Assurance Report of the Independent German Public Auditor ¹

Assurance Report of the independent German Public Auditor on a Limited Assurance Engagement in relation to a separated non-financial Group Report

To United Internet AG, Montabaur

Assurance Conclusion

We have conducted a limited assurance engagement on the separate non-financial group report of United Internet AG, Montabaur , (hereinafter the „Company“) to comply with §§   [Articles]   315b to 315c HGB [Handelsgesetzbuch: German Commercial Code] including the disclosures contained in this separate non-financial group report to fulfil the requirements of Article   8 of Regulation (EU)   2020/852 (hereinafter the „ Non-Financial Group Reporting") for the financial year from 1 January to 31 December 2024 .

Not subject to our assurance engagement were the external sources of documentation or expert opinions mentioned in the Non-Financial Group Reporting, which are marked as unassured.

Based on the procedures performed and the evidence obtained, nothing has come to our attention that causes us to believe that the accompanying Non-Financial Group Reporting for the financial year from 1 January to 31 December 2024 is not prepared, in all material respects, in accordance with §   315c in conjunction with §§   289c to 289e HGB and the requirements of Article   8 of Regulation (EU)   2020/852 as well as with the supplementary criteria presented by the executive directors of the Company.

We do not express an assurance conclusion on the external sources of documentation or expert opinions mentioned in the Non-Financial Group Reporting, which are marked as unassured.

Basis for the Assurance Conclusion

We conducted our limited assurance engagement in accordance with the International Standard on Assurance Engagements (ISAE) 3000 (Revised): Assurance Engagements Other Than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Standards Board (IAASB).

The procedures in a limited assurance engagement vary in nature and timing from, and are less in extent than for, a reasonable assurance engagement. Consequently, the level of assurance obtained is substantially lower than the assurance that would have been obtained had a reasonable assurance engagement been performed.

Our responsibilities under ISAE   3000 (Revised) are further described in the "German Public Auditor's Responsibilities for the Assurance Engagement on the Non-Financial Group Reporting" section.

We are independent of the Company in accordance with the requirements of European law and German commercial and professional law, and we have fulfilled our other German professional responsibilities in accordance with these requirements. Our audit firm has complied with the quality management system requirements of the IDW Standard on Quality Management: Requirements for Quality Management in the Audit Firm (IDW QMS 1   (09.2022)) issued by the Institut der Wirtschaftspr fer (Institute of Public Auditors in Germany; IDW). We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our assurance conclusion.

Responsibility of the Executive Directors and the Supervisory Board for the Non-Financial Group Reporting

The executive directors are responsible for the preparation of the Non-Financial Group Reporting in accordance with the relevant German legal and European regulations as well as with the supplementary criteria presented by the executive directors of the Company. They are also responsible for the design, implementation and maintenance of such internal controls that they have considered necessary to enable the preparation of a Non-Financial Group Reporting in accordance with these regulations that is free from material misstatement, whether due to fraud (i.e., manipulation of the Non-Financial Group Reporting) or error.

This responsibility of the executive directors includes selecting and applying appropriate reporting policies for preparing the Non-Financial Group Reporting, as well as making assumptions and estimates and ascertaining forward-looking information for individual sustainability-related disclosures.

The supervisory board is responsible for overseeing the process for the preparation of the Non-Financial Group Reporting.

Inherent Limitations in the Preparation of the Non-Financial Group Reporting

The relevant German statutory legal and European regulations contain wording and terms that are still subject to considerable interpretation uncertainties and for which no authoritative, comprehensive interpretations have yet been published. As such wording and terms may be interpreted differently by regulators or courts, the legal conformity of measurements or evaluations of sustainability matters based on these interpretations is uncertain.

These inherent limitations also affect the assurance engagement on the Non-Financial Group Reporting.

German Public Auditor's Responsibilities for the Assurance Engagement on the Non-Financial Group Reporting

Our objective is to express a limited assurance conclusion, based on the assurance engagement we have conducted, on whether any matters have come to our attention that cause us to believe that the Non- Financial Group Reporting has not been prepared, in all material respects, in accordance with the relevant German legal and European regulations as well as with the supplementary criteria presented by the executive directors of the Company, and to issue an assurance report that includes our assurance conclusion on the Non-Financial Group Reporting.

As part of a limited assurance engagement in accordance with ISAE 3000 (Revised), we exercise professional judgment and maintain professional skepticism. We also:

• obtain an understanding of the process to prepare the Non-Financial Group Reporting.


• identify disclosures where a material misstatement due to fraud or error is likely to arise, design and perform procedures to address these disclosures and obtain limited assurance to support the assurance conclusion. The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting a material misstatement resulting from error, as fraud may involve collusion, forgery, intentional omissions, misleading representations, or the override of internal controls.


• consider the forward-looking information, including the appropriateness of the underlying assumptions. There is a substantial unavoidable risk that future events will differ materially from the forward-looking information.

Summary of the Procedures Performed by the German Public Auditor

A limited assurance engagement involves the performance of procedures to obtain evidence about the sustainability information. The nature, timing and extent of the selected procedures are subject to our professional judgement.

In conducting our limited assurance engagement, we have, amongst other things:

• evaluated the suitability of the criteria as a whole presented by the executive directors in the Non-Financial Group Reporting.


• inquired of the executive directors and relevant employees involved in the preparation of the Non-Financial Group Reporting about the preparation process, and about the internal controls relating to this process.


• evaluated the reporting policies used by the executive directors to prepare the Non-Financial Group Reporting.


• evaluated the reasonableness of the estimates and the related disclosures provided by the executive directors.


• performed analytical procedures and made inquiries in relation to selected information in the Non-Financial Group Reporting.


• considered the presentation of the information in the Non-Financial Group Reporting.


• considered the process for identifying taxonomy-eligible and taxonomy-aligned economic activities and the corresponding disclosures in the Non-Financial Group Reporting.

Restriction of Use

We draw attention to the fact that the assurance engagement was conducted for the Company’s purposes and that the report is intended solely to inform the Company about the result of the assurance engagement. Accordingly, the report is not intended to be used by third parties for making (financial) decisions based on it. Our responsibility is solely towards the Company. We do not accept any responsibility, duty of care or liability towards third parties.

Düsseldorf, 25   March   2025

PricewaterhouseCoopers GmbH
Wirtschaftsprüfungsgesellschaft