Statement by the Management Board

Risk Management Statement

Alliander’s Management Board is responsible for the design and operation of the internal risk management and control system, in accordance with the principles of the COSO framework and the Three Lines Model. This system is embedded in our governance and strategy, and is periodically evaluated and improved. We further act in line with the Dutch Corporate Governance Code, in particular provision 1.4.3, which stipulates that the board must declare that the internal risk management and control system is adequate and effective.

The system has clearly defined roles: the first line implements control measures, while the second line (Risk & Compliance and other disciplines in the second line) monitors compliance and coordination. The third line (Internal Audit) performs independent assessments. The Audit Committee and the Supervisory Board supervise the function of the system, while the external auditor provides additional assurance (for further explanation, see the Corporate Governance section).

The monitoring and evaluation process consists of various control frameworks, business self-assessments, internal in-control statements, quarterly and half-yearly reports on the most significant risks and follow-up on identified issues and the results of external assurance audits. The risk management and control system is structured in multiple assurance layers and its broad design contributes to the realisation of the strategy and objectives. The system provides insight into the effectiveness of risk management for the various types of risks. Within the system, there are differences in the maturity of the control frameworks. Whereas a robust framework is in place for financial reporting, the framework for sustainability is still under development. Alliander has an implicitly low risk appetite as described in the ‘Risks’ section of this annual report.

The risk section of this annual report describes Alliander's top-ranked risks and the control activities that have been implemented for them. Following audits of our risk management system, opportunities for improvement were identified. The areas for improvement include non-compliance (with regard to the implementation of network codes and tendering) or issues identified in audits of operational processes. These opportunities for improvement were identified by our control system, and improvement actions were taken that contribute to more demonstrable and effective control of business operations and thus to the realisation of the organisation's strategy and objectives. With the current control mechanisms in place, we are sufficiently confident that key issues have been identified and followed up.

Although the system is robust, it does not offer absolute certainty that all risks will be identified in a timely manner. Unforeseen circumstances and external factors can always influence the achievement of objectives.

In line with best practice provision of Article 1.4.3 of the Dutch Corporate Governance Code, we declare that:

  • this annual report and the aforementioned activities provide sufficient insight into the function and any shortcomings of the internal risk management and control system;

  • in respect of financial reporting, the system provides reasonable assurance that the financial accounts do not contain any material misstatements;

  • the system provides a limited degree of assurance that the sustainability report does not contain any material misstatements;

  • the internal risk management and control system provides a limited degree of confidence that the main compliance and operational risks are identified in a timely manner and adequately managed. The board sees no evidence to indicate that our system does not provide sufficient confidence in terms of managing the operational and compliance risks relevant to Alliander in line with the risk appetite;

  • based on the current state of affairs, it is appropriate to state that financial reporting was carried out on a going concern basis; and

  • that this annual report discloses the material risks and uncertainties that are relevant to the company's expected ability to continue operating as a going concern for a period of twelve months after the report was prepared.

Management Board statement of responsibilities

We state that:

  • the financial statements provide a true and fair view of the assets, liabilities, financial position and profit of Alliander N.V. and its consolidated companies;

  • the additional information provided by the Management Board, as included in this annual report, provides a true and fair view of the position as at 31 December 2025 and of the business during the 2025 financial year of Alliander N.V. and its group companies, the results of which are included in the financial statements; and

  • the key risks to which Alliander N.V. is exposed are described in the annual report.

Arnhem, the Netherlands, 6 March 2026

Maarten Otto
Walter Bien