Contents 1. Purpose 
2. Scope of application and reach
3. General Principles
4. Regulatory Compliance Programme
5. Approval and dissemination
6. Preparation

1. Purpose

The Change Group International (Holdings) Ltd. (hereinafter the "Company" or "Change Group") is strongly committed to ensuring that its behaviour, and the behaviour of everyone who forms part of it, complies with all current regulations and ethical principles. For this reason, the Company has a Regulatory Compliance Programme that establishes the measures designed to identify, mitigate and eliminate the risks of regulatory non-compliance in all its activities. Implementation of this Programme is the responsibility of the compliance committees and compliance officers in the countries in which the Company operates. It is overseen by the Regulatory Compliance Committee, which works autonomously and independently.

In this regard and with a firm commitment to ensuring compliance with ethical principles, good corporate governance, transparency and integrity, the Company's priority objective is to implement a solid corporate culture that has regulatory compliance and the Company's ethical values as the central element of our business model and decision-making.

The purpose of this Compliance Policy (hereafter, the "Compliance Policy") is to establish criteria and guidelines for action, as a set of elements implemented and actions performed in the Company and its Group to ensure knowledge, understanding and compliance with all the regulations and policies in this area by all its employees. This aims to achieve the three main objectives of prevention, detection and response in relation to regulatory compliance.

2. Scope

This Compliance Policy applies to the Company and to the companies in its group in which Change Group has control (the "Group"). 

In those investee companies where this Policy is not applicable, the Company will promote the alignment of the investee's policies with those of the Company through its representatives on their management bodies. 

It is also applicable to contracted companies acting on behalf of the company, as well as joint ventures and other such companies, where the Company is responsible for their management.

3. General principles

Through this Policy, Change Group sends a resounding message of opposition to all irregularities and illegal acts, whether criminal or of any other kind, to all its executives and employees, and to third parties who have dealings with the Company. Change Group is committed to combating these acts and preventing any harm to its image and reputation. 

Without prejudice to the Code of Ethics and Conduct, the guiding principles for Change Group are:

• Compliance with and promotion of legality and internal regulations: Respect for the law is one of the core principles of Change Group. All employees have an overriding and mandatory duty to observe prevailing legislation and internal regulations that apply to them in the exercise of their professional duties and responsibilities. The Company fosters knowledge of and respect for these principles.
• Dissemination of the Regulatory Compliance Programme and training: The Company promotes the Regulatory Compliance Programme and its principles and standards among all employees, with ongoing training on its content.
• Respect for the image and reputation of Change Group: Employees must employ the utmost care and due diligence to uphold the image and reputation of Change Group in all their professional activities, including public appearances.
• Existence and knowledge of appropriate policies and procedures: Change Group has appropriate policies and procedures for its activity and structure to prevent the risks that may arise.
• Establishment of internal controls: Change Group has implemented general preventive controls that form the basis of its risk control and are effective in mitigating generic non-compliance risk. It also has specific controls and measures to mitigate particular non-compliance risks.
• Adequate provision of resources: Provide the Regulatory Compliance Department with sufficient financial, material and human resources for its development, within an appropriate framework for the definition, implementation, monitoring, supervision and achievement of the objectives of the Regulatory Compliance Programme.
• Assistance and collaboration with the Authorities: Provide the assistance and cooperation that may be required by judicial, administrative or any national or international supervisory body, to verify compliance with Change Group's legal obligations
• Obligation to report possible illegal conduct: Employees are required to report any potential breaches of the Change Group Code of Ethics and Conduct, and its internal regulations, and any actions that may be considered unlawful or criminal of which they become aware or suspect, through the Company's Whistleblower Channel.
• Monitoring and continuous improvement: The tools in the control structure, audits, investigations, information communication channels and situations of conflict or complaints represent a core element for the operation and improvement of the model. Management of these tools is essential for achieving a structured model through continuous improvement to achieve the objectives of the framework

4. Regulatory compliance program

Change Group has designed a Regulatory Compliance Programme that, through a due diligence model based on a risk-based approach and principles, formalises, implements, communicates, monitors and safeguards regulatory compliance. This programme includes a raft of policies and procedures, prevention manuals, guidelines for conduct and behaviour, internal controls, awareness-raising and training activities, and an on-going process of critical evaluation and supervision to ensure continuous improvement. This enables the detection, mitigation and elimination of non-compliance risks through immediate response in relation to the prevention of money laundering, privacy and personal data protection, promoting competition and avoiding unfair competition, preventing criminal activities and fighting corruption.

The aforementioned programme complements and develops the Change Group Code of Ethics and Conduct, the central and benchmark standard of the Company and its Group that determines its day-to-day activities and its way of relating to employees, shareholders, clients and users, suppliers, authorities, Public Administrations, regulatory bodies, competitors and, very especially, civil society as a whole.

The pillars of the Change Group Regulatory Compliance Programme are, fundamentally, the following:

• Code of Ethics and Conduct: Change Group has a binding Code of Ethics and Conduct that must be known, accepted and respected by all employees and members of the governing bodies of Change Group. This is a guide that sets down the standards of behaviour and good practice for all employees of the Company. The document contains a series of updated guidelines on behaviour, principles and values that are mandatory for all Change Group employees, who will avoid any behaviour that might harm the reputation of the Company or its interests.
• Ethical Channel and Ethical Channel Policy: Change Group has a Whistleblower Channel for reporting any behaviour that might represent an irregularity or act contrary to the law or the rules of conduct in the Code of Ethics and Conduct, internal regulations or prevailing legislation. The Whistleblower Channel is regulated and developed in a specific Policy. All Change Group employees are required to report any incidents or irregularities that infringe the Code of Ethics and Conduct, internal regulations or prevailing legislation of which they become aware, through the Whistleblower Channel. Likewise, anyone or any stakeholder not directly related to Change Group who wishes to report any irregularities of which they are aware may also use the Whistleblower Channel for such whistleblowing. The management of this Channel guarantees impartiality and independence, confidentiality, the anonymity of the whistleblower and the rights of the persons investigated. Change Group applies the appropriate disciplinary measures if any illicit behaviour is identified. Likewise, a prohibition on retaliation is established.
• Anti-Corruption Policy: Change Group remains firmly committed to fighting corruption. In this regard, the Company has an Anti-Corruption Policy. Its approval responds to a criterion of maximum transparency on the part of the Company, which seeks to promote policies that regulate fundamental aspects of corporate governance. In compliance with the law, Change Group combats any type of corruption and fosters the highest compliance standards at the global level, demonstrating its commitment to legality and the fight against corruption.
• Crime Prevention: The principle of due diligence is at the heart of Change Group. This principle groups and guides the elements of internal control that prevent crimes being committed and help establish a corporate culture of the strictest responsibility in daily practices that permeates the entire Company, ensuring that good practices are encouraged and avoiding, detecting, and eradicating any illicit actions.
• Prevention of Money Laundering: Due to some of its activities in various countries, Change Group Group is bound by, and complies with, regulations on the prevention of money laundering and the financing of terrorism. In general, the Company also follows the recommendations of the Financial Action Task Force (FATF) and the international best practices that are applied in this matter by applying the following principles: know your customer, analysis of operations, reporting of suspicious transactions, implementation of training plans and ongoing collaboration with regulators.
• Privacy: The protection of personal data is a requirement of the Company. This results in compliance with all applicable regulations in this area in every country where the Company operates. The purpose of this is to protect the fundamental rights and freedoms of individuals in the exercise of their activities. The Company's Data Protection Management System complies with the requirements of Regulation (EU) 2016/679 on Data Protection of 27 April 2016 and is adapted to the regulations in this area in the countries where it operates.
• Protecting competition: Change Group complies strictly with all applicable regulations in its relations with other companies and market operators. Change Group requires ethical conduct from its employees and, in particular, executive team at all times. This includes strictly complying with competition regulations in the performance of their duties. The commitment to absolute respect for competition rules translates into market conduct based on strong and fair competition. The executive team must always act independently on the basis of their business judgement without entering into agreements with any competitor that limit competition.

5. Approval and dissemination

This Compliance Policy was approved by the Company's Board of Directors on 2 February 2026.

This Policy will be published on the Company's corporate website and intranet.

The content of this Policy may be included among the training materials for our own staff and in additional dissemination actions, as determined at any time. Those responsible for the Business and Support areas will adopt the necessary measures for the dissemination, training and compliance with this Policy.