Euronext // 2021 Universal Registration Document

Other Information

RELIABILITY AND CONTINUITY OF THE IT ENVIRONMENT Risk

The activities and financial reporting of Euronext N.V. are highly dependent on the reliability and continuity of the IT environment. Effective general IT controls with respect to change management, logical access, infrastructure and operations, support the integrity and continuity of the IT systems as well as the operating effectiveness of the automated controls. As described in the risk management Section 2 in the universal registration document, the IT environment and the IT organization of Euronext N.V. are constantly changing in the context of transformational projects, process improvements, and occasional incident repair and remediation. During these changes there is a risk that the general IT control measures may not always operate as intended and, as a result, internal controls are ineffective. Therefore, we identified the reliability and continuity of the IT environment insofar in scope of our audit of the financial statements to be a key audit matter. Our audit approach IT audit specialists are an integral part of the engagement team and assess the reliability and continuity of the IT environment to the extent necessary for the scope of our audit of the financial statements. In this context, we evaluated the design of the IT processes and tested the operating effectiveness of general IT controls, as well as application controls over data processing, data feeds and interfaces where relevant for the financial reporting. In certain areas we performed additional procedures on access management, cyber security, security event monitoring and segregation of duties for the related systems. We also assessed the possible impact of changes in IT during the year resulting from the internal transformation activities and remedial measures on the operating effectiveness of general IT controls and the automated controls. Where applicable, we tested internal controls related to cloud computing and third-party service providers. Our testing of the general IT controls and the other tests performed, provided sufficient evidence to enable us to rely on the adequate and continued operation of the IT systems relevant for our audit of the financial statements. Key observations

REPORT ON OTHER INFORMATION INCLUDED IN THE UNIVERSAL REGISTRATION DOCUMENT The universal registration document contains other information in addition to the financial statements and our auditor’s report thereon. Based on the following procedures performed, we conclude that the other information: n Is consistent with the financial statements and does not contain material misstatements n Contains the information as required by Part 9 of Book 2 of the Dutch Civil Code for the management report and the other information as required by Part 9 of Book 2 of the Dutch Civil Code and as required by Sections 2:135b and 2:145 sub-section 2 of the Dutch Civil Code for the remuneration report We have read the other information. Based on our knowledge and understanding obtained through our audit of the financial statements or otherwise, we have considered whether the other information contains material misstatements. By performing these procedures, we comply with the requirements of Part 9 of Book 2 and Section 2:135b sub-Section 7 of the Dutch Civil Code and the Dutch Standard 720. The scope of the procedures performed is substantially less than the scope of those performed in our audit of the financial statements. The managing board is responsible for the preparation of the other information, including the management report in accordance with Part 9 of Book 2 of the Dutch Civil Code and other information required by Part 9 of Book 2 of the Dutch Civil Code. The managing board and the supervisory board are responsible for ensuring that the remuneration report is drawn up and published in accordance with Sections 2:135b and 2 145 sub-section 2 of the Dutch Civil Code.

REPORT ON OTHER LEGAL AND REGULATORY REQUIREMENTS AND ESEF

Engagement We were engaged by the general meeting of shareholders as auditor of Euronext N.V. on 19 May 2017, as of the audit for the year 2017 and have operated as statutory auditor ever since that date. No prohibited non-audit services We have not provided prohibited non-audit services as referred to in Article 5(1) of the EU Regulation on specific requirements regarding statutory audit of public-interest entities. European Single Electronic Reporting Format (ESEF) Euronext N.V. has prepared the universal registration document in ESEF. The requirements for this are set out in the Delegated Regulation (EU) 2019/815 with regard to regulatory technical standards on the specification of a single electronic reporting format (hereinafter: the RTS on ESEF). In our opinion, the universal registration document, prepared in the XHTML format, including the partially marked-up consolidated financial statements, as included in the reporting package by Euronext N.V., complies in all material respects with the RTS on ESEF. The managing board is responsible for preparing the universal registration document, including the financial statements, in accordance with the RTS on ESEF, whereby the managing board combines the various components into a single reporting package. Our responsibility is to obtain reasonable assurance for our opinion whether the universal registration document in this reporting package complies with the RTS on ESEF.

9

317

2021 UNIVERSAL REGISTRATION DOCUMENT