Combined Management Report Increasing sustainability focus: Governments around the world continue to increase their focus on sustainability topics, resulting in the risk of increased costs to comply with new laws and related reporting requirements. In addition, increasing stakeholder and investor focus on sustainability topics brings reputational risk should our sustainability commitments, targets and activities be perceived as a deceptive use of green marketing or otherwise not credible. Climate change litigation has become a worldwide phenomenon with a corresponding risk to Siemens as a large corporation. We address these risks in a variety of ways including through our sustainability framework DEGREE, in which we have set ambitious sustainability targets. DEGREE includes measures to reduce our carbon footprint along with other initiatives addressing ESG topics more generally. We have implemented an ESG due diligence process that supports Siemens businesses with due diligence in the customer-oriented environment with a view to possible environmental and social risks as well as related human rights and reputational risks. Finally, we believe our overall portfolio is very well positioned to meet the current and future sustainability needs of our customers and the societies in which we operate. Disruptive technologies: The markets in which our businesses operate experience rapid and significant changes due to the introduction of innovative and disruptive technologies. In the field of digitalization (e.g. Digital Twin, artificial intelligence, cloud computing), there are risks associated with new competitors, substitutions for existing products/solutions/services, new business models (e.g. in terms of pricing, financing, extended scopes for project business or subscription models in the software business), and finally the risk that our competitors may have more advanced time-to-market strategies and introduce their disruptive products and solutions faster than Siemens. Siemens generally differentiates its software offerings from those of other software companies through deep domain know-how. There are risks associated with technologies such as artificial intelligence, including generative artificial intelligence, that domain expertise will not be a significant distinguishing feature in the future, and that additional competitors may therefore emerge more easily or rapidly. Our operating results depend to a significant extent on our technological leadership, our ability to anticipate and adapt to changes in our markets, and our ability to optimize our cost base accordingly. Introducing new products and technologies requires a significant commitment to research and development, which in return requires expenditure of considerable financial resources that may not always result in success. Our results of operations may suffer if we invest in technologies that do not operate or may not be integrated as expected, or that are not accepted in the marketplace as anticipated, or if our products, solutions or systems are not introduced to the market in a timely manner, particularly compared to our competitors, or even become obsolete. We constantly apply for new patents and actively manage our intellectual property portfolio to secure our technological position. However, our patents and other intellectual property may not prevent competitors from independently developing or selling products and services that are similar to ours. Competitive environment: The worldwide markets for our products, solutions and services are highly competitive in terms of pricing, product and service quality, product development and introduction time, customer service, financing terms and shifts in market demands. We face strong, established competitors as well as rising competitors from emerging markets and new industries, which may have a better cost structure or offer a better customer solution. Some industries in which we operate are undergoing consolidation, which may result in stronger competition, a change in our relative market position, an increase in inventory of finished or work-in-progress goods, or unexpected price erosion. Furthermore, there is a risk that critical suppliers could be taken over by competitors and a risk that competitors are increasingly offering services to our installed base. We address these risks with various measures, for example benchmarking, strategic initiatives, sales push initiatives, executing productivity measures and target cost projects, rightsizing of our footprint, outsourcings, mergers and joint ventures and optimizing our product and service portfolio. We continuously monitor and analyze competitive, market and industry information in order to be able to anticipate unfavorable changes in the competitive environment rather than merely reacting to such changes. 8.3.2 Operational risks Cyber/Information security: Digital technologies are deeply integrated into our business portfolio. Further integration of information technology into products and services in conjunction with changing business strategies (such as outsourcing, globally distributed development, a lesser degree of sole production) are leading to an increasingly distributed supply chain, making efficient controls difficult. The fact of a large number of suppliers requires a significant effort for the initial and regular verification of the effective implementation of cybersecurity requirements by suppliers. Siemens business entities might lose market access if their products, solutions and services do not comply with increased regulations and legal requirements for cybersecurity in their respective countries. We observe a global increase of cybersecurity threats and higher levels of professionalism in computer crime, which pose a risk to the security of Siemens products, solutions and services; to Siemens IT systems and networks; and to the confidentiality, availability and integrity of data. Like other large multinational companies, we face active cyber threats from sophisticated adversaries that are supported by organized crime and nation- states engaged in economic espionage or even sabotage. According to external sources of relevant data, this trend has been accelerated by geopolitical developments and tensions worldwide. Especially the numbers of phishing attacks and malicious websites have increased significantly. There is a risk that confidential information or data-privacy-relevant information may be stolen or that the integrity of our portfolio may be compromised, such as by attacks on our networks, social engineering, data manipulations in critical applications, or a loss of critical resources, resulting in financial damages and violation of data privacy laws. Moreover, the information technology market is concentrated among a small number of information technology and software vendors, which could lead to dependence on a single provider. There can be no assurance that the measures aimed at protecting our intellectual property and portfolio will address these threats under all circumstances. Cybersecurity covers the IT of our entire enterprise including office IT, systems and applications, special-purpose networks, and our operating environments such as manufacturing and R&D. We strive to mitigate these risks by employing a number of cyber defense measures, including employee training, considering new models of flexible working environments, and comprehensive monitoring of our networks and systems with an artificial intelligence solution to identify attacks faster, and thereby prevent damage to society, critical infrastructures, our customers, our partners and Siemens overall. We initiated the industrial “Charter of Trust,” signed by a growing group of global companies, which sets out principles for building trust in digital technologies and creating a more secure digital world. Nonetheless, our systems, products, solutions and services, as well as those of our service providers, remain potentially vulnerable to attacks. Such attacks could potentially lead to the publication, manipulation or leakage of information such as through industrial espionage. They could also result in deliberate improper use of our systems, vulnerable products, production downtimes and supply shortages, with potential adverse effects on our reputation, our competitiveness and results of operations. For increased protection of Siemens and reduction of a potential financial impact caused by cyber incidents, the currently insurable cybersecurity risks have been to a partial extent transferred to a consortium of insurance companies. 26