For secunet effective corporate governance is one of the main prerequisites for achieving corporate objectives and increasing corporate value.

Corporate governance spans a company’s entire system for management and monitoring including its organisation, business policy principles and guidelines as well as internal and external control and monitoring mechanisms. Outstanding and transparent corporate governance ensures responsible management and control of a company in alignment with the creation of value. It promotes trust in secunet on the part of investors, financial markets, business partners and staff as well as the general public.

Declaration on Corporate Management pursuant to § 289f and §315d of the German Commercial Code

An effective and transparent organisation, as well as responsible and reliable corporate governance is very important at secunet Security Networks AG. The Company’s Management Board and Supervisory Board firmly believe that good corporate governance is key to the continued success of the Company on the market.

The term Corporate Governance describes the regulatory framework for the management and supervision of companies. In a general sense, this framework must be designed in such a way that the Management Board and Supervisory Board work to ensure that the company continues to exist and creates value sustainably. Recommendations and proposals for how this requirement can be implemented in the management and supervision of companies are summarised in the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK). The Code serves the purpose of increasing trust in companies listed on the German stock exchange.

The Management Board and Supervisory Board therefore regularly check the implementation of the German Corporate Governance Code at secunet Security Networks AG. In the 2020 financial year, the Management Board and Supervisory Board of the Company once again carefully deliberated on the recommendations and proposals of the German Corporate Governance Code, in both the version of 7 February 2017 and the version of 16 December 2019, which entered force with its publication in the Federal Gazette on 20 March 2020. The Declaration of Conformity set out below regarding the German Corporate Governance Code was agreed on the basis of these deliberations. This declaration is permanently available on our website and will be updated immediately if required.

secunet Security Networks AG issues the following Declaration of Corporate Governance in accordance with Sections 289f HGB and 315d HGB:

Management and supervisory structure

secunet Security Networks AG is subject to German stock corporation law and its own Articles of Association. As a German public limited company, it has a dual management and supervisory structure consisting of a Management Board and a Supervisory Board.

The Management Board and Supervisory Board work together closely and on the basis of mutual trust in their management and supervision of the Company. The Annual General Meeting is responsible for fundamental decisions in the Company.

Supervisory Board

In accordance with Article 9 (1) of the Articles of Association, the Supervisory Board comprises six members, four of whom are elected by the Annual General Meeting and two by the employees in accordance with the German One-Third Participation Act. In accordance with the recommendations of the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK), the shareholder representatives were elected by a single ballot. The current members of the Supervisory Board are Ralf Wintergerst (Chairman of the Supervisory Board), Dr Peter Zattler (Deputy Chairman of the Supervisory Board), Dr Elmar Legge, Jörg Marx (employee representative), Gesa-Maria Rustemeyer (employee representative) and Professor Dr Günter Schäfer. Further information about the members of the Supervisory Board, including their term of office, can be found under “The Company” on the Company’s website at www.secunet.com.

The Supervisory Board monitors and advises the Executive Board with regard to the management of the Company. At regular intervals, the Supervisory Board discusses business performance and planning, as well as the strategy and its implementation. It discusses the half-year financial reports and quarterly updates with the Management Board before their publication, and approves the Annual Financial Statements of secunet Security Networks AG and the Group, taking into consideration the audit reports prepared by the auditors and its own examination. The Supervisory Board monitors the accounting process, the effectiveness of the internal control system, risk management and internal audit, as well as the auditing of the financial statements. Its tasks and responsibilities also include  appointing members to the Management Board. Management Board decisions of fundamental importance, such as major acquisitions, disposals and financial measures, require the consent of the Supervisory Board. An extraordinary meeting of the Supervisory Board is convened as and when necessary should significant events arise. The Supervisory Board has drawn up rules of procedure for its work, which are published on the Company’s website.

The Chair of the Supervisory Board is elected by the Supervisory Board from among its members. The Chair coordinates the work carried out within the Supervisory Board, chairs its meetings and represents its interests externally. The Supervisory Board strives to continually improve the effectiveness and efficiency of its activities. The efficiency review or self-assessment of the Supervisory Board is carried out at the end of each year. For the purposes of self-assessment, each member of the Supervisory Board answers a structured questionnaire on the individual effectiveness criteria. The results, including any possible proposals for improvement, are discussed at the first meeting of the following year, at which the annual financial statements are adopted.

The knowledge, skills and professional experience required to fulfil the remit are taken into account when drawing up the nominations for election to the Supervisory Board. The Supervisory Board of secunet Security Networks AG has also specified concrete targets for its composition, with due consideration given to diversity. At least one seat on the Supervisory Board is reserved for a female member. One or more Supervisory Board members should also have many years of special experience abroad, acquired as a result of working abroad or due to a foreign country of origin. Furthermore, an age limit of 70 years is planned for members of the Supervisory Board.

The Supervisory Board has also drawn up a profile of skills for the board as a whole. The purpose of the skills profile is to ensure that the members of the Supervisory Board possess all the knowledge and experience considered essential in light of the activities of secunet Group.

Nominations by the Supervisory Board to the Annual General Meeting shall take into account the aforementioned targets for the composition of the Supervisory Board and, at the same time, endeavour to meet the requirements of the skills profile for the board as a whole. In the reporting period, the Supervisory Board did not submit any proposals to the Annual General Meeting for the election of Supervisory Board members (shareholder representatives). The composition of the Supervisory Board complied with the specifications of the skills profile both before and after the Supervisory Board elections in 2019. The Supervisory Board members possessed and possess the professional and personal qualifications deemed necessary. They were and are all familiar with the sector in which the Company is active and had and have the essential knowledge, skills and experience for the Company.

Furthermore, in accordance with Section C.6 of the German Corporate Governance Code, the Supervisory Board should include what it considers to be an appropriate number of members on the shareholder side who are independent of the Company, its Management Board and the controlling shareholder. Taking into account particularly the ownership structure and the size of the board as a whole, the Supervisory Board has come to the conclusion that one independent shareholder representative as per the above definition is appropriate and that Supervisory Board member Dr Elmar Legge meets the requirements. Dr Legge thus also complies with the recommendation in Section C.9 of the German Corporate Governance Code, according to which, in the case of a company that has a controlling shareholder – which applies to secunet Security Networks AG due to the majority holding of Giesecke + Devrient GmbH, Munich – and whose Supervisory Board has six members or fewer, at least one shareholder representative should be independent of the controlling shareholder.

Furthermore, according to Section C.7 of the German Corporate Governance Code, more than half of the shareholder representatives should be independent of the Company and the Management Board. A Supervisory Board member is deemed to be independent of the Company and its Management Board if he or she has no personal or business relationship with the Company or its Management Board that could constitute a material and not merely temporary conflict of interest. In accordance with Section C.7 of the German Corporate Governance Code, the shareholder side shall, when assessing the independence of its Supervisory Board members from the Management Board and the Company, in particular take into account whether the Supervisory Board member or a close family member of the Supervisory Board member (i) was a member of the Management Board of the Company in the two years prior to the appointment, (ii) currently has or has had a material business relationship with the Company or a company dependent on it (e. g. as a customer, supplier, lender or consultant), either directly or as a shareholder or in a responsible function of a company outside the Group, in the year leading up to the appointment, (iii) is a close family member of a Management Board member, or (iv) has been a member of the Supervisory Board for more than twelve years. If one or more of the aforementioned indicators applies and the Supervisory Board member in question is nevertheless considered to be independent, this shall be justified in the Declaration of Corporate Governance pursuant to Section C.8 of the German Corporate Governance Code. According to the Supervisory Board’s assessment, and in accordance with the recommendation under Section C.7 of the German Corporate Governance Code, more than half of the shareholder representatives are independent of the Company and the Management Board, namely Mr Ralf Wintergerst, Dr Peter Zattler and Dr Elmar Legge. In this assessment, the Supervisory Board also took into consideration the fact that Dr Zattler has been a member of the Supervisory Board since 2004 and Dr Legge since 1999. Both therefore fulfil one of the aforementioned indicators with a length of service of more than twelve years, so that – in accordance with the recommendation under Section C.8 of the German Corporate Governance Code – reasons are to be given in the Declaration of Corporate Governance as to why both Supervisory Board members are nevertheless considered independent. Dr Zattler and Dr Legge perform their duties with great diligence and consistently in line with the corporate interests of secunet Security Networks AG. With the exception of their respective length of service, Dr Zattler and Dr Legge have no other personal or business relationships with the Company or its Management Board, nor are there any other indications that could be construed as constituting a material and not merely temporary conflict of interest. In the opinion of the Supervisory Board, it would therefore be wrong to conclude a lack of independence from the Company and the Management Board based solely on the length of service.

The Supervisory Board has not formed any committees. In the opinion of the Supervisory Board, this is not in fact necessary, as it comprises only six members. Given a board of this size, efficient operation can be guaranteed without the establishment of committees.

Management Board

The Management Board consists of four members, namely the Chairman of the Management Board, Mr Axel Deininger, Mr Thomas Pleines, Mr Torsten Henn and Dr Kai Martius.

The Management Board, as the body responsible for managing the Company, conducts the Company’s business under its own responsibility and in the Company’s interests. Its aim is to increase the enterprise value on a sustainable basis. In particular, it determines the principles of the Company’s policy and is also responsible for developing the Company’s strategy, for planning and setting the Company’s budget, for allocating resources, and for controlling and managing the Company’s corporate and business divisions. Specific measures described in the Management Board’s rules of procedure require the approval of the Supervisory Board. The Management Board is responsible for preparing the Company’s quarterly updates, the Company’s half-year financial reports, the Annual Financial Statements of secunet Security Networks AG, and the Consolidated Financial Statements.

The Management Board works closely with the Supervisory Board. It informs the Supervisory Board regularly, comprehensively and without delay – by means of written and verbal reports – of all issues important to the Company as a whole with regard to strategy and strategy implementation, planning, business performance, the financial and earnings situation, and entrepreneurial risks. The Supervisory Board is involved without delay in all decisions fundamental to the Company. No age limit is planned for members of the Management Board.

Targets for the appointment of women

The Supervisory Board has implemented the requirements of the legislation that came into force on 1 May 2015 regarding the equal participation of women and men in management positions.

At its meeting on 4 May 2017, the Supervisory Board established a target of 17 percent for the proportion of women on the Supervisory Board, relating to the implementation period from 1 July 2017 to 30 June 2022, which corresponds to the goal of electing one female member to the Supervisory Board. The Supervisory Board took this target into account in its election proposals to the Annual General Meeting in May 2019.

The Supervisory Board last dealt with the target figure for the proportion of women on the Management Board of the Company at its meeting on 25 March 2020 and resolved to retain the previously applicable target figure of zero percent. In the view of the Supervisory Board,
the search for suitable female candidates remains a challenge in the current market environment and in the business fields of secunet Security Networks AG. It is the opinion of the Supervisory Board that a higher target cannot be considered realistic at the present time. This target remains applicable until 31 May 2025.

With regard to the two management levels below the Management Board, the Management Board set the following targets for the period from 1 July 2017 to 30 June 2022: zero percent for the first level and eleven percent for the second level. In view of the small size of the Company, the limited number of management positions and the associated low level of fluctuation, the Management Board is of the opinion that more ambitious targets would currently not be realistic. However, the Management Board reiterates its intention to move towards a higher proportion of management positions being held by women to the greatest extent possible.

In the 2020 financial year, the proportion of women at the second management level below the Managemen Board was 9 percent (previous year: 8 percent).

Responsible risk management

Good corporate governance also means that the Company must take a responsible approach to risk. Systematic risk management as part of our value-oriented Group management ensures that risks are identified and evaluated at an early stage, and that risk positions are optimised. The Management Board reports regularly to the Supervisory Board on the current development of key risks. Details of risk management at secunet Security Networks AG can be found in the combined Management Report. It also contains the report on the key characteristics of the internal control and risk management system relating to accounting.

Transparent corporate governance

Transparency in corporate governance is very important to the Management Board and Supervisory Board of secunet Security Networks AG. Shareholders, all participants in the capital market, financial analysts, shareholder associations and the media are provided with comprehensive, regular and up-to-date information regarding the Company’s position and key changes to the Company’s business.

secunet Security Networks AG reports to its shareholders four times a year on business performance and on the financial and earnings situation, and makes all reports and information permanently available to shareholders on the Company’s website at www.secunet.com. The dates for regular financial reporting are listed in the financial calendar. If any circumstances arise at secunet Security Networks AG that might significantly influence the stock market price of the Company, these are disclosed in ad hoc announcements in accordance with the legal requirements. The financial calendar and ad hoc announcements are available to view on the website of secunet Security Networks AG under >> The Company >> Investor Relations >> Financial News and Reports.

Shareholders and Annual General Meeting

The shareholders of secunet Security Networks AG may exercise their rights, including voting rights, at the Annual General Meeting. Shareholders can exercise their voting rights at the Annual General Meeting themselves or choose an agent or Company proxy bound by their instructions to exercise the voting rights. The Annual General Meeting takes place in the first eight months of the financial year. The Chairman of the Supervisory Board normally chairs the Annual General Meeting. Ahead of the Annual General Meeting, shareholders receive comprehensive information about the past financial year and about the individual items on the agenda of the upcoming meeting by way of the Annual Report and invitation to the meeting. All relevant documents and information on the Annual General Meeting, together with the Annual Report, are also available on our website.

In accordance with the provisions of law, the auditors are appointed by the Annual General Meeting. At the Annual General Meeting on 8 July 2020, the Essen branch of PricewaterhouseCoopers GmbH, registered office in Frankfurt am Main, was appointed as auditors for secunet Security Networks AG and Group auditors for secunet Group for the 2020 financial year, and was therefore selected to perform an audit review of the Condensed Financial Statement and the Interim Management Report of secunet Security Networks AG
and secunet Group as at 30 June 2020.

Shareholders are notified of important dates by means of a financial calendar published in the Annual Report, in the quarterly updates and on the Company’s website.

Further detailed information about secunet Security Networks AG is available on our website at www.secunet.com.

Corporate governance guidelines

The Articles of Association of secunet Security Networks AG form the basis of our Company. The Company’s Articles of Association, the current Declaration of Conformity, the Declarations of Conformity for previous years and further corporate governance documents can be found online at www.secunet.com under >> The Company >> Investor Relations >> Corporate Governance.

The Management Board has introduced a Code of Conduct for the Company and its employees, summarising the business principles of secunet Security Networks AG. These principles are a crucial part of how secunet Security Networks AG sees itself, and of the expectations that it strives to meet. The Code of Conduct sets down standards of conduct for dealing with all the economic, legal and moral challenges that we face in our day-to-day business activities, and is intended to serve as a benchmark and guide when working with customers, suppliers and other business partners, as well as for our conduct towards our competitors. It also governs our conduct in financial matters and trading in secunet shares, their derivatives and other financial instruments. The Company has set up a compliance unit for questions arising in connection with the Code of Conduct.

In accordance with the provisions of Section A.2 of the German Corporate Governance Code, the Company has an electronic whistleblower system that provides employees with an opportunity to report, under protection, legal violations within the Company. This option is also available to third parties.

Management Board and Supervisory Board remuneration

secunet Security Networks AG complies with statutory regulations and the recommendations of the German Corporate Governance Code in the version applicable in the 2020 financial year and discloses the remuneration of each individual member of the Management Board. In this Annual Report (more specifically, in the remuneration report, which forms part of the Management Report), we detail the remuneration of the members of the Management Board and Supervisory Board.

Information on stock option programmes and similar securities-based incentive systems

No stock option programmes or similar securities-based incentive systems existed in the reporting year for members of corporate bodies or employees of the Company.

Notification of transactions under Article 19 of the European Market Abuse Regulation (managers’ transactions)

Article 19 of the European Market Abuse Directive (EU) No. 596 / 2014 requires members of corporate bodies (Supervisory Board / Management Board) and certain executives, as well as closely related parties, to disclose transactions in secunet shares or related financial instruments where the sum total of such transactions reaches or exceeds 20,000 euros within a single calendar year. Disclosures regarding managers’ transactions (directors’ dealings) are also published on our website under Investor Relations >> Share Information. No managers’ transactions were reported in the 2020 financial year.

Accounting and auditing of the financial statements

secunet Security Networks AG prepares its Consolidated Financial Statements and Consolidated Interim Financial Statements in accordance with the International Financial Reporting Standards (IFRS) as applicable in the European Union. The Annual Financial Statements of secunet Security Networks AG are prepared in accordance with German commercial law (HGB) and the German Stock Corporation Act. The Annual and Consolidated Financial Statements are compiled by the Management Board and audited by the auditors and the Supervisory Board. Quarterly updates and the half-year financial report are discussed by the Management Board and Supervisory Board prior to their publication.

secunet Security Networks AG’s Consolidated and Annual Financial Statements have been audited by the Essen branch of PricewaterhouseCoopers GmbH, registered office in Frankfurt am Main, the auditors appointed by the 2020 Annual General Meeting. The audits were performed in accordance with Section 317 HGB and with due consideration for the generally accepted standards for the audit of financial statements in Germany promulgated by the Institute of Public Auditors in Germany (IDW). The undersigned auditors for the Annual Financial Statements and Consolidated Financial Statements of secunet Security Networks AG are Mr Lutz Granderath and Mr Michael Herting.

It was also contractually agreed with the auditors that they inform the Supervisory Board without delay of any potential grounds for exclusion or bias and of any findings or occurrences of significance to the Supervisory Board’s remit that came to light during the auditing of the financial statements.

The Condensed Consolidated Interim Financial Statements and the Interim Group Management Report as at 30 June 2020 were subjected to an audit review by PricewaterhouseCoopers GmbH.

Declaration of Conformity under Section 161 of the German Stock Corporation Act dated 26 November 2020

The management and supervisory boards of companies listed on the German stock exchange are legally obliged, in accordance with Section 161 of the German Stock Corporation Act (Aktiengesetz, AktG), to annually declare whether the official recommendations of the Government Commission on the German Corporate Governance Code applicable at the time of making the declaration have been fulfilled and will be fulfilled. The Company is furthermore required to disclose which recommendations of the Code have not been applied or will not be applied and to explain the reasons for this. This Declaration of Conformity is printed in full below, with explanations. The Declaration of Conformity can also be found on secunet Security Networks AG’s website under >> The Company >> Investor Relations >> Corporate Governance. The Declarations of Conformity issued in the last five years are permanently available on the website.

I.

Since submission of the last Declaration of Conformity in November 2019, secunet Security Networks AG has complied with the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version in force on 7 February 2017 (DCGK 2017) and published by the German Ministry of Justice in the official part of the Federal Gazette on 24 April 2017, with the following exceptions:

D&O insurance for the Supervisory Board

Section 3.8, para. 3 DCGK 2017: A similar deductible shall be agreed upon in any D&O policy for the Supervisory Board.

Explanation: The Supervisory Board of secunet Security Networks AG conducts its business with the utmost sense of responsibility. A deductible would not give rise to any additional improvement or incentive.

Age limit for Management Board members

Section 5.1.2, para. 2, sentence 3 DCGK 2017: An age limit for members of the Management Board shall be specified.

Explanation: secunet Security Networks AG does not stipulate an age limit for Management Board members, as the age of the particular Management Board member is not a blanket criterion for suitability to hold a position on the Management Board. An age limit would therefore generally limit the selection of suitable candidates to an unreasonable degree.

Regular limit for the term of office on the Supervisory Board
Section 5.4.1, para. 2, sentence 1 DCGK 2017: The Supervisory Board shall determine concrete objectives regarding its composition, and shall prepare a profile of skills and expertise for the entire Board. Within the company-specific situation the composition of the Supervisory Board shall reflect appropriately the international activities of the company, potential conflicts of interest, the number of independent Supervisory Board members within the meaning of number 5.4.2, an age limit and a regular limit to Supervisory Board members’ term of office, both to be specified, as well as diversity.

Explanation: The Supervisory Board of secunet Security Networks AG has not specified a regular limit for the term of office on the Supervisory Board. In the view of the Supervisory Board such a restriction is not necessary with regard to efficient operation of the Board, especially since the Board’s work may benefit from the experience of long-standing members.

Establishment of Supervisory Board committees and remuneration of committee members
Section 5.3.1 DCGK 2017: Depending on the specific circumstances of the enterprise and the number of Supervisory Board members, the Supervisory Board shall form committees of members with relevant specialist expertise.

Section 5.3.2 DCGK 2017: The Supervisory Board shall establish an Audit Committee [...].

Section 5.3.3 DCGK 2017: The Supervisory Board shall form a Nomination Committee.

Section 5.4.6, para. 1, sentence 2 DCGK 2017: The status as Chair or membership of a committee shall also be taken into consideration when specifying the remuneration of Supervisory Board members.

Explanation: The Supervisory Board of secunet Security Networks AG has no committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the establishment of committees.

Due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Audit Committee would not increase the efficiency of the work performed by the Supervisory Board in relation to accounting, risk management, compliance and the auditing of the financial statements.

Furthermore, due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Nomination Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to the nomination of suitable candidates for the Supervisory Board’s proposals to the General Meeting for the election of Supervisory Board members. An additional Nomination Committee has therefore not been established.

Since the Supervisory Board has no committees, the issue of a special remuneration for committee chairs and members is not currently relevant.

II.

secunet Security Networks AG intends to comply with the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version in force on 16 December 2019 (DCGK 2020) and published by the German Ministry of Justice in the official part of the Federal Gazette on 20 March 2020, with the following exceptions:

Age limit for Management Board members
Recommendation B.5 DCGK 2020: An age limit shall be specified for members of the Management Board and disclosed in the Declaration of Corporate Governance.

Explanation: secunet Security Networks AG does not stipulate an age limit for Management Board members, as the age of the particular Management Board member is not a blanket criterion for suitability to hold a position on the Management Board. An age limit would therefore generally limit the selection of suitable candidates to an unreasonable degree.

Establishment of Supervisory Board committees, cooperation with the external auditors and remuneration of committee members
Recommendation C.10 DCGK 2020: […], the Chair of the Audit Committee as well as the Chair of the committee that addresses Management Board remuneration shall be independent from the company and the Management Board. The Chair of the Audit Committee shall also be independent from the controlling shareholder.

Recommendation D.2 DCGK 2020: Depending on the specific circumstances of the enterprise and the number of Supervisory Board members, the Supervisory Board shall form committees of members with relevant specialist expertise. The respective committee members and the committee chairs shall be named in the Declaration of Corporate Governance.

Recommendation D.3 DCGK 2020: The Supervisory Board shall establish an Audit Committee [...].

Recommendation D.4 DCGK 2020: The Chair of the Audit Committee shall have specific knowledge and experience in applying accounting principles and internal control procedures, shall be familiar with audits, and shall be independent. The Chair of the Supervisory Board shall not chair the Audit Committee.

Recommendation D.5 DCGK 2020: The Supervisory Board shall form a Nomination Committee, composed exclusively of shareholder representatives, which names suitable candidates to the Supervisory Board for its proposals to the General Meeting.

Recommendation D.11 DCGK 2020: The Audit Committee shall conduct an evaluation of the quality of the audit on a regular basis.

Recommendation G.17 DCGK 2020: Remuneration for Supervisory Board membership shall take appropriate account of the larger time commitment […] of the Chair and the members of committees.

Explanation: The Supervisory Board of secunet Security Networks AG has no committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the establishment of committees.

Due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Audit Committee would not increase the efficiency of the work performed by the Supervisory Board in relation to accounting, risk management, compliance and the auditing of the financial statements.

Furthermore, due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Nomination Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to the nomination of suitable candidates for the Supervisory Board’s proposals to the General Meeting for the election of Supervisory Board members. An additional Nomination Committee has therefore not been established.

Since the Supervisory Board has no committees, the issue of the independence of the Chair of the Audit Committee or of the Chair of the committee that addresses Management Board remuneration is not currently relevant, nor is that of a special remuneration for committee chairs and members.

secunet Security Networks AG

Essen, 17 March 2021

 

For the Management Board                    For the Supervisory Board

 

 

Declaration of conformity under section 161 AktG

The Management Board and Supervisory Board of secunet Security Networks AG hereby submit the following Declaration of Conformity regarding the recommendations of the Government Commission on the German Corporate Governance Code in accordance with Section 161 of the German Stock Corporation Act (Aktiengesetz, AktG):

I.

Since submission of the last Declaration of Conformity in November 2019, secunet Security Networks AG has complied with the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version in force on 7 February 2017 (DCGK 2017) and published by the German Ministry of Justice in the official part of the Federal Gazette on 24 April 2017, with the following exceptions:

 

D&O insurance for the Supervisory Board

Section 3.8, para. 3 DCGK 2017: A similar deductible shall be agreed upon in any D&O policy for the Supervisory Board.

Explanation: The Supervisory Board of secunet Security Networks AG conducts its business with the utmost sense of responsibility. A deductible would not give rise to any additional improvement or incentive.

 

Age limit for Management Board members

Section 5.1.2, para. 2, sentence 3 DCGK 2017: An age limit for members of the Management Board shall be specified.

Explanation: secunet Security Networks AG does not stipulate an age limit for Management Board members, as the age of the particular Management Board member is not a blanket criterion for suitability to hold a position on the Management Board. An age limit would therefore generally limit the selection of suitable candidates to an unreasonable degree.

 

Regular limit for the term of office on the Supervisory Board

Section 5.4.1, para. 2, sentence 1 DCGK 2017: The Supervisory Board shall determine concrete objectives regarding its composition, and shall prepare a profile of skills and expertise for the entire Board. Within the company-specific situation the composition of the Supervisory Board shall reflect appropriately the international activities of the company, potential conflicts of interest, the number of independent Supervisory Board members within the meaning of number 5.4.2, an age limit and a regular limit to Supervisory Board members’ term of office, both to be specified, as well as diversity.

Explanation: The Supervisory Board of secunet Security Networks AG has not specified a regular limit for the term of office on the Supervisory Board. In the view of the Supervisory Board such a restriction is not necessary with regard to efficient operation of the Board, especially since the Board’s work may benefit from the experience of long-standing members.

 

Establishment of Supervisory Board committees and remuneration of committee members

Section 5.3.1 DCGK 2017: Depending on the specific circumstances of the enterprise and the number of Supervisory Board members, the Supervisory Board shall form committees of members with relevant specialist expertise.

 

Section 5.3.2 DCGK 2017: The Supervisory Board shall establish an Audit Committee [...].

 

Section 5.3.3 DCGK 2017: The Supervisory Board shall form a Nomination Committee.

 

Section 5.4.6, para. 1, sentence 2 DCGK 2017: The status as Chair or membership of a committee shall also be taken into consideration when specifying the remuneration of Supervisory Board members.

Explanation: The Supervisory Board of secunet Security Networks AG has no committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the establishment of committees.

Due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Audit Committee would not increase the efficiency of the work performed by the Supervisory Board in relation to accounting, risk management, compliance and the auditing of the financial statements.

Furthermore, due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Nomination Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to the nomination of suitable candidates for the Supervisory Board’s proposals to the General Meeting for the election of Supervisory Board members. An additional Nomination Committee has therefore not been established.

Since the Supervisory Board has no committees, the issue of a special remuneration for committee chairs and members is not currently relevant.

 

II.

secunet Security Networks AG intends to comply with the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version in force on 16 December 2019 (DCGK 2020) and published by the German Ministry of Justice in the official part of the Federal Gazette on 20 March 2020, with the following exceptions: 

 

Age limit for Management Board members

Recommendation B.5 DCGK 2020: An age limit shall be specified for members of the Management Board and disclosed in the Declaration of Corporate Governance.

Explanation: secunet Security Networks AG does not stipulate an age limit for Management Board members, as the age of the particular Management Board member is not a blanket criterion for suitability to hold a position on the Management Board. An age limit would therefore generally limit the selection of suitable candidates to an unreasonable degree.

 

Establishment of Supervisory Board committees, cooperation with the external auditors and remuneration of committee members

Recommendation C.10 DCGK 2020: […], the Chair of the Audit Committee as well as the Chair of the committee that addresses Management Board remuneration shall be independent from the company and the Management Board. The Chair of the Audit Committee shall also be independent from the controlling shareholder.

 

Recommendation D.2 DCGK 2020: Depending on the specific circumstances of the enterprise and the number of Supervisory Board members, the Supervisory Board shall form committees of members with relevant specialist expertise. The respective committee members and the committee chairs shall be named in the Declaration of Corporate Governance.

 

Recommendation D.3 DCGK 2020: The Supervisory Board shall establish an Audit Committee [...].

 

Recommendation D.4 DCGK 2020: The Chair of the Audit Committee shall have specific knowledge and experience in applying accounting principles and internal control procedures, shall be familiar with audits, and shall be independent. The Chair of the Supervisory Board shall not chair the Audit Committee.

 

Recommendation D.5 DCGK 2020: The Supervisory Board shall form a Nomination Committee, composed exclusively of shareholder representatives, which names suitable candidates to the Supervisory Board for its proposals to the General Meeting.

 

Recommendation D.11 DCGK 2020: The Audit Committee shall conduct an evaluation of the quality of the audit on a regular basis.

 

Recommendation G.17 DCGK 2020: Remuneration for Supervisory Board membership shall take appropriate account of the larger time commitment […] of the Chair and the members of committees.

Explanation: The Supervisory Board of secunet Security Networks AG has no committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the establishment of committees.

Due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Audit Committee would not increase the efficiency of the work performed by the Supervisory Board in relation to accounting, risk management, compliance and the auditing of the financial statements.

Furthermore, due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Nomination Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to the nomination of suitable candidates for the Supervisory Board’s proposals to the General Meeting for the election of Supervisory Board members. An additional Nomination Committee has therefore not been established.

Since the Supervisory Board has no committees, the issue of the independence of the Chair of the Audit Committee or of the Chair of the committee that addresses Management Board remuneration is not currently relevant, nor is that of a special remuneration for committee chairs and members.

 

secunet Security Networks AG

Essen, 26 November 2020

- For the Management Board -                     - For the Supervisory Board -

 


Former Statements:

 

German corporate governance code:

German corporate governance code

Remuneration of the Management Board and Supervisory Board

 

The remuneration report summarises the principles used to determine the remuneration of the Management Board of secunet AG and sets out the amount and structure of the income received by its members. In addition, it outlines the principles behind, and the amount of, Supervisory Board remuneration, and also provides information on the shareholdings of Management Board and Supervisory Board members.

Remuneration of the Management Board

The Supervisory Board of secunet AG is responsible for determining the remuneration of the Management Board.

In the 2020 financial year, the remuneration package for the members of the Management Board active in the corresponding financial year was made up of five components: a fixed annual salary, a variable bonus, a special bonus, ancillary non-cash benefits and a contribution to the retirement pension.

The Management Board remuneration package is broken down as follows:

» The fixed remuneration is paid monthly in the form of a salary.

» The variable remuneration is based on the Group’s results. It consists of a short-term component and a long-term component. The short-term component is measured on the basis of sales revenue and EBIT for the current financial year (2020 in this case), while the long-term component is measured based on the average EBIT of the past three financial years (2018 – 2020 in this case).

» At its discretion, the Supervisory Board can award each of the members of the Management Board a special bonus for exceptional contributions in the financial year.

» Non-cash and other benefits essentially comprise the taxable values of company car usage.

» The retirement pension contributions paid to individual members of the Management Board are set out in their individual contracts of employment. These pension commitments provide for either a lifelong pension with surviving dependants’ benefits or the payment of a monthly pension contribution.

Management Board contracts do not expressly provide for any severance payment in the event that the employment relationship is prematurely terminated. In addition, Management Board contracts do not include any specific regulations to govern the event that a “change of control” occurs – that is when one or several shareholders acting jointly obtain the majority voting rights of secunet AG and exert a dominating influence, causing secunet AG to become a dependent company by means of the conclusion of an intercompany agreement within the meaning of Section 291 of the German Stock Corporation Act (Aktiengesetz, AktG), or in the event of the merger of secunet AG with other companies.

The Management Board members do not receive any additional remuneration for the performance of their duties in the subsidiaries.

Following the recommendations of the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK), the remuneration of the secunet AG Management Board is constituted as follows:

The following payments were made for the remuneration of the members of the Management Board in the 2020 financial year:

Total remuneration of the members of the Management Board in the 2020 financial year was 2,243 thousand euros (previous year: 1,961 thousand euros).

The pension entitlements of the Management Board members were as follows as at 31 December 2020:

As at 31 December 2019, the pension entitlements of the Management Board members were as follows:

Owing to the right, in accordance with Article 67 (1) and (2) of the Introductory Act to the German Commercial Code (Einführungsgesetz zum Handelsgesetzbuch, EGHGB), to choose to annually add 1/15 to the difference resulting from the change in valuation under the German Accounting Law Modernisation Act (Bilanzrechtsmodernisierungsgesetz, BilMoG), there is a shortfall between the amount of the HGB obligation and the provision set aside, totalling 21 thousand euros.

As at 31 December 2020, the members of the Management Board held a total of 880 shares (previous year: 880 shares) in secunet.

The members of the Management Board of the Company were not granted any loans during the reporting period.

Furthermore, in the past financial year no member of the Management Board was promised or granted any benefits by a third party in respect of his activity as a member of the Management Board.

The remuneration of the Supervisory Board is laid down in Article 17 of the Articles of Association of secunet AG. It is based on the tasks and responsibilities of the members of the Supervisory Board.

Remuneration of the Supervisory Board was revised at the Annual General Meeting of secunet AG on 15 May 2019. The members of the Supervisory Board receive a fixed remuneration of 12 thousand euros. The Chairman of the Supervisory Board receives remuneration of 24 thousand euros, and the Vice Chairman of the Supervisory Board receives 16 thousand euros. The total annual remuneration of the Supervisory Board thus amounts to 88 thousand euros. If changes are made within the Supervisory Board during the year, remuneration is granted on a pro rata basis. Travel expenses associated with Supervisory Board activities are reimbursed separately according to travel expense reports.

For the 2020 financial year, Supervisory Board remuneration totalled 88.0 thousand euros (previous year: 77.8 thousand euros). The increase is due to the fact that the higher remuneration after the 2019 Annual General Meeting was only applied pro rata temporis.

The members of the Supervisory Board do not receive any loans from the Company.

As on the same reporting date in the previous year, no Supervisory Board members held any shares in secunet AG as at 31 December 2020.

In the year under review, members of the Supervisory Board did not receive any other remuneration or benefits for services provided personally, in particular consulting and agency services.

For the individual members of the Supervisory Board, the entitlements can be presented as follows:

Forecast, Opportunity and Risk Report

1. Risk report

1.1 Risk management objectives and methods

Risk management is carried out in the same way and in parallel for secunet Group and secunet AG. The function presented below and the description of individual risks and opportunities thus apply to both secunet Group and secunet AG.

Risk management at secunet is carried out at various levels: risks that are countered by means of strategic, medium to long-term measures are taken into account by the Management Board as framework conditions for medium-term strategic corporate planning. Risks relating to the targets set in the current annual planning are dealt with in a dedicated risk committee. Finally, operational risks are taken into account as part of daily operational routines and risk minimization measures and are reduced or eliminated to the fullest extent possible.

The early risk detection and risk management system of secunet AG is being continuously developed and improved.

1.2 Strategic risk management and strategic risks

Medium and long-term risks for secunet are taken into account in the course of strategic planning. These framework conditions and the consequences for the strategy are regularly discussed with the Supervisory Board, which approves and follows up on this planning.

The risks considered here include the following:

Customer structure risk is to be seen as a medium-term distribution risk to the extent that secunet conducts the majority of its business with public sector authorities and organisations. The loss of segments of demand from this customer group can have negative effects on sales revenue and earnings. This risk is regularly discussed in depth. Investments in IT, and especially in IT security, are seen as particularly important for the smooth delivery of projects for the public sector, particularly in a world where information technologies play an increasingly important role. The risk of a downturn in demand from public sector customers is therefore constantly monitored, although it is currently considered to be relatively low.

In order to be better placed in the medium term to react to the potential risk of a decline in demand from public sector customers, and in order to reduce and compensate for any resulting decline in sales revenue and earnings, secunet will continue to devote intensive efforts to the expansion of its activities for the private sector target group (Business Sector).

A further risk can be seen in the fact that a large part of the sales revenue is concentrated on a small number of public clients and companies. If one of these major customers is absent for even a short period of time, and the corresponding expected orders are delayed, secunet’s attainment of annual objectives may be endangered at the very least. In this case too, the use of key account managers in distribution can help towards risk reduction. Thanks to their close contact with the customer, they can ensure a timely reaction to changes in demand.

Furthermore, the fact that the business results are still heavily influenced by domestic demand is seen as a risk for the further growth of secunet. As a result, the expansion of high-performance international distribution, tapping of new markets and the acquisition of additional customers abroad will remain a focus of efforts for the future development of the Company. One strategic measure is the pooling of international distribution activities in the marketing company founded for this purpose.

Positive commercial framework conditions in the German market for IT security have attracted new competitors, particularly in recent years. The changing intensity of the competition that this entails is continually monitored and evaluated by secunet. Currently, the Company sees no signs of a negative impact on secunet’s market position.

1.3 Risk management for the current planning and financial year

The management of risks relating to the targets set in the current annual planning is carried out at secunet by a risk committee. This comprises the members of the Management Board and the departmental manager responsible for risk management. The risk committee meets regularly once a quarter. Any developments that could jeopardise the fulfilment of objectives, or which may even threaten the survival of the Company, are subjected to intense analysis, scrutiny and assessment by the risk committee. The aim of doing this is to ensure that information about risks, and the associated financial implications, is detected as early as possible in order to implement suitable measures. The existing opportunities and associated potential for earnings are to be identified and leveraged.

As part of the preparation for meetings of the risk committee, a comprehensive risk inventory takes place in each area of the Company. Following a bottom-up approach, the risks are identified and aggregated, then assessed according to their damage extent and probability of occurrence.

The Company-specific risks surveyed in this manner are then discussed at the risk committee meetings, implementing a top-down approach. The effects of risks and opportunities are not offset against each other. A net presentation is shown when evaluating the potential effects of risks, i. e. the effects of any risk minimisation measures already taken are considered as part of the evaluation. Depending on the probability-weighted damage value of the risks (risk value), the further treatment of the risks is then determined. This ranges from pure documentation where the value is negligible (the probability-weighted damage value in the 2020 financial year in the amount of a low single-digit million amount in the EBIT loss) and further observation (monitoring of existing measures – for a risk value in the 2020 financial year in the amount of a mid-single-digit million amount) to the need to take and monitor measures immediately (reporting threshold – for a probability-weighted damage value in the 2020 financial year exceeding a mid-single-digit million amount). The value limits defined above are re-determined annually based on the planned annual result. Insofar as the identified risks are quantifiable, the corresponding risk values (relating to the reporting date) are adopted in the reporting system.

Proposals for countermeasures are then drawn up, if required. The Management Board examines these measures and implements them promptly.

The risks considered in this part of risk management for secunet Group and thus also for secunet AG as the parent company of the Group are primarily classified according to their origin in the functional areas of secunet as follows:

» Sales risks: these are risks in all areas connected with distribution. They relate primarily to the functions purchasing and inbound logistics, sales and outbound logistics as well as distribution and marketing.

» Product risks: these are the risks that can arise in connection with products and solutions from secunet. They relate primarily to risks from technical defects or possible security weaknesses in the components used. Also included in this category are risks from the divisions responsible for planning and coordinating the market-readiness of products and solutions from secunet Group.

» Project risks: these are the risks that can arise in connection with development and consulting projects. They mainly include the risks relating to budget planning and subsequent budget compliance.

» Structural risks: these are the risks arising from support functions such as finance and controlling, legal and human resources, and IT. Risks from M & A activities and compliance risks are also recorded here.

Furthermore, the coronavirus pandemic represented a significant and constantly monitored risk for business development in 2020. The Management Board assessed its potential effects on secunet Group continuously and with high priority. All aspects of business operations were examined and evaluated, with appropriate measures being developed where necessary. In each case, the focus of the discussions was on maintaining the health of employees, the supplies from vendors and the services provided to our customers, as well as our own infrastructure. During this time of crisis, secunet proved to be a fast-reacting, flexible and adaptable organisation, with the result that it was quickly possible to reduce risks in operational management.

During the 2020 financial year, it was mainly sales risks that were identified. None of these was individually above the upper limit for no longer being considered negligible. Operational damage management implemented in each case was able to contribute to a significant reduction of the relevant risk value in all cases.

The sales risks discussed here are dominated by distribution risks. secunet is active in the project business. Many projects relate to infrastructures and solutions that are designed on an individual basis. The IT security infrastructures based on these are often associated with high investment volumes, resulting in a complex and often protracted tendering and decision-making process for the customer. This applies to both Public Sector and Business Sector customers and places great limitations on the ability to plan for sales revenues, leading to a potential associated volatility in secunet’s business. The distribution risks are continuously monitored as part of risk management and in the ongoing Management Board meetings and, if necessary, they are countered with suitable measures. These measures for reducing the distribution risk often consist of establishing close contact, and thus ongoing cooperation with the customer, through the use of dedicated key account managers, for example. The distribution risks at the time of creating this report are classified as negligible. Sales risks also include warehousing risks. These increase as secunet Group’s product business grows. Warehousing risks include the risk associated with the ability to deliver at short notice, which is countered by suitably networked material planning (forecast of potential sales and inventory build-up). At the same time, hardware components in particular are becoming obsolete because of accelerating technical progress. Where applicable, inventories lose their value because of this technical ageing process. secunet stays abreast of these risks through professional inventory optimisation. Inventories were written down by 0.6 million euros in the 2019 financial year.

As at the end of December 2020, sales opportunities outweighed sales risks by 2.6 million euros, and the latter were therefore classified as negligible.

There were no product, project or infrastructure risks as at the end of December 2020. Consequently, this risk class was also classified as negligible.

1.4 Operational risk management

Operational risks are recorded, assessed and eliminated to the fullest extent possible by means of specific risk minimisation routines. These control mechanisms are applied at various points in the value creation process.

Distribution or sales risks are discussed within the framework of distribution coordination via risk committees. Risk committees must be held in the case of orders that exceed a defined value. These committees are made up of at least the representatives of the responsible (sales) department, the division / business unit expected to be entrusted with the desired order, the commercial manager, representatives of the legal department and purchasing as well as a member of the Management Board. The goal of the risk committees is to decide for the respective order or invitation to tender, on the basis of transparent criteria, whether and how a bid can be submitted or an order accepted. Since a discussion of the risks, including an assessment of their acceptability, is conducted by the risk committees in each case, and the decision recognises the risks as acceptable, the associated risks are considered to be manageable at the time of writing this report. In addition to the distribution risk for major projects already described under sales risks, there is also a project management risk. In addition, there are specific risks for very long-term major projects. At secunet, such risks are identified and evaluated in the higher-level project coordination and reduced or eliminated by means of appropriate measures. The project management risk arises after the commissioning of major projects: these projects are characterised by multiple uncertainties in their implementation due to the sheer fact of their size. The risk may consist, for example, of a failure to maintain schedules and project budgets. secunet takes these risks into account by means of a comprehensive project management system, which is used to create regular management reports for project managers, division heads and the Management Board. The risks arising from major projects are continuously monitored – in the same way as development risks – with comprehensive project planning and control mechanisms, in conjunction with a risk-oriented reporting system. In the event of deviation from the set targets, measures to reduce the risk are resolved and implemented immediately. These can consist of making additional capacity available for processing the project or discussing deviations with the customer in order to bring expectations into line with the altered framework conditions.

In very long-term projects that extend over periods of more than five years, there may be additional risks, for example because the solutions implemented reach the end of their technological service life (update problems, problems with outdated technology). Furthermore, a replacement risk may be posed by suppliers who disappear from the market over the course of such projects.

In conjunction with the development of new products – including corresponding major projects – the following risks are discussed and evaluated regularly:

» Risk of a possible decline in demand: the product fails to prove itself on the market.

» Risk of undesirable technical developments: the product contains defects that lead to warranty claims.

» Risk of failure to complete the product in time: the development project takes considerably more time than estimated.

In the past, secunet primarily developed products and solutions in response to orders to cover specific security needs in the public sector. Its high-security IT solutions are tailored precisely to customers’ needs; secunet products are generally not designed without a specific requirement in mind. Most of the products developed by secunet are made to order and are accordingly financed by the customer. Therefore, no development risks exist in terms of potentially waning demand. The risks associated with developing new products that subsequently prove unsuccessful on the market have therefore not been of primary significance for secunet in most product areas.

The development of the secunet konnektor for medical practices in the 2018 financial year, the development of the secunet Communicator in the Public Sector division and the data centre connector and secunet edge in the Business Sector division in 2019, and the development of the secunet Communicator, easykiosk and the protect4use solution in 2020 have increased the volume of related internal investments. This has brought development risks more into the focus of risk evaluation. The focus here is less on the sales prospects associated with the products than on the duration of development and certification. The greatest risk for development projects may be underestimation of the time required before they are ready for acceptance. This can lead to expenditure of time and personnel, which limits the profitability of these projects. In order to keep these risks as low as possible, secunet uses extensive project planning and control mechanisms in different locations, paired with a dedicated reporting line. This part of the risk analysis and risk management is identical to the activities that apply for major projects.

In the area of development projects, the risk at the time of creating this report is classified as low.

There were no project risks as at the end of December 2020; accordingly, this risk class was assessed as negligible.

The secunet AG product portfolio is concentrated on solutions in the area of cybersecurity. In the case of the SINA product family in particular, these solutions are protected and approved at a high level in cryptographic terms. One risk that is evaluated on an ongoing basis in connection with the technical properties of these products is the effect of any possible – as yet undetected – security weaknesses of these solutions. In this context, the focus is on the question of whether and to what extent the security promise made to its customers by secunet in connection with the solution as a whole might be compromised as a result of security holes in individual components. This is the task of operational incident management, another component of risk management at secunet.

A comprehensive process of ongoing risk identification and assessment takes place in this area for the purposes of risk minimisation. As part of this process, secunet collects and evaluates findings about potential security risks from a wide range of sources. Even if potential vulnerability of the systems merely seems possible as a result of this evaluation, customers are informed immediately and supported in closing the potential security hole.

This process of monitoring and solving potential technical security risks is implemented in close collaboration with the Company’s development and certification partner, the German Federal Office for Information Security (BSI). In view of the risk minimisation measures in use, the economic risk connected with technical product security is believed to be low.

2. Opportunities

The driving factors outlined below continue to have a positive effect on the future growth of secunet:

2.1 Growth through increasing awareness

The increasing awareness of IT security issues in recent years has received strong support as a result, among other things, of reporting in the media on cybersecurity threats (such as eavesdropping scandals, attempted and successful hacking of government and corporate networks, attacks on critical infrastructures).

Investigation into the medium to long-term assessment of risk among companies and decision-makers reveals that much greater importance will be placed on cybersecurity going forward. The issue of cybersecurity is the focus for a wide range of investigations and seminars, as well as publications derived from them. Cyber incidents are increasingly at the centre of risk assessments – not just those conducted on behalf of authorities, but also by private companies. Over the past three years, for example, cyber incidents have consistently been included in the top three risks on the Allianz Risk Barometer of the Top Business Risks in Germany. The same picture emerges globally. The World Economic Forum’s Global Risk Report 2021 also lists cyberattacks and the vulnerability of IT infrastructures among the top 10 risks worldwide.

A positive trend in the demand for high-quality, trustworthy IT security solutions “made in Germany” can be inferred from this. This applies both to authorities, which are adding IT system and infrastructure security to their existing efforts, and to companies, which are countering the now-specific risks of economic / industrial espionage, for example, with appropriate safeguards. An additional group is made up of providers of critical infrastructures
for which IT security is becoming ever more important (see also “Growth due to increasing regulation”). With the relevant distribution activities aimed at authorities and companies, secunet intends to participate in this positive development of demand.

The increasing interest in IT security, driven among other factors by prominent media attention, and the subsequent growth in demand are also resulting in increasing competition. This must be taken into account when evaluating opportunities.

2.2 Growth due to increasing regulation

The German federal government wants to increase the protection of critical infrastructures such as energy and telecommunications networks as well as that of IT systems. To this end, the German IT Security Act (IT-Sicherheitsgesetz, ITSiG) was passed in July 2015. This results in drivers of growth at different levels:

» The legislation particularly affects operators of critical infrastructures – i. e. facilities that are of central importance to the community – such as energy supply, for example. They are to meet specific IT security requirements. This will result in potential demand for implementation concepts to meet these requirements.

» Furthermore, the role of the BSI has been strengthened by this law and takes into account its growing importance as a central body for IT security. Among other things, the BSI has been empowered to inspect and evaluate IT products and systems on the market with regard to their IT security, and to publish the results if necessary. This could give rise to positive stimulus in the product business of secunet.

In December 2020, the German federal government passed the draft for the IT Security Act 2.0. The further development of the act provides for a strengthening of the German Federal Office for Information Security (BSI), consumer protection, corporate duty of care, and the state’s protective function.

2.3 Growth through new markets

IT security solutions “made in Germany” enjoy a good reputation around the world due to their quality and trustworthiness. There is rising international demand for corresponding high-quality solutions such as those offered by secunet.

Under the pressure of wiretapping cases and cyberattacks coming to light, demand is likely to stimulate even reater differentiation between producer countries, from which secunet benefits as a German manufacturer. In addition, many secunet products are approved for use in an international context, for example by the EU and NATO.

The range of products and services from the Business Sector division for customers in the industrial sector is to be expanded abroad, for example for foreign subsidiaries and production facilities of German corporations. To this end, promising potential is being identified and examined.

The expansion of foreign activities via secunet’s own distribution and via local multipliers will contribute to leveraging these potentials.

2.4 Growth through acquisitions

In addition to organic growth on domestic and foreign markets, secunet has for years pursued the objective of triggering additional growth through M & A activities. Growth in the product area through acquisition of the relevant solution providers is promising. The market for companies with high-quality, reliable IT security solutions for processing classified information – in which secunet is an active player – is split into many small to
medium-sized providers. In addition, the M & A business remains characterised by very high price expectations on the part of sellers. The process of identifying promising targets at acceptable prices is time-consuming as a result, but is nonetheless being pursued on an ongoing basis.

3. Overview of risks and opportunities

An overview of opportunities and risks which could impact on the further development of secunet Group shows a promising evaluation overall. The assessment revealed that the risks at the time of creating the report are negligible overall and can thus be controlled, and the identified risks, both individually and as a whole, do not threaten the continued existence of the Group and the Company in terms of illiquidity or excessive debts in the reporting period of at least one year. In the operational management of the Group, measures are continuously being taken to prevent a worsening of the risk situation. At the same time, the utilisation of the opportunities described above is being driven forward by a number of activities. No material risks are present as at the balance sheet date.

The business development of secunet AG is subject to the same risks and opportunities as those of the Group. The presentation and evaluation of risks and opportunities thus also apply in the same way for secunet AG.

4, Forecast

During the past financial year, sales revenue and EBIT increased sharply once again, and 2020 consequently ended with outstanding results. The Management Board of secunet AG is fundamentally optimistic about the conditions for good business performance in the current year 2021.

The framework conditions for the 2021 financial year give reason for optimism.

» The macroeconomic growth forecast of the German federal government is positive: growth of 3.0% in the price-adjusted gross domestic product for the current year 2021.

» For the domestic market, we were still expecting growing demand for IT security. This affects both the Public Sector, i. e. business with public customers, and the Business Sector, which serves companies in both the private sector and the healthcare sector. For 2021, Bitkom predicts growth of 4.2% to 4.9 billion euros in spending on hardware, software and services in the IT sector. The market for IT security is likely to show relatively stronger growth. secunet will be able to meet this growing demand well in future, with optimised and new services, products and solutions.

» The foreign market continues to hold significant growth potential; secunet is generally well positioned to leverage this potential. The secunet AG and secunet International GmbH & Co. KG employees in international distribution have many years of experience in the Group and in dealing with international customers.

» During the course of the year, secunet Group again increased its number of productive employees and can therefore translate increasing demand and high capacity utilisation into good business results.

» The ongoing efforts to expand national and international defence budgets with a focus on cyber defence justify positive growth expectations.

At the time of preparing this report, the Management Board considers secunet Group and secunet AG to be well positioned and still sees the Company and the Group in a good situation:
» The economic and financial standing of secunet Group and secunet AG is good; growth so far has been achieved profitably, there are no loans, and liquid funds are high.

» The Management Board is of the opinion that secunet has high-performing, motivated and highly qualified employees, providing an excellent basis of expertise.

» The Company’s existing product and service portfolio has done well in terms of standing up to competition, and is continuing to expand in close cooperation with customers and their needs. Further additions to the product range will also support future growth.

» secunet believes that secunet’s products and solutions have an excellent reputation, the Company is well-known as a provider of high-quality and trustworthy IT security to meet the highest demands and therefore has a stable and reliable (existing) customer structure.

Nevertheless, risks might also be encountered in the coming year:

» secunet is still largely dependent on the procurement activities of the German federal authorities. At the present time, the effects of changing budgetary policy cannot yet be assessed. Negative implications for secunet could include the postponement or cancellation of planned projects.

» Project business also holds both opportunities and risks: the scope of investment decisions for major projects, especially if these are part of a political process, can significantly delay the start of expected procurements. In addition, ongoing major projects always face the potential risk of incalculable delays or budget overruns.

» The great attention focused on the topic of IT security is fuelling the expectation of growing demand. However, driven by the same attention, increasing competition is also apparent, with consequences that cannot be foreseen.

The excellent business results achieved in the 2020 financial year represent a challenge for further growth – surpassing sustained record results is becoming increasingly difficult. Special economic effects such as those seen in the 2019 financial year in the healthcare sector (triggered by the rollout of healthcare connectors in medical practices) or in the 2020 financial year in the public sector (high investments in mobile workstations) are not expected in the 2021 financial year.

For this reason, the Management Board of the Company already published its forecast for secunet Group for the coming financial year 2021 on 3 November 2020 as follows: sales revenues of around 260 million euros and earnings before interest and taxes (EBIT) of around 38 million euros are expected. The contribution of the Public Sector and Business Sector divisions to Group revenue in 2021 is not anticipated to differ significantly from that in 2020. We expect the Business Sector to report slightly positive EBIT.

The forecast for secunet AG is subject to the same risks and opportunities as those of secunet Group. Accordingly, the Management Board is expecting a slight decline in sales revenue and EBIT for secunet AG.

 

Directors' Dealings

Article 19 of the European Market Abuse Directive (EU) No. 596 / 2014 requires members of Company bodies (Supervisory / Management Boards) and certain executives, as well as closely related parties, to disclose transactions in secunet shares or related financial instruments where the sum total of such transactions reaches 20,000 euros within a single calendar year. Directors’ Dealings disclosures are also published on our website under Investor Relations. No Directors’ Dealings were reported in the financial year 2020.

Articles of Association of secunet Security Networks AG

I. General Provisions

Article 1 Company Name, Registered Office and Fiscal Year

(1) The Company is registered under the name of

secunet Security Networks Aktiengesellschaft

(1) Its registered office is in Essen.

(2) The fiscal year is the calendar year.

Article 2 Object of the Company

(1) The object of the Company is the provision of telecommunications and information technology security services, in particular consultancy and systems solutions for information security, as well as the manufacture and sale of security technology products and systems, and related activities.

(2) The Company is entitled to engage in all transactions and take all measures that appear suited to serving the object of the Company. It may also establish, acquire or invest in other companies with the same or a related object, as well as manage such companies or restrict itself to administering the investments. It may spin off its operations in whole or in part to affiliated companies or transfer them to affiliated companies.

Article 3 Announcements and Information

(1) The announcements of the Company shall be published in the German Federal Gazette (“Bundesanzeiger”).

(2) Information may also be communicated to the holders of listed securities of the Company by means of remote data transmission. 

II. Share Capital and Shares

Article 4 Share Capital

(1) The share capital of the Company amounts to 6,500,000.00 euros
(in words: six million five hundred thousand euros).

(2) The share capital is divided into 6,500,000 no-par-value bearer shares. In the amount of 1,278,229.70 euros, the share capital consists of the share capital of Secunet Networks GmbH, which was transformed by way of a change of legal form pursuant to Sections 190 et seq. of the German Transformation Act (Umwandlungsgesetz, UmwG).

Article 5 Shares

(1) The shares are bearer shares. If, in the event of a capital increase, the resolution on the increase does not specify whether the new no-par-value shares should be bearer shares or registered shares, they shall be bearer shares.

(2) Collective certificates may be issued for multiple shares. Shareholders are not entitled to have certificates issued for their shares.

(3) A facsimile signature of the Management Board shall be sufficient for the signing of shares and interim certificates. In all other respects, the form and content of the share certificates and the dividend and renewal coupons shall be determined by the Management Board with the approval of the Supervisory Board. The same applies to bonds and interest coupons.

(4) In a capital increase resolution, the profit participation of new no-par-value shares may be determined in deviation from Section 60 (2), sentence 3 of the German Stock Corporation Act (Aktiengesetz, AktG).

III. Management Board

Article 6 Composition of the Management Board

(1) The Management Board comprises one or more members. The appointment of deputy members of the Management Board is permissible.

(2) The Supervisory Board determines the number of Management Board members, appoints the Management Board members and deputy Management Board members, and revokes their appointments. It is also responsible for appointing a member of the Management Board as Chairman and other members of the Management Board as Deputy Chairmen.

Article 7 Representation

(1) If only one Management Board member is appointed, this member shall be the sole representative of the Company. If more than one Management Board member is appointed, the Company shall be represented by two Management Board members, or by one Management Board member together with an authorised signatory (Prokurist).

(2) Deputy members of the Management Board have the same rights as full members of the Management Board with regard to external representation of the Company.

(3) The Supervisory Board may authorise all or individual members of the Management Board to represent the Company alone and exempt them from the restrictions of Section 181 of the German Civil Code (Bürgerliches Gesetzbuch, BGB) regarding multiple representation. Section 112 of the German Stock Corporation Act remains unaffected.

(4) The Management Board shall conduct the Company’s business in accordance with the provisions of the law, the Articles of Association and the rules of procedure established by the Supervisory Board.

(5) The Management Board shall direct the Company on its own responsibility and decide on all matters of material or fundamental importance. Notwithstanding this overall responsibility, each member of the Management Board shall independently direct the area of operations assigned to him by the schedule of responsibilities.

(6) The Management Board shall take appropriate measures, in particular setting up a monitoring system, in order to identify at an early stage any developments that could jeopardise the continued existence of the Company.

Article 8 Rules of Procedure and Resolutions of the Management Board, Transactions requiring Approval

(1) The Supervisory Board shall establish the rules of procedure for the Management Board.

(2) Resolutions of the Management Board are passed by a simple majority of votes. Different majority requirements and further regulations concerning the passing of resolutions by the Management Board may be laid down in the rules of procedure.

(3) The Supervisory Board shall stipulate certain types of transactions that the Management Board may only undertake with the prior approval of the Supervisory Board. The approval of the Supervisory Board may be granted in advance in the form of a general authorisation for a specific category of the transactions designated.

IV. Supervisory Board

Article 9 Composition and Term of Office of the Supervisory Board

(1) The Supervisory Board comprises six members, four of whom are elected by the Annual General Meeting and two by the employees in accordance with the German One-Third Participation Act.

(2) The members of the Supervisory Board are appointed for the period up to the end of the Annual General Meeting that resolves on the discharge from liability for the fourth fiscal year after commencement of the term of office. The Annual General Meeting may determine a shorter term of office for the Supervisory Board members that it appoints. The fiscal year in which the term of office begins is not taken into account. The appointment of a successor for a member of the Supervisory Board retiring from the board before the end of their term of office shall be for the remainder of the term of office of the member retiring prematurely.

(3) The members of the Supervisory Board may resign from office at any time by means of a written declaration addressed to the Chairman of the Supervisory Board or to the Management Board, subject to a notice period of four weeks without stating any reasons, or at any time for good cause.

Article 10 Duties and Powers of the Supervisory Board

(1) The rights and duties of the Supervisory Board are determined by the statutory regulations, the provisions of these Articles of Association and rules of procedure established in accordance with Article 13.

(2) The members of the Supervisory Board have the same rights and duties. They are not bound by orders and instructions. In exercising their mandate, they must act with the diligence of a prudent and conscientious controller of the management.

(3) They must maintain secrecy with regard to confidential information and secrets of the Company, namely business or trade secrets, which have become known to them through their work on the Supervisory Board. In particular, they are obliged to maintain secrecy about confidential reports they have received and about confidential discussions. If a member of the Supervisory Board wishes to pass on information to third parties, where it cannot be ruled out with certainty that said information is confidential or relates to Company secrets, the member is obliged to inform the Chairman of the Supervisory Board in advance and give him an opportunity to express his opinion.

(4) Members of the Supervisory Board who violate their duties are jointly and severally liable to compensate the Company for any resulting damage.

(5) The Supervisory Board is entitled to adopt amendments and additions to the Articles of Association that only affect the wording by a majority of votes.

Article 11 Declarations of Intent of the Supervisory Board

Declarations of intent of the Supervisory Board are made on behalf of the Supervisory Board by the Chairman or, if he is unavailable, by the Deputy Chairman.

Article 12 Chairman of the Supervisory Board and Deputy Chairman

The Supervisory Board shall elect a Chairman and a Deputy Chairman from among its members for the term of office determined in Article 9 (2) of these Articles of Association. The election shall take place in a meeting, which does not have to be specially convened, at the close of the Annual General Meeting at which the shareholders’ representatives on the Supervisory Board to be elected by the Annual General Meeting have been appointed. If the Chairman or Deputy Chairman resigns from office before the end of their term of office, the Supervisory Board shall hold a new election for the remaining term of office of the resigning member.

Article 13 Rules of Procedure and Committees of the Supervisory Board

(1) The Supervisory Board shall establish its own rules of procedure.

(2) The Supervisory Board may form committees and, to the extent permitted by law, also delegate decision-making powers to them.

Article 14 Convening of the Supervisory Board

(1) The Supervisory Board must hold at least two meetings in each half of the calendar year.

(2) It must be convened immediately if this is necessary for business reasons or if a member of the Supervisory Board or the Management Board requests a meeting, stating the purpose and reasons. In such cases, the meeting of the Supervisory Board must take place within two weeks of being convened.

(3) The Chairman of the Supervisory Board is responsible for convening a meeting and determining the agenda and the form of the meeting. The proposed resolutions must be included with the invitation.

(4) Meetings shall be convened in writing, by fax or by e-mail, stating the agenda and the form of the meeting and giving two weeks’ notice. In urgent cases, the Chairman may shorten the period of notice and convene a meeting by word of mouth or telephone.

Article 15 Resolutions of the Supervisory Board

(1) The Supervisory Board shall have a quorum if all members are invited and at least half of the members participate in the resolution process. Members also participate in the resolution process if they abstain from voting.

(2) Unless the rules of procedure of the Supervisory Board contain special provisions, the form of voting shall be determined by the Chairman of the Supervisory Board.

(3) Resolutions are passed by a simple majority of the votes cast, unless otherwise required by law or the Articles of Association. This also applies to elections.

(4) If there is a tie vote, a fresh debate is only initiated if the majority of the Supervisory Board so decides. Otherwise, a new vote must be held immediately. In this new vote on the same matter, the Chairman of the Supervisory Board shall have two votes if the result is still a tie vote.

(5) An absent member of the Supervisory Board may have their written vote submitted by another member of the Supervisory Board. This also applies to the casting of votes in the event of a renewed vote on the same matter. The written vote shall only be effective if the content of the resolution adopted does not deviate from the announced resolution content.

(6) Resolutions on matters whose treatment has not been announced at least one week prior to the meeting, as well as voting outside meetings, are only permissible if no Supervisory Board member objects immediately.

(7) A Supervisory Board member may not participate in voting on an item on the agenda if the resolution relates to the execution of a legal transaction with said member or the initiation of a legal dispute between said member and the Company.

Article 16 Minutes of the Supervisory Board

Minutes shall be taken of meetings of the Supervisory Board and of votes taken outside meetings and shall be signed by the Chairman of the Supervisory Board.

Article 17 Remuneration of the Supervisory Board

(1) Each member of the Supervisory Board shall receive a remuneration of 12,000.00 euros for their activities, payable on completion of the fiscal year. The Chairman of the Supervisory Board shall receive twice the amount for an ordinary member of the Supervisory Board, i.e. 24,000.00 euros; the Deputy Chairman shall receive 1.33 times the amount for an ordinary member of the Supervisory Board, i.e. 16,000.00 euros.

(2) Members of the Supervisory Board who have belonged to the Supervisory Board for only part of a fiscal year shall receive the remuneration pursuant to paragraph 1 pro rata corresponding to the ratio of their period of membership to the full fiscal year.

(3) The members of the Supervisory Board shall also be reimbursed for expenses incurred in the performance of their duties. Any value-added tax payable on their remuneration shall be reimbursed to the members of the Supervisory Board by the Company.

(4) The members of the Supervisory Board may receive additional remuneration further to the remuneration specified in paragraph 1, provided that this is resolved by the Annual General Meeting with the required majority.

V. Annual General Meeting

Article 18 Convening of the Annual General Meeting

(1) The Annual General Meeting shall be held at the registered office of the Company or in a German city with more than 200,000 inhabitants. The Annual General Meeting shall be convened by the Executive Board or, in the cases prescribed by law, by the Supervisory Board. The period of notice for convening the meeting shall be governed by the statutory regulations.

(2) The Annual General Meeting shall be held within the first eight months of each fiscal year. Extraordinary General Meetings may be convened as often as appears necessary in the interest of the Company.

Article 19 Participation in and Proceedings of the Annual General Meeting

(1) Only those shareholders who register for the Annual General Meeting and furnish proof of their entitlement are entitled to participate in the Annual General Meeting and exercise their voting rights. The registration and proof of entitlement must be received by the Company at the address specified in the invitation at least six days before the Annual General Meeting, not including the day of receipt.

(2) Registration according to paragraph 1 must be made in text form. Proof of entitlement according to paragraph 1 requires proof of share ownership. Evidence in text form provided by the final intermediary pursuant to Section 67c (3) AktG shall be sufficient in any case. The proof of share ownership must relate to the beginning of the 21st day prior to the Annual General Meeting.

(3) The chairman of the meeting is authorised to permit the full or partial video and audio transmission of the Annual General Meeting in a manner to be specified by him. The transmission may also be made in a form to which the public has unrestricted access.

Article 20 Voting Rights at the Annual General Meeting

(1) Each share entitles the holder to one vote at the Annual General Meeting.

(2) Voting rights may be exercised by a proxy. Outside the scope of Section 135 AktG, granting or revoking a power of attorney and providing proof of authorisation to the Company shall be done in text form (Section 126b BGB). In the invitation to the Annual General Meeting, the Company shall offer an electronic means of transmitting the proof of authorisation. If the shareholder appoints more than one person as a proxy, the Company may reject one or more of these persons.

Article 21 Chairing of the Annual General Meeting

(1) The Annual General Meeting shall be chaired by the Chairman of the Supervisory Board or, if he is unavailable, by the Deputy Chairman or, if he too is unavailable, by a Supervisory Board member to be designated by the Supervisory Board. If no member of the Supervisory Board takes the chair, the chairman of the meeting shall be elected by the Annual General Meeting.

(2) The chairman shall conduct the proceedings and determine the order in which the agenda is dealt with, the method and order of voting and the order of verbal contributions. The chairman may impose reasonable time limits on the shareholders’ right to speak and ask questions.

Article 22 Resolutions of the Annual General Meeting

The resolutions of the Annual General Meeting require a simple majority of the votes cast, insofar as the Articles of Association or statutory legal provisions do not specify anything to the contrary.

VI. Annual Financial Statements, Management Report, Appropriation of the Balance Sheet Profit

Article 23 Annual Financial Statements and Management Report, Discharge of the Management Board and the Supervisory Board

(1) Within the first three months of each fiscal year, the Management Board shall prepare the management report and the annual financial statements for the past fiscal year and submit them to the auditor.

(2) After the audit report has been received, the annual financial statements and the management report, together with the audit report and the proposal for the resolution of the Annual General Meeting on appropriation of the balance sheet profit, shall be presented to the Supervisory Board.

(3) The Supervisory Board shall submit its comments on these documents within one month of receipt.

(4) The annual financial statements, the management report, the report of the Supervisory Board and the proposal of the Management Board on appropriation of the balance sheet profit shall be made available to every shareholder in accordance with the statutory provisions from the time the Annual General Meeting is convened.

(5) Within the first eight months of each fiscal year, the Annual General Meeting shall resolve, after receiving the report to be submitted by the Supervisory Board pursuant to Section 171 (2) AktG, on the discharge of the Management Board and the Supervisory Board from their liability, on the appropriation of the balance sheet profit, on the election of the auditor and, in the cases prescribed by law, on the adoption of the annual financial statements.

(6) If the Company is obliged to prepare consolidated financial statements and a Group management report, paragraphs 1-5 shall apply accordingly to the consolidated financial statements and the Group management report.

VII. Other Conditions

Article 24 Partial Invalidity

The invalidity of any provision of the Articles of Association shall not affect the validity of the other provisions of the Articles of Association.

Article 25 Costs

The Company shall bear the formation expenses in the amount of DM 20,000.00.

Annual Auditors

On 8 July 2020, the Annual General Meeting of secunet Security Networks AG appointed PriceWaterhouseCoopers GmbH, headquarters Frankfurt am Main, branche office Essen, to serve as the Auditor of secunet Security Networks AG and as the Consilidated Annual Auditor of the secunet Group for the Financial Year 2020, as well as the Auditor for a review of the Condensed Financial Statements and the Interim Management Report of secunet Security Networks AG and the secunet Group as at 30 June 2020.