Airbus // Universal Registration Document 2021

1. Information on the Company’s Activities / 1.2 Non-Financial Information

Such activities have successfully reduced the Company’s overall cyber security risk picture, and specifically related to the increasing threat from ransomware. V. Outlook There are no signs globally that the threats of cyber attack will dissipate or slow; therefore it is critical that the Company maintains ongoing improvement and response activities in order to reduce associated risks. A number of key initiatives are central to this including: – – Ransomware resilience: as one of the major risks, efforts continue with major investments into ransomware prevention in order to reduce both the likelihood of an incident, but also to significantly increase the resilience and reduce the time to recover critical applications and systems; – – International localisation: extending the federated model of security to encompass international localisation of affiliates with enhanced risk reporting; – – Secure digital transformation: enable digital transformation via the design development and deployment of updated security standards for cloud security, application hardening and zero trust networking; – – Security Operations Centre (SOC) 2025 strategy: detecting and rapid response to cyber incidents is a key part of any security practice: thus Airbus will maintain and continue to scale the SOC activities to the needs of the business.

The Company implements a number of key technical security controls in the reduction of cyber incident likelihood including the rollout of endpoint protection and data loss prevention tools, the implementation of multi-factor authentication, plus the adoption of enterprise security architecture approaches. To reduce impact from cyber events Airbus operates in-house security operations centers, covering both commercial and national activities; plus a Computer Emergency Response (CERT) team analysing cyber security threat intelligence and activating to rapidly investigate and contain cyber security incidents. Cyber security risk management is under regular internal and external audit, confirming processes and implementation to both Airbus and Industry standards. Technical audits are also conducted regularly on applications, systems and infrastructures in the form of cyber security penetration testing. IV. Implementation/Activities During the course of 2021, a number of key initiatives have been undertaken to improve the cyber security position, reduce associated risks and decrease the likelihood of successful cyber attacks, including: – – 100% coverage of core Divisional Company-issued laptops deployed with Endpoint Detection & Response (EDR) tools; – – 100% of employees now able to access Google client side encryption tools for encryption of the company data in Google suite; – – 35 of 35 high risk supplier connections now successfully migrated to the new standard secured supplier architecture; – – Restricted CERT extension devised to ensure cyber incident response coverage across both commercial and national infrastructures.

76

Airbus / Registration Document 2021