Airbus // Universal Registration Document 2023

1. Information on the Company’s Activities

1.2 Non-Financial Information

1

IV. Implementation/Activities Building upon the enhancements of 2022, a number of key initiatives were undertaken in 2023 to improve the cyber security position, reduce associated risks and decrease the likelihood of successful cyber attacks, including: – –deployment of the Company’s cyber security strategy for capability development, protection improvements and risk reduction from cyber attack by end of 2025; – –creation of MIRIS company (Mutual of Insurance and Reinsurance for Information Systems) by the Company and 10 other large European companies, in order to provide cyber insurance coverage and a technical hub for sharing amongst its members; – – industrialisation and adoption of Company-wide cyber security controls framework to standardise the technical approach to security by design; – –maintaining compliance with existing and evolving cyber security regulations, and anticipating future national, international, and sector-specific cyber security laws; for instance, through the implementation of a Data Compliance Centre to ensure the Company’s compliance towards internal and external regulations and policies; – –conducting an in-house full red-team cyber exercise for continual process improvement and controls maturity around data exfiltration scenarios; – –within the framework of the Company’s Cyber Community of Practice, a programme of internal events was launched focusing on technical sharing to support the development of people. Examples of such events include an annual conference to share technical topics and organisational news with the

cyber security community, and a physical/virtual hybrid hands-on technical training day for Red, Blue and Purple team skills development; – – certified Airbus cyber security diplomas launched in France in 2022, in order to reinforce and future-proof existing cyber security competency, in addition to building an appropriate pipeline for future skills and needs. The Company-delivered Bachelor’s and Master’s degrees are validated by the French National Registry of Professional Certifications, and correspond to 660 hours and 870 hours of courses respectively. In 2023, 22 students were registered in the Bachelor’s programme and 17 students in the Master’s; – – as part of the Top Company Objectives, employees are highly recommended to complete each year a training on cyber security issues. Such activities have continued to reduce the overall cyber security risk, specifically around the increasing threat from ransomware. V. Outlook There are no signs globally that the threats of cyber attack will decrease; therefore, the Company maintains an advanced cyber security posture and anticipates future threats. Specific focus is placed on: – – ensuring continued compliance to international, national, and industry specific cyber security regulations; – – company resilience; ensuring prevention and recovery from cyber skirmishes, and destructive ransomware attacks; – –extended enterprise and supply chain cyber security collaborations.

1.2.9 Health and safety

I. Introduction It is with great sadness that the Company reports the work related deaths of three employees in two separate accidents in 2023. One employee, in China, suffered a fall from a working platform while visiting a supplier’s site. The others were flight service pilots for GFD, a subsidiary of the Company. They were in a Learjet aircraft that was involved in an accident at Hohn Air Base in Germany. The Company expresses sincere regret and condolences to the employees’ families, friends and colleagues. Actions have been taken to address the lessons learned.

These accidents reinforce the Company’s determination to continue the drive towards zero-harm, and ensuring that its work activities do not adversely affect the safety and health of people remains a top priority. The Company continues to improve its health and safety risk management systems and is working to extend the coverage of its ISO 45001 certification. Areas of significant concern identified by formal risk assessment processes are escalated to the Company’s Enterprise Risk Management (ERM) system.

105 Airbus Annual Report

Universal Registration Document 2023