Deutsche Bank Appendix Non-Financial Report 2022 GRI Content Index and UN Global Compact SDG and GRI Standards and Disclosures Non-Financial Report and/or Link to Source Remarks/Omissions UNGC Reference GRI 418: Customer privacy 2016 3-3 Management of material topics Materiality assessment Information unavailable/incomplete. SDG 8 Data protection There have been new technologies and Data protection – Governance initiatives undertaken across Deutsche Data protection – Training and awareness Bank’s various product houses towards Information security digital transformation, however, risk and Information security – Security strategy, privacy of data linked to innovations are framework and governance not been reported. Information security – Security measures – Layered security controls Information security – Security measures – Third-party security risk management 418-1 Substantiated complaints concerning breaches Data Protection – No personal data breaches of Information unavailable/incomplete. of customer privacy and losses of customer material impact to individuals observed In 2022, Deutsche Bank again did not data observe any personal data breaches of material impact to individuals. Although complaints on data protection aspects are covered in Deutsche Bank’s regular complaint management procedures, they are not filtered specifically. Absolute data regarding complaints is not reported. SDG and GRI Standards and Disclosures Non-Financial Report and/or Link to Source Remarks/Omissions UNGC Reference Financial Services Standard Disclosures Product portfolio FS1 Policies with specific environmental and social Sustainability strategy – Sustainability https://www.db.com/files/documents/db- SDG 10 components applied to business lines governance – Sustainability principles and es-policy-framework-english.pdf policies Sustainable finance – Governance Climate risk – Governance Climate risk – Risk management framework Environmental and social due diligence – Environmental and social policy framework Environmental and social due diligence – Equator principles Human rights – Key topics in 2022 – Clients Public policy and regulation – Employee- Stakeholder interaction Public policy and regulation – Group policy does not permit donations to political parties Anti-financial crime – Risk exposure and controls Product responsibility – Product suitability and appropriateness Employment and employability – Governance Corporate social responsibility – Governance FS3 Processes for monitoring clients’ Sustainable finance – Governance SD1G 10 implementation of and compliance with Sustainable finance – Corporate bank – environmental and social requirements included Overview in agreements or transactions Sustainable finance – Asset Management – Liquid assets Climate risk – Risk management framework Climate risk – Climate risk in Asset Management – Risk management strategy and processes Environmental and social due diligence – Environmental and social policy framework Environmental and social due diligence – Environmental and social policy framework – Commitments, targets, and measures Environmental and social due diligence – Environmental and social policy framework – Transactional reviews Environmental and social due diligence – Equator principles Human rights Human rights – Key topics in 2022 – Clients Stakeholder engagement and thought leadership Public policy and regulation - Governance Anti-financial crime – Risk exposure and controls Tax – Preventing infringements 145