned subsidiary secunet International GmbH & Co. KG, which is fully included in these Consolidated Financial Statements, makes use of the exemption provisions of Section 264b HGB for the 2019 financial year with regard to disclosure requirements. secunet International Management GmbH is a partner with unlimited liability of secunet International GmbH & Co. KG.

Basis of consolidation

Capital consolidation is carried out in accordance with the purchase method. When consolidated for the first time, the acquisition cost of the shareholdings acquired is offset against the remeasured equity. The assets and liabilities of the acquired subsidiary are recognised at their fair values. Any remaining positive differences are capitalised as goodwill in accordance with IFRS 3 and subjected to an annual impairment test.

Non-controlling interests are initially measured at their proportionate share of the identifiable net assets of the acquired company at the time of acquisition.

Changes in the Group's interest in a subsidiary that do not result in a loss of control are accounted for as equity transactions.

Both expenses and income, and receivables and payables between the consolidated companies are eliminated. Intercompany profits are eliminated unless they are immaterial.

Write-downs of shares in consolidated companies that have been carried out in individual financial statements as well as intercompany receivables are reversed within the framework of consolidation.

With the equity method, the carrying amount of the company is adjusted to take into account the pro-rata result, the distributed dividends and other changes in equity.

Reporting currency

The Group's reporting currency is euros.

Following IAS 21 (Effects of Changes in Foreign Exchange Rates), foreign subsidiaries' Annual Financial Statements prepared in foreign currency are converted into euros in accordance with the functional currency concept. The functional currency in this context is the currency of the primary economic environment in which the subsidiary is active. In the Consolidated Financial Statements, the balance sheet items of all foreign companies are converted from the local currency into euros at the average exchange rates prevailing on the balance sheet date, as the functional currencies of the foreign subsidiaries are their local currencies; the income statement items are converted using the average exchange rate for the financial year. Differences arising from the conversion of Annual Financial Statements of foreign subsidiaries are treated without affecting the operating result and are recorded in the currency conversion reserve.

For the currency conversion, the following exchange rates were used in respect of currencies of countries not belonging to the European Monetary Union:

	2019	2018
1 EUR =	CZK	CHF	CZK
31 Dec	25.4384	1.1262	25.7448
Average	25.6784	1.1696	25.6754

Financial instruments

Recognition and initial measurement

Trade receivables are recognised at the time they arise. They are measured at the transaction price.

Financial assets and financial liabilities are recognised if a Group company is party to the agreement on the financial instrument. Financial assets or financial liabilities are initially recognised at the fair value. If the change in fair value is not recognised in the income statement (FVTPL), the transaction costs are added.

Classification and subsequent measurement

They are grouped into one of the following categories at the time of acquisition:

» at amortised cost;
» FVOCI debt instruments (investments in debt instruments carried at fair value with changes in other comprehensive income)
» FVOCI equity instruments (equity investments carried at fair value with changes in other comprehensive income)
» FVTPL (at fair value with changes in fair value reported in profit or loss)

Financial assets are not reclassified after initial recognition unless the Group changes its business model for managing financial assets. In this case, all affected financial assets are reclassified on the first day of the reporting period following the change in the business model.

A financial asset is measured at amortised cost if the following cumulative conditions are met and it has not been designated as FVTPL:

It is held within a business model whose objective is to hold financial assets for the purpose of collecting the contractual cash flows, and

» the contractual terms of the financial asset give rise, on specified dates, to cash flows that are solely payments of principal and interest on the principal amount outstanding.

A debt instrument is designated as FVOCI if both of the following conditions are met and it has not been designated as FVTPL:

» It is held within a business model whose objective is both to hold financial assets for the purpose of collecting the contractual cash flows and to sell financial assets; and
» its contractual terms give rise, on specified dates, to cash flows that are solely payments of principal and interest on the principal amount outstanding.

On initial recognition of an equity investment that is not held for trading purposes, the Group may irrevocably elect to report subsequent changes in the fair value of the investment in other comprehensive income. This choice is made on a case-by-case basis for each investment.

All financial assets that are not measured at amortised cost or FVOCI are measured at FVTPL. On initial recognition, the Group may irrevocably decide to designate financial assets that otherwise qualify for measurement at amortised cost or at FVOCI as FVTPL if this serves to eliminate or significantly reduce accounting mismatches.

The Group makes an assessment of the objectives of the business model in which the financial asset is held at a portfolio level. In the past, secunet Group acquired all financial instruments exclusively for the purpose of holding them to collect interest and principal payments. On this basis, it is assumed that this will also apply in the future.

For the purpose of assessing the cash flow criterion, i. e. whether the contractual cash flows are exclusively interest and principal payments on the principal amount (fair value at initial recognition), the Group considers the contractual agreements relating to the instrument. This includes an assessment of whether the financial asset contains a contractual agreement that could change the timing or amount of the contractual cash flows with the effect that they no longer meet these conditions.

When making this assessment, the Group takes into account:

» specific events that would change the amount or timing of the cash flows
» conditions that would affect the interest rate, including variable interest rates
» early repayment and extension options, and
» conditions that restrict the Group's entitlement to cash flows from a particular asset (for example, no right of recourse).

An early repayment option is consistent with the criterion of exclusive interest and principal payments if the early repayment amount substantially represents unpaid amounts of principal and interest on the outstanding principal; this may include reasonable additional compensation for early termination of the contract.

In addition, a condition for a financial asset acquired at a premium or discount on the contractual nominal amount that permits or requires early repayment at an amount that substantially represents the contractual nominal amount plus accrued (but unpaid) contractual interest (which may include reasonable additional compensation for early termination of the contract) is treated as consistent with the criterion, provided the fair value of the early repayment option at the beginning is not significant.

Subsequent measurement and recognition of gains and losses

Financial assets at FVTPL

These assets are subsequently measured at fair value. Net gains and losses, including any interest or dividend income, are recognised in profit or loss.

Based on the measurement hierarchy levels stated in IFRS 13, financial assets and liabilities are measured subject to the availability of relevant information. For the first level, listed (unadjusted) market prices for identical assets and liabilities can be directly observed on active markets. On the second level, they are measured based on measurement models that assess variables that can be observed on the market. The third level does not permit the use of measurement models which rely on input factors that cannot be observed on the market.

If the input factors used to determine the fair value of an asset or a liability can be allocated to different levels of the fair value hierarchy, measurement at fair value is allocated in its entirety to the fair value hierarchy level that corresponds to the lowest input factor which is overall essential to measurement.

Financial assets that are measured at fair value through profit or loss include long-term financial instruments. These include the premium reserve shares from reinsurance contracts. Fair value of the premium reserve is measured by the insurance company and, for the vast majority of reinsurance capital, recognised actuarial processes are followed in this respect (cash method using swap interest rates plus issuer-specific risk premiums). Due to the composition of the reinsurance capital, classification at level 2 of the fair value hierarchy has been applied.

Financial assets at amortised cost

These assets are subsequently measured at amortised cost using the effective interest method. The amortised cost is reduced by impairment losses. Interest income, foreign exchange gains and losses, and impairments are recognised in profit or loss. A gain or loss resulting from derecognition is reported in profit or loss.

Debt investments at FVOCI

These assets are subsequently measured at fair value. Interest income calculated using the effective interest method, foreign exchange gains and losses, and impairments are recognised in profit or loss. Other net gains and losses are recorded under other comprehensive income / loss. On derecognition, the accumulated other comprehensive income is reclassified to profit or loss.

Equity investments at FVOCI

These assets are subsequently measured at fair value. Dividends are recognised as income in profit or loss unless the dividend clearly serves to cover part of the investment cost. Other net gains and losses are recorded under other comprehensive income / loss and never reclassified to profit or loss.

Derecognition

The Group derecognises a financial asset when the contractual rights with regard to the cash flows from the financial asset expire or when it transfers the rights to receive the cash flows in a transaction in which all significant risks and rewards incidental to ownership of the financial asset are transferred.

Derecognition also takes place if the Group neither transfers nor retains all significant risks and rewards incidental to ownership and does not retain control of the transferred asset.

The Group derecognises a financial liability when the contractual obligations have been fulfilled, cancelled or have expired. Furthermore, the Group also derecognises a financial liability if its contractual terms are changed and the cash flows of the modified liability are significantly different. In this case, a new financial liability is recognised at fair value based on the revised terms.

When a financial liability is derecognised, the difference between the carrying amount of the extinguished liability and the consideration paid (including non-cash assets transferred or liabilities assumed) is recognised in profit or loss.

Cash and cash equivalents

The Group regards all highly liquid assets for which withdrawal or usage is not restricted as cash and cash equivalents. Alongside cash in hand and deposits held at call with banks, these also include short-term bank deposits with original maturities of three months or less. The measurement takes place based on the relevant nominal value.

Contract assets

Services already rendered in connection with customer projects but not yet invoiced to the customer are recorded under contract assets.

Inventories

Inventories, which consist almost exclusively of trade goods, are measured at the lower of historical cost or cost of production, or net realisable value less costs not yet incurred. Historical cost is calculated in accordance with the weighted average cost method.

Finished goods and work in progress are valued at the cost of acquisition of the materials used and the cost of production.

Property, plant and equipment

Property, plant and equipment consist not only of office and operating equipment, but generally also of assets under construction and are measured at historical cost or production cost less regular depreciation. When items of property, plant and equipment are disposed of or retired, their historical costs or production costs, accumulated depreciation and impairment are eliminated from the balance sheet and the gain or loss resulting from their sale is recognised in the income statement. Historical costs also include individually attributable additional and subsequent costs of acquisition. Purchase price reductions are offset.

Subsequent costs are only included in the asset's carrying amount or recognised as a separate asset, as appropriate, when it is probable that future economic benefits associated with the asset will flow to the Group and the cost of the asset can be reliably measured. Repairs and maintenance are charged to the income statement during the financial year in which they are incurred.

The depreciation period is based on the useful economic life and is between three and ten years. Depreciation is on a straight-line basis.

The assets' carrying amounts and useful lives are reviewed, and adjusted if appropriate, at each balance sheet date.

Intangible assets

Intangible assets with a finite useful life acquired for a consideration are measured at historical cost plus additional costs of acquisition less accumulated amortisation calculated using the straight-line method. Acquired software is amortised over three to seven years on a straight-line basis.

Costs incurred in preserving the original economic benefits of existing software systems are recognised as an expense when the maintenance work is carried out.

Internally produced intangible assets are capitalised if the criteria in IAS 38.57 are fulfilled. Amortisation of the intangible asset begins at the time of its operational readiness.

Goodwill

Goodwill represents the excess of the cost of an acquisition over the fair value of the Group's share of the net identifiable assets of the acquired company at the date of the acquisition.

Under IFRS 3 in conjunction with IAS 36 and IAS 38, goodwill is not subject to scheduled amortisation. It is instead subjected to an annual impairment test and carried at original historical cost less accumulated impairment losses.

Where a cash-generating unit is sold, the relevant share of goodwill attributable to that unit is taken into account when calculating the profit from the sale.

Impairment of assets

Assets that are subject to scheduled amortisation are reviewed for impairment whenever events or changes in circumstances indicate that the carrying amount may no longer be recoverable. An impairment loss is recognised for the amount by which the asset's carrying amount exceeds its recoverable amount. The recoverable amount is the higher of an asset's fair value less costs to sell and its value in use. For the purposes of the impairment test, assets are grouped at the lowest levels for which there are separately identifiable cash flows (cash-generating units).

Where there is an indication that the impairment no longer exists or has decreased, the impairment reversal is recognised as income in the income statement for the asset in question. There were no unscheduled impairments or impairment reversals in the reporting year.

In impairment testing, goodwill acquired in a business combination is allocated to those cash-generating units that are expected to benefit from the synergies arising from the business combination. Impairment testing is carried out on an annual basis and additionally whenever there are indications of impairment in the respective cash-generating unit.

If the carrying amount of the cash-generating unit exceeds its recoverable amount, the carrying amount of the goodwill allocated to this cash-generating unit must be reduced by the amount of the difference. Impairment losses already recognised are not reversed in this process. If the impairment of the cash-generating unit exceeds the carrying amount of the goodwill allocated to it, the remaining impairment loss is recognised by reducing, on a pro-rata basis, the carrying amounts of the cash-generating unit's identifiable assets.

Income tax

Income tax expense is calculated on the basis of the result for the year and takes deferred taxes into account. In accordance with IAS 12 (Income Taxes), deferred taxes are recognised, using the liability method, for all temporary differences arising between the carrying amounts of assets and liabilities for IFRS accounting purposes and the amounts used for tax purposes. Deferred tax assets may also comprise tax reduction claims that arise from the expected use of existing loss carryforwards in subsequent years. Deferred tax assets are recognised only to the extent that it is probable that future taxable profit will be available against which the temporary differences can be utilised.

Deferred tax is calculated using the tax rates that are expected to apply at the time of realisation in accordance with the legal regulations valid at the balance sheet date. Deferred tax is recognised in the income statement as tax income or expense, except to the extent that it is directly linked to equity or items included in other comprehensive income / loss. Deferred taxes resulting from the accounting of right-of-use assets and lease liabilities are shown netted.

Leases

At the start of a contract, the Group assesses whether the contract constitutes or contains a lease. This is the case if the contract grants the right to control the use of an identified asset for a specified period of time in return for the payment of a consideration. In order to assess whether a contract contains the right to control an identified asset, the Group uses the definition of a lease in accordance with IFRS 16.

This method is applied to contracts concluded on or after 1 January 2019.

Lessee

On the date of provision, the Group recognises an asset for the right of use granted and a lease liability. The right-of-use asset is initially measured at cost, which is equal to the initial measurement of the lease liability, adjusted for payments made on or before the date of provision, plus any initial direct costs and the estimated costs of dismantling or removing the underlying asset or restoring the underlying asset or the site at which it is located, less any lease incentives received.

Subsequently, the right-of-use asset is amortised on a straight-line basis from the date of provision to the end of the lease term unless ownership of the underlying asset is transferred to the lessee at the end of the lease term or the cost of the right-of-use asset takes into account the fact that the lessee will exercise a purchase option. In this case, the right-of-use asset is depreciated over the useful life of the underlying asset, which is determined in accordance with the rules for property, plant and equipment. Additionally, the right-of-use asset is continuously adjusted for impairment where necessary and to take specific revaluations of the lease liability into account.

For the first time, the lease liability is measured at the present value of the lease payments not yet made at the date of provision, discounted at the underlying interest rate of the lease or, if this cannot be readily determined, at the lessee's incremental borrowing rate. The Group normally uses its incremental borrowing rate as the discount rate.

The lease payments included in the measurement of lease liabilities comprise fixed payments, amounts that are expected to be paid on the basis of a residual value guarantee and the exercise price of a purchase option if the lessee is sufficiently certain to exercise it.

Lease payments for lease extension options are taken into account if the lessee is sufficiently certain to exercise them.

The lease liability is measured at amortised cost using the effective interest method. It is remeasured if future lease payments change due to a change in the index or (interest) rate, if the lessee adjusts its estimate of the expected payments under a residual value guarantee, if the lessee changes its assessment regarding the exercise of a purchase, extension or termination option or if a de facto fixed lease payment changes.

In the case of such remeasurement of the lease liability, a corresponding adjustment is made to the carrying amount of the right-of-use asset or, if the carrying amount of the right-of-use asset has been reduced to zero, this adjustment is recognised in the income statement.

The Group has decided not to recognise right-of-use assets and lease liabilities for leases based on low-value assets and for short-term leases, including IT equipment. The lessee recognises the lease payments associated with these leases as an expense on a straight-line basis over the term of the lease.

Other provisions

Other provisions comprise all legal and constructive obligations towards third parties identifiable at the balance sheet date that are based on past events, where the amount can be reliably estimated, and where it is probable that an outflow of resources embodying economic benefits will be required to settle the obligation. The provisions are recognised in the amount of the best estimate of the expected settlement value. Possible claims for reimbursement are not offset against the provisions.

Provisions for pensions

In accordance with IAS 19, pension provisions are measured using the projected unit credit method for defined benefit plans. This means that future obligations are measured using actuarial methods to estimate the relevant variables and to determine their present value.

All actuarial gains and losses are recorded in the other comprehensive income / loss as they arise and without affecting the operating result. Reported pension provisions are based on actuarial certificates issued by an independent actuary.

Pension commitments under defined contribution plans are recognised in the relevant functional areas as expenses for employee services in the period during which the employee provides the related services.

Contract liabilities

Income received before the balance sheet date is deferred as a contract liability to the extent that it results in revenue after that date.

Equity

The subscribed capital is 6,500,000.00 euros. It is divided into 6,500,000 bearer shares without par value. All shares are fully paid.

Of secunet AG's capital reserves, 1,902,005.80 euros results from payments by the shareholder before the transformation of secunet AG into a public limited company. The price premium paid in the initial public offering accounts for 20,020,000.00 euros of the total. The capital reserves are available – subject to statutory regulations – for the purposes of offsetting any losses incurred and for capital increases from the Company's own funds.

The other reserves include the reserve for treasury shares and the other comprehensive income / loss.

Treasury shares are shares in secunet AG held by the Company itself. The acquisition of treasury shares is shown in the Consolidated Financial Statements as a change in equity (reserve for treasury shares). No gain or loss is shown in the income statement for the sale, issue or recalling of treasury shares. The consideration in such transactions is recognised in the Consolidated Financial Statements as a change in equity.

Profits from the current financial year and the previous years that are not paid out to shareholders are recognised in the revenue reserves.

Non-controlling interests

Non-controlling interests are initially measured at their proportionate share of the identifiable net assets of the acquired company at the time of acquisition.

The non-controlling interests' share of the Group profit or loss leads to an increase or decrease in the non-controlling interests.

Changes in the Group's interest in a subsidiary that do not result in a change of control are accounted for as equity transactions.

Sales revenue recognition

secunet Group realises its revenue through the sale of hardware, licences, service and maintenance, both separately and in product bundles, and through the provision of services as part of service and work contracts. Payments are typically due within 30 – 90 days.

i. Separate sale of hardware or licences

For the separate sale of hardware or licences, the breakdown into contractual obligations is unnecessary, since each respective individual sale represents a contractual obligation. With regard to the sale of hardware, revenue is recognised in line with IFRS 15 at the time at which the customer takes control of the asset. In the case of licence transfers, IFRS 15 necessitates an assessment as to whether the customer receives access or a right of use as a result. This shall determine whether sales revenue is recognised over time or at a point in time.

ii. Sale of product bundles

The sale of product bundles is a transaction involving multiple elements according to IFRS 15. IFRS 15 requires the separable, independent contractual obligations within a product bundle to be identified in the case of multiple-element transactions. Subsequently, it must be determined whether the revenue is recognised over time or at a point in time for each of these contractual obligations. When doing so, the focus should be on the general principles for sales revenue recognition, as outlined above.

For the services included in the product bundles (e. g. software subscription, Service Level Agreements, support services or extended warranties), discretionary decisions must be used to determine whether these are separate respective contractual obligations or whether these services form a service bundle in combination with another contractual obligation from the product bundle.

iii. Provision of services

The provision of services occurs both on the basis of service contracts and on the basis of work contracts within the Group.

Service contracts

For the most part, consulting services involving the temporal coincidence of service provision and service consumption are provided in the form of service contracts. According to the nature of a service contract, it is the provision of the service that is owed, rather than the result.

Pursuant to IFRS 15.35, the service in these cases is registered over the period during which the service is provided in accordance with the share of the total service provided (output-oriented).

Work contracts

With respect to the work contracts, the result is owed, which constitutes a distinguishing characteristic between these and the service contracts. This means that in the wider sense, an asset is created for the customer. The Group has no alternative way to use this asset. The Group uses this type of contract to cover mainly customer-specific software developments, but also licence sales with extensive customisation.

In the case of these work contracts, the sales revenue must be recognised in relation to the percentage of completion (IFRS 15.39). The percentage of completion is estimated on the basis of the costs incurred in relation to the expected total costs (input-oriented).

Assumptions and estimates

In the preparation of the Consolidated Financial Statements, assumptions and estimates were made that affected the reported amounts of assets, liabilities, income and expenses. These assumptions and estimates relate primarily to an estimate of the useful life for depreciable tangible and intangible assets (Notes 3 and 4), the impairment of receivables (Note 2), the recognition and measurement of provisions (Notes 13 and 14), the capitalisation of deferred taxes on loss carryforwards (Note 10) and the recognition of revenue in the case of services (see section on sales revenue recognition in this Chapter). For the purposes of calculating the value in use of the cash-generating units, as part of the impairment test for the goodwill, estimates and assumptions are required for determining the future cash flows from the cash-generating unit and for calculating the discounting rate (see Note 7).

In some cases, actual results may differ from these estimates and assumptions. Changes are taken into account in the income statement at the time when better knowledge becomes available. Actuarial gains and losses from the pension provision calculation are recorded in other comprehensive income / loss without affecting the operating result.

Grants

In accordance with the option provided by IAS 20.24 in conjunction with IAS 20.27, government grants for assets are offset directly against the acquisition / production costs of the subsidised asset and thus represent a reduction in the cost of acquisition. The grants are recognised on a pro-rata basis in the income statement in the form of lower depreciation. In the 2019 financial year, grants amounting to 1.6 million euros were received (previous year: 0.0 million euros).

Other grants are recognised as income in the period in which the entitlement arises.

Discretionary decisions

Discretion is exercised when determining cash-generating units for the purpose of goodwill impairment testing (see Note 7) and when categorising financial assets and liabilities (see Notes 2 and 9).

Notes to the balance sheet

The balance sheet is classified into non-current and current assets and liabilities. Assets and liabilities due within one year are recognised as current.

In accordance with IAS 12, deferred tax balances are recognised as non-current assets and liabilities.

1. Cash and cash equivalents

Cash and cash equivalents comprise cash in hand and bank balances.

The movement in cash and cash equivalents is shown in the consolidated cash flow statement.

2. Receivables and other assets, contract assets

The trade receivables amount to 49,670,658.22 euros (previous year: 41,776,937.04 euros).

In the year under review, contract assets of 2,787,251.28 euros (previous year: 2,648,354.51 euros) were reported for services already rendered in connection with customer projects but not yet invoiced (thereof 0.00 euros to affiliated companies; previous year: 795.00 euros).

Intercompany financial assets total 117,904.76 euros (previous year: 452,438.07 euros) and result from trade receivables of 117,904.76 euros (previous year: 86,630.07 euros) and other receivables of 0.00 euros (previous year: 365,808.00 euros).

The maturities of all the trade receivables are as follows:

Days overdue

in euros	31 Dec 2019	31 Dec 2018
Not due	40,196,182.44	35,084,405.18
1 – 30	8,891,589.00	6,918,717.00
31 – 90	606,211.00	161,276.00
91 – 180	149,556.00	80,653.00
181 – 360	6,640.00	27,434.00
>360	5,373.00	43,811.00
Total	49,855,551.44	42,316,296.18

The valuation allowance for trade receivables and contract assets was as follows:

in euros	2019	2018
As at 1 Jan	86,921.07	16,857.50
Amounts written off	0.00	-5,557.50
Revaluation of allowances	-19,932.61	75,621.07
As at 31 Dec	66,988.46	86,921.07

A specific valuation allowance is posted to a separate valuation allowance account in cases where receivables are clearly overdue (>180 days) and owed from non-public-sector clients or in the event of special information in individual cases. The receivable is derecognised in the income statement in the event of established insolvency or in cases where the receivable is estimated to be irrecoverable for other reasons.

In the case of trade receivables from third parties that are not subject to a specific valuation allowance, an allowance is calculated on a collective basis for the amount of the expected credit losses over the term of the receivables. Calculation of the expected losses on a collective basis is based on an impairment matrix containing an analysis of historical data over the last five years. The collective allowance is already to be recognised on the basis of historical data when the trade receivable from third parties is initially recognised and is to be adjusted at each reporting date on the basis of current information and expectations.

Receivables and other assets that are not yet due and not individually impaired are assessed by the Management Board to be recoverable. This assessment is based on past experience, the customer structure and longterm business relationships.

Additions to and reversal of valuation allowances are disclosed separately in the income statement under the item "Impairment reversals / impairment losses on trade receivables and contract assets".

The other current and non-current assets totalling 3,952,097.64 euros (previous year: 2,274,582.68 euros) predominantly concern other receivables from suppliers, advance payments for travel expenses, prepayments for future services and other receivables. No impairments were made.

3. Property, plant and equipment

The changes in property, plant and equipment may be summarised as follows:

2019		2018
Office and operating equipment	Property, plant and equipment	Office and operating equipment	Property, plant and equipment
15,046,470.04	15,046,470.04	13,917,602.55	13,917,602.55
0.00	0.00	141,663.09	141,663.09
3,569,876.29	3,569,876.29	2,030,795.04	2,030,795.04
-1,225,345.28	-1,225,345.28	-1,043,590.64	-1,043,590.64
17,391,001.05	17,391,001.05	15,046,470.04	15,046,470.04

10,490,733.04	10,490,733.04	9,492,949.72	9,492,949.72
0.00	0.00	98,654.09	98,654.09
2,349,362.02	2,349,362.02	1,918,376.87	1,918,376.87
-1,167,264.01	-1,167,264.01	-1,019,247.64	-1,019,247.64
11,672,831.05	11,672,831.05	10,490,733.04	10,490,733.04
5,718,170.00	5,718,170.00	4,555,737.00	4,555,737.00

There were no restrictions on disposal or fixed assets pledged to lenders.

4. Intangible assets

The changes in intangible assets may be summarised as follows:

	2019
in euros	Internally generated intangible assets	Purchased intangible assets	Advance payments for intangible assets	Total intangible assets
Accumulated historical cost as at 1 Jan	4,013,694.00	3,009,680.72	299,000.00	7,322,374.72
Change in the consolidated Group	0.00	588,000.00	0.00	588,000.00
Additions	1,202,238.00	1,025,559.56	863,674.43	3,091,471.99
Reclassifications	0.00	299,000.00	-299,000.00	0.00
Disposals	0.00	-263,686.05	0.00	-263,686.05
As at 31 Dec	5,215,932.00	4,658,554.23	863,674.43	10,738,160.66

Accumulated depreciation as at 1 Jan	66,900.00	1,265,254.72	0.00	1,332,154.72
Additions	802,800.00	694,735.03	0.00	1,497,535.03
Disposals	0.00	-263,686.05	0.00	-263,686.05
As at 31 Dec	869,700.00	1,696,303.70	0.00	2,566,003.70
Carrying amount as at 31 Dec	4,346,232.00	2,962,250.53	863,674.43	8,172,156.96

	2018
in euros	Internally generated intangible assets	Purchased intangible assets	Advance payments for intangible assets	Total intangible assets
Accumulated historical cost as at 1 Jan	0.00	1,717,853.05	0.00	1,717,853.05
Change in the consolidated Group	0.00	1,255,000.00	0.00	1,255,000.00
Additions	4,013,694.00	240,359.03	299,000.00	4,553,053.03
Disposals	0.00	-203,531.36	0.00	-203,531.36
As at 31 Dec	4,013,694.00	3,009,680.72	299,000.00	7,322,374.72
Accumulated depreciation as at 1 Jan	0.00	1,247,504.05	0.00	1,247,504.05
Additions	66,900.00	219,345.03	0.00	286,245.03
Disposals	0.00	-201,594.36	0.00	-201,594.36
As at 31 Dec	66,900.00	1,265,254.72	0.00	1,332,154.72
Carrying amount as at 31 Dec	3,946,794.00	1,744,426.00	299,000.00	5,990,220.00

Regular depreciations are recorded under the area of activity associated with the asset. As in the previous year, there were no unscheduled depreciations in the year under review.

In connection with the development of internally generated intangible assets, and after the deduction of grants in accordance with IAS 20.27 amounting to 1,601,779.59 euros, development costs totalling 1,202,238.00 euros were capitalised (previous year: 4,013,694 euros), as the requirements of IAS 38.57 were met in full. The intangible asset capitalised in the financial year has not yet been made ready for operation. A useful life of five years is assumed for the internally generated asset capitalised in the previous year.

In the course of initial consolidation of finally safe GmbH, the "Advanced Security Analytics Platform" solution developed there was revalued and the resulting value recognized in the previous year under purchased intangible assets. A useful life of four years is assumed.

5. Leases / other financial liabilities

The Company's other financial liabilities in the previous year resulted mainly from long-term tenancy agreements for office premises and from leases relating to motor vehicles.

The tenancy agreements for office premises have residual terms of between one and eleven years. Options to extend the term of the tenancy have been agreed in some cases.

The car leases have residual terms of between one and four years, with no extension or purchase options.

The terms of the leases contain absolutely no restrictions on those business activities that affect dividends, additional debts or further leases.

In the previous year, lease payments totalling 3,319,932.57 euros were incurred.

Future minimum lease payments based on operating leases that cannot be terminated were as follows:

Nominal / in euros	31 Dec 2018
Long-term rental commitments for various
office premises	14,279,922.93
Lease commitments for office and operating
equipment	1,489,376.33
Total	15,769,299.26

The maturities of the liabilities were as follows:

Nominal / in euros	31 Dec 2018
Up to 1 year	3,610,443.43
More than 1 year but less than 5 years	9,352,394.65
More than 5 years	2,806,461.18
Total	15,769,299.26

With the transition to IFRS 16, these obligations will be accounted for as lease liabilities in the future. A reconciliation of the previous recognition under IAS 17 to IFRS 16 is presented below.

in million euros	1 Jan 2019
Liabilities from operating leases as at 31 December 2018	15.8
Consideration of extension options	8.2
Non-lease components included in accordance with IAS 17	-3.6
Discount effect at the incremental borrowing rate	-1.1
Lease liability at transition date	19.3

Development of lease liabilities

		2019
	Rented buildings	Vehicles	Short-term leases	Low-value leases	Total
As at 1 Jan	18,243,017.87	1,050,377.76	-	-	19,293,395.63
Additions	645,861.58	174,014.57	-	-	819,876.15
Lease payments	-2,334,639.25	-458,093.85	-41,484.80	-84,058.56	-2,918,276.46
Interest expense	207,224.38	9,467.04	-	-	216,691.42
As at 31 Dec	16,761,464.58	775,765.52	-	-	17,537,230.10

For a maturity analysis of the lease liabilities as at 31 December 2019, see Note 11 Liabilities.

Development of right-of-use assets

	2019
	Rented buildings	Vehicles	Total
As at 1 Jan	18,243,017.87	1,050,377.76	19,293,395.63
Additions	645,861.58	174,014.57	819,876.15
Depreciation and amortisation	-2,429,115.05	-452,551.87	-2,881,666.92
As at 31 Dec	16,459,764.40	771,840.46	17,231,604.86

6. Business combinations

First-time consolidation of secustack GmbH, Dresden

With effect from 1 April 2019, secustack GmbH was fully consolidated by secunet AG on account of the control exercised as of this date (51% of the shares and thus the majority of voting rights). The company was newly founded to provide companies and public authorities with a security-enhanced cloud platform made in Germany.

secunet paid a total of 625 thousand euros in cash for the proportionate share capital and the capital reserve. The fair value of the consideration is thus 625 thousand euros. Immaterial transaction costs were incurred.

The non-controlling interests were valued at 600 thousand euros at the acquisition date. This corresponds to the proportionate net assets (49%) at the time of acquisition.

The following assets and liabilities were acquired at the date of acquisition:

in thousand euros

Cash	637
Intangible assets	588

The carrying amounts of the assets correspond to their fair values. No goodwill was generated.

Deconsolidation of secunet SwissIT AG, Solothurn, Switzerland

As secunet SwissIT AG was already under liquidation, its deconsolidation only resulted in an insignificant deconsolidation loss of 31 thousand euros.

7. Goodwill

The breakdown of the goodwill carrying amount by segment is as follows:

	2019		2018
in euros	Public Sector	Business Sector	Total	Public Sector	Business Sector	Total
Accumulated historical cost as at 1 Jan	3,325,331.00	1,299,700.00	4,625,031.00	3,325,331.00	282,000.00	3,607,331.00
Change in the consolidated Group	0.00	0.00	0.00	0.00	1,017,700.00	1,017,700.00
Additions	0.00	0.00	0.00	0.00	0.00	0.00
Disposals	0.00	0.00	0.00	0.00	0.00	0.00
As at 31 Dec	3,325,331.00	1,299,700.00	4,625,031.00	3,325,331.00	1,299,700.00	4,625,031.00

Accumulated depreciation as at 1 Jan	0.00	0.00	0.00	0.00	0.00	0.00
Additions	0.00	0.00	0.00	0.00	0.00	0.00
Disposals	0.00	0.00	0.00	0.00	0.00	0.00
As at 31 Dec	0.00	0.00	0.00	0.00	0.00	0.00
Carrying amount as at 31 Dec	3,325,331.00	1,299,700.00	4,625,031.00	3,325,331.00	1,299,700.00	4,625,031.00

Goodwill was allocated to the cash-generating units based on expected synergies from the respective business combination. These cash-generating units represent the lowest reporting level in the Group at which goodwill can be monitored by the management for internal management purposes. The cash-generating units correspond to the segments.

secunet Group is split into two divisions: the Public Sector division and the Business Sector division.

In testing goodwill for impairment in accordance with IAS 36, the recoverable amount of the individual cash-generating unit is determined by its value in use. The test takes place annually as at 31 December. The value in use is calculated from the discounted cash flows of the relevant unit. Cash flows are calculated from the EBIT determined as part of the annual planning adopted by the Management Board and approved by the Supervisory Board. This is reconciled to Noplat (net operating profit less adjusted taxes) and adjusted for depreciation and investments. A discount rate (WACC) of 8.10% was used for these calculations (previous year: 8.10%). A risk-free interest rate (taken from the analyst estimate) of 1.5% (previous year: 1.5%), a market risk premium of 5.5% (previous year: 5.5%) and a beta factor of 1.2 (previous year: 1.2) are used to calculate the discount rate. Since the Company largely operates in the European Economic Area, standardised parameters are used for all cash-generating units. The underlying projections employed for the test are based on a period of three years and take into account past experience and the management's expectations regarding the future development of the market, while also considering growth in the detailed planning period. Projections further into the future are made by extrapolating cash flows in perpetuity, while factoring in a growth rate of 0.5% (previous year: 0.5%) for value in use.

As the discounted cash flows exceeded the carrying amounts of the goodwill, no impairment of goodwill was necessary. As part of a sensitivity analysis, the risk premium was increased by 1% and flat-rate discounts of 20% were applied to the expected cash flows from the individual cash-generating units. Even under these conditions there was no need for impairment with regard to any of the goodwill allocated to the cash-generating units.

8. Inventories

in euros	31 Dec 2019	31 Dec 2018
Trade goods	20,566,577.50	18,945,240.76
Finished goods	399,483.35	41,717.04
Work in progress	541,780.71	280,672.00
Advance payments	63,000.00	81,163.79
Total	21,570,841.56	19,348,793.59

Trade goods are measured at historical cost calculated using a sliding average.

The production costs of finished goods and work in progress are valued at the cost of acquisition of the materials used and the cost of production.

In order to safeguard the sustained growth in the product business, the inventory level has increased by 2.2 million euros.

During the reporting year, value adjustments for trade goods resulted in an expense in the amount of 625 thousand euros (previous year: 150 thousand euros).

9. Non-current financial assets

The premium reserve shares from reinsurance contracts shown under non-current financial assets amount to 6,141,883.00 euros (previous year: 5,860,888.00 euros). This increase is a result of the regular contributions and credit notes issued on income by the insurance companies. Disbursements for pension payments have a counteracting effect.

These reinsurance contracts deal with the reinsurance of the existing defined benefit obligations related to current and former secunet employees from pension commitments assumed from previous employers. The existing reinsurance contracts are not plan assets as defined under IAS 19.

10. Deferred taxes

The Group has loss carryforwards amounting to 3,731 thousand euros (previous year: 2,115 thousand euros).

In addition, there were loss carryforwards at the foreign company of 40 thousand euros (previous year: 38 thousand euros) for which no deferred taxes were recognised. Deferred tax claims not recognised totalled 12 thousand euros (previous year: 8 thousand euros). These loss carryforwards expire five years after the losses were incurred.

The domestic companies have loss carryforwards of 3,691 thousand euros (previous year: 2,077 thousand euros). No deferred tax assets were formed on losses amounting to 2,732 thousand euros, as it is not expected that these loss carryforwards will be realised in the short to medium term. They do not expire. Deferred tax claims not recognised totalled 872 thousand euros.

Deferred tax assets of 198 thousand euros were formed on losses amounting to 959 thousand euros. The losses do not expire.

A tax rate of 31.90%, or 16.07% for partnerships, was used to calculate deferred taxes (previous year: 31.93%). The average trade income tax rate changed slightly due to the acquisition of new sites and companies and the difference in the weighting of wage payments. The tax rate for deferred taxes includes trade tax and corporate tax plus solidarity surcharge.

The breakdown of deferred taxes recognised in the balance sheet is as follows:

The changes in deferred taxes in the income statement may be summarised as follows:

Income statement for expenses / income

in euros	1 Jan – 31 Dec 2019	1 Jan – 31 Dec 2018
Deferred tax assets
from provisions for pen sions	14,272.40	82,250.19
from goodwill	-1,707.02	-14,410.95
from intangible assets	-12,145.27	59,729.22
from tangible fixed assets	11,385.75	0.00
from leases as defined by IFRS 16	97,413.03	0.00
from loss carryforwards	197,758.83	0.00
from other items	-1,391.16	69,971.35
	305,586.56	197,539.81
Deferred tax liabilities
from trade receivables and contract assets	3,017.20	-64,915.28
from intangible assets	5,824.10	-1,235,141.83
from goodwill	-5,109.86	-3,610.96
from tangible fixed assets	-24,030.91	0.00
from other items	23,536.58	10,054.49
	3,237.11	-1,293,613.58
Expenses / income from de ferred taxes	308,823.67	-1,096,073.77

In the 2019 financial year, deferred tax income of 406,246.18 euros was recorded under other comprehensive income / loss (in the previous year tax income of 33,843.75 euros).

In the previous year, deferred tax liabilities on differences in intangible assets were recognised in the amount of 400,470.50 euros in connection with the initial consolidation of finally safe GmbH.

Balance sheet entry

in euros	31 Dec 2019	31 Dec 2018
Deferred tax assets
from provisions for pen sions	1,738,865.17	1,318,346.59
from goodwill	31,285.29	32,992.31
from intangible assets	47,583.95	59,729.22
from tangible fixed assets	11,385.75	0.00
from leases as defined by IFRS 16	97,413.03	0.00
from loss carryforwards	197,758.83	0.00
from other items	179,577.54	180,968.70
	2,303,869.56	1,592,036.82
Deferred tax liabilities
from trade receivables and contract assets	-176,004.10	-179,021.30
from intangible assets	-1,629,788.23	-1,635,612.33
from goodwill	-8,720.82	-3,610.96
from tangible fixed assets	-24,030.91	0.00
from other items	-44,707.77	-68,244.35
	-1,883,251.83	-1,886,488.94
Total	420,617.73	-294,452.12

11. Liabilities

Intercompany payables are trade payables (223,561.18 euros; previous year: 283,951.48 euros) and other liabilities (57,407.50 euros; previous year: 0.00 euros). The carrying amounts of trade payables and other liabilities correspond to the nominal value.

Other current liabilities break down as follows:

31 Dec 2019	31 Dec 2018
2,863,968.88	4,139,037.65
668,136.69	562,762.11
14,767.42	1,639.34
74,587.72	36,072.15
3,621,460.71	4,739,511.25

The maturities of the liabilities are as shown below:

	Total		Remaining term up to 1 year		5 years	Remaining term of 1 year to	Remaining term of over 5 years
in euros	2019	2018	2019	2018	2019	2018	2019	2018
Trade accounts payable	27,953,644.22	22,797,180.71	27,953,644.22	22,797,180.71	0.00	0.00	0.00	0.00
Intercompany payables	280,968.68	283,951.48	280,968.68	283,951.48	0.00	0.00	0.00	0.00
Lease liabilities 1	17,537,230.10	-	2,600,883.05	-	8,452,000.76	-	6,477,949.79	-
Income tax liabilities	5,446,232.78	6,695,131.05	5,446,232.78	6,695,131.05	0.00	0.00	0.00	0.00
Other current liabilities	3,621,460.71	4,739,511.25	3,621,460.71	4,739,511.25	0.00	0.00	0.00	0.00
Contract liabilities	29,817,985.38	19,609,929.51	9,960,482.92	8,682,677.88	19,851,507.49	10,902,149.46	5,994.97	25,102.17

12. Contract balances

The following table presents information on receivables, contract assets and contract liabilities for customer contracts:

in euros	31 Dec 2019	31 Dec 2018
Trade receivables	49,670,658.22	41,776,937.04
Contract assets	2,787,251.28	2,648,354.51
Contract liabilities	29,817,985.38	19,609,929.51

The contract assets include services already rendered under work or service contracts but not yet invoiced to the customer. No value adjustments had to be recognised in this regard in the financial year.

The contract assets are transferred to receivables when the customer is invoiced.

The contract liabilities include customer payments that are recognised as revenue after the balance sheet date. This item contains transactions where the Group generates cash inflow in advance due to multiple-year maintenance and support contracts and extended warranties or receives advance payments for later supplies or services. The sales revenue is generated over a period corresponding to the maturities reported in Note 11.

The contract liabilities developed as follows in the financial year:

	2019	2018
As at 1 Jan	19,609,929.51	13,416,089.20
Recognised in sales revenue	-8,682,677.88	-7,498,990.71
Additions due to initial con solidation	0.00	78,728.19
Additions from payments received	18,890,733.75	13,614,102.83
As at 31 Dec	29,817,985.38	19,609,929.51

13. Provisions for pensions

in euros	2019	2018
Opening balance as at 1 Jan	6,781,816.00	6,029,924.67
Benefits paid	-58,816.00	-18,562.00
Additions	293,819.00	664,393.33
Addition not affecting prof it / loss in other income	1,212,779.00	106,060.00
Closing balance as at 31 Dec	8,229,598.00	6,781,816.00

Provisions for pensions and similar liabilities are formed on the basis of the Group company's individual contract commitments towards its employees. 25 current and former employees of secunet Group who were employed at other companies in the past are entitled to a pension (previous year: 25 employees). The 25 pensionable persons consist of 22 candidates and three pension beneficiaries.

As a result of business combinations and taking over of employees from other companies, the Company has a variety of pension plans. These can largely be split into two types of plans.

The first type of plan grants the beneficiary a defined percentage (between 0.6% and 1.5%) of remuneration as an old-age pension, for each year of service. In the second type of plan, the beneficiary is granted a fixed component for the old-age pension.

Both types of plan allow for early retirement taking reductions in benefits into account.

Both plans include a disability pension and a widow's and orphans' pension.

The certificates for the eligible employees of secunet Group as at 31 December 2019 are based on trend assumptions of 2.5% for salary growth (previous year: 2.5%), pension growth of 2.0% p. a. (previous year: 2.0% p. a.), a rate of inflation of 2.0% p. a. (previous year: 2.0% p. a.) and an actuarial interest rate of 1.15% p. a. (previous year: 1.9% p. a.). Prof Klaus Heubeck's 2018 G mortality tables were used as the basis for the calculation.

To determine the actuarial interest rate, a yield curve as at the balance sheet date is derived using bootstrapping based on corporate bonds with an AA rating. The actuarial interest rate is calculated by matching the yield curve with the actual term of the obligations.

The parameters were set based on the data from December 2019.

Sensitivity analysis

Valuation parameter	Baseline value	Sensitivity	Effect on provisions (in thousand euros)
Actuarial interest	1.15%	+ 1.00%	-1,554
Actuarial interest	1.15%	- 1.00%	2,080
Salary growth	2.50%	+ 0.50%	164
Salary growth	2.50%	- 0.50%	-157
Pension growth	2.00%	+ 0.50%	737
Pension growth	2.00%	- 0.50%	-501
Life expectancy	Heubeck 2018 G	+ 1 year	330
Life expectancy	Heubeck 2018 G	- 1 year	-325

The sensitivity calculations are based on the average terms of the pension obligations as at 31 December 2019. Separate calculations were performed for all actuarial parameters considered to be material, so as to separately show the effects on the present value of defined benefit obligations as at 31 December 2019. Since the sensitivity analyses are based on the average duration of expected pension obligations, and expected payment deadlines are therefore not considered, they can only provide rough information or statements on trends.

The evaluation and definition of the parameters are at the discretion of the Management Board.

Changes to the defined benefit obligations in the reporting year were as follows:

in euros	2019	2018
As at 1 Jan	6,781,816.00	6,029,924.67
Current service cost 1	165,566.00	549,988.33
Interest expense	128,253.00	114,405.00
Actuarial gains and losses from
experience-based adjust ments	7,352.00	55,634.00
changes to financial as sumptions	1,205,427.00	50,426.00
Benefits paid	-58,816.00	-18,562.00
As at 31 Dec	8,229,598.00	6,781,816.00

1 A compensation payment of 366 thousand euros was received in the previous year for the assumption of pension claims from the former employer. The initial recognition of the provision was based on the current service cost.

Of the defined benefit obligations, 58.8% (previous year: 75.2%) relate to active claimants. 14.4% (previous year: 12.8%) relate to claimants who have left and 26.8% (previous year: 12.0%) relate to pension beneficiaries. Pension commitments do not expire.

The weighted average duration of the defined benefit obligations up to 31 December 2019 is 22.0 years (previous year: 22.0 years).

Costs arising from the defined benefit obligations and included in the income statement are broken down as follows:

in euros	2019	2018
Current service cost	165,566.00	549,988.33
Interest expense	128,253.00	114,405.00
Cost for the year	293,819.00	664,393.33

In line with actuarial certificates, expenses arising from the commitments are distributed over the service life of employees and consist of the interest expenses and the service expenses. Interest expenses are included in the financial result, and the service expenses are shown under personnel expenditure in the respective functional areas.

In the reporting year, pension payments of 58,816 euros (previous year: 18,562 euros) were paid directly by the employer.

The defined benefit obligation is offset by premium reserve shares from reinsurance contracts in the amount of 6,141,883.00 euros (previous year: 5,860,888.00 euros), which do not represent plan assets under IAS 19.

A pension provision of 8,409,154 euros is expected as at 31 December 2020, based on an annual expense of 260,253 euros and planned pension payments of 80,697 euros.

In the reporting year, secunet Group paid contributions of 3,226 thousand euros (previous year: 2,889 thousand euros) into the statutory pension insurance plan, which is regarded as a defined contribution plan. In the case of defined contribution pension plans, there are no further obligations beyond the payment of contributions.

14. Other provisions

The changes in other provisions are shown in the table below:

in euros	1 Jan 2019	Utilisation	Released	Additions	31 Dec 2019
Non-current provisions
Provisions for anniversary bonuses	321,152.00	0.00	0.00	35,229.00	356,381.00
Current provisions
Annual employee bonuses	8,996,362.00	-8,996,362.00	0.00	10,404,235.00	10,404,235.00
Accrued holidays	790,531.00	-790,531.00	0.00	923,284.00	923,284.00
Asset retirement and maintenance measures	577,552.17	0.00	0.00	95,060.91	672,613.08
Warranties	974,049.00	-338,821.50	-73,227.50	14,000.00	576,000.00
Deferred costs	235,759.45	-219,041.90	-8,000.00	157,526.73	166,244.28
Professional association contributions	132,000.00	-132,000.00	0.00	165,700.00	165,700.00
Pending contractual penalty	244,000.00	0.00	-244,000.00	0.00	0.00
Others	627,626.13	-562,970.13	0.00	722,640.09	787,269.09
	12,577,879.75	-11,039,726.53	-325,227.50	12,482,446.73	13,695,372.45
Total	12,899,031.75	-11,039,726.53	-325,227.50	12,517,675.73	14,051,753.45

The provision formed in the previous year for warranties and goodwill in the product and project business was utilised in the 2019 financial year in the amount of 339 thousand euros. 73 thousand euros could be released to the cost of sales with an effect on income.

The provision for asset retirement and maintenance measures essentially involves asset retirement and maintenance measures to be performed by the Company for the leased properties in Essen, Munich and Dresden.

Overall provisions have been represented at the level of the expected realisation arising from the risks.

The estimation of the probability of occurrence for the expected realisation of the provisions is at the discretion of the Management Board.

15. Equity

The development of the Group's equity is shown in the consolidated statement of changes in equity.

As in the previous year, secunet AG holds 30,498 treasury shares as at the balance sheet date. This corresponds to a share of 0.469% of the subscribed capital.

The subscribed capital remains unchanged at 6,500,000.00 euros. It is divided into 6,500,000 bearer shares without par value. All shares are fully paid. Calculated on Group profit for the period attributable to the shareholders of secunet AG of 22,270,432.59 euros, diluted and undiluted earnings per share were 3.44 euros per share (6,469,502 shares), compared with 2.77 euros (6,469,502 shares) in the previous year.

The minority interests developed as follows in the financial year:

in euros	2019	2018
Opening balance as at 1 Jan	358,803.12	0.00
Change in the consolidated Group	600,250.00	458,958.36
Share in net income	-92,092.93	-100,155.24
Change of non-controlling interests	-358,803.12	0.00
Closing balance as at 31 Dec	508,157.07	358,803.12

The number of shares outstanding remained unchanged, at 6,469,502 shares. Each share grants the holder one voting right and, in the event of a distribution, an equivalent dividend entitlement.

secunet AG's capital reserves were unchanged from the previous year, with 1,902,005.80 euros of the total resulting from payments by the shareholder before the transformation of secunet AG into a public limited company. The price premium paid in the initial public offering accounts for 20,020,000.00 euros of the total. The capital reserves are available – subject to statutory regulations – for the purposes of offsetting any losses incurred and for capital increases from the Company's own funds.

The other reserves consist of the reserve for treasury shares and the other comprehensive income / loss.

The reserve for treasury shares consists of the historical cost of the shares of the Company held by the Group. The Company currently holds 30,498 of its own shares.

Other comprehensive income / loss consists of currency conversion differences from the currency conversion of financial statements of foreign subsidiaries, actuarial gains and losses as part of pension provision calculation as well as deferred taxes.

Revenue reserves increased by 42,363,484.81 euros to 51,192,282.72 euros compared to the previous year's figure. This increase was based on the Group profit for the period attributable to the shareholders of secunet AG of 22,270,432.59 euros, less the dividend payments of 13,197,784.08 euros paid during the reporting year and the adjustment of revenue reserves due to consolidation effects.

Appropriation of the balance sheet profit

From the balance sheet profit of 13,197,784.08 euros reported for the 2018 financial year in the Annual Financial Statements under commercial law, dividends of 2.04 euros per share (amounting to a total of 13,197,784.08 euros) were distributed in the 2019 financial year in accordance with the resolution of the Annual General Meeting on 15 May 2019.

secunet AG's Annual Financial Statements under commercial law for the 2019 financial year show net income for the year of 20,178,171.29 euros. The Management Board and the Supervisory Board decided to deposit an amount of 10,085,748.17 euros from this sum into other revenue reserves. There is a balance sheet profit of 10,092,423.12 euros under commercial law for 31 December 2019.

The Management Board will propose to the Annual General Meeting that a regular dividend of 1.56 euros per dividend-bearing share be distributed on the dividend-bearing share capital of 6,469,502.00 (corresponding to a regular distribution of 50% of net income for the year), i.e. a total of 10,092,423.12 euros. When determining the share capital entitled to a dividend, the total of 30,498 treasury shares was deducted.

in euros	2019
Carryforward as at 1 Jan 2019	13,197,784.08
Net income for the year 2019	20,178,171.29
Dividend payment in 2019 for 2018	-13,197,784.08
Transfer to other revenue reserves	-10,085,748.17
Balance sheet profit at 31 Dec 2019	10,092,423.12
Proposal for the appropriation of distributable earnings
Dividend payment in 2020	-10,092,423.12
Carryforward	0.00

Notes on the income statement

16. Sales revenue

secunet Group realises its sales revenue entirely within the framework of contracts with customers.

The following overview breaks down sales by geographical characteristics, main revenue streams and revenue recognition.

	Public Sector Business Sector			Group
in thousand euros	2019	2018	2019	2018	2019	2018
Geographical allocation
Domestic	152,742.9	129,692.6	56,797.4	15,745.7	209,540.3	145,438.3
Abroad	17,070.1	17,464.0	291.6	384.3	17,361.7	17,848.3
Total	169,813.0	147,156.6	57,089.0	16,130.0	226,902.0	163,286.6
Revenue generation
Consultancy business	23,771.1	22,357.3	7,961.3	11,547.5	31,732.4	33,904.8
Product business	146,041.9	124,799.3	49,127.7	4,582.5	195,169.6	129,381.8
Total	169,813.0	147,156.6	57,089.0	16,130.0	226,902.0	163,286.6
Recognition of sales revenue
Over time	38,785.4	34,804.2	13,190.2	13,728.4	51,975.6	48,532.6
At a point in time	131,027.6	112,352.4	43,898.8	2,401.6	174,926.4	114,754.0
Total	169,813.0	147,156.6	57,089.0	16,130.0	226,902.0	163,286.6

Domestic sales revenue totalled 209,540.3 thousand euros (previous year: 145,438.3 thousand euros), while sales revenue generated abroad was 17,361.7 thousand euros (previous year: 17,848.3 thousand euros). The breakdown of sales revenue is based on the location of the customers.

Approximately 127.9 million euros of this sales revenue is attributable to the Group's major customer as defined in IFRS 8.34. This sales revenue was generated in the Public Sector division. No other individual customer accounted for 10% or more of the Group's sales revenues in 2019.

17. Presentation of selected expenses according to cost types

With the exception of materials expenses, which must always be included under cost of sales, all the cost types are recorded under the cost of sales, the selling expenses and the general administrative costs. The following amounts are recorded for the cost types listed below:

in euros	2019	2018
Expenses for raw materials, consumables and operating materials	105,337,741.76	65,050,221.85
Cost of services purchased	14,497,286.77	7,477,383.24
Materials expenses	119,835,028.53	72,527,605.09
Wages and salaries	44,282,020.96	39,248,159.54
Social security costs	6,805,876.03	5,754,678.09
Expenses for retirement pensions	164,797.27	546,050.49
Personnel expenses	51,252,694.26	45,548,888.12
Depreciations (scheduled)	6,415,685.50	2,204,621.90

18. Research and development costs

Research and development costs for the financial year amounted to 257,096.74 euros (previous year: 1,017,187.94 euros). Of this sum, 0.2 million euros (previous year: 0.5 million euros) was spent on developing the secunet konnektor for data centres. This relates to cost elements that cannot be capitalised.

0.1 million euros relates to non-capitalisable cost components in connection with the development of the SINA COMMUNICATOR H. A further 1.2 million euros was capitalised as development costs associated with this development in accordance with IAS 38.

In the previous year, 0.5 million euros was invested in a development project related to security upgrades for cloud infrastructures. The criteria set forth in IAS 38.57 for the justification of mandatory capitalisation were not completely fulfilled. Consequently, the expenses incurred were not capitalised.

19. Interest income / expense

In the 2019 financial year, interest income of 69,557.48 euros (previous year: 91,803.53 euros) was generated. Of this amount, 68,923.61 euros (previous year: 59,027.77 euros) relates to interest income from short-term loans to the shareholder Giesecke + Devrient GmbH. The remaining amount (633.87 euros, previous year: 32,775.76 euros) is attributable to default interest on trade receivables (previous year: mainly to interest income on loans to associated companies).

The interest expense for 2019 of 362,908.42 euros (prior year: 135,110.74 euros) mainly consists of interest on pension provisions (128,253.00 euros, previous year: 114,405.00 euros) and interest expense in connection with lease accounting under IFRS 16 (216,691.42 euros). The remaining amount mainly relates to interest on other non-current provisions.

20. Income taxes

In the reporting year, current taxes of 10,985,545.73 euros were incurred (previous year: 7,719,613.58 euros). This includes tax income for previous years in the amount of 37,039.46 euros (previous year: tax expense for previous years in the amount of 128,777.80 euros). For deferred taxes see Notes under (10).

The income tax expense is derived from the theoretical tax expense, applying a tax rate of 31.90% (previous year: 31.93%) to the earnings before tax. The tax expense arising from the application of the tax rate for the Group is derived as follows:

2019	2018
32,855,061.46	26,638,906.17
-10,479,121.85	-8,505,802.74
-209,690.94	-70,955.08
-58,043.09	-51,632.70
0.00	7,583.56
37,039.46	-128,777.80
0.00	-72,431.37
-21,505.00	-21,178.84
54,599.62	27,507.62
-10,676,721.80	-8,815,687.35

As at 31 December 2019, the tax rates used to calculate deferred tax assets and liabilities were changed only slightly compared with the previous year.

The effective tax rate in the reporting year, based on the Group profit before tax, was 32.5% (previous year: 33.1%).

21. Cash flow statement

The cash flow statement shows the changes in cash over the course of the reporting year, broken down into cash flows from operating, business, investment and financing activities. Cash and cash equivalents comprise cash in hand and bank balances.

The cash flow from operating activities was determined using the indirect method.

22. Segment reporting

secunet Group has been divided into two divisions, Public Sector and Business Sector. Both divisions are shown separately for the purposes of segment reporting, as they meet at least one of the quantitative thresholds defined in IFRS 8.13.

Segment report 2019

in thousand euros	Public Sector	Business Sector	secunet 2019
Segment revenue	169,813	57,089	226,902
Cost of sales	-125,125	-46,264	-171,389
Selling expenses	-12,129	-3,431	-15,560
Research and development costs	-49	-208	-257
Administrative costs	-4,906	-1,610	-6,516
Segment result (EBIT)	27,604	5,576	33,180
Interest result			-294
Income from investments			-31
Group profit before tax			32,855
Goodwill	3,325	1,300	4,625

Segment report 2018

in thousand euros	Public Sector	Business Sector	secunet 2018
Segment revenue	147,157	16,130	163,287
Cost of sales	-103,481	-12,087	-115,568
Selling expenses	-11,977	-2,187	-14,164
Research and development costs	-503	-514	-1,017
Administrative costs	-4,956	-673	-5,629
Segment result (EBIT)	26,240	669	26,909
Interest result			-43
Income from investments			-227
Group profit before tax			26,639
Goodwill	3,325	1,300	4,625

The Public Sector division addresses the highly complex security requirements of authorities, the armed forces and international organisations. At the core of its offering is SINA, Secure Inter-Network Architecture, developed in conjunction with the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI).

In addition, the division supports authorities in Germany and abroad in all areas relating to e-government and IT security. These include biometric solutions and sovereign documents, security validation and secure web solutions. This division operates a BSI-certified evaluation laboratory for IT conformity.

Staff in the Business Sector division focus on security issues affecting industrial companies. Its product line includes identity management systems, qualified mass signature solutions for electronic invoicing, public key infrastructures and network security. In all areas, analyses, consulting and complete solutions are tailored to each customer's specific requirements.

The division also deals with the IT security issues facing automotive manufacturers. With more and more vehicle functions now being computerised, it is becoming increasingly important for both automotive manufacturers and suppliers to ensure that built-in hardware and software components are protected against unauthorised changes.

The accounting principles for the segments are identical to those used for the Consolidated Financial Statements. Using apportionments, expenses (e. g. overhead costs) that are not directly allocable to the reportable segments are allocated to the reportable segments.

The segments are managed on the basis of the segment results.

With the exception of non-essential components, the segments' assets are focused on the domestic market. There were no significant changes to the segment assets as at the balance sheet date.

Further details on sales revenue can be found in Note 16.

In segment reporting, the general administrative costs as well as other operating expenditure and income from the profit and loss account are summarised under administrative costs.

The selling expenses are combined with the net impairment loss on trade receivables and contract assets.

23. Other disclosures

Employees

In the 2019 financial year, the Group had an average of 630 employees (559 permanent employees and 71 temporary workers; previous year: 567 employees (501 permanent employees and 66 temporary workers)). In the previous year, up until the date of initial consolidation, an average of nine staff members (eight permanent employees and one temporary worker) were employed at associated companies.

Capital management

Our capital management of secunet Group is geared primarily to the provisions and requirements of company law. The aim is to ensure that all Group companies can operate as going concerns. Where no special provisions dictate otherwise, the equity for tax purposes is the same as the balance sheet equity. In all other cases the balance sheet equity is adjusted in line with regulatory or contractual requirements. The Group is not subject to any minimum equity requirements.

The Group's equity (including non-controlling interests) as at 31 December 2019 was 77,962,085.52 euros (previous year: 69,516,359.72 euros).

Financial instruments

Risks from financial instruments

The risks arising from financial instruments relate to liquidity, default and market risks.

Liquidity risks

To ensure that it has sufficient funds at its disposal, the Group prepares a liquidity plan as part of its three-year planning. This is then compared against each set of month-end figures and subsequently analysed.

The finance department informs the CFO of the current level of available funds on a daily basis. In conjunction with a permanent reminder function, this ensures a high cash reserve at all times.

Given the high level of available funds, the Group has, to date, not needed to make use of credit lines.

Guarantee facilities totalling 12.0 million euros existed as at the balance sheet date (previous year: 12.0 million euros), of which 2.1 million euros (previous year: 2.1 million euros) has been drawn down.

At the end of the year, the Group had cash and cash equivalents amounting to 64,492,741.83 euros at its disposal (previous year: 56,084,381.70 euros). Current financial liabilities stood at 49,863,672.36 euros (previous year: 43,198,452.37 euros).

Default risks

Default risks, or risks that counterparties cannot meet their payment obligations on time, are addressed with approval and control processes.

The Group also assesses the solvency of its customers on a regular basis.

The maximum amount of the default risks arising for the Group corresponds to its total receivables. The Group is not exposed to any unusual default risks in respect of individual contracting partners or groups of contracting partners. Default risks are recognised through valuation allowances.

There are no concentrations of default risks in respect of individual customers. The overall default risk is estimated to be low.

An analysis of the trade receivables that were overdue can be found in the overview under Note 2.

Market risks

The Group generates the majority of its sales in the European currency area. The risks resulting from exchange rate fluctuations are therefore not significant. Fixed interest rates are agreed for the Company's interest-bearing call deposits and time deposits. Due to the high level of cash and cash equivalents, no financing through loans is required. Risks resulting from changes in interest rates can therefore also be regarded as low.

Other notes on financial instruments

During the reporting year, there were no reclassifications of financial assets between the measurement categories under IFRS 9. With the exception of the premium reserve from reinsurance contracts (non-current financial assets), no financial assets or liabilities were measured at fair value through profit or loss (FVTPL).

The carrying amounts of current financial assets and liabilities represent an appropriate approximation of fair value for the purposes of IFRS.

The fair value of non-current financial instruments – disclosed under non-current financial assets – corresponds to the carrying amount. They developed as follows:

2019	2018
5,860,888.00	5,646,493.00
61,625.61	80,551.85
-95,496.51	-13,379.28
314,865.90	147,222.43
6,141,883.00	5,860,888.00

For financial instruments measured at amortised cost, expenses of 0 thousand euros (previous year: 89 thousand euros) due to impairments and write-downs, and income of 20 thousand euros (previous year: 1 thousand euros) due to write-ups were reported in the 2019 financial year.

Additional notes on financial instruments

The carrying amounts and fair values of the financial instruments reported in the balance sheet are as follows:

31 Dec 2019	Carrying amounts
in euros	Mandatory as FVTPL	At amortised cost	Other financial liabilities	Total carrying amounts
Financial assets measured at fair value
Non-current financial assets	6,141,883.00	-	-	6,141,883.00
Financial assets not measured at fair value
Cash and cash equivalents	-	64,492,741.83	-	64,492,741.83
Trade receivables	-	49,670,658.22	-	49,670,658.22
Intercompany financial assets	-	117,904.76	-	117,904.76
Other current and non-current assets	-	3,952,097.64	-	3,952,097.64
	0.00	118,233,402.45	0.00	118,233,402.45
Financial liabilities not measured at fair value
Trade accounts payable	-	-	27,953,644.22	27,953,644.22
Intercompany payables	-	-	280,968.68	280,968.68
Other current liabilities	-	-	3,621,460.71	3,621,460.71
	0.00	0.00	31,856,073.61	31,856,073.61

31 Dec 2018		Carrying amounts
in euros	Mandatory as FVTPL	At amortised cost	Other financial liabilities	Total carrying amounts
Financial assets measured at fair value
Non-current financial assets	5,860,888.00	-	-	5,860,888.00
Financial assets not measured at fair value
Cash and cash equivalents	-	56,084,381.70	-	56,084,381.70
Trade receivables	-	41,776,937.04	-	41,776,937.04
Intercompany financial assets	-	452,438.07	-	452,438.07
Other current and non-current assets	-	2,274,582.68	-	2,274,582.68
	0.00	100,588,339.49	0.00	100,588,339.49
Financial liabilities not measured at fair value
Trade accounts payable	-	-	22,797,180.71	22,797,180.71
Intercompany payables	-	-	283,951.48	283,951.48
Other current liabilities	-	-	4,739,511.25	4,739,511.25
	0.00	0.00	27,820,643.44	27,820,643.44

Fair value
Total fair values	Level 3	Level 2	Level 1

- 6,141,883.00		6,141,883.00	-

- 0.00		-	-
- 0.00		-	-
- 0.00		-	-
- 0.00		-	-
0.00 0.00		0.00	0.00

- 0.00		-	-
- 0.00		-	-
- 0.00		-	-
0.00 0.00		0.00	0.00

31 Dec 2018 Carrying amounts Fair value

Total fair values	Level 3	Level 2	Level 1

5,860,888.00	-	5,860,888.00	-

0.00	-	-	-
0.00	-	-	-
0.00	-	-	-
0.00	-	-	-
0.00	0.00	0.00	0.00

0.00	-	-	-
0.00	-	-	-
0.00	-	-	-
0.00	0.00	0.00	0.00

Net profit / loss from financial instruments for the two financial years was as follows:

in euros	2019	2018
Loans and receivables
Interest result	69,557.48	91,803.53
Losses from derecognised receivables	0.00	-18,675.72
Gains on receivables written off	3.98	1,378.90
Impairment losses (–) / im pairment reversals (+)	19,932.61	-75,621.07
	89,494.07	-1,114.36
Financial assets measured at fair value through profit or loss
Interest result	314,865.90	147,222.43
Total	404,359.97	146,108.07

Corporate Governance

The Management Board and Supervisory Board issued the declaration pursuant to Section 161 AktG in respect of secunet AG and made it permanently available to the shareholders on the Company website (www.secunet.com) under >> The Company >> Investor Relations >> Corporate Governance >> Declaration of Conformity under Section 161 AktG.

Corporate bodies

In the reporting year, the Company's Management Board comprised the following members:

Dr rer nat Rainer Baumgart, Chairman (until 31 May 2019) Qualified industrial engineer Axel Deininger (appointed Chairman of the Management Board with effect from 1 June 2019)

Qualified business economist (FH) Thomas Pleines Dr-Ing Kai Martius (appointed with effect from 1 June 2019) Qualified engineer Torsten Henn (appointed with effect from 1 June 2019)

Fees for auditors of Consolidated Financial Statements

In the financial year and in the previous year, the following fees paid to the auditors of the Consolidated Financial Statements, KPMG AG Wirtschaftsprüfungsgesellschaft, were recognized.

in thousand euros	2019	2018
Audit services
Auditing of consolidated financial statements and annual financial statements, auditor's review of 6-month report, supervision of DPR procedures	277	260
of which relating to audit of the previous year	77	39
Other certification services
Audit of the non-financial statement	17	14
Tax advisor services
Tax advisor services (previous year: value-added tax advice)	0	8
Other services
Support in the implemen tation of EU directives and regulations	27	0
Efficiency review of the Super visory Board	10	0
	331	282

Related party disclosures

Transactions with related persons

The remuneration of key management personnel breaks down into the following categories pursuant to IAS 24:

in thousand euros	2019	2018
Management Board
Short-term employee benefits	1,602.3	1,119.8
Post-employment benefits	36.9	53.6
Other long-term employee benefits	358.3	300.0
Total	1,997.5	1,473.4

Supervisory Board
Short-term employee benefits	77.8	60.0

The remuneration of members of the Management Board active during the reporting year totalled 1,961 thousand euros for the reporting year (previous year: 1,420 thousand euros). Provisions for pensions for former members of the Management Board are recognised in the amount of 1,640 thousand euros (previous year: 343 thousand euros).

Pension payments for former members of the Management Board were made in the amount of 27.1 thousand euros (previous year: 0.0 thousand euros).

Former members of the Management Board received fees of 6 thousand euros (previous year: 0.0 thousand euros) in connection with consultancy contracts.

Supervisory Board remuneration for the reporting year totalled 77.8 thousand euros (previous year: 60.0 thousand euros).

Disclosure of the individual amounts paid to members of the Management Board and Supervisory Board, along with further details of the remuneration system for the members of corporate bodies, can be found in the remuneration report that forms part of the combined Management Report of secunet AG.

In the financial year, members of the Management Board held 880 shares (previous year: 0 shares) in secunet Security Networks AG. As in the previous year, members of the Supervisory Board held no shares in secunet AG.

Transactions with related companies of MC Familiengesellschaft mbH

secunet AG is a majority holding of Giesecke+Devrient GmbH, Munich, which has a 78.96% stake in the Company. secunet AG is included in the Consolidated Financial Statements of MC Familiengesellschaft mbH, Tutzing.

The following transactions were carried out in the specified period with companies in the MC Familiengesellschaft mbH Group, Tutzing on the usual market terms:

1. Sales revenues resulting from services performed for affiliated companies in the MC Familiengesellschaft Group

in euros	2019	2018
Parent company
Giesecke + Devrient GmbH, Munich	19,350.46	55,829.29
Other affiliated companies
Giesecke + Devrient Mobile Security GmbH, Munich	64,550.75	460,708.77
Veridos GmbH, Berlin	251,157.00	228,414.55
Giesecke + Devrient Currency Technologies GmbH, Munich	59,010.63	29,750.00
Total	394,068.84	774,702.61

The sales revenues with affiliated companies of the MC Familiengesellschaft Group are generated within the framework of hardware and service projects.

For projects with affiliated companies in the MC Familiengesellschaft Group, provisions for deferred costs of 0 thousand euros (previous year: 0 thousand euros) were created.

2. Financial result for services performed for affiliated companies in the MC Familiengesellschaft Group

Interest income of 68,923.61 euros (previous year: 59,027.77 euros) was generated from the provision of short-term loans to Giesecke+Devrient GmbH, Munich.

3. Other transactions with affiliated companies in the MC Familiengesellschaft Group

Other income of 365,808.00 euros was generated in the previous year with Giesecke + Devrient Mobile Security GmbH, Munich, in connection with a compensation payment for the assumption of a defined benefit obligation for a former employee.

4. Services purchased from affiliated companies in the MC Familiengesellschaft Group

in euros	2019	2018
Parent company
Giesecke + Devrient GmbH, Munich	206,580.95	160,833.94
Other affiliated companies
Giesecke+Devrient Mobile Security GmbH, Munich	802,554.16	156,026.00
Giesecke and Devrient Mobile Security Australia Pty Ltd, Knoxfield, Victoria	163,910.10	0.00
Giesecke+Devrient Mobile Se curity Asia Pte. Ltd., Singapore	72,879.29	0.00
Giesecke + Devrient Immo bilien Management GmbH, Munich	48,815.00	0.00
Veridos GmbH, Berlin	439.00	21,850.00
Giesecke+Devrient Currency Technology FZE, Dubai, UAE	0.00	11,100.00
Total	1,295,178.50	349,809.94

5. Receivables from affiliated companies in the MC Familiengesellschaft Group

in euros	2019	2018
Parent company
Giesecke + Devrient GmbH, Munich	0.00	18,554.93
Other affiliated companies
Giesecke+Devrient Mobile Security GmbH, Munich	105,063.91	365,808.00
Giesecke+Devrient Currency Technologies GmbH, Munich	12,840.85	0
Veridos GmbH, Berlin	0.00	68,075.14
Total	117,904.76	452,438.07

Receivables from Group companies comprise 117,904.76 euros (previous year: 86,630.07 euros) as trade receivables and 0.00 euros (previous year: 365,808.00 euros) as other receivables.

6. Payables to affiliated companies in the MC Familiengesellschaft Group

in euros	2019 2018
Parent company
Giesecke + Devrient GmbH, Munich	138,442.55	50,142.98
Other affiliated companies
Giesecke + Devrient Immo bilien Management GmbH, Munich	58,089.85	0.00
Giesecke+Devrient Currency Technology FZE, Dubai, UAE	0.00	11,100.00
Giesecke and Devrient Mobile Security Australia Pty Ltd, Knoxfield, Victoria	16,975.61	0.00
Giesecke+Devrient Mobile Se curity Asia Pte. Ltd., Singapore	10,053.17	0.00
Giesecke+Devrient Mobile Security GmbH, Munich	57,407.50	222,708.50
Total	280,968.68	283,951.48

Payables to Group companies consist entirely of trade accounts payable.

7. Other income from companies in which MC Familiengesellschaft mbH holds a participating interest

Prior to initial consolidation in secunet Group, other income amounting to 161,340.68 euros was earned in the previous year from finally safe GmbH, Essen, for the performance of administrative tasks and the leasing of office space.

Events after the balance sheet date

There were no significant events after the balance sheet date.

The Management Board

Essen, 27 March 2020

Axel Deininger Torsten Henn

Dr Kai Martius Thomas Pleines

Independent Auditor's Report

To secunet Security Networks Aktiengesellschaft, Essen

Report on the Audit of the Consolidated Financial Statements and of the Group Management Report

Opinions

We have audited the consolidated financial statements of secunet Security Networks Aktiengesellschaft, Essen, and its subsidiaries (the Group or secunet), which comprise the consolidated balance sheet as of 31 December 2019, and the consolidated income statement, the consolidated statement of comprehensive income, the consolidated cash flow statement and the consolidated statement of changes in equity for the financial year from 1 January to 31 December 2019, and notes to the consolidated financial statements, including a summary of significant accounting policies. In addition, we have audited the combined management report – report on the position of the Company and the Group (hereinafter referred to as "Group management report") of secunet Security Networks Aktiengesellschaft, Essen, for the financial year from 1 January to 31 December 2019. In accordance with German legal requirements, we have not audited the content of those parts of the Group management report specified in the "Other Information" section of our auditor's report.

In our opinion, on the basis of the knowledge obtained in the audit,

» the accompanying consolidated financial statements comply, in all material respects, with the IFRSs as adopted by the EU, and the additional requirements of German commercial law pursuant to Section 315e (1) HGB [Handelsgesetzbuch: German Commercial Code] and, in compliance with these requirements, give a true and fair view of the assets, liabilities, and financial position of the Group as of 31 December 2019, and of its financial performance for the financial year from 1 January to 31 December 2019.

» the accompanying Group management report as a whole provides an appropriate view of the Group's position. In all material respects, this Group management report is consistent with the consolidated financial statements, complies with German legal requirements and appropriately presents the opportunities and risks of future development. Our audit opinion on the Group management report does not cover the contents of those parts of the Group management report specified in the "Other Information" section.

Pursuant to Section 322 (3), sentence 1 HGB, we declare that our audit has not led to any reservations relating to the legal compliance of the consolidated financial statements and of the Group management report.

Basis for the Opinions

We conducted our audit of the consolidated financial statements and of the Group management report in accordance with Section 317 HGB and EU Audit Regulation No. 537 / 2014 (referred to subsequently as "EU Audit Regulation") and in compliance with German Generally Accepted Standards for Financial Statement Audits promulgated by the Institut der Wirtschaftsprüfer [Institute of Public Auditors in Germany] (IDW). Our responsibilities under those requirements and principles are further described in the "Auditor's Responsibilities for the Audit of the Consolidated Financial Statements and of the Group Management Report" section of our auditor's report. We are independent of the Group entities in accordance with the requirements of European law and German commercial and professional law, and we have fulfilled our other German professional responsibilities in accordance with these requirements. In addition, in accordance with Article 10 (2) point (f) of the EU Audit Regulation, we declare that we have not provided non-audit services prohibited under Article 5 (1) of the EU Audit Regulation. We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our opinions on the consolidated financial statements and on the Group management report.

Key Audit Matters in the Audit of the Consolidated Financial Statements

Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the consolidated financial statements for the financial year from 1 January to 31 December 2019. These matters were addressed in the context of our audit of the consolidated financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

Revenue recognition on an accrual basis (revenue recognition cut-off)

For the accounting policies applied, we refer to the explanatory notes to the consolidated financial statements under "General principles" and Section 16 "Sales revenue". The Company's revenue performance is presented in Section 2.3.1 of the Group management report.

Financial statement risk

As presented in the consolidated financial statements, secunet Security Networks Aktiengesellschaft generated revenue in the amount of 226.9 million euros in the 2019 financial year. The main contributors to revenue are multiple-element contracts and the provision of services (development and consulting business). Multiple-element contracts are concluded for the supply of hardware, the granting of software licences (including updates) and support and maintenance services.

secunet recognises revenue for the identified performance obligations either at a point in time or over a period of time in accordance with the satisfaction of each obligation. Multiple-element contracts are divided into separate performance obligations. The transaction price is allocated to the individual performance obligations in accordance with the relative individual selling prices, which are based on contractually agreed prices or list prices.

In the case of hardware and software licences, revenue is recognised at the point in time when control is transferred to the customer. Where support and maintenance services, updates and extended warranty commitments are granted, the respective performance obligations are satisfied by the transfer of control over a certain period. The revenue is accordingly recognised over time during the term of the contract. In the case of services, the extent of control transferred as of the reporting date is essentially assessed on the basis of the hours worked or the percentage of completion.

Most of the Group's revenue is generated from public contracts. Other customers include automotive manufacturers among others. These place a disproportionately large number of orders at the end of the year, resulting in an increased number of contracts and therefore considerable transfer of goods and services at year-end.

Due to the large number of transactions in the last few weeks prior to the reporting date, discrepancies in progress with delivery as of the reporting date, and the large share of multiple-element contracts, there is the risk for the financial statements that revenue recognised for the year under review is too high and therefore not allocated to the period in which it is incurred.

Our audit approach

In order to audit whether revenue is recognised in the period in which it is incurred, we assessed the design, setup and effectiveness of internal controls relating to order acceptance, outgoing goods or acceptance of services, and invoices.

Furthermore, we assessed revenue recognition cut-off by reconciling invoices to the related orders, contracts, external proof of delivery, acceptance protocols or time sheets. This was based on revenue recognised in December 2019 and selected using a mathematical / statistical procedure.

In addition, balance confirmations were obtained for trade receivables not yet settled as of the reporting date, which were entered in the accounts prior to 1 December 2019 and consequently not covered by the above-mentioned sample. These were also selected on the basis of a mathematical / statistical procedure. In cases where obtaining balance confirmations remained unsuccessful, we conducted alternative audit procedures by reconciling revenue to the underlying orders, contracts, internal invoice release, invoices, proof of delivery and acceptance protocols or time sheets as well as payment received.

For multiple-element contracts contained in the two samples, the breakdown into individual transactions and the related recognition of revenue was assessed based on the underlying contracts.

Our observations

The Group's procedure for revenue recognition cut-off is appropriate.

Other Information

Management and the Supervisory Board are responsible for the other information. The other information comprises:

» the Declaration of Corporate Governance referred to in Section 7 of the Group management report,
» the combined non-financial statement of the Company and the Group contained in Section 8 of the Group management report,

The other information also includes the remaining parts of the Annual Report.

The other information does not include the consolidated financial statements, the annual financial statements, the Group management report disclosures audited in terms of content, or our associated auditor's reports.

Our opinions on the consolidated financial statements and on the Group management report do not cover the other information, and consequently we do not express an opinion or any other form of assurance conclusion thereon.

In connection with our audit, our responsibility is to read the other information and, in doing so, consider whether the other information

» is materially inconsistent with the consolidated financial statements, with the Group management report disclosures audited in terms of content, or with our knowledge obtained in the audit, or
» otherwise appears to be materially misstated.

In accordance with our engagement, we conducted a separate economic audit of the combined non-financial statement of the Company and the Group. With regard to the nature, scope and results of this economic audit, we refer to our audit report dated 25 March 2020.

Responsibilities of Management and the Supervisory Board for the Consolidated Financial Statements and the Group Management Report

Management is responsible for the preparation of the consolidated financial statements that comply, in all material respects, with IFRSs as adopted by the EU and the additional requirements of German commercial law pursuant to Section 315e (1) HGB and that the consolidated financial statements, in compliance with these requirements, give a true and fair view of the assets, liabilities, financial position and financial performance of the Group. In addition, management is responsible for such internal control as they have determined necessary to enable the preparation of consolidated financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the consolidated financial statements, management is responsible for assessing the Group's ability to continue as a going concern. They also have the responsibility for disclosing, as applicable, matters related to going concern. In addition, they are responsible for financial reporting based on the going concern basis of accounting unless there is an intention to liquidate the Group or to cease operations, or there is no realistic alternative but to do so.

Furthermore, management is responsible for the preparation of the Group management report that, as a whole, provides an appropriate view of the Group's position and is, in all material respects, consistent with the consolidated financial statements, complies with German legal requirements, and appropriately presents the opportunities and risks of future development. In addition, management is responsible for such arrangements and measures (systems) as they have considered necessary to enable the preparation of a Group management report that is in accordance with the applicable German legal requirements, and to be able to provide sufficient appropriate evidence for the assertions in the Group management report.

The Supervisory Board is responsible for overseeing the Group's financial reporting process for the preparation of the consolidated financial statements and of the Group management report.

Auditor's Responsibilities for the Audit of the Consolidated Financial Statements and of the Group Management Report

Our objectives are to obtain reasonable assurance about whether the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and whether the Group management report as a whole provides an appropriate view of the Group's position and, in all material respects, is consistent with the consolidated financial statements and the knowledge obtained in the audit, complies with the German legal requirements and appropriately presents the opportunities and risks of future development, as well as to issue an auditor's report that includes our opinions on the consolidated financial statements and on the Group management report.

Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with Section 317 HGB and the EU Audit Regulation and in compliance with German Generally Accepted Standards for Financial Statement Audits promulgated by the Institut der Wirtschaftsprüfer (IDW) will always detect a material misstatement. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these consolidated financial statements and this Group management report.

We exercise professional judgement and maintain professional scepticism throughout the audit. We also:

» Identify and assess the risks of material misstatement of the consolidated financial statements and of the Group Management Report, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinions. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal controls.
» Obtain an understanding of internal control relevant to the audit of the consolidated financial statements and of arrangements and measures (systems) relevant to the audit of the Group Management Report in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of these systems.
» Evaluate the appropriateness of accounting policies used by management and the reasonableness of estimates made by management and related disclosures.
» Conclude on the appropriateness of management's use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Group's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in the auditor's report to the related disclosures in the consolidated financial statements and in the Group management report or, if such disclosures are inadequate, to modify our respective opinions. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the Group to cease to be able to continue as a going concern.
» Evaluate the overall presentation, structure and content of the consolidated financial statements, including the disclosures, and whether the consolidated financial statements present the underlying transactions and events in a manner that the consolidated financial statements give a true and fair view of the assets, liabilities, financial position and financial performance of the Group in compliance with IFRSs as adopted by the EU and the additional requirements of German commercial law pursuant to Section 315e (1) HGB.
» Obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the Group to express opinions on the consolidated financial statements and on the Group management report. We are responsible for the direction, supervision and performance of the Group audit. We remain solely responsible for our opinions.
» Evaluate the consistency of the Group management report with the consolidated financial statements, its conformity with [German] law, and the view of the Group's position it provides.
» Perform audit procedures on the prospective information presented by management in the Group management report. On the basis of sufficient appropriate audit evidence we evaluate, in particular, the significant assumptions used by management as a basis for the prospective information, and evaluate the proper derivation of the prospective information from these assumptions. We do not express a separate opinion on the prospective information and on the assumptions used as a basis. There is a substantial unavoidable risk that future events will differ materially from the prospective information.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with the relevant independence requirements, and communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, the related safeguards.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the consolidated financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter.

Other Legal and Regulatory Requirements

Further Information pursuant to Article 10 of the EU Audit Regulation

We were elected as Group auditor at the Annual General Meeting on 15 May 2019. We were engaged by the Supervisory Board on 14 December 2019. We have been the Group auditor of secunet Security Networks Aktiengesellschaft, Essen, without interruption since the 2010 financial year.

We declare that the opinions expressed in this auditor's report are consistent with the additional report to the Supervisory Board pursuant to Article 11 of the EU Audit Regulation (long-form audit report).

German Public Auditor Responsible for the Engagement

The German Public Auditor responsible for the engagement is Martin C Bornhofen.

Düsseldorf, 27 March 2020

KPMG AG Wirtschaftsprüfungsgesellschaft

Bornhofen Dr Sommerhoff German Public Auditor German Public Auditor

Responsibility Statement

"To the best of our knowledge, and in accordance with the applicable accounting principles, the Consolidated Financial Statements give a true and fair view of the assets, liabilities, financial position and results of operations of the Group, and the Group Management Report includes a true and fair presentation of the development and performance of the business and the position of the Group, together with a description of the principal opportunities and risks associated with the expected development of the Group."

Essen, 27 March 2020

Axel Deininger Torsten Henn

Dr Kai Martius Thomas Pleines

Annual Financial Statements

of secunet Security Networks Aktiengesellschaft, Essen

Balance sheet

(according to HGB) as at 31 December 2019

Assets

in euros	Note	31 Dec 2019	31 Dec 2018
A. Fixed assets
I. Intangible fixed assets		2,791,289.43	1,586,970.00
II. Tangible fixed assets		5,416,709.00	4,258,680.00
III. Long-term financial assets		7,787,060.76	8,269,415.21
Total fixed assets	1	15,995,059.19	14,115,065.21
B. Current assets
I. Inventories	2	23,307,459.09	20,118,541.00
II. Receivables and other assets	3	50,026,173.05	45,605,200.53
III. Cash in hand and balances with credit institutions	4	61,141,900.00	51,070,220.29
Total current assets		134,475,532.14	116,793,961.82
C. Prepaid expenses and accrued income		3,090,266.15	1,728,399.46

Total assets		153,560,857.48	132,637,426.49

Liabilities

in euros	Note	31 Dec 2019	31 Dec 2018
A. Equity
Subscribed capital		6,500,000.00	6,500,000.00
Nominal value of treasury shares		-30,498.00	-30,498.00
I. Issued capital		6,469,502.00	6,469,502.00
II. Capital reserves		21,656,305.42	21,656,305.42
III. Revenue reserves
1. Reserve due to treasury shares		30,498.00	30,498.00
2. Other reserves		32,872,483.59	22,786,735.42
IV. Net accumulated profit		10,092,423.12	13,197,784.08
Total equity	5	71,121,212.13	64,140,824.92
B. Provisions	6	23,950,148.93	24,760,215.27
C. Liabilities	7	30,347,531.49	26,480,780.23
D. Deferred income and accrued expenses	8	28,141,964.93	17,255,606.07

Total liabilities		153,560,857.48	132,637,426.49

Income statement

(according to HGB) for the period from 1 January 2019 to 31 December 2019

in euros	Note	1 Jan – 31 Dec 2019	1 Jan – 31 Dec 2018
Sales revenue	9	221,621,354.04	161,150,933.48
Increase of unfinished services, work in progress & finished goods		727,512.53	347,611.98
Other operating income	10	3,831,369.29	1,548,175.38
Materials expenses	11	-119,535,449.10	-74,562,740.30
Personnel expenses	12	-43,678,694.33	-39,072,761.80
Depreciation and amortisation of intangible fixed assets and tangible fixed assets	13	-2,661,610.67	-2,294,150.67
Other operating expenses	14	-26,611,071.69	-24,916,053.26
Income from equity investments	15	63,011.40	447,899.04
Financial result	16	-2,851,799.60	-466,967.82
Income taxes	17	-10,686,450.54	-7,459,665.65
Earnings after tax		20,218,171.33	14,722,280.38

Other taxes	17	-40,000.04	-43,419.02
Net income for the year		20,178,171.29	14,678,861.36

Accumulated profit carryforward		13,197,784.08	7,763,402.40
Dividend payment		-13,197,784.08	-7,763,402.40
Transfer to other revenue reserves		-10,085,748.17	-1,481,077.28
Net accumulated profit	18	10,092,423.12	13,197,784.08

Notes

regarding secunet Security Networks Aktiengesellschaft for the 2019 financial year (according to HGB)

General principles

secunet Security Networks Aktiengesellschaft in Essen, Germany (hereinafter referred to as "secunet AG" or the "Company") is a large public liability company within the meaning of Section 267 (3), sentences 1 and 2 of the German Commercial Code (Handelsgesetzbuch, HGB) and is entered in the Commercial Register at Essen Local Court (Reg. No. 13615).

The Annual Financial Statements of secunet AG are prepared in accordance with the regulations of the HGB and taking the supplementary provisions of the German Stock Corporation Act (Aktiengesetz, AktG) into account.

The valuations as at 31 December 2018 were adopted unchanged.

The financial statements have been prepared on the assumption that the Company is a going concern.

The income statement is based on the total expenditure format.

In order to enhance the clarity and transparency of the reporting, the balance sheet and the income statement combine certain individual items, which are reported in depth and explained in the Notes. In addition to the standard breakdown under commercial law, the item "Premium reserve shares from reinsurance contracts" was added to the item "Financial assets" in the "Changes in fixed assets" overview (Appendix to the Notes).

Accounting and valuation methods

Recognition and measurement are performed according to the principles set out below:

Assets

Fixed assets

Intangible and tangible fixed assets

The purchased intangible fixed assets are capitalised at their historical costs upon acquisition and are depreciated on a scheduled straight-line basis over their expected useful life.

This item primarily relates to goodwill from the takeover of SECARTIS AG. On the basis of the existing customer structure (public institutions), a customary useful life of 15 years was estimated for the goodwill. Had this goodwill been posted to the accounts immediately in 2004, the earnings from ordinary activities in the 2019 financial year would have been 50 thousand euros higher. Goodwill was fully depreciated at the end of March 2019.

An additional goodwill purchased during the 2016 financial year is being depreciated on a straight-line basis over a useful life of ten years in accordance with Section 253 (3), sentence 4 HGB, as the expected useful life cannot be estimated reliably.

Assets were acquired as part of an asset deal as of 1 July 2017. The assets and liabilities acquired are recognised at the fair value, and the purchase price in excess of this value has been reported as goodwill. This goodwill will be depreciated on a straight-line basis over an average remaining useful life of nine years, since the software purchased as part of the asset deal must be retained for a customer project with an average lifetime of nine years.

Tangible fixed assets are measured at the lower of historical cost or fair value if a long-term impairment is expected and are depreciated on a straight-line basis over the expected useful life.

Since 2008, newly acquired assets have been depreciated exclusively on a straight-line basis. Fixed assets with historical costs of less than 1,000 euros (low-value fixed assets) are divided into two groups. Since the 2018 financial year, assets with historical costs of up to 250 euros have been written off to their full amount in the year of purchase. Assets with historical costs between 250 euros (previously 150 euros) and 1,000 euros are placed in a so-called "collective item" and written off in the year of purchase and over the next four years on a straight-line basis.

Financial assets

Shares in affiliated companies and holdings are recognised at historical cost.

Value adjustments to the lower fair value are made if there is a permanent impairment. Lower valuations are retained unless a higher carrying amount up to a maximum of the original historical cost is required.

Loans to affiliated companies and to companies in which there is a participating interest are shown at nominal value.

Reinsurance contracts are measured at fair value.

Current assets

Inventories are measured at historical cost or production cost or at the lower fair value on the balance sheet date. The production cost of unfinished services as well as work in progress and finished goods includes not only the directly allocable costs, but also necessary material and production overheads as well as general administrative expenses. Voluntary social security contributions, occupational pension expense and interest on borrowings are not carried as an asset. The principles of loss-free valuation are applied.

Trade goods are measured at the lower of historical cost calculated using a sliding average and fair value.

Receivables and other assets are measured at nominal value less appropriate discounts for identifiable individual risks. The general credit risk is taken into account by means of a general loan loss provision of 1%.

Cash in hand and balances with credit institutions are measured at their nominal value.

Expenses prior to the balance sheet date, insofar as they represent expenses for a specific period after the balance sheet date, are reported under prepaid expenses and accrued income.

Liabilities

Provisions

Provisions for pensions and similar liabilities are determined in accordance with the expert opinion of an actuary, based on the projected one-off contribution method ("Projected Unit Credit Method"), using Prof. Klaus Heubeck's 2018 G mortality tables. For this valuation, an actuarial interest rate of 2.85% (previous year: 3.34%) was used, which was determined in accordance with the provisions of Section 253 (2), sentence 2 HGB in December 2019 on the basis of the average market interest rate from the past ten (previous year: ten) financial years with an assumed residual term of 20 (previous year: 20) years, forecast to 31 December 2019.

Applying an average market interest rate from the past seven financial years (2.13%), this would lead to an obligation in the amount of 6,559,120 euros as at 31 December 2019. The difference in relation to the pension provisions evaluated with an average market interest rate from the past ten financial years (2.85%) stood at 864,860 euros as at 31 December 2019 (previous year: 924,442 euros); this amount must be taken into account in determining the amount blocked for distribution purposes (Section 253 (6), sentence 2 HGB).

The impact on income from the change to the actuarial interest rate is recorded in the financial result. Furthermore, the valuation of direct pension obligations is based on the assumption of 2.5% dynamic growth of eligible remuneration (previous year: 2.5%), 2.0% dynamic adjustment of current pensions (previous year: 2.0%) and a fluctuation of 5.5% (previous year: 5.5%) on average.

In accordance with the valuation rules of Section 253 (1), sentence 2 HGB, provisions for pensions must be reported at their settlement value with effect from 2010. The amount required to be allocated to the pension provisions was calculated as at the transition date of 1 January 2010. The difference at that time from the revaluation of the obligations totalled 746,432 euros. With reference to the option provided for under Article 67 (1), sentence 1 of the Introductory Act to the German Commercial Code (Einführungsgesetz zum Handelsgesetzbuch, EGHGB), secunet AG allocated the amount of 49,763 euros (1 / 15 minimum allocation p. a.) to other operating expenditure in the 2019 financial year. The resulting coverage shortfall as at 31 December 2019 is therefore 248,802 euros.

Tax provisions and other provisions are created according to prudent business judgement, taking account of all identifiable and uncertain obligations and the required settlement amount expected. Provided that provisions with a residual term of longer than one year exist, these are discounted at the average market interest rate from the past seven financial years corresponding to their residual term.

The liabilities are recognised at their settlement value.

Earnings prior to the balance sheet date that represent income for a certain period after this date are reported under deferred income and accrued expenses.

Assets and liabilities denominated in foreign currency with a remaining term of up to one year are converted on the basis of the average spot exchange rate on the reporting date.

Deferred taxes

The table below shows asset and liability surpluses, these being only asset surpluses in the case of secunet AG.

in euros	Assets	Liabilities
Fixed assets	54,408.00	0.00
Goodwill	41,142.71	0.00
Provisions for pensions	853,727.90	0.00
Other provisions	111,164.47	0.00
Total	1,060,443.08	0.00

A tax rate of 31.91% (previous year: 31.91%) is applied. Using the option permitted under Section 274 (1), sentence 2 HGB, deferred tax assets were not posted in the balance sheet.

Income statement

The sales revenue is recognised once the service has been provided or the risk associated with the products sold has passed to the customer. Services are usually invoiced on the basis of the hours worked. For mixed transactions, the recognition criteria must be applied separately for each partial delivery. Satisfaction of a performance obligation in project business is basically defined by means of acceptance protocols.

Sales revenue is shown less value-added tax and any discounts when the sale of goods or services has taken place and the risks and rewards associated with ownership have been substantially transferred.

Notes to the balance sheet and income statement of secunet Security Networks Aktiengesellschaft

1. Fixed assets

The breakdown of and changes in the fixed assets of secunet AG can be found in the statement of fixed assets, included as an Appendix to the Notes.

The ownership of shares can be shown as follows at the balance sheet date:

» secunet s. r. o., Czech Republic, Prague, 100% participation, equity of the company as at 31 December 2019 2,240 thousand Czech korunas, net income for 2019 -306 thousand Czech korunas.
» secunet Service GmbH, Essen, 100% participation, equity of the company as at 31 December 2019 892 thousand euros, net income for 2019 598 thousand euros.
» secunet International GmbH & Co. KG, Essen, 100% participation, equity of the company as at 31 December 2019 -653 thousand euros, net income for 2019 -761 thousand euros

As at 31 December 2019, secunet International GmbH & Co. KG is overindebted in its balance sheet, but has sufficient cash and cash equivalents to meet its obligations. The fair value determined as at 31 December 2019 is higher than the carrying value, which corresponds to the historical costs (108 thousand euros).

» secunet International Management GmbH, Essen, 100% participation, equity of the company as at 31 December 2019 37 thousand euros, net income for 2019 7 thousand euros.
» finally safe GmbH i. L., Essen 100% participation, equity of the company as at 31 December 2019 34 thousand euros, net income for 2019 -638 thousand euros.

In the course of the financial year, all shares in finally safe GmbH were taken over by secunet AG within a capital increase, for which only secunet AG was eligible, and through share purchase and transfer agreements with the minority shareholders, so that the participation increased from 63.28% as at 31 December 2018 to 100% as at 31 December 2019. On 13 November 2019, secunet AG, already the 100% shareholder at that time, decided to dissolve the company through liquidation with effect from 1 December 2019. A value adjustment of 2,249,960.31 euros was made on the total acquisition costs of 3,111,960.31 euros due to the agreed liquidation. The remaining fair value as at 31 December 2019 was determined at 862 thousand euros.

» secustack GmbH, Dresden 51% participation, equity of the company as at 31 December 2019 949 thousand euros, net income for 2019 -276 thousand euros

Together with another shareholder, the Company founded secustack GmbH on 26 March 2019. In connection with the founding, the Company was permitted to acquire 51% of the shares and paid 12,750 euros into the subscribed capital of the company and 588,000.00 euros into the capital reserves of secustack GmbH, in each case in cash. The fair value determined as at 31 December 2019 is higher than the carrying value, which corresponds to the historical costs (625 thousand euros).

» secunet Inc., USA, Austin, Texas,

100% participation; the equity and net income for the year have not been disclosed due to the secondary importance of the company.

2. Inventories

in euros	31 Dec 2019	31 Dec 2018
Unfinished services	2,134,210.62	2,112,915.11
Work in progress	541,780.71	280,672.00
Finished goods	399,483.35	41,717.04
Trade goods	20,168,984.41	17,615,736.85
Advance payments	63,000.00	67,500.00
Total	23,307,459.09	20,118,541.00

The increase in the levels of trade goods at the balance sheet date was due to efforts to ensure the short to medium-term delivery capacity of the product business.

3. Receivables and other assets

in euros	31 Dec 2019	31 Dec 2018
Trade receivables	45,576,203.38	38,152,162.60
Intercompany receivables	3,658,027.75	6,971,119.19
of which trade receivables	(3,632,246.24)	(6,129,713.82)
of which transfer of net income	(0.00)	(447,899.04)
of which transfer of pensions	(0.00)	(365,808.00)
of which other services	(25,781.51)	(27,698.33)
Other assets	791,941.92	481,918.74
Total	50,026,173.05	45,605,200.53

Trade receivables include receivables of 4,727,008.44 euros (previous year: 0.00 euros) with a residual term of more than one year.

The residual term of all other receivables and other assets was up to one year.

4. Cash in hand and balances with credit institutions

The liquid funds comprise cash in hand and bank balances amounting to a total of 61,141,900.00 euros (previous year: 51,070,220.29 euros). Occasionally, investments are made in the form of fixed-term current deposits with Giesecke + Devrient GmbH, Munich.

5. Equity

The share capital is 6,500,000.00 euros. It is divided into 6,500,000 bearer shares without par value.

In total, the Company continued to hold 30,498 treasury shares (previous year: 30,498 shares) at the balance sheet date, equating to 0.469% or 30,498 euros of its share capital (previous year: 0.469%). The nominal value of the treasury shares was openly offset against share capital.

Due to the adjustments made in accordance with the German Accounting Law Modernisation Act (Bilanzrechtsmodernisierungsgesetz, BilMoG), the reserve for treasury shares in the calculated amount of the treasury shares of 30,498 was placed in the reserve for treasury shares and the remaining amount offset against other revenue reserves. The treasury shares were purchased as part of a share option programme for secunet employees in the years from 2001 to 2002.

The Annual General Meeting on 15 May 2019 resolved to appropriate the balance sheet profit of 13,197,784.08 euros for the 2018 financial year to pay out a dividend. As of 20 May 2019, a payment of 2.04 euros per share (6,469,502 individual shares) was made, making a total of 13,197,784.08 euros.

10,085,748.17 euros (= 49.98%) of the net income for the year 2019 totalling 20,178,171.29 euros will be deposited in the other revenue reserves in accordance with Section 58 (2), sentence 1 AktG.

The balance sheet profit as at 31 December 2019 is therefore 10,092,423.12 euros (previous year: 13,197,784.08 euros).

The majority shareholder, Giesecke + Devrient GmbH, continues, as in the previous year, to hold a stake of 78.96% in secunet AG.

6. Provisions

in euros	31 Dec 2019	31 Dec 2018
Provisions for pensions and similar liabilities	5,395,695.00	4,639,909.00
Provisions for taxes	3,941,175.08	6,435,184.42
Other provisions	14,613,278.85	13,685,121.85
Total	23,950,148.93	24,760,215.27

The breakdown of other provisions is shown in the table below:

in euros	31 Dec 2019	31 Dec 2018
Non-current provisions
Provisions for anniversary bonuses	314,974.00	285,574.00
Current provisions
Annual employee bonuses	9,097,263.00	7,930,793.00
Commissions	1,484,914.54	1,568,572.15
Warranties	576,000.00	974,049.00
Outstanding incoming invoices	1,294,454.40	1,002,046.53
Accrued holidays	824,642.00	692,259.00
Deferred costs	184,972.73	231,186.99
Asset retirement and mainte nance measures	403,219.18	382,051.18
Pending contractual penalties	0.00	244,000.00
Accounting and auditing costs	160,500.00	118,500.00
Professional association con tributions	145,200.00	132,000.00
Others	127,139.00	124,090.00
Total	14,613,278.85	13,685,121.85

For the 2019 financial year, the provision for commissions comprises payments due for the distribution of SINA licences, Elster sticks and Oracle licences.

The warranty provisions pertain to a provision for obligations arising from a three-year warranty agreement for specific SINA core modules in the amount of 576 thousand euros.

The provision for asset retirement and maintenance measures essentially involves asset retirement and maintenance measures to be performed by the Company for leased properties in Dresden, Essen and Munich.

7. Liabilities

in euros	31 Dec 2019	31 Dec 2018
Advance payments received on account of orders	119,590.01	1,168,399.27
Trade accounts payable	24,817,191.62	20,587,375.49
Intercompany payables	796,104.20	55,715.73
of which trade receivables	796,104.20	55,715.73
Other liabilities	4,614,645.66	4,669,289.74
of which taxes	(4,535,608.90)	(4,637,425.63)
of which relating to social security	(4,635.47)	(1,501.98)
Total	30,347,531.49	26,480,780.23

All liabilities have a term of less than one year.

8. Deferred income and accrued expenses

Given the increase in the support business, earnings are increasingly accrued in conjunction with performance after the balance sheet date.

9. Sales revenue

The sales revenue was generated in the following regions:

in euros	2019	2018
Domestic	216,701,720.14	152,801,687.92
Abroad	4,919,633.90	8,349,245.56
Total	221,621,354.04	161,150,933.48

This sales revenue can be attributed to the divisions as follows:

in euros	2019	2018
Public	164,671,722.25	144,323,735.57
Business	56,776,637.51	16,619,237.23
Others	172,994.28	207,960.68
Total	221,621,354.04	161,150,933.48

The sales revenues include 521,026.86 euros for trade goods which were sold at cost price to secunet International GmbH & Co. KG due to their difficult usability, as these goods were stocks at secunet AG reserved by this company.

10. Other operating income

The other operating income of 3,831,369.29 euros (previous year 1,548,175.38 euros) mainly includes public project grants (1,601,779.59 euros), offsetting items from the utilisation of provisions (905,055.34 euros), reimbursements from damages (428,690.00 euros), income from the release of provisions (339,173.20 euros), actuarial income from the adjustment of old-age and survivors' insurance premium reserve (314,865.90 euros) and other income (241,805.26 euros).

Income from currency conversion stood at 2,711.34 euros (previous year: 13,446.22 euros). Approximately 339 thousand euros (9%) of the other operating income relates to other periods and results from the release of provisions.

11. Materials expenses

in euros	2019	2018
Cost of purchased goods	106,010,051.14	65,505,213.39
Cost of purchased services	13,525,397.96	9,057,526.91
Total	119,535,449.10	74,562,740.30

12. Personnel expenditure

in euros	2019	2018
Wages and salaries	37,811,463.76	34,157,458.48
Social security costs	5,725,912.64	4,980,364.86
Expenses for retirement pensions	99,896.26	+82,544.44
Expenses for support	41,421.67	17,482.90
Total	43,678,694.33	39,072,761.80

13. Depreciation and amortisation of intangible fixed assets and tangible fixed assets

Depreciation and amortisation are broken down by individual item in the statement of fixed assets (see Appendix to the Notes).

14. Other operating expenses

in euros	2019	2018
secunet Group services	7,710,813.47	6,108,587.88
Rental costs	3,996,811.26	3,492,240.93
Inspection, consulting, legal protection	1,400,034.18	3,468,049.33
Travel expenses	2,464,639.23	2,407,820.79
Sales commission	1,696,827.04	1,651,436.20
Addition to other provisions	644,800.00	760,714.08
Advertising costs	831,643.79	725,858.56
Ancillary personnel expenses	993,857.97	825,462.73
Communication costs	952,643.78	628,626.84
Company car costs	900,201.68	970,531.35
Maintenance costs	1,694,656.55	977,531.30
Other third-party services	649,188.94	698,048.36
Entertainment and rep resentation	253,688.59	216,863.96
Insurance premiums	208,663.08	183,589.10
Fees	180,331.17	144,113.26
Extraordinary items arising in relation to BilMoG – Revalua tion of pension provisions	49,763.00	49,763.00
Individual value adjustment of receivables	0.00	52,127.72
Other costs	1,982,507.96	1,554,687.87
Total	26,611,071.69	24,916,053.26

Expenses resulting from currency conversion stood at 9,456.94 euros (previous year: 10,529.49 euros).

15. Income from equity investments

16. Financial result

in euros	2019	2018
Other interest and similar income	78,888.71	98,687.55
of which from affiliated companies	(78,254.84)	(65,711.79)
Depreciation of financial assets – all affiliated companies –	-2,249,960.31	0.00
Interest and similar expenses	-680,728.00	-565,655.37
of which from accrued in terest during the year from provisions for pensions	(-680,122.00)	(-545,587.00)
Total	-2,851,799.60	-466,967.82

17. Taxes

in euros	2019	2018
Income taxes	10,686,450.54	7,459,665.65
Other taxes	40,000.04	43,419.02
Total	10,726,450.58	7,503,084.67

The income taxes relate predominantly to the 2019 financial year. Expenses of 17,099.54 euros and income of 63,261.00 euros are related to other accounting periods.

18. Appropriation of the balance sheet profit

Proposal for the appropriation of distributable earnings From the balance sheet profit of 13,197,784.08 euros reported for the 2018 financial year, dividends of 2.04 euros per share (totalling 13,197,784.08 euros) were distributed in the 2019 financial year in accordance with the resolution of the Annual General Meeting on 15 May 2019.

secunet AG's Annual Financial Statements under commercial law for the 2019 financial year show net income for the year of 20,178,171.29 euros. Of this sum, 10,085,748.17 euros (= 49.98%) will be transferred to the other revenue reserves in accordance with Section 58 (2), sentence 1 AktG. This results in a balance sheet profit of 10,092,423.12 euros.

The Management Board will propose to the Annual General Meeting that a regular dividend of 1.56 euros per dividend-bearing share be distributed on the dividend-bearing share capital of 6,469,502.00 euros (i.e. a total of 10,092,423.12 euros). When determining the share capital entitled to a dividend, the total of 30,498 treasury shares was deducted.

in euros	2019
Carryforward as at 1 Jan 2019	13,197,784.08
Net income for the year 2019	20,178,171.29
Dividend payment in 2019	-13,197,784.08
Transfer to other revenue reserves	-10,085,748.17
Balance sheet profit at 31 Dec 2019	10,092,423.12
Proposal for the appropriation of distributable earnings
Dividend payment in 2020	-10,092,423.12
Carryforward	0.00

Other Notes

Employees

The average headcount over the year, including the Management Board members, was 468 (previous year: 425, including Management Board members). In addition, 57 temporary workers (previous year: 55) were also employed, making a total of 525 (previous year: 480) employees.

Other financial liabilities

As at the balance sheet date, other financial liabilities totalled 18,440,887.80 euros. They consisted mainly of the nominal amount of liabilities arising from office tenancy agreements and lease agreements for company cars, of which 2,739,121.52 euros have less than one year to run and 8,977,548.50 euros are due within a period of between one year and five years. Liabilities amounting to 6,724,217.78 euros are due after more than five years. None of the total liabilities are towards affiliated companies.

An agency agreement exists with the affiliated company secunet Service GmbH, Essen, for the central provision of services for secunet AG. A flat monthly fee of 595 thousand euros is charged for these services, the balance being settled on a quarterly basis through the allocation of costs. The contract has been concluded for an indefinite period and can be terminated with a notice period of 6 months to the end of a calendar year.

Open purchase orders

As at 31 December 2019, there were liabilities with regard to open purchase orders for goods and services in the amount of 4,243,940.23 euros.

Contingent liabilities

The company has contingent liabilities in the amount of 165,541.00 euros (previous year: 170,567 euros) from a debt entry and release agreement with secunet Service GmbH, Essen, and secunet International GmbH & Co. KG, Essen, with regard to secured direct commitments (pension, anniversary and death benefit obligations) to employees, which were transferred to the Company as part of the transfer of operations in accordance with Section 613a of the German Civil Code (BGB) with effect from 1 January 2018.

It is not expected that these contingent liabilities will be realised due to the current economic situation of the subsidiaries.

Relations with affiliated companies

Through Giesecke + Devrient GmbH, Munich, the Company is an affiliated company of MC Familiengesellschaft mbH, Tutzing, which prepares the Consolidated Financial Statements for the largest group of companies. Additionally, the Company is included in the Consolidated Financial Statements of Giesecke + Devrient GmbH, Munich. secunet AG also produces its own IFRS Consolidated Financial Statements for the smallest group of companies. The Consolidated Financial Statements are published in the Federal Gazette.

Auditors' fees

In the past financial year and in the previous year, the following fees paid to the auditors of the financial statements, KPMG AG Wirtschaftsprüfungsgesellschaft, were recognised as expenses.

in thousand euros	2019	2018
Audit services	244	227
Auditing of consolidated financial statements and annual financial statements, auditor's review of 6-month report, supervision of DPR procedures
of which relating to audit of the previous year	71	39
Other certification services
Audit of the non-financial statement	17	14
Tax advisor services
Value-added tax advice	0	8
Other services
Support in the implemen tation of EU directives and regulations	27	0
Efficiency review of the Supervisory Board 2019	10	0
	298	249

Miscellaneous

The remuneration of members of the Management Board active during the reporting year totalled 1,961 thousand euros for the reporting year (previous year: 1,420 thousand euros). For former members of the Management Board, liabilities from pension commitments amounted to 1,287 thousand euros as at the reporting date (previous year: 271 thousand euros).

Pension payments for former members of the Management Board were made in the amount of 27.1 thousand euros (previous year: 0.0 thousand euros).

Supervisory Board remuneration in the financial year totalled 77.8 thousand euros (previous year: 60 thousand euros).

Members of the Management Board held 880 shares in the Company as at the reporting date.

The members of the Supervisory Board held no shares in the Company as at the reporting date.

Disclosure of the individual amounts paid to members of the Supervisory Board, along with further details of the remuneration system and pensions for members of the Management and Supervisory Boards, can be found in the remuneration report that forms part of the combined Management Report of the Company and the Group.

The Management Board and Supervisory Board issued the declaration pursuant to Section 161 AktG in respect of secunet AG. This has been made permanently

accessible to shareholders on the Company website (www.secunet.com) under "The Company>>Investor Relations>>Corporate Governance>>Declaration of Conformity under Section 161 AktG".

Former members of the Management Board received fees of 6 thousand euros (previous year: 0.0 thousand euros) in connection with consultancy contracts.

Declarations pursuant to Section 160 (1), no. 8 AktG: Voting rights are held in the Company as at the balance sheet date for 2019. The following disclosures are based on those disclosures made by the parties subject to notification obligations in accordance with Section 26 (1) of the German Securities Trading Act (Wertpapierhandelsgesetz, WpHG).

13 December 2017: Publication of voting-right notices in accordance with Section 26 (1) WpHG

Frankfurter Investmentgesellschaft mit variablem Kapital (SICAV), Grevenmacher, Luxembourg informed us in accordance with Section 21 (1) WpHG on 12 December 2017 that its share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, fell below the threshold of 3% of the voting rights on 6 December 2017, and on this date totalled 2.81% (corresponding to 182,681 voting rights).

6 October 2017: Publication of voting-right notices in accordance with Section 26 (1) WpHG

BNY Mellon Service Kapitalanlage-Gesellschaft mbH, Germany informed us in accordance with Section 21 (1) WpHG on 5 October 2017 that its share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, fell below the threshold of 3% of the voting rights on 1 October 2017, and on this date totalled 0.00% (corresponding to 0 voting rights).

5 October 2017: Publication of voting-right notices in accordance with Section 26 (1) WpHG

Frankfurter Investmentgesellschaft mit variablem Kapital (SICAV), Grevenmacher, Luxembourg informed us in accordance with Section 21 (1) WpHG on 4 October 2017 that its share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, exceeded the threshold of 3% of the voting rights on 1 October 2017, and on this date totalled 3.07% (corresponding to 199,284 voting rights).

17 June 2013: Publication of voting-right notices in accordance with Section 26 (1) WpHG

BNY Mellon Service Kapitalanlage-Gesellschaft mbH, Germany informed us in accordance with Section 21 (1) WpHG on 10 June 2013 that its share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, exceeded the threshold of 3% of the voting rights on 6 June 2013, and on this date totalled 3.06% (corresponding to 198,930 voting rights).

17 April 2013: Publication of voting-right notices in accordance with Section 26 (1) WpHG

Ms Ingrid Weispfenning, Germany informed us in accordance with Section 21 (1) WpHG on 12 April 2013 that her share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, fell below the threshold of 3% of the voting rights on 11 April 2013, and on that date totalled 2.00% (corresponding to 129,881 voting rights).

1.05% of the voting rights (corresponding to 68,457 voting rights) are allocated to Ms Weispfenning by Felix Beteiligungen AG in accordance with Section 22 (1), sentence 1, no. 1 WpHG.

7 November 2012: Publication of notices in accordance with Section 27a (1) WpHG

With its letter dated 6 November 2012, we were informed by proxy and on behalf of MC Familiengesellschaft mbH, Germany, in accordance with Section 27a (1) WpHG with reference to the voting-right notice in accordance with Sections 21 and 22 WpHG of MC Familiengesellschaft mbH dated 9 October 2012, of the following:

The threshold specified in Section 27a (1) WpHG was exceeded by MC Familiengesellschaft mbH due to assignment. This is the incidental legal consequence of the majority shareholding in Giesecke & Devrient Gesellschaft mit beschränkter Haftung, Munich – previously held personally by Ms Verena von Mitschke-Collande – being included in MC Familiengesellschaft mbH within the framework of an increase of non-cash capital. Giesecke & Devrient Gesellschaft mit beschränkter Haftung is the majority shareholder of the company; Ms Verena von Mitschke-Collande holds the majority of voting rights in MC Familiengesellschaft mbH.

The purpose of the MC Familiengesellschaft mbH enterprise is that of a pure asset-holding company, in particular the administration of the shareholding in Giesecke & Devrient Gesellschaft mit beschränkter Haftung contributed by Ms Verena von Mitschke-Collande; the intent of Giesecke & Devrient Gesellschaft mit beschränkter Haftung holding shares in your company remains the implementation of strategic goals. It is not the intention of MC Familiengesellschaft mbH to obtain further voting rights in your company by purchase or other means within the next twelve months. MC Familiengesellschaft mbH has no intention of influencing the appointments to the administrative, managerial or supervisory bodies within your company. Likewise, MC Familiengesellschaft mbH does not seek to significantly change the capital structure of your company, in particular with regard to the ratio of equity financing and outside financing, and the dividend payout policy.

No financial contributions were made in the procurement of the shares in Giesecke & Devrient Gesellschaft mit beschränkter Haftung: in return for contributing the shares in Giesecke & Devrient Gesellschaft mit beschränkter Haftung to MC Familiengesellschaft mbH (with the consequence of assignment of the shares it holds in your company), new shares in MC Familiengesellschaft mbH were issued within the framework of the increase of noncash capital.

11 October 2012: Publication of voting-right notices in accordance with Section 21 (1) WpHG

MC Familiengesellschaft mbH, headquartered in Tutzing, Germany informed us in accordance with Section 21 (1) WpHG on 9 October 2012 that the MC Familiengesellschaft mbH share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, exceeded the thresholds of 3%, 5%, 10%, 15%, 20%, 25%, 30%, 50% and 75% of the voting rights on 8 October 2012, and on this date totalled 79.43% (corresponding to 5,163,102 voting rights).

Of these, in accordance with Section 22 (1), sentence 1, no. 1 WpHG, 78.96% are attributable to MC Familiengesellschaft mbH (corresponding to 5,132,604 voting rights) via Giesecke & Devrient Gesellschaft mit beschränkter Haftung, Munich, and 0.47% (corresponding to 30,498 voting rights) via secunet Security Networks AG, Essen.

23 May 2012: Publication of voting-right notices in accordance with Section 21 (1) WpHG

Ms Christiane Weispfenning, Germany informed us in accordance with Section 21 (1) WpHG on 23 May 2012 that her share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, fell below the threshold of 3% of the voting rights on 5 March 2012, and on that date totalled 1.95% (corresponding to 126,626 voting rights). Of these, 0.40% of the voting rights (corresponding to 26,234 voting rights) are allocated to her in accordance with Section 22 (1), sentence 1, no. 1 WpHG.

10 October 2011: Publication of voting-right notices in accordance with Section 21 (1) WpHG

Axxion S. A., L-5365 Luxemburg-Munsbach, Luxembourg informed us in accordance with Section 21 (1) WpHG on 6 October 2011 that its share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, exceeded the threshold of 3% of the voting rights on 4 October 2011, and on this date totalled 3.18% (corresponding to 206,766 voting rights).

10 December 2010: Publication of a voting-right notice in accordance with Section 21 (1) WpHG

Mr Günter Weispfenning, Germany informed us in accordance with Section 21 (1) WpHG on 7 December 2010 that his share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, exceeded the threshold of 5% of the voting rights on 30 November 2010, and on that date totalled 5.0006% (corresponding to 325,038 voting rights).

Mr Weispfenning also informed us that 1.0564% of the voting rights (corresponding to 68,665 voting rights) are attributable to him pursuant to Section 22 (1), sentence 1, no. 1 WpHG.

2 June 2010: Publication of a voting-right notice in accordance with Section 21 (1) WpHG:

Mr Günter Weispfenning, Germany informed us in accordance with Section 21 (1) WpHG on 2 June 2010 that his share of the voting rights in secunet Security Networks AG, Essen, Germany, ISIN: DE0007276503, WKN: 727650, exceeded the threshold of 3% of the voting rights on 2 June 2010, and on that date totalled 3.02% (corresponding to 196,226 voting rights).

1.06% of the voting rights (corresponding to 68,665 voting rights) are allocated to Mr Weispfenning by Felix Beteiligungen AG in accordance with Section 22 (1), sentence 1, no. 1 WpHG.

20 July 2009: Publication of a voting-right notice in accordance with Section 21 (1) WpHG

"Aktaios" Verwaltungs-GmbH, RWTÜV Aktiengesellschaft and RWTÜV e. V., with their registered offices in Essen, Germany, notified us in accordance with Section 21 (1) WpHG that their respective share of the voting rights in our company fell below the thresholds of 75%, 50%, 30%, 25%, 20%, 15%, 10%, 5% and 3% on 16 July 2009 and amounted to 0.00% (0 voting rights) on that date.

12 February 2009: Publication of a voting-right notice in accordance with Section 21 (1) WpHG

Ms Verena von Mitschke-Collande, Germany, informed us in accordance with Section 21 (1) WpHG on 10 February 2009 that her share of the voting rights in secunet Security Networks AG, Kronprinzenstrasse 30, 45128 Essen, Germany, ISIN: DE0007276503, as a member of the community of heirs of Mr Günther Siegfried Otto, exceeded the thresholds of 5%, 10%, 25%, 50% and 75% on 26 March 2004 and amounted to 78.88% (corresponding to 5,127,103 voting rights) as of that date.

Of these voting rights, 46.88% (corresponding to 3,047,201 voting rights) are attributable to Ms Verena von Mitschke-Collande pursuant to Section 22 (1), sentence 1, no. 1 WpHG via Giesecke & Devrient GmbH, Munich, and 32.00% (corresponding to 2,079,902 voting rights) pursuant to Section 22 (2) WpHG via CUBIS COM Holding GmbH, Essen and via RWTÜV AG, Essen.

12 February 2009: Publication of a voting-right notice in accordance with Section 21 (1) WpHG

Ms Claudia Miller, USA, informed us in accordance with Section 21 (1) WpHG on 10 February 2009 that her share of the voting rights in secunet Security Networks AG, Kronprinzenstrasse 30, 45128 Essen, Germany, ISIN: DE0007276503, as a member of the community of heirs of Mr Günther Siegfried Otto, exceeded the thresholds of 5%, 10%, 25%, 50% and 75% on 26 March 2004 and

amounted to 78.88% (corresponding to 5,127,103 voting rights) as of that date.

Of these, 46.88% (corresponding to 3,047,201 voting rights) are attributable to Ms Claudia Miller pursuant to Section 22 (1), sentence 1, no. 1 WpHG via Giesecke + Devrient GmbH, Munich, and 32.00% (corresponding to 2,079,902 voting rights) pursuant to Section 22 (2) WpHG via CUBIS COM Holding GmbH, Essen and RWTÜV AG, Essen.

12 February 2009: Publication of a voting-right notice in accordance with Section 21 (1) WpHG: Ms Claudia Miller, USA, informed us in accordance with Section 21 (1) WpHG on 10 February 2009 that her share of the voting rights in secunet Security Networks AG, Kronprinzenstrasse 30, 45128 Essen, Germany, ISIN: DE0007276503, had fallen below the thresholds of 75%, 50%, 25%, 10% and 5% at the end of 30 November 2006 due to the (partial) division of the estate of the community of heirs of Mr Günther Siegfried Otto and now amounted to 0.00% (0 voting rights).

12 February 2009: Publication of a voting-right notice in accordance with Section 21 (1) WpHG

Giesecke & Devrient Holding GmbH, Munich, Germany, informed us in accordance with Section 21 (1) WpHG on 10 February 2009 that its share of the voting rights in secunet Security Networks AG, Kronprinzenstrasse 30, 45128 Essen, Germany, ISIN: DE0007276503, exceeded the thresholds of 5%, 10%, 25%, 50% and 75% on 30 November 2006 and amounted to 76.38% (corresponding to 4,964,958 voting rights) as of that date.

Of these, 50% + 1 share (corresponding to 3,250,001 voting rights) are attributable to Giesecke & Devrient Holding GmbH pursuant to Section 22 (1), sentence 1, no. 1 WpHG via Giesecke & Devrient GmbH, Munich, and 26.38% (corresponding to 1,714,957 voting rights) pursuant to Section 22 (2) WpHG via RWTÜV AG, Essen.

Corporate bodies

Management Board

Dr rer nat Rainer Baumgart, Chairman of the Management Board until 31 May 2019

Qualified industrial engineer Axel Deininger, Chairman of the Management Board since 1 June 2019

Qualified business economist (FH) Thomas Pleines

Dr Kai Martius, since 1 June 2019

Torsten Henn, since 1 June 2019

Supervisory Board

Ralf Wintergerst, Baldham Chairman

Chairman of the Management Board and CEO of Giesecke+Devrient GmbH, Munich

Other directorships:

» Cyber Defence research institute, Bundeswehr University Munich
» Chairman of the shareholders' committee of veridos GmbH

Dr oec Peter Zattler, Grünwald

Vice Chairman

Member of the Management Board of Giesecke+Devrient GmbH, Munich

Other directorships:

» Veridos Matsoukis S. A., Athens, Greece
» Member of the shareholders' committee of veridos GmbH
» Managing Director Giesecke+Devrient Immobilien Management GmbH
» Managing Director Giesecke+Devrient Immobilien Verwaltungsgesellschaft GmbH

Hans-Wolfgang Kunz, Munich until 15 May 2019

Member of the Supervisory Board (until the Annual General Meeting on 15 May 2019)

CEO of Veridos GmbH, Berlin

Other directorships: » Veridos Matsoukis S. A., Athens, Greece

Dr rer pol Elmar Legge, Schermbeck

Member of the Supervisory Board

Member of the Management Board of RWTÜV e. V., Essen Member of the Management Board of the RWTÜV Foundation, Essen Member of the Management Board of the GREIF Foundation, Mülheim an der Ruhr

Other directorships:

» AHV VVAG, EssenTÜV Thüringen e. V., Erfurt
» TÜV NORD AG, Hanover

Group mandates in accordance with Section 100 (2) AktG:

» VAI Van Ameyde International B. V., Rijswijk,
Netherlands
» RWTÜV GmbH, Essen
» CTC advanced GmbH, Saarbrücken
» Cetecom GmbH, Essen

Jörg Marx, Dresden since 15 May 2019 Employee representative

No other directorships.

Wolf-Rüdiger Moritz, Lenggries until 15 May 2019 Member of the Supervisory Board (until the Annual General Meeting on 15 May 2019)

Corporate Vice President Business Continuity, Infineon Technologies AG, Neubiberg

Other directorships:

» Cryptomathic A / S, Aarhus, Denmark
» Cryptomathic Holding Aps, Aarhus, Denmark

Gesa-Maria Rustemeyer, Berlin since 15 May 2019 Employee representative

No other directorships.

Prof Dr-Ing Günter Schäfer, Berlin Member of the Supervisory Board

University professor, University of Technology, Ilmenau

No other directorships.

Events after the balance sheet date

There were no significant events after the balance sheet date.

Essen, 27 March 2020

Axel Deininger Torsten Henn

Dr Kai Martius Thomas Pleines

Changes in fixed assets

of secunet Security Networks AG in the 2018 financial year according to HGB

			Historical costs
in euros	as at 1 Jan 2019	Additions	Reclassifica tions	Disposals	as at 31 Dec 2019
I. Intangible fixed assets
1. Acquired concessions, industrial property rights and similar rights and values, and licences to such rights	120,000.00	0.00	0.00	0.00	120,000.00
2. Acquired software	1,613,861.70	740,975.80	299,000.00	-263,686.05	2,390,151.45
3. Goodwill	3,795,966.00	0.00	0.00	0.00	3,795,966.00
4. Intangible assets under construction	299,000.00	863,674.43	-299,000.00	0.00	863,674.43
Intangible fixed assets, total	5,828,827.70	1,604,650.23	0.00	-263,686.05	7,169,791.88
II. Tangible fixed assets
1. Other equipment, factory and office equipment	14,314,306.43	3,477,390.14	0.00	-1,221,431.29	16,570,265.28
Tangible fixed assets, total	14,314,306.43	3,477,390.14	0.00	-1,221,431.29	16,570,265.28
III. Financial assets
1. Shares in affiliated companies	2,965,067.17	1,486,610.86	0.00	-529,238.28	3,922,439.75
2. Loans to affiliated companies	613,550.26	0.00	0.00	0.00	613,550.26
3. Premium reserve shares from reinsurance contracts	5,860,888.00	280,995.00	0.00	0.00	6,141,883.00
Long-term financial assets, total	9,439,505.43	1,767,605.86	0.00	-529,238.28	10,677,873.01
Total fixed assets	29,582,639.56	6,849,646.23	0.00	-2,014,355.62	34,417,930.17

		Accumulated depreciations			Carrying amounts
as at Disposals 31 Dec 2019	as at 1 Jan 2019	Additions	Disposals	as at 31 Dec 2019	as at 31 Dec 2019	as at 31 Dec 2018


0.00 120,000.00	120,000.00	0.00	0.00	120,000.00	0.00	0.00
-263,686.05 2,390,151.45	1,066,422.70	258,890.80	-263,686.05	1,061,627.45	1,328,524.00	547,439.00
0.00 3,795,966.00	3,055,435.00	141,440.00	0.00	3,196,875.00	599,091.00	740,531.00
0.00 863,674.43	0.00	0.00	0.00	0.00	863,674.43	299,000.00
-263,686.05 7,169,791.88	4,241,857.70	400,330.80	-263,686.05	4,378,502.45	2,791,289.43	1,586,970.00


16,570,265.28 16,570,265.28	10,055,626.43	2,261,279.87	-1,163,350.02	11,153,556.28	5,416,709.00	4,258,680.00
	10,055,626.43	2,261,279.87	-1,163,350.02	11,153,556.28	5,416,709.00	4,258,680.00

3,922,439.75	556,539.96	2,249,960.31	-529,238.28	2,277,261.99	1,645,177.76	2,408,527.21
613,550.26	613,550.26	0.00	0.00	613,550.26	0.00	0.00
	0.00	0.00	0.00	0.00	6,141,883.00	5,860,888.00
10,677,873.01	1,170,090.22	2,249,960.31	-529,238.28	2,890,812.25	7,787,060.76	8,269,415.21
34,417,930.17	15,467,574.35	4,911,570.98	-1,956,274.35	18,422,870.98	15,995,059.19	14,115,065.21

Independent Auditor's Report

To secunet Security Networks Aktiengesellschaft, Essen

Report on the Audit of the Annual Financial Statements and of the Management Report

Opinions

We have audited the annual financial statements of secunet Security Networks Aktiengesellschaft, Essen, which comprise the balance sheet as of 31 December 2019, and the income statement for the financial year from 1 January to 31 December 2019, and notes to the annual financial statements, including the recognition and measurement policies presented therein. In addition, we have audited the combined management report – report on the position of the Company and the Group (hereinafter referred to as "management report") of secunet Security Networks Aktiengesellschaft, Essen, for the financial year from 1 January to 31 December 2019. In accordance with German legal requirements, we have not audited the content of those parts of the management report specified in the "Other Information" section of our auditor's report.

In our opinion, on the basis of the knowledge obtained in the audit,

» the accompanying annual financial statements comply, in all material respects, with the requirements of German commercial law applicable to business corporations and give a true and fair view of the assets, liabilities and financial position of the Company as of 31 December 2019 and of its financial performance for the financial year from 1 January to 31 December 2019 in compliance with German Legally Required Accounting Principles, and

» the accompanying management report as a whole provides an appropriate view of the Company's position. In all material respects, this management report is consistent with the annual financial statements, complies with German legal requirements and appropriately presents the opportunities and risks of future development. Our audit opinion on the management report does not cover the contents of those parts of the management report specified in the "Other Information" section.

Pursuant to Section 322 (3), sentence 1 HGB [Handelsgesetzbuch: German Commercial Code], we declare that our audit has not led to any reservations relating to the legal compliance of the annual financial statements and of the management report.

Basis for the Opinions

We conducted our audit of the annual financial statements and of the management report in accordance with Section 317 HGB and EU Audit Regulation No. 537 / 2014 (referred to subsequently as "EU Audit Regulation") and in compliance with German Generally Accepted Standards for Financial Statement Audits promulgated by the Institut der Wirtschaftsprüfer [Institute of Public Auditors in Germany] (IDW). Our responsibilities under those requirements and principles are further described in the "Auditor's Responsibilities for the Audit of the Annual Financial Statements and of the Management Report" section of our auditor's report. We are independent of the Company in accordance with the requirements of European law and German commercial and professional law, and we have fulfilled our other German professional responsibilities in accordance with these requirements. In addition, in accordance with Article 10 (2) point (f) of the EU Audit Regulation, we declare that we have not provided non-audit services prohibited under Article 5 (1) of the EU Audit Regulation. We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our opinions on the annual financial statements and on the management report.

Key Audit Matters in the Audit of the Annual Financial Statements

Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the annual financial statements for the financial year from 1 January to 31 December 2019. These matters were addressed in the context of our audit of the annual financial statements as a whole, and in forming our opinion thereon, we do not provide a separate opinion on these matters.

Revenue recognition on an accrual basis (revenue recognition cut-off)

For the accounting policies applied, we refer to the explanatory notes to the financial statements under "Accounting and valuation methods" and Section 9 "Sales revenue". The Company's revenue performance is presented in Section 2.3.2 of the management report.

Financial statement risk

As presented in the financial statements, secunet Security Networks Aktiengesellschaft generated revenue in the amount of 221.6 million euros in the 2019 financial year. The main contributors to revenue are multipleelement contracts and the provision of services (development and consulting business). Multiple-element contracts are concluded for the supply of hardware, the granting of software licences (including updates) and support and maintenance services.

secunet Security Networks Aktiengesellschaft recognises revenue from the sale of products and services when the services have been rendered or the Company has transferred to the buyer the significant risks and rewards of ownership of the goods sold. Services are usually invoiced on the basis of the hours worked. In the case of multiple-element transactions, the criteria for recognition must be applied separately for each element.

Most of secunet Security Networks Aktiengesellschaft's revenue is generated from public contracts. Other customers include automotive manufacturers among others. These place a disproportionately large number of orders at the end of the year, resulting in an increased number of contracts and therefore considerable transfer of goods and services at year-end.

Our audit approach

For multiple-element contracts contained in the two samples, the breakdown into individual transactions and the related recognition of revenue was assessed based on the underlying contracts.

Our observations

secunet Security Networks Aktiengesellschaft's procedure for revenue recognition cut-off is appropriate.

Other Information

Management and the Supervisory Board are responsible for the other information. The other information comprises:

» the Declaration of Corporate Governance referred to in Section 7 of the management report,
» the combined non-financial statement of the Company and the Group contained in Section 8 of the management report,

The other information also includes the remaining parts of the Annual Report.

The other information does not include the consolidated financial statements, the annual financial statements, the management report disclosures audited in terms of content, or our associated auditor's reports.

Our opinions on the annual financial statements and on the management report do not cover the other information, and consequently we do not express an opinion or any other form of assurance conclusion thereon.

In connection with our audit, our responsibility is to read the other information and, in doing so, consider whether the other information

» is materially inconsistent with the annual financial statements, with the management report disclosures audited in terms of content, or with our knowledge obtained in the audit, or
» otherwise appears to be materially misstated.

Responsibilities of Management and the Supervisory Board for the Annual Financial Statements and the Management Report

Management is responsible for the preparation of the annual financial statements that comply, in all material respects, with the requirements of German commercial law applicable to business corporations, and that the annual financial statements give a true and fair view of the assets, liabilities, financial position and financial performance of the Company in compliance with German Legally Required Accounting Principles. In addition, management is responsible for such internal control as they, in accordance with German Legally Required Accounting Principles, have determined necessary to enable the preparation of annual financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the annual financial statements, management is responsible for assessing the Company's ability to continue as a going concern. They also have the responsibility for disclosing, as applicable, matters related to going concern. In addition, they are responsible for financial reporting based on the going concern basis of accounting, provided no actual or legal circumstances conflict therewith.

Furthermore, management is responsible for the preparation of the management report that as a whole provides an appropriate view of the Company's position and is, in all material respects, consistent with the annual financial statements, complies with German legal requirements, and appropriately presents the opportunities and risks of future development. In addition, management is responsible for such arrangements and measures (systems) as they have considered necessary to enable the preparation of a management report that is in accordance with the applicable German legal requirements, and to be able to provide sufficient appropriate evidence for the assertions in the management report.

The Supervisory Board is responsible for overseeing the Company's financial reporting process for the preparation of the annual financial statements and of the management report.

Auditor's Responsibilities for the Audit of the Annual Financial Statements and of the Management Report

Our objectives are to obtain reasonable assurance about whether the annual financial statements as a whole are free from material misstatement, whether due to fraud or error, and whether the management report as a whole provides an appropriate view of the Company's position and, in all material respects, is consistent with the annual financial statements and the knowledge obtained in the audit, complies with the German legal requirements and appropriately presents the opportunities and risks of future development, as well as to issue an auditor's report that includes our opinions on the annual financial statements and on the management report.

Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with Section 317 HGB and the EU Audit Regulation and in compliance with German Generally Accepted Standards for Financial Statement Audits promulgated by the Institut der Wirtschaftsprüfer (IDW) will always detect a material misstatement. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these annual financial statements and this management report.

We exercise professional judgement and maintain professional scepticism throughout the audit. We also:

» Identify and assess the risks of material misstatement of the annual financial statements and of the management report, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinions. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal controls.
» Obtain an understanding of internal control relevant to the audit of the annual financial statements and of arrangements and measures (systems) relevant to the audit of the management report in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of these systems.
» Evaluate the appropriateness of accounting policies used by management and the reasonableness of estimates made by management and related disclosures.
» Conclude on the appropriateness of management's use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Company's ability to continue as a going concern. If we conclude that material uncertainty exists, we are required to draw attention in the auditor's report to the related disclosures in the annual financial statements and in the management report or, if such disclosures are inadequate, to modify our respective opinions. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the Company to cease to be able to continue as a going concern.
» Evaluate the overall presentation, structure and content of the annual financial statements, including the disclosures, and whether the annual financial statements present the underlying transactions and events in a manner that the annual financial statements give a true and fair view of the assets, liabilities, financial position and financial performance of the Company in compliance with German Legally Required Accounting Principles.
» Evaluate the consistency of the management report with the annual financial statements, its conformity with [German] law, and the view of the Company's position it provides.
» Perform audit procedures on the prospective information presented by management in the management report. On the basis of sufficient appropriate audit evidence we evaluate, in particular, the significant assumptions used by management as a basis for the prospective information, and evaluate the proper derivation of the prospective information from these assumptions. We do not express a separate opinion on the prospective information and on the assumptions used as a basis. There is a substantial unavoidable risk that future events will differ materially from the prospective information.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter.

Other Legal and Regulatory Requirements

Further Information pursuant to Article 10 of the EU Audit Regulation

We were elected as auditor at the Annual General Meeting on 15 May 2019. We were engaged by the Supervisory Board on 14 December 2019. We have been the auditor of secunet Security Networks Aktiengesellschaft, Essen, without interruption since the 2010 financial year.

German Public Auditor Responsible for the Engagement

The German Public Auditor responsible for the engagement is Martin C Bornhofen.

Düsseldorf, 27 March 2020

KPMG AG Wirtschaftsprüfungsgesellschaft

Bornhofen Dr Sommerhoff

German Public Auditor German Public Auditor

Responsibility Statement

"To the best of our knowledge, and in accordance with the applicable accounting principles, the Financial Statements give a true and fair view of the assets, liabilities, financial position and results of operations of the Company, and the Management Report includes a true and fair presentation of the development and performance of the business and the position of the Company, together with a description of the principal opportunities and risks associated with the expected development of the Company."

Essen, 27 March 2020

Axel Deininger Torsten Henn

Dr Kai Martius Thomas Pleines

Limited Assurance Report of the Independent Auditor regarding the Combined Non-Financial Statement 1

To the Supervisory Board of secunet Security Networks Aktiengesellschaft, Essen

We have performed an independent limited assurance engagement on the Combined Non-Financial Statement of the Company and the Group as well as the by reference qualified part of the Summarised Management Report on the position of the Company and the Group "Principles of the Group" (further the "Report") of secunet Security Networks Aktiengesellschaft, Essen (further "secunet" or "company") according to Sections 315b, 315c German Commercial Code (HGB) in conjunction with §§ 289b to 289e HGB for the year from January 1 to December 31, 2019.

Management's Responsibility

The management board of secunet is responsible for the preparation of the Report in accordance with §§ 315b, 315c HGB in conjunction with §§ 289b to 289e HGB.

This responsibility of the management board includes the selection and application of appropriate methods to prepare the Report and the use of assumptions and estimates for individual disclosures which are reasonable under the given circumstances. Furthermore, this responsibility includes designing, implementing and maintaining systems and processes relevant for the preparation of the Report in a way that is free of – intended or unintended – material misstatements.

Independence and Quality Assurance on the Part of the Auditing Firm

We are independent from the Company in accordance with the requirements of independence and quality assurance set out in legal provisions and professional pronouncements and have fulfilled our additional professional obligations in accordance with these requirements.

Our audit firm applies the legal provisions and professional pronouncements for quality assurance, in particular the professional code for German Public Auditors and Chartered Accountants (in Germany) and the quality assurance standard of the German Institute of Public Auditors (Institut der Wirtschaftsprüfer, IDW) regarding quality assurance requirements in audit practice (IDW QS 1).

Practitioner's Responsibility

Our responsibility is to express a conclusion on the Report based on our work performed within a limited assurance engagement.

We conducted our work in accordance with the International Standard on Assurance Engagements (ISAE) 3000 (Revised): "Assurance Engagements other than Audits or Reviews of Historical Financial Information" published by IAASB. This Standard requires that we plan and perform the assurance engagement to obtain limited assurance whether any matters have come to our attention that cause us to believe that the Report for the period from January 1 to December 31, 2019, has not been prepared, in all material respects in accordance with §§ 315b, 315c HGB in conjunction with §§ 289b to 289e HGB. We do not, however, issue a separate conclusion for each disclosure. In a limited assurance engagement the

1 Our engagement applied to the German version of the Report 2019. This text is a translation of the Independent Assurance Report issued in the German, whereas the German text is authoritative.

evidence gathering procedures are more limited than in a reasonable assurance engagement and therefore significantly less assurance is obtained than in a reasonable assurance engagement. The choice of audit procedures is subject to the auditor's own judgement.

Within the scope of our engagement, we performed amongst others the following procedures:

» Inquiries of personnel on group level who are responsible for the materiality analysis to get an understanding of the process for identifying material topics and respective report boundaries for secunet
» A risk assessment, including a media research, of relevant information about the sustainability performance of secunet in the reporting period
» Evaluation of the design and implementation of systems and processes for the collection, processing and monitoring of disclosures on environmental, employee and social matters, human rights, corruption and bribery, including data consolidation
» Inquiries of personnel on group level who are responsible for determining disclosures on concepts, due diligence processes, results and risks, the conduction of internal controls and consolidation of the disclosures
» Evaluation of selected internal and external documents
» Analytical evaluation of data and trends of quantitative disclosures which are reported by all sites on group level
» Assessment of local data collection and reporting processes and reliability of reported data via a sampling survey in Essen (Germany)
» Assessment of the overall presentation of the disclosures

Conclusion

Based on the procedures performed and the evidence obtained, nothing has come to our attention that causes us to believe that the Report of secunet for the business year from January 1 to December 31, 2019 is not prepared, in all material respects, in accordance with §§ 315b, 315c HGB in conjunction with §§ 289b to 289e HGB.

Restriction of Use / Clause on General Engagement Terms

This assurance report is issued for purposes of the Supervisory Board of secunet Aktiengesellschaft, Essen, only. We assume no responsibility with regard to any third parties.

Our assignment for the Supervisory Board of secunet Aktiengesellschaft, Essen, and professional liability is governed by the General Engagement Terms for Wirtschaftsprüfer and Wirtschaftsprüfungsgesellschaften (Allgemeine Auftragsbedingungen für Wirtschaftsprüfer und Wirtschaftsprüfungsgesellschaften) in the version dated January 1, 2017 https://www.kpmg.de/ bescheinigungen/lib/aab_english.pdf). By reading and using the information contained in this assurance report, each recipient confirms notice of provisions of the General Engagement Terms (including the limitation of our liability for negligence to EUR 4 million as stipulated in No. 9) and accepts the validity of the General Engagement Terms with respect to us.

Essen, March 25, 2020

KPMG AG Wirtschaftsprüfungsgesellschaft

Stauder ppa. Dietrich Wirtschaftsprüfer

Service

Locations

Headquarters Essen

secunet Security Networks AG Kurfürstenstrasse 58 45138 Essen Tel: +49 201 5454 - 0 Fax:+49 201 5454 - 1000

Berlin

secunet Security Networks AG Alt-Moabit 96 10559 Berlin

Bonn

secunet Security Networks AG Godesberger Allee 127 53175 Bonn

Dresden

secunet Security Networks AG Ammonstrasse 74 01067 Dresden

Frankfurt

secunet Security Networks AG Mergenthalerallee 77 65760 Eschborn

Hamburg

secunet Security Networks AG Osterbekstrasse 90 b 22083 Hamburg

Ilmenau

secunet Security Networks AG Werner-von-Siemens-Strasse 6 98693 Ilmenau

Munich

secunet Security Networks AG Konrad-Zuse-Platz 2-4 81829 Munich

Paderborn secunet Security Networks AG Hauptstrasse 35 33178 Borchen

Siegen

secunet Security Networks AG Weidenauer Strasse 223 – 225 57076 Siegen

Stuttgart

secunet Security Networks AG Neue Brücke 3 70173 Stuttgart

Training Center Dresden

secunet Security Networks AG Ammonstrasse 74 01067 Dresden

Financial Calendar 2020

30 March Annual Report 2019

14 April Analysts' conference

6 May Quarterly Group Statement as at 31 March 2020

8 July Annual General Meeting

12 August Half-year Financial Report as at 30 June 2020

4 November Quarterly Group Statement as at 30 September 2020

Information

Annual Report on the Internet

The secunet Security Networks AG Annual Report can be viewed as a PDF file on the Internet at www.secunet.com. This Annual Report is also available in German. In the event of conflicts the German-language version shall prevail.

Brand names

All the brand and trade names or product names mentioned in this Annual Report are the property of the corresponding holder. This applies in particular for DAX, MDAX, SDAX, TecDAX and Xetra as registered trademarks and property of Deutsche Börse AG.

Imprint

Issued by

secunet Security Networks AG Kurfürstenstrasse 58 45138 Essen, Germany

Contact

Investor Relations secunet Security Networks AG Kurfürstenstrasse 58 45138 Essen, Germany Tel.: + 49 201 54 54-12 27 Fax: + 49 201 54 54-12 28 E-mail: [email protected] Internet:www.secunet.com

Concept, design and setting

sam waikiki GbR, Hamburg, Germany www.samwaikiki.de

Text

secunet Security Networks AG

secunet Security Networks AG Kurfürstenstraße 58 45138 Essen, Germany

Phone: + 49 201 54 54-0 Fax: + 49 201 54 54-1000

E-mail: [email protected] Internet:www.secunet.com

AI Terminal

secunet Security Networks AG

386_10-k_2020-04-01_99fd8e8c-1ec4-4e44-a402-b224e589c11c.pdf

Annual Report 2019

Key Figures

of secunet Group (according to IFRS)

Long-term development of sales and EBIT

Public Sector

Solutions for e-government and high security

Business Sector

IT security for companies and industry solutions

Contents

Annual Report 2019

secunet completed the year 2019 with excellent results

Dear shareholders, customers, staff and friends of secunet,

The 2019 financial year was a year of records

We enable our shareholders to participate in the Company's success over the long term

secunet is well prepared for the future

Our thanks go to our employees

Profitable growth remains our objective

Supervisory Board Report

Dear Shareholders,

Supervision and examination methods

Meetings of the Supervisory Board

Corporate Governance

Changes to the Supervisory Board and Management Board

Annual Financial Statements and Consolidated Financial Statements for 2019

Expression of thanks

The secunet Share

Trading year 2019: a good year despite uncertainties

Continuing good performance of the secunet share

Shareholder structure remains stable

Lower trading volume

High attendance at Annual General Meeting

Shareholders receive comprehensive information

Share price performance 1 January – 31 December 2019 Index, price 1 January 2019 = 100

secunet stock information

Shareholder structure 2019

Corporate Governance Report

Declaration of Corporate Governance

Management and supervisory structure

Supervisory Board

Management Board

Targets for the appointment of women

Responsible risk management

Transparent corporate governance

Shareholders and Annual General Meeting

Corporate governance guidelines

Management Board and Supervisory Board remuneration

Information on stock option programmes and similar securities-based incentive systems

Notification of transactions under Article 19 of the European Market Abuse Regulation (managers' transactions)

Accounting and auditing of the financial statements

Declaration of Conformity under Section 161 of the German Stock Corporation Act dated 27 November 2019

3.8, para. 3

A similar deductible shall be agreed upon in any D&O policy for the Supervisory Board.

5.1.2, para. 2, sentence 3

An age limit for members of the Management Board shall be specified.

5.3.1

Depending on the specifics of the enterprise and the number of its members, the Supervisory Board shall form committees with sufficient expertise.

5.3.2

The Supervisory Board shall set up an Audit Committee.

5.3.3

The Supervisory Board shall form a Nomination Committee.

5.4.1, para. 2, sentence 1

5.4.6, para. 1, sentence 2

The status as Chair or membership of a committee shall also be taken into consideration when specifying the remuneration of Supervisory Board members.

Management Report

Combined Management Report on the position of the Company and the Group for the 2019 financial year

8 Combined Non-financial Statement of the Company and the Group 42

1 Principles of the Group

1.1 Business model and Group structure

1.1.1 Business model of the Group

1.1.2 Group and organisational structure

1.1.3 Products and services

1.1.4 Key sales markets

1.2 Corporate management

1.3 Research and development – innovation report

2 Economic Report

2.1 Framework conditions for the overall economy and for relevant sectors

2.2 Assessment of business performance in 2019