Skip to main content

Internal Reporting and Whistleblower Protection System

Iberdrola maintains an internal reporting system to promote transparency and regulatory compliance.

Internal Reporting and Whistleblower Protection System

  

25 March 2025

The Company declares that it intends to create an environment of transparency and to foster respect for the law and internal rules, particularly the Code of Conduct for Directors, Professionals and Suppliers, by its directors, its professionals and its suppliers, and, to such end, has implemented an Internal Reporting and Whistleblower Protection System (the “Internal Reporting System”), which, in accordance with applicable legal provisions, encourages the reporting of potentially improper conduct or acts that are potentially illegal or contrary to law or to the Governance and Sustainability System (including, in particular, any conduct that could constitute a crime, a serious or very serious administrative offence, or a breach of European Union law), with an impact on the Company, its contractual relationship with its suppliers, or the interests and image of the Company (the “Conduct”).

The Internal Reporting System respects the provisions of the Purpose and Values of the Iberdrola Group and the Ethical and Basic Principles of Governance and Sustainability of the Iberdrola Group and is designed and managed in a secure manner to ensure: (i) the confidentiality of the identity of the whistleblower and of any third party mentioned in the grievance or report, and of the actions taken in the management and processing thereof, as well as the protection of personal data, preventing access to the content of the investigation by unauthorised personnel; and (ii) that the grievances or reports submitted can be processed effectively within the Company.

1. Scope of Application

This Internal Reporting System applies to the Company.

2. Internal Reporting Channels

The Company has established for the members of its management decision-making body, its professionals, its suppliers, as well as for other third parties provided for in applicable legal provisions, the duty to report through the Internal Reporting System any Conduct of which they are aware.

To this end, the Company has activated internal reporting channels (the “Internal Reporting Channels”), which allow its shareholders, directors, professionals, suppliers and other third parties determined by law to report any Conduct, whether in writing, through the corresponding form available on the Company’s corporate website, or by any other means established by the Company, all without prejudice to their being able to address their grievances or reports to the Independent Whistleblower Protection Authority (Autoridad Independiente de Protección del Informante) (A.A.I.) or to any other competent institution, body or entity.

The Internal Reporting System includes all the Internal Reporting Channels activated by the Company for the communication of grievances or reports relating to Conduct by shareholders, directors, professionals, suppliers and other third parties as determined by law.

The Internal Reporting Channels enable the prevention and detection of Conduct, constituting the preferred channel for reporting such Conduct and for the processing of grievances or reports received in relation thereto. 

Communications through the Internal Reporting Channels may be made anonymously, must meet standards of truthfulness and proportionality, may not be used for purposes other than to seek regulatory compliance, and must be submitted in writing or verbally and shall be processed in accordance with the procedure established by the Board of Directors in the Regulations of the Compliance Unit.

3. Whistleblower Protection and Safeguards 

As provided by legal provisions, the Company undertakes not to take (and to ensure that their professionals do not take) any form of direct or indirect retaliation, whether consummated or tentative, including threats of or attempted retaliation, against any person who has reported Conduct through the Internal Reporting Channels or by any other means, unless the grievance or report is false or the person has acted in bad faith.

Furthermore, as established by legal provisions, it also undertakes not to take (and to ensure that their professionals do not take) any form of direct or indirect retaliation, including threats of or attempted retaliation, against: (i) any natural person who, within the organisation in which the whistleblower works, assists him/her in the process, or is related to him/her, whether as a representative of the employees, as a co-worker or as a relative; and (ii) any legal person, for whom the whistleblower works or with whom he/she has another type of relationship in an employment context or in which he/she has a significant shareholding.

For these purposes, the following actions, among others, against the person who has communicated the grievance or report are considered to be retaliation:

  1. the following measures, provided that they were not carried out in the regular exercise of managerial authority under applicable law, due to proven circumstances unrelated to the submission of the grievance or report: (i) suspension of the employment contract, dismissal or termination of employment or statutory relationship; (ii) imposition of any disciplinary measure; (iii) demotion or denial of promotion and any other material change in working conditions; and (iv) failure to convert a temporary employment contract into a permanent one, if the person providing the report had legitimate expectations to that effect; 
  2. harm, including reputational damage, or financial loss, coercion, intimidation, harassment or ostracism;
  3. negative evaluation or references with regard to work or professional performance;
  4. blacklisting or dissemination of information in a particular industry that makes it difficult or impossible for the person to gain access to employment or the hiring of works or services;
  5. denial or revocation of a licence or permit; a o permiso;
  6. denial of training; 
  7. any form of discrimination or unfavourable or unfair treatment; and
  8. any other action arising from the above.

4.  Management of the Internal Reporting System

The Company’s Compliance Unit is the body responsible for managing the Company’s Internal Reporting System, and for processing and managing the investigation files opened on the basis of grievances or reports received through the Internal Reporting Channels, in accordance with the information management procedure established by the Board of Directors in the Regulations of the Compliance Unit, and delegates the aforementioned management and processing powers to the director of Compliance, with due notice to the Independent Whistleblower Protection Authority (A.A.I.). 

On this basis, the Company's Compliance Unit investigates any grievance or reporting of a fact that could allegedly constitute Conduct (even if anonymous and regardless of the financial significance thereof) as soon as possible, guaranteeing the rights of the whistleblower, as well as the rights to privacy, respectability, defence and the presumption of innocence of the persons investigated or affected, in accordance with the internal procedure established by the Board of Directors for this purpose and regulated in the Regulations of the Compliance Unit.

The procedure for management of the grievances or reports sent through the Internal Reporting Channels provides for the immediate forwarding of information to the Public Prosecutor’s Office (Ministerio Fiscal) when the facts might indicate a criminal offence, and such grievances or reports shall be forwarded to the European Public Prosecutor’s Office if the information affects the financial interests of the European Union.

The Audit and Risk Supervision Committee shall also have direct access to grievances or reports that could have a material impact on the Company’s financial statements or internal control. For these purposes, the Company’s Compliance Unit shall inform the aforementioned committee of the existence of said grievances or reports and shall provide it with any documentation it may request in relation to the processing of the investigation files.

After any appropriate evaluation and a report of the Sustainable Development Committee, the Company’s Board of Directors may entrust the management of the Internal Reporting Channels to a third party that offers appropriate assurances of independence, confidentiality, personal data protection and secrecy of grievances or reports.

5.  Implementation and Monitoring

For the implementation and monitoring of the provisions of this document, the Board of Directors has the Compliance Unit, which proactively endeavours to ensure the application and effectiveness of the Internal Reporting System, all without prejudice to the responsibilities assigned to other bodies and divisions of the Company, and shall develop the procedures required for this purpose.

***

The content of this document was approved by the Board of Directors on 20 June 2023 as part of the Compliance and Internal Reporting and Whistleblower Protection System Policy and the Board of Directors resolved to approve it as a separate enactment on 25 March 2025.