01GEK TERNA Group 02Sustainable Development 03Governance & Business Responsibility
Corporate Governance Model Business Ethics Regulatory Compliance Business Continuity
04Environmental Footprint 05Social Impact 06Value Creation 07Appendices
ΕΛ EN
Sustainability Report 2025

Governance
& Business Responsibility

A strong corporate governance framework and responsible business operations lie at the core of GEK TERNA Group’s business model, extending beyond mere regulatory compliance. Driven by a consistent commitment to transparency, accountability, and integrity, the Group applies a comprehensive governance framework that strengthens trust with all stakeholders — including investors, employees, partners, and society. This approach is aligned with internationally recognized corporate governance standards and is supported by an integrated system of internal controls, structured risk management processes, and rigorous adherence to the applicable regulatory framework.

Amid rapidly evolving business and societal conditions, the Group continuously enhances its internal systems, policies, and procedures, guided by the principles of independence, accountability, and operational efficiency across all organizational levels. Transparency in decision-making remains a key priority, while business choices are fully aligned with the principles of sustainable development and social responsibility.

Governance and Business Responsibility — GEK TERNA
GRI2-9* GRI2-11 GRI2-12 GRI405-1a ATHEX ESGC-G1 ESRS 2GOV-1

Corporate Governance Model

Hellenic Corporate Governance Code (HCGC) & Internal Rules of Operation

GEK TERNA Group has embedded the Principles of Corporate Governance into its operations and decision-making processes, applying them consistently and in full compliance with the requirements of Greek legislation and the Hellenic Corporate Governance Code (HCGC), as issued by the Hellenic Corporate Governance Council. At the same time, it adopts internationally recognized best practices, enhancing accountability, transparency and effectiveness across all areas of its business activity.

In this context, the Group applies Internal Rules of Operation (“IRO”), fully aligned with the provisions of Law 4706/2020 on corporate governance, as well as with the guidelines and decisions of the Hellenic Capital Market Commission. The IRO sets the operating framework of the governing bodies, defines decision-making processes and control mechanisms, and contributes to ensuring the orderly, efficient, and transparent operation of the Group.

Corporate Governance Structure

The Group’s corporate governance structure is based on a clearly defined system of administrative, supervisory and management bodies, which ensures effective decision-making, management oversight and compliance with the principles of transparency and proper business conduct.

GEK TERNA Group Organization Chart
Nominations Investments BoD Committees Strategic Planning Remunerations ESG Motorways’ Operation & Management Division Operation Maintenance Chairman & CEO General Division of Business Development General Division of Finance General Division of Administration & Personnel Tenders Division Legal Services Division Tax & Accounting Division General Division of Concessions Identification of International Business Opportunities Business Investment Monitoring Department New Projects Assessment Special Support Transportation Projects Department for Personal Data Protection Service Chief Information Security Officer (CISO) Treasury (Banking & Liabilities) Financial Planning & Analysis Financial Evaluation & Transactions Evaluation of Business Partnerships and Asset Management Proposals Human Resources Division Information Technology Tenders’ Preparation & Management Letters of Credit Management Regulatory Support Corporate Governance Tax & Accounting General Accounting Cash Desk Management Investor Relation Office (IRO) System (1) (TQS, HS&E) Corporate Affairs and Sustainable Development General Division Data Protection Officer (DPO) Corporate Risk Officer Compliance Officer Executive Directors Legal Counsel Board of Directors (BoD) Audit Internal Audit Unit Compliance Business Units Central Support Functions Corporate Strategy Functions General Division Division Department

The Board of Directors of the Group’s parent company constitutes the highest collective decision-making body, entrusted with defining the strategic direction and overseeing its implementation, in a manner that enhances the Group’s credibility both within the financial and business community and in the wider society.

With regard to its composition, the Board of Directors comprises fourteen (14) members: six (6) executive and eight (8) non-executive. Female representation on the Board stands at 35.7%, while the age profile of its members is predominantly concentrated in the over-50 category.

The Chair of the Board of Directors also serves as the Group’s Chief Executive Officer, ensuring a direct link between strategic planning at Board level and day-to-day executive management. Potential conflicts of interest are effectively mitigated through a robust governance framework, which includes the presence of independent Board members, the operation of specialized audit committees, and the implementation of transparent decision-making processes.

Board Members
14
6 executive · 8 non-executive
Female participation
35.7 %
female representation on the BoD
Term duration
4 years
BoD members term
Independent member participation
42.9 %
independent BoD members

Board of Directors Committees

The activities of the Board of Directors is supported by seven (7) Committees, established to strengthen the implementation of a responsible business model and contribute substantively to the decision-making process. The Committees have an advisory and consultive role, operating as specialized supporting bodies to the BoD. In particular, the following Committees operate:

Executive Committee
6 members
5 men 1 woman
16.7% women
Audit Committee
4 members
4 men 0 women
0% women
Nominations and Remuneration Committee
4 members
2 men 2 women
50% women
Strategic Planning Committee
5 members
5 men 0 women
0% women
Regulatory Compliance Committee
4 members
3 men 1 woman
25% women
Investment Committee
5 members
4 men 1 woman
20% women
ESG Committee Environment, Society and Governance
5 members
0 men 5 women
100% women
GRI3-3 ESRSG1-1

Business Ethics

Business ethics form a cornerstone of GEK TERNA Group’s corporate culture and are embedded across all aspects of its operations. The Group remains firmly committed to acting with integrity and transparency, incorporating the ethical principles that characterize its corporate identity into all business decisions and activities. Through clearly defined rules of conduct, comprehensive policies and effective compliance mechanisms, a culture of trust and respect is fostered across all stakeholder groups.

At the same time, the Group systematically invests in the training and awareness-raising of its employees, ensuring that day-to-day practice is aligned with the values it upholds. Indicatively, in 2025, 20% of the Group’s workforce, namely a total of 1,230 employees, participated in ethics and integrity training.

GEK TERNA employees in safety training
GRI2-23 GRI2-24 ATHEX ESGC-G5 SASBIF-EN-510a.3 ESRSG1-1

Code of Conduct

The Code of Conduct serves as a central reference point for all Group employees and partners (including suppliers, contractors, and subcontractors), establishing the core principles and values expected to guide their professional behavior. The Code reflects the Group’s corporate culture, fundamental beliefs, business ethics, and voluntary commitments, placing the prevention of corruption and bribery at its core. Its content is fully aligned with the principles of international regulations and conventions, as well as with internationally recognized standards, including ISO 9001, ISO 14001, ISO 45001, ISO 37001, ISO 37301, ISO 50001, and SA 8000.

The Code is applied universally: it covers all companies and subsidiaries of the Group at national and international level, extends to every area of activity and is taken into account in partnerships and joint ventures in which the Group participates.

The Code is complemented by a set of specialized policies, which form the Group’s transparent and agreed operating framework:

Regulatory Compliance, Corruption and Bribery Control Policy
Policy for Addressing Unhealthy Competition
Travel and Hospitality Expenses Policy
Gift Policy
Sanctions Policy
Conflict of Interest Policy
Policy of Compliance of Violence and Harassment at Work
Whistleblowing Policy
Sponsorship and Donations Policy
Remuneration Policy
Training Policy for Board members and Directors
Business Continuity Policy

The Group adopts a zero-tolerance policy toward any form of irregular or inappropriate conduct that contravenes the values and principles of the Code of Conduct. Through the Code, as well as all relevant policies, the prevention of conduct that conflicts with the Group’s fundamental business principles is ensured, while the expectations and responsibilities of employees are clearly defined. In this context, a comprehensive training program is implemented with the aim of raising awareness on compliance with the Code of Conduct, as well as preventing bribery and corruption at all levels of the Group’s operations.

The fight against corruption and bribery is not only a central pillar of the Code but also an integral element of the Group’s business strategy. Following systematic risk assessment, targeted control measures are developed covering all activities. The Group implements a certified Anti-Corruption and Anti-Bribery Management System, in accordance with the requirements of ISO 37001, with the corresponding anti-corruption and anti-bribery policy communicated to both external and internal stakeholders.

2025 Insights
Regulatory Compliance training through the e-learning platform in the following thematic areas:
Conflict of Interest Corruption and Bribery Workplace bullying, moral harassment, and workplace violence Internet and Social Media
Internal audits in the following Departments:
General Division of Business Development and Investments, General Division of Financial Services, Division of Property Development and Management, Division of Financial Services, Division of Health, Safety, Environment, and Energy, Division of Strategic Communication, Press Office, Division of CSR & Sustainable Development, Division of Human Resources, Division of Quality, Division of Tenders, Data Protection Officer.
Internal audits at the Group’s and its subsidiaries’ construction sites.
Maintenance of international ISO standards:
ISO 9001 — Quality Management System ISO 37001 — Anti-Bribery Management Systems ISO 37301 — Compliance Management Systems
Reevaluation of relevant policies/procedures based on the update plan set.

In addition, the Code of Conduct makes clear that every employee has the responsibility to report any action or situation that violates or may violate its principles, strengthening the culture of integrity and accountability across the organization. At the same time, it provides clear, transparent and accessible procedures for the submission and management of relevant reports, both by employees and by other stakeholders, ensuring their timely and responsible handling.

GRI2-16 GRI2-25 GRI2-26 ATHEX ESGSS-S9 ATHEX ESGSS-G1 ESRSS1-17

Code of Conduct Violations

The Code of Conduct constitutes the Group’s core framework of principles, addressing matters related to labour and human rights while guiding conduct across the full spectrum of its business operations. To strengthen this framework, the Group has implemented a dedicated Whistleblowing Policy, developed in full compliance with the European and national legislative framework, as well as internationally recognized standards ISO 37001 and ISO 37301.

Through this Policy and the associated procedures, the Group has established clear and reliable reporting and grievance mechanisms available to employees as well as partners and suppliers. Stakeholders are given the opportunity to report or raise concerns regarding the implementation of the Code of Conduct to the appointed Regulatory Compliance Officer, who also serves as the designated Receiving and Monitoring of Reports Officer, either on a named or anonymous basis, through the following communication channels:

  • E-mail to compliance@gekterna.com
  • Use of our platform gekterna.integrityline.com/frontpage
  • Letter through post to: “GEK TERNA S.A.”, 85 Mesogeion Ave, 115 26 Athens, in attention of the “Regulatory Compliance Unit” with the indication “Confidential”.
  • Verbal communication by meeting with the Regulatory Compliance Officer appointed for Receiving and Monitoring of Reports (RMR).

All reports are recorded, evaluated and addressed consistently, transparently and objectively, while ensuring confidentiality and the protection of the personal data of the individuals involved. The available communication channels, as well as the Whistleblowing Policy, are also available on the Company’s official website. In 2025, 13 reports were submitted through the reporting mechanism, all of which were handled in accordance with the procedure established under the policy.

GRI205-3 ATHEX ESGA-G2 SASBIF-EN-510a.2 SASBIF-EN-510a.3
2025 Insights
No
confirmed incident of corruption, either through reports or through the audits carried out by the Group as part of its corruption prevention and mitigation efforts.
No
financial losses incurred as a result of violations of business ethics.
GRI2-15

Conflict of Interest

The Group remains firmly committed to safeguarding the trust it has built with stakeholders and local communities in the areas where it operates. As part of its responsible corporate governance practices, it implements a Conflict of Interest Policy, as well as related procedures, aiming at the timely identification, assessment and effective management of potential conflicts of interest.

The Group ensures that business decisions are made with objectivity and independence, free from personal or external interests, and always in the best interests of the organization and its stakeholders. In this context, employees are actively encouraged to seek guidance in cases of potential conflict of interest, to ensure proper assessment and oversight of such situations. At the same time, roles with high level of responsibility are subject to regular reviews by the Regulatory Compliance Unit, with the aim of preventing and managing related risks.

In cases where the Group or its subsidiaries engage in transactions involving members of the Board of Directors, senior executives, significant shareholders, or their affiliates, strict internal procedures are applied to safeguard transparency, accountability, and integrity.

GRI2-10a GRI2-17 GRI2-18

Selection, Training and Evaluation of Senior Management

The effective composition of the Board of Directors, aligned with the Group’s strategy and long-term business objectives, is supported through the implementation of the Suitability Policy. The Policy sets specific individual and collective suitability criteria that all BoD members must meet.

In addition, the Training Policy for BoD members and Senior Executives ensures their continuous training and awareness-raising on Environmental, Social and Governance (ESG) matters. The main thematic areas of the annual training sessions include:

  • Introduction to the Group
  • Corporate Governance System
  • Cybersecurity
  • Business Continuity Planning
  • Environment, Society, and Governance (ESG)

Transparency and trust in the operations of Senior Management are reinforced through an annual performance evaluation process, which covers the following levels:

  • Evaluation of the Chief Executive Officer (CEO)
  • Evaluation of the BoD members (excluding the CEO)
  • Evaluation of Senior Executives
GRI2-19

Remuneration Policy and Transparency Principles

The Group has established and implements a Remuneration Policy that sets out the framework of principles and rules relating to the remuneration of the members of the Board of Directors, as well as of General Managers and Senior Executive Officers. The Policy ensures transparency, integrity and consistency in the application of remuneration, as well as its alignment with the Group’s strategy, business objectives and values.

The Remuneration Policy is founded on the following guiding principles:

  • Transparency: Clear and comprehensible communication with all stakeholders.
  • Compliance: Adherence to applicable legal and regulatory frameworks.
  • Competitiveness: Ensuring attractive and fair compensation compared to market standards.
  • Alignment with Group’s and Shareholder Interests: Linking remuneration to the achievement of strategic objectives and the creation of long-term value.
  • Meritocracy: Rewarding performance, capabilities, and individual contribution.

The Remuneration Policy is reviewed regularly to remain current and aligned with the evolving needs of the Group and best governance practices.

GRI418-1 ATHEX ESGC-G6 ATHEX ESGSS-S5

Protection and Security of Personal Data

The Group’s business activities entail the processing of personal data relating to individuals for whom identifiable data is obtained, including, indicatively, customers, suppliers, shareholders, investors and users of the corporate website. Such processing is carried out in full compliance with European legislation, in particular the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679), as well as Law 4624/2019.

To further strengthen information protection, the Group has developed and implemented an Information Security Management System (ISMS), certified in accordance with the international standard ISO/IEC 27001. To ensure the integrity and confidentiality of the data managed, a designated Information Security Management System Officer has been appointed, working in close cooperation with the Group’s Chief Information Security Officer (CISO).

The Board of Directors is regularly informed on data security matters in the context of its meetings. In 2025, one personal data breach incident was recorded, which was promptly investigated and addressed, in full compliance with the applicable regulatory framework and the Group’s internal policies.

GRI2-27 SASBIF-EN-160a.2

Regulatory Compliance

Compliance with legislation and the principles of corporate governance constitutes a non-negotiable and fundamental value for GEK TERNA Group. Business activities in each country of operation are governed by the Code of Conduct and the Regulatory Compliance and Corruption and Bribery Control Policy, ensuring responsible and transparent practices.

The identification, assessment and mitigation of potential non-compliance risks are supported by an integrated risk management and internal control system. Oversight of the implementation of relevant Policies and Procedures is exercised by the Regulatory Compliance Committee and the corresponding Unit, under the oversight of the Board of Directors. In addition, regular audits are conducted and a structured internal audit program is implemented by the Regulatory Compliance Unit. As part of efforts for the continuous training of human resources, targeted training was carried out in 2025 for executives in positions of responsibility, with emphasis on compliance procedures and the requirements of the regulatory framework.

The Group’s commitment also extends to its business partners, through clearly defined contractual terms and the systematic communication of its expectations. In this way, the culture of compliance is strengthened across the supply chain and throughout all its partnerships. As a result of all these actions, no confirmed incidents of non-compliance with laws or regulations were recorded in 2025.

GEK TERNA corporate offices — Regulatory Compliance
ATHEX ESGSS-G2 ATHEX ESGSS-G3

Business Continuity

The effective management of emergency situations and the uninterrupted continuity of business operations are among the highest priorities of GEK TERNA Group, as they are directly linked to its sustainability and long-term success. To this end, the Business Continuity Policy is applied, setting the fundamental conditions for ensuring the seamless operation of its activities, identifying the relevant risks and providing for the allocation of all required resources for the implementation of the Business Continuity Management System.

The Business Continuity System (BCS) has been designed to ensure the timely, effective and controlled recovery of the Group’s activities in cases of disruption of critical services, such as due to extreme weather events, natural disasters, cyberattacks, pandemics, or loss of buildings, human resources and information systems, while also including the relevant preventive measures. Procedures for coordinating resources, identifying risks and identifying those business operations considered absolutely critical play a central role. The regular update of the Risk Register is a key prerequisite for the reassessment of the risk management plan.

Security employee — Business Continuity

In the context of certification according to ISO 22301 and in alignment with the approved Business Continuity Policy, the Group’s parent company applies the following procedures:

01 Business Impact Analysis Procedure
02 System Activation Procedures
03 Disruptive Incident Response Procedure
04 Audit Procedure
05 Review Procedure

To ensure the availability of information systems and data, an active cloud services agreement is in place for an IT Disaster Recovery Plan, which forms an integral part of the Business Continuity System, to provide the necessary support for the operation of critical applications. In this context, an alternative information systems recovery site has been developed, while DR tests are conducted annually to confirm compliance with the recovery times identified during the Business Impact Analysis.

The familiarization of personnel with the Group’s preventive measures and the strengthening of the System’s readiness are supported by a comprehensive continuous training programme, which includes on an annual basis:

E-learning on Business Continuity Plan procedures Specialized training for Incident Response Team members Cybersecurity awareness and training for all employees

Emergency Response Plan and Preparedness Enhancement

The creation of a safe and resilient working environment requires immediate and effective management of emergency situations, with the aim of protecting the Group’s employees, associates and infrastructure.

Response Plan
Before the commencement of any project or the operation of a new facility, a detailed Emergency Response Plan is developed, which includes:
  • Identification of potential risks and crisis scenarios
  • Definition of response actions and assignment of roles
  • Allocation of necessary resources and tools for effective management
Simulation Drills
To further strengthen operational readiness, the Group conducts regular simulation drills (e.g., accidents, fires, earthquakes), which serve to:
  • Assess the adequacy of plans and procedures
  • Test coordination among departments, authorities, and personnel
  • Identify gaps in roles and responsibilities
  • Confirm the availability of critical resources
Systematic Training
To enhance employees’ preparation and timely response capability, the Group invests in systematic training, aiming at:
  • Enhancing preparedness and technical competence
  • Promoting understanding of accident root causes
  • Leveraging lessons learned from real incidents
  • Continuously improving response procedures

Through this cohesive approach, the Group’s overall resilience is strengthened, ensuring a timely and coordinated response to any potential scenario. In 2025, at Group level, the annual Disaster Recovery Test was carried out, confirming the operational readiness of critical systems and the effectiveness of recovery procedures.

In total, 78 emergency preparedness exercises were carried out during 2025, including the simulation of various emergency scenarios and the assessment of the Group’s response.

Concessions Segment
43
preparedness drills at Nea Odos, Central Greece Motorway and Nea Attiki Odos
Scenarios for evacuation of administrative facilities, winter preparedness and snow removal, simulations of operational disruptions, such as loss of control centres, malfunction of toll systems or disruption of information and communication infrastructure.
Preparedness drills at the Group's concessions

At Group level, two specialized exercises were also conducted focusing on cyberattack scenarios and system recovery procedures, further strengthening digital security and the ability for rapid restoration of critical systems. Overall, these exercises made a significant contribution to validating the adequacy of business continuity plans across all areas of operation, strengthening compliance with regulatory requirements and ensuring the uninterrupted operation of the Group.