3.4 Cybersecurity and data privacy Artificial intelligence in cybersecurity Our data privacy governance and policies Artificial intelligence (AI) serves a crucial function in Siemens has established a global Data Privacy organization Siemens’ cybersecurity endeavors. The Siemens AI-based that follows Siemens’ business structure with data privacy implementation dynamically identifies security threats by responsibility residing with each business unit and country. detecting anomalies in our network and systems. This action Overall responsibility lies with the Chief Data Privacy Officer taken against security breaches helps mitigate potential harm. who reports directly to the CEO of Siemens AG, on an annual and ad hoc basis. The Chief Data Privacy Officer also issues AI also boosts the effectiveness of our cybersecurity proce- the internal Siemens Data Privacy Policies. Our Corporate dures by automating day-to-day tasks. This automation data privacy team manages and oversees regulations, enables our security teams to concentrate on more intricate policies, and standards for data privacy in conjunction with and pressing issues. Data Privacy Managers in the business units and countries. Despite the advantages, it is important to note that AI can Our internal Compliance Policy requires every Siemens also be used as a tool of cyber attackers by enhancing the employee to collect and process personal data confidentially, complexity of their malicious actions. The attackers might only for legitimate and predetermined purposes, and in a harness AI to automate their attacks, evade conventional transparent manner. This requirement is also reflected in our security systems, or even simulate human behavior to escape BCGs, which contain a section on data privacy requiring detection. every employee to comply with the data protection require- ments of the laws and regulations within the legal systems To be well-prepared for these scenarios, we’ve established where they are operating, as well as with Siemens’ policies. stringent security protocols aimed at ensuring a safe and In addition, the Siemens Compliance Handbook contains responsible application of AI. Our approach helps maintain requirements for processing personal data, for documentation, the integrity of our systems and shields us from potential and for reporting incidents. risks. Transfers of personal data within the Group are covered by Through meticulous implementation and ongoing surveil- binding internal data protection regulations: the Siemens lance, we intend to minimize these risks and amplify the Binding Corporate Rules on Data Protection (BCR). With the benefits of AI. BCR, Siemens Group companies around the world have an obligation to process personal data from data subjects in the European Union in accordance with European data protection Data privacy standards, even when the recipient of the personal data is located outside the European Economic Area (EEA). Management approach Targets Protection of personal data in the era of Our DEGREE sustainability framework prioritizes the careful digitalization handling of data under “E” for Ethics. Our overarching goal is Siemens believes that protecting the personal data of our a zero-tolerance approach to breaches of applicable laws and stakeholders is our ethical responsibility. As digitalization our own internal guidelines. We are proactively working and new technologies like artificial intelligence advance, toward achieving this goal by implementing our data privacy data protection becomes increasingly important for our management system. stakeholders and for Siemens’ success. That is why processing personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), is of utmost importance to Siemens. SIEMENS SUSTAINABILITY REPORT 2023 52