Acronis AG Sanctions and Export Controls Compliance Policy

  1. INTRODUCTION

    The United States maintains and enforces a variety of economic sanctions against designated countries and their nationals, agencies, and instrumentalities, as well as sanctions on specific individuals and entities around the world. The U.S. Department of the Treasury, Office of Foreign Assets Control ("OFAC") is primarily responsible for enforcing trade sanctions laws in the United States. In addition, U.S. export control laws, implemented by the U.S. Department of Commerce, Bureau of Industry and Security ("BIS"), govern the use and movement of U.S.-origin goods, software, and technology in and out of certain countries and jurisdictions.

    1. Policy Statement

      It is the policy of Acronis AG, and each of its subsidiaries and other business entities controlled by it worldwide (collectively, the "Company") to remain in full compliance with all applicable trade sanctions and export control laws. It is the responsibility of each employee and agent of the Company engaged in international activities to ensure that those activities are consistent with all applicable economic sanctions and export control laws.

    2. Scope

      This Sanctions and Export Controls Policy ("Policy") applies to all directors, officers, and employees, whether temporary or permanent, full-time or part-time, agents, partners, and other third party representatives of the Company.

  2. PROHIBITIONS FOR U.S. PERSONS
    1. Jurisdictions Subject to U.S. Economic Sanctions

      As of November 20191 , U.S. persons are generally prohibited from engaging in transactions involving the following jurisdictions:

      • Cuba
      • Iran
      • North Korea
      • Syria
      • The Crimea region of Ukraine

      This means that any transaction with or involving these jurisdictions or any of their governments, agencies, and instrumentalities is prohibited unless an exemption applies or a license is obtained.

      Any transaction involving these jurisdictions, an entity resident or organized in one of these jurisdictions, or where a benefit is received in one of these jurisdiction must be approved by the Compliance Officer.

    2. Restrictions on the Company’s Non-U.S. Operations

      The restrictions on doing business involving Iran and Cuba apply directly to both U.S. persons (U.S. citizens, permanent residents, individuals present in the United States, and entities organized under the laws of the United States or a sub-jurisdiction) and entities owned or controlled by a U.S. person. Accordingly, any Company non-U.S. subsidiary generally is subject to the same restrictions as a U.S. person for activity involving Iran and Cuba.

      Other U.S. sanctions programs only apply to U.S. persons. Thus, it is possible for non-U.S. subsidiaries of the Company to lawfully engage in transactions that would violate U.S. sanctions laws if performed by the Company directly. Notwithstanding the foregoing, it is the Company’s policy that the Company, including without limitation each subsidiary of the Company and other business entities controlled by it worldwide, will be treated as though it is subject to the same restrictions as a U.S. person for all U.S. sanctions programs.

  3. SCREENING

    In addition to the embargoed jurisdiction sanctions programs discussed in the preceding section, other U.S. sanctions programs prohibit the Company from doing business with certain designated individuals and entities that are associated with certain countries, terrorism, narcotics trafficking, the proliferation of weapons of mass destruction, and criminal organizations, as well as entities owned fifty percent (50%) or more by a designated person. U.S. sanctions also prohibit certain transactions related to the extension of credit to listed entities related to Russia and their subsidiaries and generally prohibit transactions with the Government of Venezuela. It is difficult to know the identities of all such individuals/groups, but appropriate due diligence is necessary to confirm that the individuals or organizations with which the Company is doing business are who or what they purport to be.

    1. Screening Process

      U.S. companies are encouraged by OFAC to employ risk-based screening to determine whether business counterparties (e.g., vendors, suppliers, customers, distributors, resellers, service providers, and joint venture partners) are subject to U.S. sanctions or other trade restrictions. Parties should be screened against the OFAC SDN List, the Foreign Sanctions Evaders List, the Sectoral Sanctions Identification List, and all other applicable sanctions. Because the Company’s OFAC risk exposure is limited, the Company will screen all counterparties determined to be higher risk based on the country or jurisdiction involved, and any transaction involving an indication that the counterparty may be linked to or acting on behalf of an embargoed jurisdiction or sanctioned person.

      1. Counterparties from Higher Risk Jurisdictions

        The Company will batch screen, on a quarterly basis, all counterparties determined to be higher risk based on the country or jurisdiction involved. The following is a list of high-risk countries and jurisdictions:

        • Cuba
        • Iran
        • North Korea
        • Syria
        • Afghanistan
        • Albania
        • Belarus
        • Bosnia and Herzegovina
        • Bulgaria
        • Burma (Myanmar)
        • Burundi
        • Central African Republic
        • Colombia
        • Croatia
        • Democratic Republic of Congo
        • Iraq
        • Ivory Coast
        • Kosovo
        • Lebanon
        • Libya
        • Mali
        • Mexico
        • Montenegro
        • Nicaragua
        • North Macedonia
        • Pakistan
        • Panama
        • Romania
        • Russia
        • Serbia
        • Slovenia
        • Somalia
        • South Sudan
        • Sudan
        • The Palestinian Authority
        • Ukraine
        • Venezuela
        • Yemen
        • Zimbabwe
      2. Counterparties Linked to Embargoed Jurisdictions or Sanctioned Persons

        In addition, the Company will screen, on a case-by-case-basis, any transaction involving an indication (e.g., media reports) that the counterparty may be linked to or acting on behalf of an embargoed jurisdiction or sanctioned person. Counterparties that present any red flag or risk indicator should be screened prior to the Company entering into any transaction with the particular counterparties, whenever possible.

      Any Company employee that becomes aware of a transaction involving counterparties from higher risk jurisdictions or counterparties linked to embargoed jurisdictions and sanctioned persons must contact the Compliance Officer so that the parties to the transaction can be screened against all appropriate restricted party lists.

    2. Russia-Related Sectoral Sanctions

      In addition, the Ukraine-/Russia-related sanctions set forth certain restrictions on transactions with specified individuals and entities. In the event that the Company enters into any agreement for the sale of goods or services to Russia, the Company must ensure that credit or payment terms comply with these restrictions. Specifically, customers subject to debt restrictions must provide payment within the allowable maturity applicable to the customer from the date the final invoice is issued. Payment may not be accepted beyond the allowable period. If payment is not made within the allowable period, the Company may not issue a new invoice for those services.

  4. COMPLYING WITH EXPORT CONTROL LAWS

    Export control laws govern the export and re-export of sensitive goods, software and technologies and are intended to protect the national security, foreign policy and economic interests of the United States. The Company’s policy is to comply with all applicable laws.

    The Export Administration Regulations ("EAR"), administered by BIS, are the primary regulations governing the export of commercial or "dual-use" items. While most items under the control of the EAR may be exported without a license, export licenses may be required in certain situations, depending on what items are being exported, the country of destination, the identity of the end user and the intended end use of the item. Most dual use items controlled for export are those having potential for use in information security including encryption, power generation, aeronautics, avionics, nuclear systems, and guidance systems and highly toxic chemicals. U.S.-origin items may be subject to strict controls. For example, ordinary commercial items, such as laptops, smartphones, and digital recording equipment, may be subject to U.S. anti-terrorism controls, depending on the end-user or export destination.

    The Compliance Officer is tasked with determining whether any of the Company’s products fall under the jurisdiction of applicable export control laws and monitoring transactions to ensure that these goods are exported in compliance with applicable export controls laws.

  5. THIRD-PARTY COMPLIANCE

    The Company uses a number of third parties, including partners, distributors, resellers, service providers, sales representatives, advisors, agents, consultants, contractors, lawyers, and other intermediaries to assist the Company in securing sales, entering and expanding into new markets, and for many other aspects of the Company’s business (collectively "Channel Partners").

    The Company’s Policy and zero-tolerance attitude will be clearly communicated to all third parties at the outset of business relations, and as appropriate thereafter.

    All contracts with Channel Partners and other relevant third parties must contain appropriate contractual provisions requiring the Channel Partners and third parties to remain in full compliance with this Policy and all applicable trade sanctions and export control laws.

  6. TRAINING

    The Company will provide regular training on compliance with sanctions and export controls to directors, officers and employees. When necessary, specialized training will be provided to directors, officers and/or employees with significant compliance responsibilities or in high risk functions.

  7. QUESTIONS, CONCERNS, AND REPORTING REQUIREMENTS

    Any questions about any part of this Policy should be directed to the Company’s Compliance Officer.

    If any director, officer or employee has reason to believe that a violation of this Policy has occurred (or will occur), it is their duty to report it immediately. Violations may be reported to the Compliance Officer or the Legal Department. The required report may also be made anonymously through the Whistleblower Hotline.

    The Company strictly prohibits any discrimination, retaliation or harassment against any person who reports a concern or who participates in any investigation of a concern. Any complaint that discrimination, retaliation or harassment has occurred will be promptly and thoroughly investigated. If it is found that there actually was discrimination, retaliation or harassment against any Company employee because he or she reported a concern or cooperated in an investigation, then appropriate disciplinary action will be taken, up to and including termination of the person responsible for the discrimination, retaliation or harassment. Communication of all questions or concerns about this or any other Company policy are encouraged.

1. As this list may change at any time, you are encouraged to consider carefully whether there may be restrictions in place on any country with which business is contemplated, and to consult the Compliance Officer accordingly