Third Party Relations Policy

1. Purpose and Scope

The purpose of this Policy is to define the Company’s fundamental principles regarding parties that will be working in all our business processes and our working conditions with third parties. This Policy covers all partnerships, all employees and senior management within the Company. Company expects all its suppliers and business partners with whom it does business to act in accordance with the principles under this Policy as well.

2. Definitions

“UN” means the international organization of the United Nations.

The “UN Guiding Principles on Business and Human Rights” is a guide for countries and companies to investigate, prevent and correct human rights violations in business.

“UN Global Compact” refers to the convention based on the universally accepted UN declarations for social responsibility and sustainability practices, addressing the 10 main responsibility areas of the business world in the fields of human rights, labor standards, environment and anti-corruption.

“Third Party/Business Partner” is defined as; persons, institutions and communities with all kinds of business relationships such as suppliers, dealers, authorized dealers, service providers, consultants.

“ILO” means the International Labor Organization.

“ILO Declaration of Fundamental Principles and Rights at Work” means the ILO Declaration, which states that all member countries are obliged to respect, develop and support the following four principles in good faith, even if they have not ratified the relevant conventions:

a) Freedom of association and effective recognition of the right to collective bargaining,

b) Elimination of all forms of forced labor,

c) Preventing child labour,

d) Elimination of discrimination in employment.

“Human Rights” refers to the rights peculiar to all people regardless of gender, race, color, religion, language, age, nationality, difference of opinion and wealth, and includes the right to an equal, free and dignified life.

“Sanctions Target” means;

• Any individual, entity, vessel or government which is a designated target of Sanctions (collectively, "Listed Persons") (e.g., SDNs);

• Companies owned 50% or more, directly or indirectly, by a Listed Person;

• Individuals or companies that are resident, incorporated, registered, or located in countries or territories such as Crimea, Cuba, Iran, North Korea and Syria that are subject to a comprehensive country or territory-wide Embargo (i.e., the "Embargoed Countries"), and

• Persons or companies owned or controlled by, or operating as agents of, the governments of Embargoed Countries or the Government of Venezuela.

3. General Principles

Risk Based Preliminary Assessment

Company selects its Business Partners based on criteria such as technical competencies, product and service quality, pricing, corporate reputation and financial solidity. Company also evaluates the compliance risks associated with its Business Partners according to a risk- based approach, in order to ensure compliance with the principles set forth in this Policy, especially in the procurement processes of solar panels and products containing critical metals and minerals. Within the framework of this approach, the following issues are adopted:

• Conducting the preliminary competency assessment process before entering into business relations with Business Partners, providing corporate documentation (such as policy procedures and letters of commitment), conducting financial, technical and reputational competency studies,

• In accordance with the relevant Company policies and procedures, in order to ensure Business Partners are not the Target of Sanctions corruption, human rights violations etc., determining the risks in advance and carrying out a third party risk assessment,

• To have the right to audit, to be used when necessary, in order to determine whether the ethical rules, especially the current legislation, the contractual obligations between Company and the Third Party Compliance Criteria explained in detail, are complied with, clearly stated in the contract,

• If necessary, providing support and training for the necessary capacity building to ensure compliance.

4. Third Party Compliance Conditions

As Company employees, we take great care to avoid damaging the corporate reputation of Company when representing our company in our relations with our customers, shareholders, affiliates, and other companies. Company is an honest and law-abiding company and adheres to its liabilities arising from local legislation, international conventions signed by Turkey, Company policies and code of conduct and contracts. Company expects its suppliers and business partners as well to show ultimate attention, specifically to comply with the fundamental principles set below.

4.1. Laws and Regulations

Business Partners of Company are expected to comply with all laws, rules, regulations applicable to their business and industry. Business Partners shall act in accordance with all applicable legislation, including but not limited to competition laws, Anti-Money Laundering and countering financing of terrorism regulations, data privacy regulations and legislations regarding anti-bribery and corruption.

4.2. Integrity and Ethics in Business Relations

Integrity and transparency are the most fundamental elements of reliability in business relationships.

Company expects its Business Partners to perform their business in accordance with legislations, international conventions to which the Republic of Turkey is a party, the United Nations Declaration of Human Rights, the United Nations Global Compact, and to act on the basis of fairness, integrity, honesty, responsibility, trust, accountability, openness and respect.

Company expects its suppliers and business partners to comply with the following fundamental principles:

Avoiding Conflict of Interests

Company’s suppliers and business partners make their decisions based on purely objective criteria and do not allow personal interests and relationships to affect these decisions.

The case of having relative relations, friendship or similar close relationship between Business Partners that have a business relationship with Company or other people and organizations that may have a business relationship and the employees of Company who employ these people and organizations, approve their businesses or make decisions about them also creates a risk of conflict of interest. Persons, institutions and Company employees who are or are likely to be in the above-mentioned situation are obliged to immediately notify Compliance Officer.

Anti-Bribery and Anti-Corruption

Company’s suppliers and business partners do not tolerate corruption and avoid any behavior that may lead to corruption. They commit and guarantee that their employees, subcontractors or their representatives will not provide advantage to, will not bribe, will not make illegal donations, or will not make other illegal payments to public officials or other third parties, or accept these. These rules also apply to facilitating actions and payments [payments made to government agencies to secure or expedite a routine transaction or process (obtaining permits and licenses, obtaining documents, etc.)].

All transactions must be accurately and transparently recorded to the books and records with sufficient descriptions.

Relations with Public Institutions and Competent Authorities

Company’s suppliers and business partners comply with legal provisions in their relations with Public Institutions and Organizations and other competent authorities. They abide by the Code of Conduct rules, relevant legal provisions and free and fair competition rules in the public tenders they participate.

Gifts, Entertainments and Events

Company’s suppliers and business partners do not provide unfair advantages to Company employees or other third parties in the form of direct or indirect gift, hospitality or invitation to influence them contrary to the law and Code of Conduct. In addition, they do not demand or accept similar improper advantages. In this regard, the principles and limitations determined in the Company Code of Conduct rules are followed. Consultants and Intermediaries Company’s suppliers and business partners only appoint a consultant or intermediaries in accordance with the current legislation. They do not use these people contrary to the law and ethical rules. They commit and guarantee that the fee paid to the consultant or intermediary is paid only in return for the consultancy or mediation services actually provided, in proportion to these services and not used for unlawful purposes.

4.3. Fair Market Behavior

Company is a lawful and responsible market player and is bound by its contractual obligations. Company expects the same from its suppliers and business partners as well, especially regarding compliance with the fundamental principles in the Competition Law Guideline, which is detailed in the Code of Conduct, and the provisions of the legislation on the prevention of unfair competition:

Fair Competition

Company’s suppliers and business partners act in accordance with the legislation on the protection of competition.

Anti-Money Laundering

Company’s suppliers and business partners act in accordance with the current tax legislation and establish business relationships only with business partners whose integrity they believe in. They declare and commit that they comply with all national and international legislation on money laundering and that they have not committed any violations and guarantee this.

Commercial Information

Company’s suppliers and business partners keep their commercial records in accordance with the current tax legislation. They prepare their reports on their commercial activities in accordance with the truth and the relevant legislation in force.

4.4. Human Rights

Company’s Business Partners are expected to comply with the Company’s Human Rights Policy while carrying out their activities.

4.4.1. Employee Rights

Company’s suppliers and business partners accept the universal principles regarding the protection of human rights as their main principle and they acknowledge them. In particular, they never compromise on not using forced labour and child labour. Suppliers and business partners pay regard to the rules about child labour in relation to the legal age limit set in contracts 138. and 182. by the International Labour Organization.

Business Partners must ensure that their operations are not associated with child labour, forced labour, labour abuse. Moreover, pursuant to Conventions and Recommendations of the ILO, the Universal Declaration of Human Rights, and the UN Global Compact, Company expects its Business Partners to have a zero-tolerance policy towards slavery and human trafficking.

We support that our suppliers and business partners complete management system requirements such as policies, procedures and letters of commitment regarding the prevention of child labor and forced labor especially on ILO Declaration and compliance on laws and regulations.

4.4.2. Compliance with Labour Laws

Business Partners are expected to comply with the labour laws of the countries in which they operate.

The wage determination process shall be established in a competitive manner according to the relevant sectors, the local labour market and if any, in accordance with the terms of collective bargaining agreements. All compensations, including social benefits are paid in accordance with the applicable laws and regulations.

4.4.3. Equal Treatment and Non-Discrimination

Company’s suppliers and all third parties that it does business with acts in compliance with democratic principles and treat different opinions tolerantly. They do not discriminate anyone on the basis of their ethnicity, nationality and social origin, colour, gender, age, disability, religious or political opinion or any other reason whatsoever.

4.4.4. Prevention of Harassment and Violence

Third Parties are expected to provide a working environment free of violence, harassment, and other unsafe and uncomfortable conditions resulting from internal and external threats. Any form of physical, verbal, sexual or psychological abuse, bullying, abuse or threat will not be tolerated.

4.4.5. Freedom of Association and Collective Bargaining

Business Partners should respect the rights and freedoms of their employees to join a union and bargain collectively without fear of retaliation, and to freely raise their wishes and complaints.

4.4.6. Working Conditions and Working Hours

Company’s suppliers and business partners support their employees’ working conditions to be improved and developed. They ensure that employees' wages are paid in full and in accordance with the legislation. Working hours shall be at least in compliance with the applicable national legal rules or minimum standards applicable to national industry sectors.

4.5. Occupational Health and Safety

Company’s suppliers and business partners comply with the legislation regarding occupational health and safety and Company’s Occupational Health and Safety Policy. They ensure that employees receive complete education on occupational safety. They provide their employees with the necessary personal protective equipment and ensure that their employees are regularly monitored for occupational health.

4.6. Environment

Company’s suppliers and business partners take measures to protect the environment when carrying out their activities to reduce environmental impacts and dangers, they encourage the development and dissemination of environmentally friendly technologies to further protect the environment in their daily operations.

In this context, Company supports its Business Partners in the following subjects;

• Comply with all applicable environmental laws and regulations including Company’s Environment Policy.

• Continuously improve their environmental performance and reduce their environmental impact to address climate change, water management, waste management and protection of biodiversity.

• Have effective monitoring systems and procedures in place against industrial accidents and other emergency situations.

• Encourage their Business Partners and third parties to improve their environmental performance.

4.7. Data Security and Protection of Company Assets

Protection of confidential data, personal data, business secrets, and corporate assets are among our most important responsibilities. Company expects its suppliers and business partners to comply with the following fundamental principles: Data Protection Company’s suppliers and business partners act in accordance with the current legislation and the regulations of the relevant institutions on the protection of personal data of employees, customers, suppliers, and other interested parties.

Protection of Intellectual Property Rights and Trade Secrets

Company’s suppliers and business partners respect the intellectual property rights such as know-how, patents and business secrets of Company and third parties. They do not give these information to third parties without written permission of Company or through other illegal ways.

Protection of Company Assets

Company’s suppliers and business partners respect the tangible and intangible assets of Company and do not use them illegally or for non-business purposes. They ensure that their employees and third parties assigned by them (subcontractors or representatives) do not damage or misuse Company’s assets.

5. Third Party Control (TPC)

5.1. Why Is Third Party Control Necessary?

It is an integral part of the Compliance Management System that a party defined within the scope of this Policy is checked on for its compliance with the Company's fundamental compliance principles, and it is essential to prevent and minimize legal, financial and reputational risks.

In addition, the TPC is also important and necessary in terms of the effect of national or international law or other relevant regulations on Company, Company’s partners or employees.

Our suppliers and business partners are selected using the best anti-bribery practices as part of the fight against bribery.

We always stay in touch with our suppliers and business partners to prevent future breaches of corruption issues.

Every three years or in shorter intervals when deemed necessary, we review the performance of our suppliers and business partners against corruption and, if deemed necessary, we receive support from independent third parties to carry out evaluations.

In addition, in order to prevent child labor and forced labor in Human Rights issues, the UN follows up- to-date reports of proven and reliable independent universities and research institutions on countries, regions, companies and individuals.

If a possible violation is detected, we apply the necessary sanctions according to our contracts without delay.

5.2. When Is Third Party Control Necessary?

i. Transactions with Intermediaries: For example, business relations with the parties, such as lobbying activities, consultancy, business relations with transaction facilitating representatives.

In such cases, we apply TPC on third parties involved in the relevant transaction. As Company, we only pay our intermediaries in proportion to their services in return for their actual, appropriate and legitimate services.

ii. Consultants: Regarding consultants, as well as the TPC specified in this Policy, we receive the proposal of the Human Resources and Administrative Affairs Director and the approval of the CEO so that the employees whose employments have been terminated at Company can work as consultants for a temporary period. As Company, we pay our consultants only in return for appropriate and legitimate services, in proportion to their services. In the selection of our consultants, we do not receive consultancy services from real person consultants who have been convicted or investigated for any of the crimes of Turkish Penal Code Article 252 Bribery, Article 257 Abuse of Duty, Article 235 Collusive Tendering and those who are included in the list of banned from public tenders within the scope of the Public Procurement Law No. 4734, Anti-Terror Law No. 3713 and the relevant legislation. In the case of the consultant being a legal entity, we will not receive consultancy services from that legal entity if any of the real person as controlling shareholders of the relevant legal entity is within the mentioned scope, we will not include them in the tender processes or receive consultancy services from them, not even with the company internal procedures, exception form, or approval of senior management.

iii. Mergers and Acquisitions ("M&A"): At the beginning of an M&A project or a financial transaction, the relevant Business Unit identifies the TPC together with the relevant Compliance Officer on a case-by-case basis. However, the relevant Business Unit is always obliged to work for a business relationship in accordance with Compliance Management System Standards beyond this TPC (For example, recognition of Code of Conduct rules as a part of the contract).

iv. Procurement Processes

a. Except for the cases clearly determined by the legislation, in the supplier selection related to the main fields of activity of Company (electricity sales, electricity distribution, E-şarj and other activities carried out through Enerjisa Müşteri Çözümleri A.Ş.) along with the necessary investigations within the scope of the policy of the relevant Business Unit, TPC under this Policy is also applied.

b. In the Purchasing Processes it is acted in accordance with the Purchasing Procedure and Tender Instructions and “Supplier Compliance Declaration" is received from all our suppliers. Also, TPC is applied within the scope of the relevant legislation and this Policy.

c. The criteria in the selection of consultants based on legislation (paragraph 4.2. ii. above) are also applied in the selection of suppliers.

v. Sales and/or other business activities to countries deemed risky in terms of compliance: (Countries with a score below 50 out of 100 according to Transparency International's current Corruption Perception Index). In such cases, the Compliance Management Unit should also be contacted for compliance with the Corporate Governance Principles.

vi. Sales and/or other business activities from countries, regions and companies (particularly regarding solar panels and products containing critical metals and minerals) that appear risky in terms of compliance: UN, proven and trusted independent university and research institutions It carries out the necessary Risk Analysis and Supply Chain Risk Mapping work on the countries, regions and companies mentioned in its current reports on individuals, warns its suppliers purchasing from the mentioned regions, and ensures that third parties make their own supply chain controls and report in detail. If necessary, it inspects the supply chain on-site with the expert control team or ensures that it is audited through independent audit institutions. It shares the results with the Compliance Management Unit in order to comply with the Corporate Governance Principles.

vii. Senior Managers/Executives: In the recruitment of directors and senior executives, it is checked whether they are in the international banned persons lists.

5.3. Privacy

Before signing of contracts regarding the service or consultancy with the Parties with whom business relations to be established and company information to be shared; we clearly secure the confidentiality conditions with the Non-Disclosure and Information Security Agreement ("NDA").

Within the scope of NDA, we ensure that the provisions regarding Information Security as well as the Personal Data Protection Law and related secondary legislation are acknowledged by the Parties and we ensure that the opinions of the relevant Legal and Information Security Units are received in case of negotiation request. We do not accept and circulate for signature any request for revision on the NDA text that has not passed these reviews.

5.4. Control and Monitoring

We carefully select the suppliers, dealers, authorized dealers, authorized services and consultants with whom business relationships to be established. In this context, as Company we check whether the requirements of the compliance criteria specified in this Policy are fulfilled by the suppliers and business partners, by obtaining the necessary "compliance declarations" and other supporting information and documents or by examining on the spot, in accordance with the applicable law, especially taking into account the data protection law. In the on-site examination, the prevention of child labor and forced labor, freedom of association, and how well the mechanisms where employees can freely express their wishes, complaints and suggestions, which are specified in the UN Human Rights Guidance Document and ILO (International Labor Organization) Conventions, are working properly and Company’s Institutional Reputation It is examined in detail whether it poses a risk to the Management and Corporate Governance Principles.

In addition, it conducts detailed internet-based public open-source research on risky situations mentioned in the current reports of the UN and proven and reliable, independent universities and research institutions on countries, regions, companies and individuals, or an expert in the field of conducting this research. We receive services from institutions.

We take the necessary measures to encourage Third Parties to fulfil their legal obligations, to comply with the Code of Conduct, to respect human rights, to act in accordance with the principles of business ethics and anti-corruption.

In addition to the measures, within the scope of sales and/or other business activities from countries, regions and companies (particularly regarding solar panels and products containing critical metals and minerals) that appear risky in terms of compliance, we periodically check the third parties regarding the compliance criteria specified in this policy and within the framework of the Corporate Governance Principles. The performance of third parties is monitored and the practices or behaviors of risky third parties are evaluated according to the Corporate Governance Principles, and it is decided whether the third party relationship will continue or not.

6. Administration, Authorization and Responsibilities

All Company employees and managers are responsible for complying with this Policy and implementing and supporting Company’s relevant procedures and controls in line with the requirements in this Policy. Company expects all Business Partners to comply with this Policy to the extent applicable to the relevant party and transaction and takes the necessary steps for this.

Each employee contacts the relevant Compliance Officer if there is any doubt as to whether any Party with whom a business relationship will be established is within the scope of this Policy and acts in line with his/her opinion.

All employees, suppliers, business partners, stakeholders, or any third party can report suspected policy violations by sending an e-mail to the ENETİK Hotline 0 (216) 579 09 14 or to ENETİK@Enerjisa.com confidentially.

7. Final Provisions

This Policy is an integral part of Company’s sustainability approach.

This Policy has been prepared in Turkish and English and is available on the Company’s and Investor Relations website.

This Policy is reviewed annually by the Corporate Compliance Unit provided that the views of the Distribution Business Units Compliance Unit is obtained, and the implementation progress regarding the fundamental principles is respected. In case of any comprehensive feedback from senior management or stakeholders, the policy can be reviewed irrespective of this period.

This Policy or a summary of the Policy has also been sent to the senior managers of all Business Units for information to ensure the awareness within the organization.

This Policy has been accepted and put into force by the Board of Directors on 22/04/2021.

8. Annexes

Third Party Compliance Declaration