QUADIENT // 2021 Universal Registration Document

NON-FINANCIAL PERFORMANCE STATEMENT Social, societal, and environmental information

Launched in May 2020, Quadient Ethics line is a comprehensive and confidential reporting tool, hosted and operated by NAVEX, a third-party provider, which assists employees to report anonymously or not, any concerns related to Ethics & Compliance (e.g. fraud, abuse, and other misconduct in the workplace), via a form online (website) or a hotline, available 24 hours a day, 365 days a year in all the countries where the company operates. This dedicated website is available in the same languages as the Code of Ethics (8 languages): English, French, Czech, Spanish, Japanese, German, Dutch and Italian. Regarding the hotline, there is a dedicated phone number per country enabling anyone to speak up in its native language. The reporting categories are the following: Antitrust, fair competition and business compliance, Asset / information misuse and access, Corruption and influence peddling, Discrimination or harassment or unfair treatment, Financial issues, Fraud, Health, Safety & Environment, Human Rights. This ethics line accessible through the corporate intranet (WeShare) and Quadient’s corporate website is available for Quadient’s employees and to any third parties (e.g., customers, suppliers, partners). Beyond the reporting of ethical and compliance concerns, this platform enables anyone to ask confidentially any questions related to the code of ethics and other corporate policies and standards. After completing the report, the employee (or third party) will be assigned a unique code called a "report key." The reports and questions are confidential. The information provided to the NAVEX Global representative by phone or via their website is then sent to a designated representative within Quadient. Quadient strictly forbids retaliation against employees for submitting an ethics concern to the Company. Complaints made in good faith will not expose the whistleblower to any sanctions, regardless of whether the underlying facts prove to be correct or result in any corrective action.

INVESTIGATION AND REMEDIATION Quadient takes seriously its responsibility to investigate potential violations or instances of misconduct. Quadient has developed an investigation policy and a disciplinary actions policy to ensure that these investigations are conducted in a consistent and professional manner, and that disciplinary actions are considered in full objectivity, fairly and independence. All suspected violations are analyzed by the Ethics & Compliance committee composed of the Chief People Officer, General Counsel, Vice President of Internal Audit and Vice President of CSR & Compliance. This committee decides whether further investigation must be conducted and follow the progress of the investigation and the remedial plan until its completion. Protect privacy and integrity of data entrusted to Quadient against internal and external threats In an increasingly connected world, with ever-increasing amounts of electronic mail and parcel volumes growing in line with the growth of e-commerce, Quadient has made a firm shift to digital. In addition to smart machines to process traditional mail, the Company’s offering now includes solutions and software either dedicated to digital communications management or aimed at facilitating parcel processing. Quadient handles a lot of sensitive information every day and protecting such information has always been of very high concern for the Company, including the protection of postal transactions, customer’s data, and the Company’s data. Aware of the consequences of a security failure in its operations, the Company is committed to safeguarding the confidentiality, integrity and availability of all physical and electronic information assets to ensure that regulatory, operational and contractual requirements are fulfilled. Analysis of security incidents, security performance • and the progress of security-related projects during quarterly security reviews. Deployment of Digital Standards supported by • compliance and audit processes. More than 95 of newly delivered digital services are compliant to Quadient's Digital security Standards. Extension of the process to solutions security • Extension of the detection capability with • deployment of a managed threats detection and response service Renewed cyber insurance contract • 11 entities are ISO 27001 certified (covering 20.6 of • staff), Inspire cloud-based solution have ISO 27017 and ISO 27018 certification (cloud) and meet the OpenSAMM security standards. Quadient UK is now 27701 certified • 18 security audits carried out in 2021 covering MRS • and ICA 2021 Results

5

Initiatives

Establishment of a global quarterly Information Security Board

Global Security Incident Management Process improving reporting, aligned to DPO requirements

ISO 27001 certification program

Program of internal and external audits in 2021 on the Company’s systems and applications

123

UNIVERSAL REGISTRATION DOCUMENT 2021