CRIME PREVENTION POLICY

Crime Prevention Policy

20 December 2022

The Board of Directors of IBERDROLA, S.A. (the "Company") has the power to design, assess and continuously revise the Governance and Sustainability System, and specifically to approve and update the corporate policies, which contain the guidelines governing the conduct of the Company and of the companies belonging to the group of which the Company is the controlling entity, within the meaning established by law, the Company (the "Group").

In fulfilling these responsibilities, and within the framework of the law and the By-Laws, the guidelines for conduct that take shape in the Purpose and Values of the Iberdrola Group, and consistently with its culture of prevention of improprieties, the Board of Directors hereby approves this Crime Prevention Policy (the "Policy").

1. Purpose

This Policy is intended to convey to all members of the management team and professionals of the companies of the Group, as well as to third parties establishing relations therewith, an unambiguous message of opposition to the commission of any unlawful criminal offence and the desire of the Group's companies to combat them and prevent them, thus avoiding any possible erosion of its image and its reputational value and, ultimately, of the price of its shares and the value of the Company's brand.

The Anti-Corruption and Anti-Fraud Policy, together with this Policy, shows the commitment of the Group's companies to unwavering vigilance and the punishment of improper or illegal acts and conduct, the maintenance of effective mechanisms for communication and awareness-raising among all professionals, and the development of a corporate culture of ethics and honesty.

2. Scope of Application

This Policy applies to all members of the management team and the professionals of the Company and of the other entities that make up the Group, as well as of investee companies not belonging to the Group over which the Company has effective control, within the limits established by law.

In the Group's governance model, the head of business companies assume executive responsibilities on a decentralised basis, enjoy the independence necessary to carry out the day-to-day administration and effective management of the businesses and are assigned the responsibility for the day-to-day control thereof through their respective boards of directors and management decision-making bodies, which, with the supervision of the Compliance Unit and other competent bodies, ensure the implementation and the monitoring of the principles of conduct set forth in this Policy, without prejudice to appropriate coordination at all levels within the Group. This model is complemented with the existence of country subholding companies that group together the equity stakes in the head of business companies and strengthen the function of strategic supervision, organisation and coordination in relation to the territories, countries or businesses decided by the Company's Board of Directors, disseminating, implementing and ensuring compliance with the policies, strategies and general guidelines at the Group level based on the characteristics and particularities of their respective territories, countries or businesses.

The listed country subholding companies and their subsidiaries, pursuant to their own special framework of strengthened autonomy, may approve their own crime prevention policy applicable to each of said companies and its subsidiaries to comply with the requirements applicable thereto due to its status as a listed company. In any event, said policies must be in accord with the principles set forth in this Policy and in the other environmental, social and corporate governance and regulatory compliance policies of the Governance and Sustainability System.

The country subholding and head of business companies may also adopt policies and rules that develop and adapt the principles contained in this Policy to the particular nature of each jurisdiction or business. Members of the management team and professionals of the companies of the Group who are also subject to other policies, rules or principles, whether applicable to a particular industry or deriving from the national laws of the territories or countries in which they carry out their activities, shall also be bound hereby. Appropriate coordination shall be established in order to ensure that such policies, rules or principles are consistent with the principles set out in this Policy.

Furthermore, all persons acting as representatives of the companies of the Group at companies and entities not belonging thereto shall, to the extent possible, promote the implementation of specific and effective programmes for the prevention of crimes similar to those of the companies of the Group.

At those companies in which the Company has an interest and to which this Policy does not apply, the Company will promote, through its representatives on the boards of directors of such companies, the alignment of their own policies with those of the Company.

This Policy shall also apply, to the extent relevant, to the joint ventures, temporary joint ventures (uniones temporales de empresas) and other equivalent associations, if the Company assumes the management thereof.

3. Main Principles of Conduct

The main principles of conduct on which this Policy is based are described below:

a) integrate and coordinate a set of actions required to prevent and combat the possible commission of criminal offences by any professional the companies of the Group as a basic pillar of the Policy, in line with the Anti-Corruption and Anti-Fraud Policy, the General Risk Control and Management Policy and the General Sustainable Development Policy;

b) create a transparent environment, integrating the various systems developed to prevent the commission of crimes and maintaining appropriate internal channels to favour the communication of possible improper acts, including the use ethics mailboxes, which allow professionals of the companies of the Group, suppliers and shareholders of the Company to report potential financial or accounting improprieties and to communicate other conduct that may entail a breach of the Governance and Sustainability System or the commission by any professional of the Group's companies of an act contrary to the law or the rules of conduct of the Code of Ethics;

c) act at all times in compliance with applicable law and within the framework established by the Code of Ethics, as well as pursuant to the internal rules and regulations of the Company;

d) foster a preventive culture based on the principle of "zero tolerance" towards the commission of wrongful acts and on the application of ethical principles and responsible behaviour by all professionals of the companies of the Group, irrespective of their level and geographic location;

e) within the drive for this culture of prevention, foster processes of self-control in the activities and decision-making of the members of the management team and workforce, such that any action of a professional of the Group's companies is based on four basic premises: (i) that it is ethically acceptable; (ii) that it is legally valid; (iii) that it is desirable for the Company and the other companies of the Group; as well as (iv) that the professional is prepared to assume responsibility therefor;

f) ensure that the Compliance Unit has the physical and human resources required to efficiently and proactively monitor the operation and observance of this Policy, without prejudice to the responsibilities assigned to other decision-making bodies and divisions of the Company and, if appropriate, the administrative and management bodies of the country subholding companies and head of business companies;

g) develop and implement appropriate procedures for the control and comprehensive management of crime prevention at all companies of the Group;

h) keep the focus on proactive activities, such as prevention and detection, rather than on reactive activities, such as investigation and punishment;

i) investigate any claim of an allegedly criminal act or improper act, regardless of the amount thereof and as soon as practicable, guaranteeing the confidentiality of the reporting party and the rights of the persons investigated. In addition, the companies of the Group shall provide all assistance and cooperation that may be requested by judicial and administrative bodies and domestic or international institutions and entities to investigate allegedly criminal or improper acts that may have been committed by their professionals;

j) seek a fair, non-discriminatory and proportional application of penalties as provided by applicable law from time to time;

k) notify all professionals of the companies of the Group of their duty to report any act that might constitute a possible criminal offence or improper act of which they have evidence, through the channels established in this regard;

l) implement appropriate training programmes, for professionals of the companies of the Group regarding the duties imposed by applicable law or established by the internal rules of the companies of the Group, with a frequency sufficient to ensure that the knowledge of their professionals regarding crime prevention is kept up to date; and

m) impose disciplinary penalties in accordance with the provisions of law applicable at any time for conduct that contributes to preventing or impeding the discovery of crimes as well as the breach of any specific duty to inform the control bodies of violations that may have been detected.

4. Crime Prevention Programmes

To further develop this Policy, the Company, through the Compliance Unit and other competent bodies, has implemented a specific and efficient programme to prevent the commission of crimes (as a set of measures designed to prevent, detect and react to possible crimes), which shall also cover the prevention and control of administrative violations and serious improprieties, all within the framework of the process of revision and adjustment to the provisions of the Spanish Criminal Code after the inclusion of criminal liability for legal entities, without prejudice to the laws and regulations applicable in any other jurisdiction in which the Company carries out its activities. Furthermore, the other companies of the Group have implemented similar programmes to prevent the commission of crimes.

The purpose of such programmes is, on the one hand, to strengthen the existing commitment to combat the commission of crimes, particularly all forms of fraud and corruption, and on the other to assure third parties and judicial and administrative authorities that the companies of the Group effectively comply with the duties of supervision, monitoring and control of their activities by establishing appropriate measures to prevent crimes or to significantly reduce the risk of the commission thereof, and therefore exercise over their directors, members of the management team, professionals and other subordinates, based on its governance model, such proper control as is legally required thereof, including the monitoring of possible situations of crime risk that may arise within the their scope of action, even in those cases in which the attribution of such situations to a specific person is not possible;

The programmes include action and supervision protocols designed to reduce the risk of commission of criminal wrongs and improper acts in general (conduct that is illegal or contrary to the Governance and Sustainability System, particularly, including the Code of Ethics), supplemented by effective and permanent control systems that may be updated as required.

5. Control, Evaluation and Review

a) Control

The Compliance Unit shall be responsible for controlling the implementation, development and fulfilment of the Crime Prevention Programme of the Company and of those other companies of the Group that are not country subholding companies, head of business companies, or companies in which they have a stake, as well as to supervise the implementation, development and fulfilment of similar programmes at the other companies of the Group, without prejudice to the responsibilities assigned to other bodies and divisions of the Company and, if applicable, to the administrative and management bodies of the country subholding companies and head of business companies.

For such purposes, the Compliance Unit shall have the power of initiative and control required to oversee the operation, effectiveness and observance of this Policy, ensuring that the crime prevention programmes respond to the needs and circumstances of each of the companies of the Group at all times.

The foregoing is without prejudice to such bodies or units specifically focusing on the prevention and control of criminal activities as it may be necessary or advisable to create at other companies of the Group in order to comply with the industry-specific or national laws of the territories or countries in which they carry out their activities, with which relations shall be established for coordination purposes as appropriate pursuant to the respective applicable law.

b) Evaluation

At least once per year, the Compliance Unit shall evaluate the observance and effectiveness of the Company's Crime Prevention Programme. At least once per year, the compliance divisions of the country subholding and head of business companies shall also evaluate the observance and effectiveness of their respective crime prevention programmes. In any event when significant violations of the programmes become evident or there are changes in the organisation, the structure of control or the activities carried out by the companies of the Group, there shall be an assessment as to whether a modification thereof is appropriate.

c) Review

The Sustainable Development Committee shall periodically review the contents of this Policy and shall propose to the Board of Directors those amendments and updates that contribute to the development and ongoing improvement thereof, taking into account any suggestions or proposals made by the Compliance Unit or the professionals of the companies of the Group.

This Policy was initially approved by the Board of Directors on 14 December 2010 and was last amended on 20 December 2022.