SUSTAINABILITY REPORT 2025

Governance

Corporate Governance

GRI Renewable Industries S.L. was incorporated on June 22, 2008, under the name “Gonvarri Infraestructuras Eólica,” and was known as “Gestamp Wind Steel” before adopting its current name, GRI Renewable Industries, and absorbing Gonvarri Eólica.

The headquarters are located at Calle Méndez Álvaro 53, 3rd floor, Edificio Boreal, 28045 Madrid.

In 2015, the Japanese group Mitsui & CO Ltd became a shareholder of the company, acquiring a 25% stake in the company. In December 2019, 100% of the Spanish company FIHI Forging Industry, S.L. (trade name: GRI Flanges Iraeta), formed through the spin-off of the business unit of Forjas Iraeta Heavy Industry, S.L. on July 26, 2019, was sold to the Chinese company Iraeta Energy Equipment CO. Ltd.

The members of the Board are responsible, among other things, for approving and committing to compliance with the Code of Ethics and Conduct. They are kept continuously informed of social, environmental, and economic issues through various communication channels.

The governing bodies of the Company are the General Shareholders’ Meeting and a Board of Directors, which is the highest body for governance, supervision, decision-making, and control of the Company.

The Company’s Articles of Incorporation set forth the functioning of the Board of Directors, as well as the requirements and deadlines for convening the General Meeting. They do not provide for different methods of managing the company; therefore, any change to the governing body would require an amendment to the Articles of Incorporation.

Governance Structure and Composition

The governing bodies of the company are the General Meeting of Shareholders and the Board of Directors, the highest body for governance, supervision, decision-making, and control of GRI Renewable Industries.

The governing bodies of the Company are the General Meeting of Shareholders and the Board of Directors, which is the highest body for governance, supervision, decision-making, and control of the Company.

The Company’s Articles of Incorporation set forth the functioning of the Board of Directors, as well as the requirements and deadlines for convening the General Meeting. They do not provide different methods of managing the company; therefore, any change to the governing body would require an amendment to the Articles of Incorporation.

Contents 2-9

Therefore, as of December 31, 2025, the Company’s Board of Directors consists of six members:

CHAIRMAN – Acek Desarrollo y Gestión Industrial, S.L. Represented by Mr. Juan Maria Riberas Mera (since 2016)
MEMBER – Gestamp Bizkaia S.A., represented by Mr. Francisco Jose Riberas Mera (since 2016)
MEMBER – Holding Gonvarri S.L., represented by Mr. Antonio Barbosa Maldonado (since 2019)
MEMBER and SECRETARY – Mr. Mario Ruiz Escribano (since 2016)
MEMBER – Mr. Naota Komaki (since 2025)
MEMBER – Mr. Katsunori Nonaka (since 2025)

The company Acek Desarrollo y Gestión Industrial, S.L., represented by Mr. Juan Maria Riberas Mera, has held the position of Chairman of the Company since September 15, 2016, with all powers attributed to the Board delegated to him, except those that cannot be delegated by law or the Articles of Association.

In 2025, two changes were made to the Board of Directors, both regarding the last two MEMBERS mentioned above.

As for the members of the Board, 100% are over 46 years of age. Furthermore, 66.6% are local nationals, and all (100%) are men.

(Content 405-1)

The Management Committee meets every four months and is composed of the Chairman, the CEO, the Corporate Directors, and the Plant Managers. These committees address all matters related to the strategic plan, new projects, financial, social, and environmental aspects, and all issues deemed relevant to the company’s performance.

In line with our sustainability goals, the “2030/50 Carbon Neutral Strategic Plan” was approved in December 2020. To monitor and measure progress, a carbon neutral governance structure was established, consisting of:

Carbon Neutral Committee, comprising: the CEO, the Sustainability Director, the Commercial Director, the Purchasing Director, and the Operations Director. The committee will include the participation of the managers from the various factories.

Operational Team, consisting of: the QEHS Director, the Sustainability Manager, the Key Account Manager (KAM) for the Customer Division, the Indirect Purchasing Manager, and the project leads at the various factories.

Appointment and selection of the highest governing body

The Company is an unlisted company whose members of the Board of Directors represent all shareholders; therefore, there is no legal requirement to include representatives from other stakeholder groups.

The Board of Directors represents the Company in all matters falling within the corporate purpose and relating to its business operations, without any limitation, binding the Company through its acts and contracts, and may exercise any powers not expressly reserved by law or the Articles of Incorporation for the General Meeting.

The Board of Directors, in plenary session, makes the relevant decisions and delegates, where appropriate, their implementation. Specific or general powers of attorney may be granted to company employees or third parties to handle specific matters. It is ultimately responsible for the company’s economic, environmental, and social affairs.

Membership in the company is not required to be appointed as a director; both individuals and legal entities may serve in this capacity. Furthermore, the Articles of Incorporation establish the conditions under which the performance of directorial duties is prohibited.

Content 2-11

The Chairman of GRI Renewable Industries has executive functions and also serves as Chief Executive Officer. The authority to appoint directors rests exclusively with the General Meeting, which represents the interests of all shareholders.

Role of the highest governing body in oversight and management of impacts

(Content 2-12 and 2-13)

The General Meeting is held within the first six months of each fiscal year to review corporate management, approve, where applicable, the financial statements for the previous fiscal year, and resolve matters relating to the results. It is validly constituted to address any matter, without the need for prior notice, provided that the entire share capital is present or represented and the attendees unanimously accept the holding of the meeting and its agenda.

Unless other majorities are expressly required, and except as provided for the adoption of Key Decisions falling within the purview of the General Meeting of Shareholders, corporate resolutions are adopted by a majority of the validly cast votes, provided that they represent at least one‑third (1/3) of the votes corresponding to the shares into which the share capital is divided. Blank votes are not counted.

Regarding the Board of Directors, it meets whenever its Chair so decides, either on their own initiative or at the request of two of its members, and at least once a quarter and, in any case, within ninety (90) days after the end of the fiscal year. In 2025, the Board of Directors met 13 times.

Notice of the meeting is sent by letter, telegram, fax, or any other written or electronic means. It is addressed personally to each member of the Board of Directors and includes the matters to be discussed, together with information enabling the directors to participate in an informed discussion of the agenda items. Where applicable, the notice shall state whether attendance may be in person or by proxy, including through conference call, videoconference, or equivalent systems, and the technical means required shall be specified and made available. In all cases, such means must allow direct and simultaneous communication among attendees.

Unless all Directors agree otherwise, notice of the meeting shall be given at least thirty (30) calendar days prior to the meeting date, except in cases of extreme urgency, at the discretion of the Chair or at the request of any Director, in which case it may be given five (5) business days in advance. No notice is required when all Directors are present and agree to hold the meeting.

The Board of Directors is validly constituted when at least four (4) of its members attend the meeting, provided that at least one Director from each partner is present or represented. Each Director may be represented by another Director through written authorization signed by the represented party and specific to each session. If the Board cannot be constituted due to a lack of quorum, a new meeting may be convened with seven (7) business days’ notice and the same agenda. In this case, the Board shall be validly constituted when a majority of its members are present or represented.

Resolutions adopted in writing and without a meeting, including by electronic means, shall be valid provided that no Director objects to this procedure.

Presentation of sustainability reports

The members of the Board are responsible, among other responsibilities, for approving the Code of Ethics and Conduct and committing to its compliance. They are continuously informed of social, environmental, and economic issues through communication channels such as regular meetings with the directors of the various departments, the Sustainability Report, and the company’s actions and initiatives.

The Sustainability Report is coordinated by the Sustainability Department. Its role is cross-functional within the organization, covering the Group’s various companies. Furthermore, to ensure the reliability of the information, the Report is externally verified by an independent body.

Conflicts of Interest

A partner may not exercise the voting rights corresponding to their shares when they are in any of the situations of conflict of interest established in Article 190 of Royal Legislative Decree 1/2010, of July 2, approving the Consolidated Text of the Capital Companies Act (1).

GRI Renewable Industries has a General Conflict of Interest Policy, applicable to the entire group, which supplements the relevant provisions of the Code of Ethics and Conduct. The purpose of this Policy is to establish the framework for the procedures to be followed within the Group regarding the prevention or, where applicable, the handling of conflicts of interest that may arise for the Group’s directors, executives, employees, and collaborators in their dealings with the Group, as well as conflicts that may arise with customers, suppliers, and society at large, all in accordance with the provisions of corporate and regulatory legislation and the corporate governance system of GRI Renewable Industries.

The Group is committed to conducting its business in such a way that the commercial judgment and decision-making of its directors, board members, employees, and executives are not influenced in any way by their own illicit personal interests.

No public legal cases related to corruption were filed against the organization or its employees during the reporting period, and therefore, no contracts with business partners had to be terminated due to corruption-related violations.

Communication

The heads of the various departments maintain constant and fluid communication with the Board of Directors and the Company’s Management. Any significant concerns are immediately conveyed by the heads of the various departments to the Executive Committee, which, if necessary, will forward them to the Board of Directors.

Likewise, meetings are held periodically in which all corporate professionals participate. These meetings are two-way: on the one hand, the CEO communicates to all staff the relevant aspects related to the company’s management and situation, and on the other hand, receives feedback from the professionals on these issues and on any other matters of interest. During the meetings held in 2025, critical concerns related to the organization’s growth, the Carbon Neutrality Plan, workforce monitoring, and health and safety were addressed. These issues were communicated to the highest governing body for consideration and action.

The Board of Directors is also responsible for approving and committing compliance with the Code of Ethics, the Sustainability Policy, and compliance policies. Furthermore, it may expressly authorize company employees to handle specific matters in operations previously approved by this body.

In 2025, the GRI Compliance Committee approved and updated the following policies:

Procedure for the Management of Social Action, Donations, and Sponsorships
Corporate Policy on Commercial Sanctions
Update to the Harassment Prevention Protocol
Equality, Diversity, and Inclusion Policy
Corporate Digital Disconnection Policy

Finally, consultation processes between stakeholders and the highest governing body are conducted through information-sharing mechanisms between the Board of Directors and stakeholders.

Knowledge and Assessment

The performance of the Board of Directors is not evaluated, as some of its members, through their shareholdings, are the owners of the company and represent most of the share capital.

The members of the Board of Directors are appointed by the shareholders themselves; therefore, other aspects related to diversity, minorities, etc., are not taken into consideration. They hold their positions for an indefinite term, without prejudice to the General Shareholders’ Meeting’s authority to remove and/or dismiss them at any time, in accordance with the provisions of the Law and the Bylaws.

Members of the Board of Directors must perform their duties with the diligence of a prudent businessperson and a loyal representative and must maintain confidentiality regarding confidential information, even after ceasing their functions. Likewise, the Company integrates its economic, social, and environmental responsibilities across its various departments, whose senior managers submit any decisions to be made to the Board of Directors.

In line with sustainability objectives, the “2030/50 Carbon Neutral Strategic Plan” was approved in December 2020. To monitor and measure progress, a Carbon Neutral Committee was established, which conducts monthly reviews to assess the degree of progress toward compliance and define the necessary measures for its achievement. Among others, the CEO and several members of the Executive Committee are part of this committee.

Compensation Policies and Processes

The position of director, as such, is unpaid, without prejudice to the payment of fees or salaries that may be due from the Company for the provision of professional services or an employment relationship arising from a contractual relationship other than that derived from the position of director. Such fees shall be subject to the applicable legal regime.

Additionally, and regardless of the foregoing, the position of CEO or the assignment of executive functions under another title requires the execution of a contract between the individual and the Company in accordance with the provisions of the Law, which must detail all items for which the individual may receive compensation for the performance of executive functions, including, where applicable, any severance pay for early termination of such duties and the amounts to be paid by the Company for insurance premiums or contributions to savings plans. The contract must comply with the compensation policy approved, where applicable, by the General Meeting.

(Content 2-20 and 2-21)

Compensation for directors and key management personnel

Remuneration of directors

The remuneration received during the 2025 fiscal year by the members of the Board of Directors of the Parent Company amounted to 1,020 thousand euros (1,020 thousand euros in 2024).

During the 2025 fiscal year, as in the previous fiscal year, no contributions were made to pension funds or plans for the directors of the Parent Company. Similarly, no obligations were incurred for these matters during the year.

The directors of the Parent Company did not receive any remuneration in the form of profit sharing or bonuses during fiscal years 2025 and 2024. Nor did they receive shares or stock options during the fiscal year, nor did they exercise any options, nor do they have any options pending exercise.

Neither in fiscal year 2025 nor in the previous year were any advances or loans granted to the Directors.

Compensation and Loans to Senior Management

The total compensation paid to senior management in fiscal year 2025 was 1,459 thousand euros (1,726 thousand euros in 2024), with no contributions to pension plans or insurance premiums, as was the case in the prior fiscal year.

As of December 31, 2025, and 2024, there is no outstanding balance on loans granted to senior management.

No advances or loans were granted during fiscal years 2025 and 2024.

Directors’ and Officers’ Liability Insurance

The Group paid 12 thousand euros for the premium on directors’ liability insurance covering damages caused by acts or omissions in the performance of their duties (16 thousand euros in 2024).

Source: section “(c) Compensation to Key Management Personnel and Directors” of the Audit Report, Consolidated Financial Statements, and Consolidated Management Report as of December 31, 2025.

(Content 2-25)

Regarding the potential negative impacts of GRI’s activities, the Code of Ethics and Conduct, as well as various ethics and compliance policies, conveys a clear message against any form of bribery, corruption, or fraud, as well as against behavior toward employees or collaborators that involves any form of harassment or discrimination. Likewise, the Anti-Fraud and Anti-Corruption Policy, the Corporate Risk Management Policy, the Corporate Policy on Information Exchange with Competitors, and the Compliance Policy, among others, include mitigation and prevention measures and controls. The ethics channel allows all internal and external stakeholders to report any complaints or allegations in various areas (fraud, harassment, human rights, etc.).

Balance Sheet 2025

Group Performance

In 2025, the tower division of GRI Renewable Industries faced a challenging year, reflected in a slight decline in sales, which totaled 1,014 thousand euros in 2025 compared to 1,038 thousand euros in the previous year, 2024. This adverse environment, marked by competitive pressure and a contraction in demand in the European market, has been largely offset by the outstanding performance of the flange division, particularly in China, where significant growth in revenue and margins has been recorded.

Despite market instability, the commitment, performance, and efficiency of our teams have enabled the Group to adapt at every turn; GRI Renewable Industries achieved an EBITDA of €153 million, representing 15% of sales.

In terms of activity, the company recorded a 9% year-over-year decline in volume, with approximately 4,677 sections sold.

In terms of inorganic growth, the Group has focused its efforts on deepening the integration of the various investments made in the previous fiscal year, demonstrating the strength of the Group’s development and diversification strategy in its goal of reaching different markets and products with its two main lines, where the key milestones of the fiscal year are:

Onshore: The consolidation of production at the second plant in Turkey (GRI Towers Turkey II) and the consolidation and prospects for a third plant at GRI Towers India reflect an ongoing commitment to increasing production capacity in response to market demand.
Offshore: The start of operations at the new factory in Poland (Gdansk) for offshore wind towers, as planned, along with investments in several plants to increase production capacity in this division, are significant steps toward strengthening the Group’s presence in the offshore wind sector.

These actions demonstrate the soundness of the Group’s strategy, reaffirming its role as a key player in the renewable energy industry in international markets.

Financial Results

In recent years, GRI Renewable Industries has maintained its investment momentum, reaching a total of nearly €1 billion since its inception. The company’s key financial figures are detailed below:

Economic Value Created (EVC) totaled €1,053,740,000, distributed as follows:

Distributed Economic Value (DEV) totals €1,055,340,000, distributed as follows:

Retained Economic Value (REV): -€1,599 thousand (€22,836 thousand in 2024).

The company’s Net Equity is €577,235 thousand (€567,813 thousand in 2024).

Fees, Taxes, and Duties

The localities where GRI Renewable Industries operates received a total of €33,354 thousand (€27,960 thousand in 2024) in fees, taxes, and levies, contributing to the improvement of the quality of life and services for local residents. The breakdown by country is shown below

GRI Renewable Industries received 27,152 thousand euros (40,356 thousand euros in 2024) in tax incentives from public administrations, broken down as follows:

Regarding other accounting obligations, the companies comprising the GRI Renewable Industries Group are, for the most part, required to prepare annual audit reports on their individual financial statements due to the total volume of their assets, their revenue, and the average number of employees. There are no qualifications in these reports.

In addition, the Group’s companies are up to date with their payments to the General Treasury of Social Security and their tax obligations.

Sustainable Financing

In recent years, the number of financial institutions incorporating ESG (Environmental, Social, and Governance) criteria into their decision-making has been growing significantly. The monitoring KPIs defined for these operations (412-3) are published below.

Sustainable loan with the Official Credit Institute (ICO) for the 2025–2030 period

The proposed objectives relate to the Ecovadis rating, considering the date of the most recent score adjustment (fiscal year 2025) and an increase of at least 1 point in subsequent fiscal years compared to the previous one.

GRI Renewable Industries completed the information required by Ecovadis for the entire group in 2025, obtaining an overall score of 68 compared to the score of 66 obtained the previous year.

BBVA

To assess compliance, indicators have been established based on the number of towers and flanges produced that contribute to the generation of renewable wind energy.

In 2025, 1,579 towers and 319,508 tons of flanges were manufactured.

Taxation

Tax and Management Approach

Growing concern over how business groups manage tax matters, as well as the development of regulations by governments, is contributing to a rising trend toward transparency in tax information. Within this framework, it is essential to manage tax information—both mandatory and voluntary—and ensure it meets the standards required by various stakeholders.

The Board of Directors, through its Chairman, CEO, its executives, and through the tax department, promotes compliance with tax obligations and best practices. Through its CEO, Executive Director, and management teams, it is responsible for approving and updating the GRI Group’s Tax Risk Management Policy and all relevant operations that require it and is ultimately accountable to the shareholders for the existence, operation, and supervision of the Group’s Tax Risk Management System.

The principles and guidelines in the tax sphere are aligned with the GRI Group’s long-term development strategy, as well as with its mission, vision, and ethical values, in accordance with which all professionals and entities that form part of the Group are firmly committed to advancing the continuous improvement of all areas while pursuing sustainable development.

Furthermore, in developing its Tax Strategy, the Group has considered the Organization for Economic Cooperation and Development (OECD) guidelines for multinational enterprises on tax matters and its recommendations regarding cooperative tax compliance, as well as best national and international practices in tax governance.

Tax governance, control, and risk management

The Tax Strategy applies to all companies comprising the GRI Group, in which the parent company holds a majority stake, either directly or indirectly. In those Group companies where a majority stake is not held but the parent company exercises significant influence, the GRI Group will promote principles and guidelines consistent with those established in the Tax Strategy and will maintain appropriate communication channels to ensure adequate awareness of them.

Likewise, this Strategy applies to all GRI Group personnel in the performance of their duties and responsibilities, and in all professional contexts in which they represent the Group, including directors, executives, employees, and collaborators, regardless of their position, responsibility, or geographic location.

Furthermore, this Tax Strategy covers all tax obligations to which the Group is subjected to in the various countries and territories where it operates.

Within this framework, the GRI Group’s Tax Policy aims to ensure compliance with applicable tax regulations and to ensure proper coordination of the policies followed by the entities belonging to the Group, all while avoiding tax risks and inefficiencies in the execution of business decisions.

The Tax Strategy is reviewed annually, and in the event of changes to applicable regulations or circumstances that warrant its revision, this document will be updated accordingly to ensure that the Strategy fulfills its purpose. The Board of Directors will be the body responsible for its approval and updating.

Regarding risk control and management, the GRI Group’s Corporate Tax Department, among others, is responsible for analyzing new developments in tax legislation, case law, and doctrine, and for identifying, analyzing, and evaluating tax risks; it also monitors potential tax contingencies by country.

In addition, it collaborates with the Compliance Committee and the Internal Audit and Compliance Department, among others, in updating the Tax Risk Map. Updates are performed annually or whenever significant changes require them.

Significant risks are reported directly to the responsible parties to establish mechanisms for monitoring, controlling, and minimizing these risks.

Employees and external personnel may submit concerns or complaints through the designated reporting channels. Regarding actions taken in response to the potential existence of litigation, requests, inspections, sanctions, unforeseen risks, etc., once detected, the process of communication and coordinated risk management is initiated in accordance with the Code of Ethics and Conduct.

Taxation vs. Sustainability (ESG)

Taxation is poised to play a prominent role in achieving the Sustainable Development Goals (SDGs) within the framework of the 2030 Agenda, promoting the adoption of environmental, social, and governance (ESG) standards in investments. This was recently highlighted by the European Economic and Social Committee, which views tax policies as fundamental to meeting the SDGs, as they shape the economic environment in which investment, employment, and innovation occur, while providing the government with revenue to finance public spending.

For this reason, GRI has a team of tax experts who, in collaboration with the legal, financial, and compliance departments, update the Group’s plans and policies in line with current and future requirements in the countries where it operates.

Currently, the tax system already includes certain instruments that can facilitate the achievement of the SDGs, notably those related to governance, climate change, and efficiency, innovation, and diversity. Below, we summarize some examples:

In line with GRI’s social initiatives, tax incentives for non-profit organizations and patronage stand out.

In line with the GRI Group’s policies and mechanisms to combat fraud, money laundering, and corruption, a key feature is the non-deductibility for corporate income tax (CIT) of expenses arising from actions contrary to the legal system (bribes and other similar conduct that could foster corruption).

In line with the Group’s Tax Strategy, and from the perspective of tax governance itself, the growing importance of good tax governance and so-called tax compliance for tax risk management stands out.

In line with diversity and equality policies, the Corporate Income Tax (CIT) deduction for job creation for workers with disabilities is highlighted.

In line with its innovative strategy and the minimization of the environmental impact of GRI’s activities, tax incentives for R&D&I activities are noteworthy.

We highlight two tax mechanisms that directly contribute to the achievement of GRI Renewable Industries’ “Carbon Neutral 2030/50 Plan”:

In the area of sustainable mobility, current personal income tax (IRPF) regulations include measures aimed at promoting the use of public transportation and energy-efficient vehicles by employees, which allow for the design of environmentally sustainable compensation plans.

Significant tax credits for promoting renewable energy and public transportation plans within the scope of local taxes (property tax, business activity tax, and construction tax).

Likewise, significant progress and initiatives are expected in the tax sphere, such as the potential transformation of the tax system to align it with the SDGs, as well as the analysis of an optimal tax system that promotes the internalization of the environmental impact of economic activities, with two clear examples where GRI is firmly positioned:

In the fight against climate change, both through a negative approach (creation of new taxes) and a positive approach (tax reductions and the establishment of tax incentives). In this area, numerous opportunities exist provided that the measures adopted are properly defined, integrated into the overall tax system, and adequately coordinated with environmental policies in each country.

In the circular economy, as a key lever for achieving the SDGs, helping to preserve and improve natural capital, optimize resource use, and promote system efficiency, while revealing and eliminating negative externalities (market failures).

GRI Renewable Industries is firmly convinced of the need for an international framework that establishes an environmental tax system addressing the real needs of the current landscape, with environmental taxes that provide a permanent incentive toward more environmentally responsible behavior, reduce the tax burden, and encourage innovation through new, less polluting forms of production, transportation, and consumption, thereby implementing the “polluter pays” principle.

Well-defined environmental taxes, combined with an ambitious yet realistic action plan, can bring about effective change in the environment, contributing to the achievement of the SDGs.

Compliance Model

Internal Audit and Compliance

The Company has a global corporate culture that has upheld the same values and principles since its inception, while adapting to the local needs of each country, current market conditions, and the demands of stakeholders. In 2017, the Compliance Department was established to coordinate all compliance initiatives, as well as to track and monitor training on the Code of Ethics and other compliance policies for all employees. This department was formally approved by the Board of Directors.

In 2022, the Internal Audit department was created to formally integrate the various risk detection and management mechanisms and processes already present in all the Group’s business processes. Efforts around compliance have focused primarily on improving the design of the compliance program, on training activities, and on the oversight and control functions related to the program, such as internal processes and audits and regular monitoring of the effectiveness of control systems.

Code of Ethics and Ethics Channel

The Code serves as a guide for decision-making by all employees and collaborators of GRI Renewable Industries. The new version of the Code of Ethics and Conduct took effect on January 21, 2020.

It is mandatory for the Group’s employees, collaborators, executives, and directors to be familiar with the full content of the Code, and with the principles and standards of conduct established therein. It is also mandatory for them to complete training on this subject and to sit an exam on the principles and guidelines contained in the Code.

In addition to the Code of Ethics, various internal policies have been developed to detail and implement these values and principles in each area of interest. These policies are updated and reported annually in successive sustainability reports.

The Ethics Committee, through the Ethics Channels, is responsible for receiving and responding to any reported misconduct, doubts, inquiries, or bad practices, and for applying the appropriate legal or disciplinary measures. Additionally, it will carry out an annual audit plan to verify proper dissemination and compliance.

The “Ethics Channel” is available to all employees, executives, directors, and collaborators of GRI Renewable Industries, as well as other external stakeholders: customers, suppliers, or the public. It allows for both the resolution of questions regarding the application of the Code of Ethics and the receipt of reports and complaints related to alleged irregularities that may occur, contrary to the law and the established code of conduct.

In addition, it centralizes all complaints, incidents, and inquiries from the group that may arise from the availability of other channels in accordance with the applicable legal requirements in each country. Primary management of the Channel is now handled by an external provider, i2 Ethics (www.i2ethics.com), which also acts as the intermediary between the user of the Ethics Channel and the Compliance Committee, thereby ensuring confidentiality as one of the channel’s operating principles.

The Ethics Channel offers various communication channels accessible to employees at all levels and to third parties. Through these channels, it is possible to make any inquiry, file a report, or report any incident. The channel is available in all languages in which the Group operates

Ongoing complaints and litigation

The GRI Renewable Industries Ethics Channel is open for both internal use by employees and for any interested third parties (suppliers, customers, and others). Through this channel, individuals can report irregular or improper situations that violate the Code of Ethics. The Ethics Channel is available in 18 different languages to ensure accessibility for all potential users worldwide.

The Ethics Committee is the body responsible for promoting the values and conduct of GRI Renewable Industries, monitoring, communicating, and disseminating the Code of Ethics, and assisting in resolving questions regarding potential complaints or incidents through the reporting channels.

During the reporting period, the Ethics Committee received 34 complaints. Of these, 15 cases completed their remediation plans, with actions implemented and verified through standard internal review processes; these cases were closed as no further action was required following evaluation in accordance with internal procedures. There are 19 cases with ongoing remediation plans, in which corrective measures are being applied and appropriate follow-up is being conducted.

Comparative table of complaints received over the last 3 years:

During the reporting period, there were 565 visits to the ethics channel, compared to 860 in the previous year, a decrease of 34.3%.

During the reporting period, complaints were received from 10 different countries. Comparative table for the last 3 years:

Regarding other proceedings initiated against the company, ongoing litigation, and sanctions, there are no significant matters that have a material economic impact on the Group, in relation to:

Sensitive activities related to human rights, forced labor, and child labor that have a significant impact on the company’s various operations (408-1 and 409-1).
Unfair competition, monopolistic practices, and anti-competitive practices (206-1).
Health and safety impacts of product and service categories (416-2).
Substantiated complaints regarding violations of customer privacy and loss of customer data (418-1).
Non-compliance with social, environmental, and economic laws and regulations (307-1 and 419-1).
Violations related to product and service information and labeling (417-2).
Non-compliance related to marketing communications (417-3).

During the fiscal year, and in compliance with the Corporate Privacy Policy, 27 inquiries related to the Protection of Personal Data were handled. These requests came from 8 different companies and covered issues of varying nature and complexity, all of which were resolved satisfactorily.

During this period, no requests to exercise rights were received from data subjects.

Likewise, a security incident involving personal data was recorded. Following an assessment, it was determined that notification to the competent supervisory authority was not necessary, as the criteria required for such notification were not met.

At year end, no significant complaints or fines were received related to social, environmental, economic, labor practices, and/or human rights issues that exceeded €100,000 or that, by their nature, had a particular impact on the Company.

Awareness and Training

To ensure that all employees are familiar with the policies and guidelines, a Training Plan has been developed, which includes both online and in-person formats. With the entry into force of the new Code of Ethics and Conduct (in 2020), a new mandatory online training model was designed and implemented through the “GRI Academy” for all employees. It was launched in March 2021 for all Iberia factories and offices, and in 2022 it was extended to the rest of the countries in English and Spanish (except Brazil). The course includes information on “Prevention of Harassment,” “Fraud and Corruption,” “Conflict of Interest,” and the “Gift-Giving Guide.”

With the aim of providing training on human rights, ethics, discrimination & harassment, and corruption, in fiscal year 2025, courses related to the Code of Ethics and Conduct were offered through the Academy platform, targeting office staff, with 52 participants and 35 hours of training. More than 330 people have completed the course since its inception, representing 36% of the target audience. The company has set a goal to train at least 80% of the target workforce on the Code of Ethics and Conduct by 2030.

100% of staff receive training and/or information in the Code of Ethics and Conduct (ethics policy).

Additionally, we offer another course on the Academy platform: Harassment Prevention Protocol, with 135 professionals participating, representing 15% of the target workforce for this course. The target workforce consists of white-collar employees. The company has set a goal to train at least 60% of the target workforce in harassment prevention by 2030.

This compliance training is part of the work plan and is reflected in various initiatives carried out throughout the year:

Mandatory training on the corporate policy regarding the use of privileged and confidential information.
Update of the procedure for the Management of Social Initiatives, Donations, and Sponsorships.
Publication of the Corporate Policy on Commercial Sanctions.
Update of the Harassment Prevention Protocol.
Brief overview of key compliance elements—Code of Ethics and Ethics Hotline.
Publication of Equality, Diversity, and Inclusion Policy.
Training on the Harassment Prevention Protocol.

Brief overview of the Guide to Conduct Regarding the Offering of Incentives, Gifts, and Invitations.

Internal Control Framework

Since 2015, GRI Renewable Industries has had a “General Internal Control Framework” based on the COSO methodology, which includes:

Internal Control Policy and Committee

Key Controls Structure at the Entity Level (ELC)
Key Control Structure at the Process Level

GRI has documented those processes it considers posing a risk of material impact on the preparation of financial information. These processes describe the controls that enable an adequate response to the risks associated with achieving objectives related to the reliability and integrity of financial information, thereby allowing for the prevention, detection, mitigation, and correction of the risk of errors occurring with sufficient advance notice.

The processes, flowcharts, and matrices are disclosed through the dedicated portal on Leading the Change, where they remain available for consultation by any member of the organization, serving as an additional working tool.

Within the Internal Control assurance function, key controls are evaluated annually. To this end, processes involving risks affecting financial information are considered, assessing their probability and impact from both a qualitative and quantitative perspective.

From 2015 through 2022, as can be seen in the sustainability reports from previous years, effective assessments of controls have been conducted for both plants and corporate operations, combining two methodologies: independent testing and self-assessment. Both procedures have covered the processes and production centers, helping to ensure the reasonableness and reliability of financial information, as well as compliance with applicable standards and legislation.

In fiscal year 2023, it was decided to focus efforts on aligning the Processes and Internal Control Department with the GRI Official Taxonomy and on reviewing the company’s entire process to ensure that key processes are correctly defined and up to date. This work was completed in early 2024, with the official issuance of GRI Standard Zero, which governs the issuance of standards for the entire GRI framework.

During 2024 and 2025, as has been done in previous years but with greater focus and intensity, a comprehensive reassessment of processes is planned, with particular attention to those that have the greatest impact on financial reporting, as well as the development of new processes to complete the internal control framework. This initiative has been reviewed with a completion timeline of 2023–2025, which includes a comprehensive review of the framework, existing processes, the development or updating of these processes, key processes, and associated risks and controls.

And once it is determined that the framework is complete, robust, and fully mature, the Processes and Internal Control Department will resume evaluations of control effectiveness and will once again conduct testing and self-assessments across the entire company, both at the plant and corporate levels.

Risks and Opportunities

Since 2015, GRI Renewable Industries has had a “General Internal Control Framework” based on the COSO methodology, which includes:

Internal Control Policy and Committee
Structure of Entity-Level Controls (ELC)
Structure of Process-Level Key Controls

GRI has documented those processes that it considers to pose a risk of material impact on the preparation of financial information. These processes describe the controls designed to adequately address the risks associated with achieving objectives related to the reliability and integrity of financial information, in such a way that they allow for the prevention, detection, mitigation, and correction of errors with sufficient timeliness.

The disclosure of processes, flowcharts, and matrices is carried out through a dedicated portal on Leading the Change, remaining available for consultation by any member of the organization and constituting an additional working tool.

As part of the Internal Control assurance function, key controls are evaluated on an annual basis. To this end, processes with risks affecting financial information are considered, assessing their likelihood and impact from both a qualitative and quantitative perspective.

From 2015 through 2022 inclusive, as can be reviewed in the sustainability reports of previous years, effectiveness assessments of controls were carried out both at plant level and at corporate level, combining two methodologies: independent testing and self-assessments. Both procedures covered processes and production sites, helping to ensure the reasonableness and reliability of financial information, as well as compliance with applicable standards and legislation.

In financial year 2023, it was decided to focus efforts on transforming the Processes and Internal Control Department into GRI’s Official Taxonomy, and on reviewing the entire company process map to ensure that core processes are properly defined and up to date. This work was completed in early 2024, with the official issuance of GRI’s Zero Standard, which governs the issuance of standards across GRI.

During 2024 and 2025, as in previous years but with greater focus and intensity, a general re-evaluation of processes has been planned, considering those with the greatest impact on financial information, as well as the development of new processes to complete the internal control framework. This initiative has been reviewed with a completion horizon of 2023–2025, encompassing a comprehensive review of the framework, existing processes, their creation or updating, and the identification of key processes, associated risks, and controls.

Once the framework is determined to be complete, robust, and fully mature, the Processes and Internal Control Department will resume control effectiveness evaluations and will once again carry out testing and self-assessments across the entire company, both at plant and corporate level.

1. Risk Management

GRI Renewable Industries is subject to various risks inherent to its business arising from its commercial, financial, and economic operations, as well as from the legal obligations it must comply with in the countries where it operates.

To manage these risks of all types and nature, the group has various mechanisms and systems for risk detection, assessment, and management within its own business processes and operations.

In 2022, the Internal Audit function was established, formally integrating the mechanisms and processes necessary for risk detection and management.

Among the functions of the Internal Audit Department is providing advice and collaborating with Group Management to identify risks, and, in coordination with the entire organization, assisting in the establishment of the mechanisms and tools necessary to ensure adequate risk management aligned with the Group’s strategic objectives.

In this regard, during the 2022–2023 period, the Group’s Internal Audit department began designing and implementing the “Continuous Audit” system, which is conducted remotely and managed through various tools, covering the entire scope of the company:

Skywind – a system of automated alerts defined and designed to identify risk events.
Dashboards developed by process with key indicators.

The objective of the remote Continuous Audit is the efficient identification of incidents for early detection and improvement of business processes. We focus on indicators that show a deviation or a breach of applicable internal regulations. The Continuous Audit system is a methodology that begins with the identification of incidents, analysis of causes, and issuance of recommendations. The monitoring system itself allows for continuous tracking of compliance with the recommendations issued.

Financial Information Risk

Financial Risk Management

Market variables and Group policy

The Group’s activities are exposed to various uncertain economic factors that affect the normal functioning of financial markets. Factors such as exchange rates, interest rates, prices, credit availability, and returns on assets are affected not only by the markets’ inherent and customary conditions but also by global political circumstances and decisions, the consequences of which in each region and country do not always play out as intended.

In response to this situation, the Group’s policy, implemented through the Group’s Finance Department, focuses on maintaining the highest possible level of liquidity, thereby facilitating negotiations with financial institutions and minimizing risk in the conduct of its ordinary activities and investment plans. Furthermore, this policy allows the Group to remain active in the market, taking advantage of opportunities and favorable conditions while avoiding difficult and unfavorable ones.

The occasional use of hedging instruments, within the policy, is a measure viewed favorably under the principle of prudence that guides its actions.

(a) Market Risk

(i) Foreign exchange risk

The Group operates internationally and is exposed to fluctuations in exchange rates. The risk arises from:

commercial transactions,
recognized assets and liabilities,
the translation of financial statements of entities whose functional currency is other than the euro.

The Group has an exchange rate management policy:

periodic analysis of cash flows receivable or payable in currencies other than the euro,
occasional use of financial instruments (primarily forward contracts).

The main exposure stems from:

Brazilian real,
Indian rupee,
U.S. dollar,
South African rand,
Chinese renminbi.

Includes a table showing sensitivity to exchange rate fluctuations (pages 34–35 of the document).

(ii) Interest rate risk

Exposure arises primarily from financial debt, most of which is indexed to variable rates.

The Group has entered fixed-rate hedges maturing in 2025.

(b) Credit risk

It is assessed based on:

external ratings or internal historical ratings,
monitoring of individual limits,
credit insurance for customers where applicable.

Key points:

cash exposure, derivatives, deposits, accounts receivable,
credit policies covering most of the risk in Spain and Brazil,
in China, there is a general allowance.

(c) Liquidity risk

The Group maintains:

adequate cash levels,
committed credit lines,
non-recourse factoring,
continuous monitoring of liquidity needs.

(d) Geopolitical risks: War in Iran and the Middle East

On February 28, 2026, a conflict breaks out in Iran.

Expected impacts:

rising energy and raw material prices,
supply chain tensions,
rising interest rates.

Conclusion:

The Group has no direct exposure,
No material impact is expected,
short-term conflict forecast.

Capital Risk Management

Objective:

Maintain the ability to finance growth,
appropriate financing structure,
sustainable profitability.

Tax Risks

These include risks arising from non-compliance with tax obligations and the Company’s dealings with tax authorities in all countries where it operates. Such risks are detailed in the Annual Financial Statements. To mitigate them, the Corporate Tax Risk Management Policy and the Transfer Pricing Manual establish control mechanisms, and the risk map is updated annually, assessing each risk based on its severity and establishing the necessary controls to help mitigate it. Among the opportunities, tax risk prevention mechanisms allow for better control over the value creation generated in the countries where the Company operates.

Risk management: new projects

These include risks arising from potential changes in the company’s strategic direction or the country’s situation, such as political or regulatory changes, currency depreciation, energy policies, trade restrictions, etc.

To mitigate these risks, when a new project is developed, thorough study is conducted in which all quantitative and qualitative aspects of the project, as well as potential risks, are assessed and analyzed by the company’s various departments prior to its presentation to the Board of Directors.

All actions and the potential risks arising from them are continuously analyzed by the Company’s management and teams, enabling their detection and the rapid and agile implementation of corrective measures and opportunities for improvement.

Strategic and Environmental Risks

These include risks arising from potential changes in the Group’s strategic direction or the situation in the countries where it operates (political and regulatory changes, currency depreciation, etc.). To mitigate these risks, country and global risk analyses are conducted using the “Feasibility and Development Analysis Methodology” and external due diligence. Likewise, geographic and business diversification, along with compliance policies, investment in innovation, currency hedging, and insurance policies, minimize this risk. Also noteworthy are the actions aimed at complying with sanctions program regulations, which restrict commercial operations against a country or territory, or against certain organizations, individuals, or entities; specifically, during this period, those resulting from the sanctions imposed by the EU in the wake of the war in Ukraine. Among the opportunities, the impact of these changes on the local economy stands out (new business opportunities, jobs, taxes, etc.).

Operational Risks

These are risks arising from technological, infrastructure, or quality failures; issues stemming from processes and their management; human error; external factors; etc., which may result in product quality failures and missed delivery deadlines, among other issues.

The company’s efforts are focused on maintaining and improving customer relationships, adapting to their needs, expanding the portfolio of products and services, and increasing our global presence.

Among the control mechanisms the Group employs to identify events with operational, or process impacts is the “Continuous Audit” system, carried out using various tools, which includes numerous alerts designed to identify errors and/or control weaknesses in operational and business processes. This system is currently in the process of development and implementation.

To mitigate these risks, risk policies are in place, and numerous initiatives and projects are being developed to improve, measure, and enhance efficiency, as well as contingency plans, etc.

A clear opportunity arises from efficiency in products and processes, which reduces consumption, production times, waste, etc., and thereby improves costs and profitability. Furthermore, through innovation, the company adapts to market needs.

Reputational, ethical, and human rights risks

These arise from potential conduct contrary to the guidelines set forth in GRI Renewable Industries’ codes and policies regarding ethics, human rights, and anti-corruption.

To mitigate these risks, through the Corporate Compliance Department and managers at the various plants, we emphasize comprehensive communication and training on compliance policies and codes applicable to all personnel in the countries where we operate. Additionally, the Compliance Committee and relevant communication channels (Ethics Hotline) remain in place to address any complaints or conflicts that may arise. Through these mechanisms, we have minimized risks and improved communication and management regarding the local economic impact of our factories (local suppliers, local employment, improvement of the local economy, tax payments, etc.).

Among the opportunities, the numerous initiatives that strengthen the Group’s ethical principles, minimize risks, and enhance the company’s reputation stand out.

Risks related to health and safety

Worker Health and Safety is a strategic factor and an obligation, always present in decision-making and in the development of work plans focused on the constant improvement of safety and working conditions in factories and offices.

To mitigate these risks, through the Integrated Policy, awareness and training measures, as well as management systems under the ISO 45001 standard and the IPRL excellence system, we actively manage each and every identified risk, implementing preventive and corrective measures to reduce both the probability and severity of any undesirable event, using common criteria and requirements that exceed those established in applicable legislation.

This allows us to identify and develop actions and opportunities for improvement that contribute to enhancing the work environment and atmosphere for our various professionals.

IT Security, Process, and Data Protection Risks

Today, systems are a fundamental element for the execution of processes and the implementation of business strategy, even more so in a collaborative and innovative environment based on emerging technologies and in an increasingly turbulent business context. Likewise, cyber threats continue to grow in ingenuity and frequency; online fraud continues to evolve thanks to new social engineering techniques and is responsible for millions in losses for companies worldwide.

On April 28, 2025, an unprecedented power outage occurred in Spain. Although it was not linked to cyberattacks, the incident disrupted operations at many companies across the country and highlighted the growing interdependence and risks within the global technological ecosystem. GRI Renewable Industries managed to keep its operations unaffected thanks to a contingency plan based on infrastructure and personnel prepared and tested for such situations. Coinciding with the relocation of its headquarters, all services always remained available to support business operations.

Recognizing that employee training and awareness are the primary countermeasures for effectively mitigating most entry vectors for these types of threats, we have an Annual Cybersecurity Training Plan that lays the groundwork for better detection and response to any type of incident. To mitigate these risks, GRI’s IT department navigates a challenging balance between the need for digital innovation across the Group and the need to maintain and operate current systems and processes.

To this end, it integrates risk analysis from the design phase of every change and against a pre-established catalog of potential threats, always acting with a focus on continuous improvement and striving for operational excellence. Additionally, it establishes the necessary policies and mechanisms to safeguard information privacy and protect customer and supplier data, as well as to properly manage and handle documentation.

To comply with information and data security and protection standards, it develops procedures and implements control mechanisms in accordance with international standards such as ISO 27001, CISA, and NIST. Furthermore, the training and development of GRI professionals plays a fundamental role in risk mitigation measures.

In 2025, as in previous years, the “Information Security” course was updated and launched via the Academy platform, with 95% of employees with access to an email account or the internet completing the course. The remaining employees are not subject to this requirement.

In 2026, the goal is set to sustain an annual participation rate of over 95%, with a commitment to achieve 100% coverage of the workforce by 2030.

One of the most significant initiatives in the realm of Industry 4.0 has been the progress made in implementing GRI’s Industrial IoT Platform, IoTWIND. The first version is currently being developed at GRI Towers Galicia as part of the RISS program, which is funded by the Regional Government of Galicia. The platform was created with the clear goal of becoming a cross-functional corporate tool for the entire GRI organization.

Although still under development, the features already available have demonstrated a high level of maturity and impact. Its adoption has been rapid and seamless within plant processes, becoming a cornerstone in the evolution toward the “data-driven factory” paradigm.

The platform acts as an information integration hub, connecting data from various applications, industrial machinery, systems, and sensors—including energy management components. This provides different operational areas with near real-time visibility into the factory’s status, as well as access to historical data that facilitates the evaluation of improvement actions and detailed analysis of past events.

Furthermore, IoTWIND generates a highly interoperable data repository, which serves as the ideal foundation for developing advanced solutions based on artificial intelligence. These capabilities open the door to pattern detection and the implementation of improvements that surpass human inference capabilities in areas as diverse as predictive maintenance, productivity optimization, and carbon footprint reduction.

Risks Posed by Climate Change

The current environment shows us that risks associated with environmental, social, and governance (ESG) issues, such as climate change, are becoming increasingly relevant. Therefore, it is necessary to incorporate them into the company’s decision-making, business strategy, management, and performance.

To mitigate these risks, in 2020 a corporate-level analysis was conducted of the potential cross-cutting risks that could affect the business, with the aim of translating and tailoring these risks to the various countries and facilities over the next two years. To this end, the “Task Force on Climate-related Financial Disclosures (TCFD) of the Financial Stability Board (FSB)” standard was used as a reference and integrated into the company’s global risk map.

The Carbon Neutral 2030/50 Plan summarizes the improvement opportunities identified to minimize its impact, meet the expectations of customers and society, and enhances GRI Renewable Industries’ market positioning.

In 2023, the Climate Change Physical Risks Assessment project was launched to determine exposure to physical risk factors across all the group’s facilities. The project continued through 2024 with the calculation of the associated impact based on the time horizons and scenarios defined in the project. The objective of the project is to determine the Value at Risk associated with the impact of climate change on GRI Renewable Industries’ physical assets and operations.

Analysis of climate risk exposure for all GRI Renewable Industries assets based on:

Time horizons:

Short term (2030).
Long term (2050).

Climate scenarios:

RCP2.6: Paris Agreement.
RCP2.8: Business as usual.

Risk factors analyzed.

Temperature variations (max.).
Temperature variations (min.).
Drought.
Floods (river).
Heat waves.
Heavy precipitation (rain).
Heavy precipitation (snow).
Permafrost thaw.
Snowstorm.
Wildfire.
Water stress.

CONTENT 2-23 AND CONTENT 3-3

Likewise, the precautionary principle and continuous improvement are incorporated through the Code of Ethics and Conduct, the Integrated Policy, and the Sustainability Policy.

Key Risks in 2025

The most significant risks identified are as follows:

General economic and social instability resulting from the armed conflict caused by the Russian invasion of Ukraine, and its enormous social and economic impact across the European Union. The EU continues to maintain and successively expand its packages of sanctions and restrictive measures.
Geopolitical impact and market impact from the war between Israel and Gaza that began in early October 2023 and has continued throughout 2025.
Supply chain disruptions due to compliance with restrictions on the import and export of goods to Russia and the application of trade sanctions by the European Union as a result of the conflict between Ukraine and Russia. These sanctions have been extended by the EU until July 2026.
Cyber threats and online fraud, which are increasingly prevalent and employ increasingly sophisticated mechanisms, making it difficult to design and implement effective controls to mitigate them.
Risk due to shortages and dependence on critical raw materials for the steel industry.
The growing volume of legislation, not only in Spain but also internationally, as well as increasingly demanding customer requirements. This makes legal compliance with all regulations and requirements across different areas of application more complex, also necessitating the expansion of the organization’s structures.
The situation of political polarization in certain countries where the Group operates.
The Red Sea crisis, which is increasing global transportation costs and creating supply chain tensions in many locations.
The volatility of raw material prices and, consequently, the valuation of inventory available in factories.
Huge price increases in raw materials and resources such as energy.
Risks arising from protectionist policies and the imposition of tariffs among major players in international trade.
Inflationary pressures stem from the geopolitical context.
Risks arising from the imposition of tariff measures by new governments in the markets where the Group operates.
Risks arising from various geopolitical changes involving trade restrictions, embargoes, and sanctions.
The notable rise in nationalist and Euroskeptic views.
The growing awareness of environmental, social, and governance (ESG) issues, as well as risks arising from climate change, natural disasters, and diseases.
The internal risk of achieving operational excellence in certain countries.
Risks arising from the implementation of the European Union’s Carbon Border Adjustment Mechanism (CBAM), which may entail increased costs, greater administrative burdens, and additional reporting requirements regarding emissions associated with certain imported products, with a potential impact on competitiveness and the supply chain.

The general economic crisis resulting from the various uncertainties described above, those arising from ongoing regulatory changes that require the Group to adapt its processes, and the need to adapt quickly to changes in the markets and among customers.

Associations and organizations

At GRI Renewable Industries, we actively work to promote all the divisions that make up the Group. To this end, we participate in various organizations and associations, both from a corporate perspective and in the different countries where we operate.

These initiatives focus on various areas such as the economic, industrial, social (NGOs and foundations), and business sectors. Annex 4 summarizes the main associations and organizations with which we collaborate.

We also collaborate with public bodies and local governments, establishing relationships in a selfless and transparent manner, primarily regarding issues affecting the sector. GRI Renewable Industries does not make contributions to political parties or government bodies, as established by the Code of Ethics and Conduct and the Donations and Sponsorship Procedure, which are mandatory within the Group (415-1).

Sustainability Ratings

As part of its commitment to transparency, GRI Renewable Industries actively collaborates with EcoVadis.

EcoVadis is a sustainability risk rating agency for supply chains. GRI has once again participated in this rating, and in 2025 achieved a 2-point improvement in its score compared to the previous year, earning the bronze medal, which places it in the top 35% of the world’s most responsible companies.