RWE : Compliance Report 2023

Compliance

2023

Glad you are here.

A word from our Chief Compliance Officer

"It is my pleasure to present to you our Compliance Report for 2023. At a time when the energy sector and the global economy are evolving rapidly, compliance is particularly important. The year has shown that a strong commitment to compliance is essential to ensure sustainable success and to strengthen the trust of business partners, stakeholders and society in a responsible future. We are ready to take on the new challenges and will continue to align our business activities with high compliance standards."

Ilka Röhrhoff

Chief Compliance Officer

The Compliance Year 2023 in the RWE Group

The Compliance Report provides a review of our compliance activities and the further development of our Compliance Management System in 2023.

Against the background of the Whistleblower Protection Act coming into force in 2023, one thematic focus was the review of our central, well-functioning whistleblower protection system. The processes already established meet the legal requirements and have been supplemented by new organisational and procedural specifications. We will continue to ensure a high level of protection for whistleblowers in the future and in principle follow up on every report of misconduct.

The focus of our compliance activities continues to be on combating corruption and related property offences. We also deal with the prevention of money laundering and terrorist financing as well as export control compliance.

The avoidance or appropriate handling of potential conflicts of interest also plays an important role in the integrity and sustainability of our business and promotes trust among our employees, business partners, shareholders and the public.

RWE AG Compliance Report 2023

2

Compliance Management System Our approach

Corruption and any kind of compliance violations are not toler- ated. We base all business activities and decisions on defined compliance guidelines. To prevent compliance violations, we have established a Compliance Management System (CMS) in the RWE Group that is aligned with the Group's risk situation and is regularly audited - most recently in 2021 - in accordance with the IDW assurance standard 980.

The aim of the CMS is to ensure compliance with laws and internal company requirements throughout the Group. Our CMS serves to identify corruption and other compliance risks as well as to prevent violations of applicable laws and internal guidelines. The CMS describes a large number of processes and measures that are implemented in the Group. These include individual advisory activities, extensive training of our employees and compliance risk analyses.

The compliance risk analysis is a central part of the CMS. Starting with the identification and assessment of the main compliance risk areas through to the derivation of any necessary measures, we involve the specialist departments and operational units in the risk analysis.

In addition, our internal control system (ICS) is the basis for preventing process errors and misconduct. This includes organisational requirements such as the dual control principle, separation of functions, authorisation concepts and approval procedures. The quality and functionality of our control and risk management system are regularly reviewed by RWE AG's Internal Audit depart- ment. Such audits also took place in 2023.

The Chief Compliance Officer (CCO) of RWE AG is responsible for the overall management of the CMS. Compliance Officers have been appointed for Group companies in Germany and abroad to work towards uniform implementation of the Group- wide compliance requirements of RWE AG. The Compliance Officers also take local laws and regulations into account. Furthermore, measures and processes are implemented in accordance with the business model of the respective Group company.

The Compliance Officers report regularly to the CCO, who in turn informs the Executive Board and the Audit Committee of the Supervisory Board of RWE AG about compliance-relevant topics, such as legal developments, the further development of the CMS or indications of potential compliance violations.

RWE AG Compliance Report 2023

3

Code of Conduct

The basis of our actions

Our Code of Conduct contains rules of behaviour that apply to all employees of the RWE Group without exception. The Code of Conduct is preceded by ten principles of conduct that contain the most important statements on topics such as human rights, labour standards, combating corruption and the avoidance of conflicts of interest, anti-money laundering and foreign trade law.

Back in 2004, we joined the United Nations Global Compact Initiative and signed the ten underlying principles. In doing so, we explicitly committed ourselves to consistently respecting human rights and labour standards, strengthening environmental protection in our business activities and actively preventing corruption.

We expect our business partners to have a compliance standard comparable to ours. In principle, our business partners are obliged to accept our principles of conduct as a basis for cooperation unless they have their own compliance standards that are considered equivalent.

We regularly review business relationships with our business partners. If it becomes publicly known that they have violated the principles of the UN Global Compact or legal requirements, we take what we consider to be necessary and appropriate measures.

All potential trading partners are checked before we enter into business relationships with them on the wholesale market. This takes place in a standardised and multi-stage process - the Know- Your-Customer process (KYC process). As part of this process, we use various information systems and channels as well as international databases to check whether there are any indications of possible misconduct on the part of our trading partners. In case of findings, we take what we consider to be necessary and appropriate risk-based measures.

RWE AG Compliance Report 2023

4

Awareness of our employees

#TEAMRWE

Entrepreneurial behaviour in accordance with laws and values is very important to us. The main objective of the CMS is to permanently anchor compliant behaviour in the thoughts and actions of our employees and to strengthen the compliance culture in the Group in the long term. Our employees are therefore regularly sen- sitised to compliance topics in trainings. They are shown adequate behaviour and measures that they can apply in their professional environment. Various training formats are offered and used for this purpose.

Through a web-based training programme, all of our employees receive mandatory compliance training every year with a varying focus topic. In 2023, the topic was "Whistleblowing". In addition, our training concept provides for classroom training based on the risk classification of employees' activities. Executive boards and management boards also participate in the mandatory web- based training and classroom training.

Moreover, we inform our employees regularly and on an ad-hoc basis about current developments, our Group guidelines, requirements for compliance-adequate behaviour and potential risks of violations. A wide variety of communication channels are used to reach all employees.

A strong compliance culture within the Group is important to us. As role models, managers have the task of anchoring the compliance culture in their area of responsibility and ensuring that our compliance requirements and processes are adhered to.

Each executive is required to report on the implementation of the Code of Conduct in their area of responsibility. This so-called Exec- utives' Compliance Reporting is carried out once a year in order to create transparency with regard to adherence of the Code of Conduct and to obtain an overview of compliance awareness at RWE. We aim for a response rate of 100 %. This was achieved once more in 2023.

To make compliance-sensitive processes transparent a Compliance IT-Tool is used in the RWE Group. Donations, sponsorships and memberships as well as compliance-relevant consultancy and agency contracts are documented here. Furthermore, gratuities to public and elected officials are recorded which are considered relevant according to our Group guideline.

RWE AG Compliance Report 2023

5

Whistleblower system

Handling and protection

We encourage our employees to report indications of potential violations of our Code of Conduct or non-compliantbehaviour. In the event of suspected or actual breaches of the law, employees can inform the compliance officers via whistleblowing channels, such as the Group-wideweb-based whistleblowing system, where they can choose to remain anonymous.

Employees and third parties such as suppliers or other business partners all have the option to involve an independent external contact person.

We promptly and appropriately follow up on all relevant indications of possible compliance violations. In doing so, we ensure the greatest possible protection for whistleblowers. Persons who provide information in good faith or who contribute to clarification will not suffer any disadvantages as a result of the report. Actions or omissions in connection with professional activities that are a reaction to a report or disclosure and that cause or may cause an unjustified disadvantage to the whistleblower will not be tolerated.

In connection with the processing of reports, we also ensure the highest level of confidentiality, i.e. the identity of the whistle- blower is protected. We also take into account the interests worthy of protection of the persons affected by a report when clarifying the information. The information received is checked by the Group functions responsible for the investigation. Where neces- sary, remedial measures are then initiated as part of a systematic follow-up process. If compliance violations by employees and/or business partners are identified, necessary and appropriate measures are initiated.

As part of its risk-oriented audit planning, RWE AG's Internal Audit department regularly includes various principles of our Code of Conduct as areas to be audited. If audits within the Group companies reveal indications of violations, these are reviewed and, where necessary, remedial measures are initiated as part of a systematic follow-up process.

RWE AG Compliance Report 2023

6

Group Compliance compliance@rwe.com

RWE Aktiengesellschaft

RWE Platz 6

45141 Essen

7