Compliance policy

Compliance Policy

25 March 2025

The Board of Directors of IBERDROLA, S.A. (the “Company”) has the power to design, assess and continuously revise the Company’s Governance and Sustainability System, and specifically to approve and update policies, which contain the guidelines governing the conduct of the Company, and furthermore, to the extent applicable, inform the policies that the companies belonging to the group of which the Company is the controlling entity, within the meaning established by law (the “Group”), decide to approve in the exercise of their autonomy.

The Company has a solid and innovative track record in compliance, which it has developed on the basis of regulatory requirements and best practices, positioning it as a leader in this field. In 2002 it already had a Code of Ethics to guide the conduct of its directors, professionals and suppliers as well as those of the other companies of the Group, and in 2010 it approved a Crime Prevention Policy which, together with the Anti-Corruption and Anti-Fraud Policy that came into force in 2016, strengthen the development of a business culture based on ethics, on honesty, and on the responsibility and the commitment of the Company and of the other companies of the Group to actively respond to the challenge of the fight against corruption and fraud in all their areas of activity.

This Policy, together with the Anti-Corruption and Anti-Fraud Policy and the Internal Reporting and Whistleblower Protection System, shows the firm commitment of the Company to its purpose and values, to ethical principles and to unwavering vigilance and the punishment of any acts and conduct that are improper, illegal or contrary to law or the Governance and Sustainability System, which requires the maintenance of effective mechanisms for communication and sensitivity- and awareness-raising among all professionals, and the development of a corporate culture of ethics and honesty.

The Company has established an effective, autonomous, independent and robust Compliance System of its own to prevent, manage and mitigate the risk of improper conduct and acts that are illegal or contrary to law and the Governance and Sustainability System that can be performed within the organisation, and to ensure that the conduct of the organisation is in accordance with ethical principles, the law and internal rules. Based on the experience it has accumulated and in line with the evolution of its Governance and Sustainability System towards an increasing decentralisation of duties and responsibilities among the various companies of the Group, the Company continues to make progress and to maintain its commitment to leadership at the forefront of a compliance culture.

Along these lines, in exercising these powers, and within the framework of legal provisions, the By-Laws and the Purpose and Values of the Iberdrola Group, and consistently with its culture of prevention of improper conduct and acts that are illegal or contrary to law and to the Governance and Sustainability System, as well as its firm commitment to ethics and compliance, the Board of Directors hereby approves this Compliance Policy (the “Policy”), which respects, further develops and adapts the Ethical and Basic Principles of Governance and Sustainability of the Iberdrola Group with respect to the Company.

The principles contained in this Policy take specific shape and are further developed in the Anti-Corruption and Anti-Fraud Policy and in the Internal Reporting and Whistleblower Protection System.

1. Scope of Application

This Policy applies to the Company. Without prejudice to the foregoing, it includes basic principles that, in the area of compliance, complement those contained in the Ethical and Basic Principles of Governance and Sustainability of the Iberdrola Group and, to this extent, must inform the actions and regulatory developments by the other companies of the Group in this area in the exercise of their powers and in accordance with their autonomy.

To the extent that listed country subholding companies form part of the Group, they and their subsidiaries, under their own special framework of enhanced autonomy, may establish principles and rules that must have content consistent with the principles of this Policy.

To the extent applicable, these principles must also inform the conduct of the foundations linked to the Group.

For companies that do not form part of the Group but in which the Company holds an interest, as well as for joint ventures, temporary joint ventures (uniones temporales de empresa) and other entities in which it assumes management, the Company shall also promote the alignment of its regulations with the basic principles regarding compliance contained in this Policy.

2. Purpose

The purpose of this Policy is to establish the main principles of conduct governing the commitment of the Company to prevent, detect and respond to any conduct that is improper or involves any act that is illegal or contrary to law or to the Governance and Sustainability System, as well as to demonstrate the willingness of the Company to combat said conduct in all of their activities, both as an expression of its culture of compliance and its own social commitment to the public interest and to avoid any potential damage to its image and reputational value and, ultimately, the value of the Company’s shares and brand.

Thus, on the one hand, the Policy makes explicit the Company’s firm commitment to its purpose and values, with ethical principles and with ongoing monitoring and penalisation of improper conduct and acts that are illegal or contrary to law or to the Governance and Sustainability System, and on the other conveys to the shareholders, to the members of the management bodies and to the professionals of the Company, as well as to third parties engaging in relationships therewith, a strong message of opposition to the commission of any impropriety or act that is illegal or contrary to law or to the Governance and Sustainability System.

3. Main Principles of Conduct

The main principles of conduct that the Company adopts and promotes in the area of compliance are described below:

a) On the one hand, foster a preventive culture based on the principle of “zero tolerance” towards improper conduct and acts that are illegal or contrary to law or to the Governance and Sustainability System, and on the other, the application of ethical principles and principles of responsible behaviour that should govern the conduct of all members of the management bodies, as well as of the professionals of the Company, regardless of their level or functional subordination, and that of its suppliers.

This “zero tolerance” principle is absolute in nature and takes precedence over the possibility of obtaining any type of benefit (financial or otherwise) for the Company or its directors or professionals, when based on a business or transaction that is improper, illegal or contrary to law or to the Governance and Sustainability System.

b) Within the framework of the drive for its preventive culture, foster processes of self-control in the conduct and decision-making of the members of the management body and of the professionals, such that their actions are based on four basic premises: (i) that they are ethically acceptable; (ii) that they are legally valid and comply with the provisions of applicable law and internal rules, including the Governance and Sustainability System, and particularly with the Code of Conduct for Directors, Professionals and Suppliers; (iii) that they are performed within the framework of the corporate interest of the Company; as well as (iv) that they are prepared to assume responsibility therefor.

c) Identify and assess the risks associated with improper conduct and acts that are illegal or contrary to law or to the Governance and Sustainability System in the activities of the Company.

d) Establish the appropriate controls and preventive measures (including, without limitation, through the internal rules and procedures approved for this purpose) for the identification, control, mitigation and prevention of improper conduct and acts that are illegal or contrary to law or to the Governance and Sustainability System, as well as identified risks, in line with the provisions of the General Risk Control and Management Foundations of the Iberdrola Group and the Sustainable Development Policy.

e) Take appropriate measures to ensure that relations between the professionals of the Company with any other company and the members thereof are governed by the principles of transparency and honesty, as well as by respect for free competition.

f) Promote relations of the Company with its Stakeholders being based on ethics and integrity.

g) Ensure that the relationship of the Company with its suppliers is based on legality, business ethics, efficiency, transparency and honesty and endeavour to ensure that they comply with established policies, rules and procedures, particularly with respect to the prevention of corruption, in any of its manifestations, adopting the appropriate due diligence measures to promote principled, sustainable and responsible business behaviour throughout the supply chains.

h) Implement appropriate training programmes and communication plans for professionals of the Company, as well as for third parties with whom relations are customarily maintained, regarding the duties imposed by the law applicable to any of their areas of activity or that are established in the Governance and Sustainability System and other internal rules and regarding the consequences of the violation thereof, with a frequency sufficient to ensure that their knowledge of the issues covered by this Policy is kept up to date.

In particular, specific training programmes shall be carried out to provide information on the Internal Reporting and Whistleblower Protection System and the operation thereof, as well as on the procedure established to manage grievances and reports received through this system and measures of protection and support for whistleblowers.

i) Penalise, in accordance with the provisions of applicable law at any given time: (i) conduct that contributes to preventing or hindering the discovery of improprieties or acts that are illegal or contrary to law or to the Governance and Sustainability System; (ii) breach of the specific duty to report through internal reporting channels (as this term is defined in the Internal Reporting and Whistleblower Protection System) potential improprieties or breaches of which they are aware; and (iii) the taking of any type of retaliatory measures against the whistleblower (or persons related thereto) who reports the aforementioned conduct.

j) Seek a fair, non-discriminatory and proportional application of penalties as provided by applicable law from time to time.

k) Provide all assistance and cooperation that may be requested by internal or judicial and administrative bodies and domestic or international institutions and entities, including competition authorities, to investigate acts that are allegedly improper, illegal or contrary to law or the Governance and Sustainability System that may have been committed by the members of the management bodies or the professionals of the Company and that relate to or affect the scope of their activities.

The monitoring of and compliance with the principles contained in this Policy contribute to achieving the full realisation of the Purpose and Values of the Iberdrola Group and of the corporate interest, in accordance with applicable legal provisions, and particularly with the Governance and Sustainability System, consistently with the principles and guidelines for conduct aimed at ensuring the ethical and responsible behaviour of the directors, professionals and suppliers of the Company.

4. Compliance System

The Company has a Compliance System, which includes all the rules, formal procedures and substantive activities that are intended to ensure that the Company acts in accordance with ethical principles, the law, and internal rules, particularly the Governance and Sustainability System, to contribute to the full realisation of the Purpose and Values of the Iberdrola Group and the corporate interest, and to prevent, manage and mitigate the risk of regulatory and ethical breaches that may be committed by the directors, professionals or suppliers thereof within the organisation.

The Company’s Compliance Unit proactively and autonomously oversees the implementation and effectiveness of its Compliance System, without prejudice to the responsibilities corresponding to other bodies and divisions of the Company.

The Compliance System is under continuous review to incorporate the most advanced international practices and trends in accordance with the highest international good governance standards and new regulatory requirements in this field, and ensures the dissemination, implementation and monitoring of the principles of conduct set out in this Policy. For such purposes, the Company’s Compliance Unit, which is configured in accordance with the highest standards of independence and transparency and which has at least one member not related to any of the companies of the Group, enjoys the necessary autonomy and capacity for initiative and control and has the appropriate material and human resources for the performance of its duties.

The fundamental elements of the Company’s Compliance System are, on the one hand, its crime prevention programme and, on the other hand, the Internal Reporting System, activated so that the members of its management decision-making body, its professionals, its suppliers and other third parties determined by applicable legal provisions can report potentially improper conduct or acts that are potentially illegal or contrary to law or to the Governance and Sustainability System that concern or affect the their respective activities, including, in particular, acts and conduct that are potentially fraudulent or facilitate corruption in any of its forms.

The internal reporting channels activated for this purpose by the Company form part of the internal reporting system pursuant to the provisions of the Internal Reporting and Whistleblower Protection System, and they constitute the preferred channel for reporting such conduct and acts and for the processing of grievances or reports that are submitted.

The Company regularly submits its Compliance System to review by independent experts.

5. Crime Prevention Programme

As regards the basic principle relating to the identification and evaluation of the risks relating to improper conduct and acts that are illegal or contrary to law or to the Governance and Sustainability System, the Company has implemented through the Compliance Unit and other competent bodies a specific and effective programme for the prevention of crimes, which is understood as the group of measures intended to prevent and mitigate the risk of commission of potential crimes and to detect and react to the commission thereof.

The purpose of this programme is: (i) to strengthen the commitment of the Company to combat the commission of crimes, and particularly all forms of corruption and fraud; and (ii) to assure third parties and judicial and administrative authorities that the Company effectively complies with the duties of supervision, monitoring and control of its activities by establishing appropriate measures to prevent crimes −or to significantly reduce the risk of the commission thereof− and that, therefore, the Company exercises due control over the members of its management decision-making bodies, its professionals, and other subordinates, based on its governance model, as is legally required thereof, including the monitoring of possible situations of crime risk that may arise within the scope of its activities, even in those cases in which such situations cannot be attributed to a specific individual.

The Company’s Compliance Unit is responsible for endeavouring to ensure the implementation, development, updating and fulfilment of the crime prevention programme of the Company and of those other companies of the Group that are not country subholding companies, head of business or country companies, or companies in which they have a stake, as well as for coordinating the implementation, development and fulfilment of similar programmes at the other companies of the Group, without prejudice to the powers and responsibilities assigned to other bodies and divisions of the Company and, if applicable, to the administrative and management bodies of the country subholding and head of business or country companies and to the compliance units of these companies.

Furthermore, at least once per year, the Company’s Compliance Unit shall evaluate compliance with and the effectiveness of its crime prevention programme and shall assess whether regular modification and update thereof is appropriate, provided that the circumstances so require.

6. Group-level Coordination

The Compliance Unit shall establish the framework for relations of coordination, cooperation and information with the respective compliance units of the other companies of the Group and with the heads of the compliance function of the other companies of the Group in order to promote the highest ethical standards in the compliance area, particularly but not limited to issues relating to investigation procedures, the analysis and evaluation of criminal risks, the measures and controls implemented for the mitigation thereof, internal compliance rules, and the promotion of training plans.

The country subholding companies and head of business or country companies may adopt policies, rules and principles that adapt and develop the provisions of this Policy to the characteristics, needs and particularities of their respective territories, countries or businesses, reporting them to the Company’s Compliance Unit through the channels established for these purposes.

7. Implementation and Monitoring

The Compliance Unit proactively endeavours to ensure the application and effectiveness of this Policy and disseminates the content hereof among the people to whom it is addressed, all without prejudice to the responsibilities assigned to other bodies and divisions of the Company.

The Sustainable Development Committee shall regularly review the contents of the Policy, ensuring that it reflects the recommendations and best international practices, and shall propose to the Board of Directors those amendments and updates that contribute to the development and ongoing improvement thereof, taking into account any suggestions and proposals made by the Compliance Unit.

* * *

This Policy was initially approved by the Board of Directors on 20 June 2023 with the name Compliance and Internal Reporting and Whistleblower Protection System Policy and was last amended on 25 March 2025, changing its name to the Compliance Policy.