The document does not provide a detailed account of the extent to which the sustainability statement encompasses the undertaking's upstream and downstream value chain.

IROs: G1-NI2 Time horizon: short-, medium- and long-term

IROs: G1-NI2 Time horizon: short-, medium- and long-term

HOCHTIEF procures considerable volumes of materials such as concrete, steel, and timber as well as services such as those of craft trades—corresponding to 74 % of Group work done—and places strong emphasis on responsibility and fair play in procurement processes.

HOCHTIEF has implemented a comprehensive, multi-level risk management process in procurement. This is designed to identify social and environmental sustainability risks and/or violations at an early stage and to mitigate these through suitable prevention and remedial measures—such as targeted training—in dialogue with the respective business partner.

The outcomes of the individual risk management steps are included in our supplier and subcontractor selection process.

HOCHTIEF aims to work primarily with local suppliers and subcontractors based in the vicinity of our project sites. In this way, we seek to ensure short transportation distances and strengthen local economies.

During implementation of its policies/actions, HOCHTIEF takes into account the requirements of ISO 27001 and thus of a structured information security management system (ISMS).

Following on from the annual reporting of our Scope 1 and 2 as well as selected Scope 3 emissions (3.1 Purchased products and services, 3.5 Waste generated in operations, and 3.6 Business travel) and publication of the first TCFD paper, we devised and rolled out the HOCHTIEF Sustainability Plan 2025 Group-wide in 2022. In this plan, alongside targets for all ESG dimensions, we notably formulated our climate targets and consolidated our Group-wide commitment to climate neutrality (net zero) by 2045. The reduction targets are science-based, align with the 1.5 degree target under the Paris Climate Agreement and the requirements of the Science Based Targets initiative (SBTi), and have been formally adopted by the HOCHTIEF Executive Board. Our climate change mitigation strategy and the associated transition plan are based on these commitments and the additional milestones set in 2023 for 2030.

Cybersecurity is part of our IT strategy and is embedded in our IT Directive by way of the Information Security Policy. The policy approach is likewise publicly documented in our information security guidelines. These frameworks have been approved by the Executive Board of HOCHTIEF Aktiengesellschaft. They are mandatory throughout the Group and their implementation is binding for all HOCHTIEF companies. During implementation of its policies/actions, HOCHTIEF takes into account the requirements of ISO 27001 and thus of a structured information security management system (ISMS). The policies and actions are continuously fine-tuned in consultation with the relevant stakeholders (such as our own workforce, business partners, and clients). To this end, positions, committees (such as the IT Steering Committee), and processes (such as for exception requests and concept approval requests) have been established to ensure that all requirements (relating, for example, to operations, investment spending, or information security) are addressed in a structured manner, taking the material impacts into account.