Cellnex's Risk Management and Internal Control system for sustainability reporting is embedded within its Global Risk Management Model, supervised by the Audit and Risk Management Committee (ARMC). It integrates sustainability risks into the Company's Risk Map, ensuring compliance with CSRD/ESRS requirements, data accuracy, and investor expectations. The ESG Department coordinates sustainability disclosures, supported by the "Basic Guide to ESRS Sustainability Statement Reporting", updated in 2024, and advanced ESG reporting software. These tools automate data collection and analysis, enhancing accuracy and governance through the Three Lines Model and SAP GRC modules. Key Risk Indicators (KRIs) provide early warnings, ensuring proactive risk management and regulatory alignment.

Cellnex follows a structured risk assessment methodology aligned with COSO standards, categorizing risks into Strategic, Operational, Financial and Reporting, and Legal and Compliance groups. Sustainability risks are assessed through a double materiality framework, prioritizing them based on likelihood and severity, considering both financial and ESG impacts.

Key sustainability reporting risks include non-compliance with CSRD/ESRS requirements, data accuracy, and stakeholder expectations. To mitigate these risks, Cellnex conducted a GAP analysis in 2023 and developed a compliance roadmap. By 2025, the company plans to implement the Sustainability Control Information Model (SCINF) to further enhance reporting reliability. Additional controls include validation mechanisms within SAP GRC, periodic audits, and ARMC oversight, ensuring a robust and transparent reporting framework.

The ESG Department is responsible for verifying that reported information meets regulatory requirements, coordinating with designated reporting leads and validators to ensure data quality and accuracy. The NRSC and ARMC oversee the preparation and review of the Integrated Annual Report, reporting directly to the Board of Directors (BoD) to maintain transparency and compliance with sustainability regulations.

Cellnex ensures periodic reporting of risk management findings through regular updates to the Executive Committee (EXCOM), Nominations, Remunerations and Sustainability Committee (NRSC).