No tax services provided by the statutory auditor

The services provided by the audit firm during the year 2025 correspond to Statutory Audit services, as well as the limited review of Interim Financial Statements, verification of the Non-Financial Information and Sustainability Statement, and other services related to Auditing.

The auditor did not provide tax or any other services beyond those mentioned above in fiscal year 2025. The consolidated annual report on the activities of the Board of Directors' Committees is available at this link.

Criminal Risk Prevention and Anti-Bribery Compliance System of Endesa

Endesa has a solid regulatory framework that outlines its values and principles regarding ethics, integrity, and corporate responsibility, and establishes guidelines to direct the actions of its collaborators, thereby contributing to building a firm ethical and compliance culture. The Criminal Risk Prevention and Anti-Bribery Model, alongside the Compliance Policy, the Code of Ethics, and the Zero Tolerance to Corruption Plan, among others, represent the pillars of this culture.

Endesa's System for preventing criminal infractions and anti-bribery has been certified by AENOR in accordance with the UNE 19601 Standard since 2017.

This System aims to prevent the commission of crimes within its area of activity. The System is a structured and organic model of procedures and surveillance and monitoring activities suitable for preventing the commission of crimes falling under its scope – that is, those that could result in criminal liability for the legal entities of its business group.

Among the criminal risks covered by the model are money laundering and the crime of asset stripping.

All members of the organisation are responsible for the execution and compliance of the model. It is available on the organisation's intranet, and initiatives are promoted for its dissemination and comprehension (e.g. mandatory online training).

Furthermore, all members of the organisation commit to complying with the model through express statements of commitment or through clauses incorporated into their employment contracts. Endesa's General Contracting Conditions also include clauses of commitment to ethical regulations and criminal risk prevention and anti-bribery for its suppliers.

In addition, the System is continuously monitored by the Supervisory Committee. Internal Audit periodically conducts reviews of its adequate design and functioning. The results of such oversight are presented to the Audit and Compliance Committee, which is the body responsible for supervising the functioning and compliance of the model.

The System is comprised of five elements that, combined, ensure an adequate control system for preventing crime risk:

• Definition of the control environment related to the processes.
• Assessment: Valuing the design and operability of the control activities proposed in the System, as well as the associated risk.
• Definition of action plans addressing deficiencies.
• Response to breaches: In the event of non-compliance, Endesa applies, in addition to other legally applicable measures, those established in its VI Framework Agreement applicable to its workers.
• Updating and measurement of compliance indicators, which allow tracking the main aspects of Endesa's Criminal Risk Prevention and Anti-Bribery Compliance System, as well as measuring its effectiveness.