2025 ESG report
UN Global Compact Communication on Progress
A letter from our CEO
At e-Boks, our mission is to help people, businesses and institutions to digitally interact and service themselves efficiently and securely through our platforms. As digital communication increasingly becomes the backbone of modern societies, this role also carries important environmental, social, and governance responsibilities.
At a time like the one we are currently experiencing marked by geopolitical uncertainty, our dependence on a well-functioning and secure digital infrastructure can no longer be taken for granted. Digital security and sovereignty have become a central element of companies’ strategic risk landscape. We clearly sense this in our dialogue with customers and partners, and we welcome that these issues are consistently at the forefront of how we approach delivering data security and operational stability.
In 2025, more than 598 million documents were sent through the e-Boks platform reaching close to 25 million users. Behind every document is often important information - from healthcare notifications and pension updates to contracts and decisions that affect people’s everyday lives. This scale illustrates the responsibility we carry as a trusted digital infrastructure.
In 2025, e-Boks entered a new phase when the Danish private equity firm CataCap became the owner of e-Boks Group. This transition supports our ambition to continue developing secure digital infrastructure while strengthening governance, innovation, and long-term value creation.
Secure digital communication plays an important role in supporting well-functioning societies. Access to trusted digital communication channels helps citizens receive important information, protect their rights, and interact efficiently with public authorities and businesses. As e-Boks expands
across sectors and markets, we remain committed to solutions built on accessibility, security, and responsible data protection. In doing so, we contribute to strengthening trusted digital institutions and support the ambitions of Sustainable Development Goal 16: Peace, Justice and Strong Institutions.
At the same time, digital communication contributes to a more sustainable way of distributing information. By enabling organisations to replace physical mail with secure digital communication, our platform helps reduce paper consumption, transport, and resource use. Through this transition, we contribute to Sustainable Development Goal 12: Responsible Consumption and Production and Sustainable Development Goal 13: Climate Action. The broader communication landscape is also evolving. Following the end of PostNord’ s universal postal service obligation in Denmark in 2025, secure digital communication channels are becoming even more central to how citizens and organisations exchange important information.
Our responsibility also extends beyond Denmark. In 2025, we entered a strategic cooperation with Oman Post to establish the country’s official National Digital Postbox. The initiative supports Oman’s digital transformation agenda and demonstrates how secure digital communication infrastructure can strengthen public services internationally.
At the same time, we are preparing for the next phase of Europe’s digital infrastructure. The EU’s upcoming eIDAS 2.0 regulation will create a framework for interoperable digital identity wallets across member states. Through the acquisition of the majority stake of the Danish technology company dewa and the development of e-Boks ID, we are contributing to this future digital ecosystem built on principles of data sovereignty, transparency, and user control.
Trust remains the foundation of our platform. Every day, millions of users rely on e-Boks to receive important and often sensitive information. Maintaining that trust requires strong governance and continuous focus on data protection, privacy, and security.
In 2025, we introduced AI-powered functionality in the e-Boks app to make it easier for users to understand and navigate their digital mail. While new technologies offer opportunities to simplify digital services, they must always be implemented responsibly. At e-Boks, innovation will never come at the expense of data security or user privacy.
As participants in the United Nations Global Compact, we remain committed to its Ten Principles on human rights, labour, environment, and anti-corruption. These principles guide how we operate and how we work with our partners and suppliers. During 2025, we strengthened this work by im-
plementing a Supplier Sustainability Assessment Questionnaire (SAQ) to collect sustainability-related information from key suppliers. The assessment improves transparency around suppliers’ environmental, social, and governance practices and supports alignment with the EU’s Voluntary Sustainability Reporting Standard for non-listed SMEs (VSME).
Finally, I would like to express my sincere appreciation to our customers and partners for their continued cooperation, and to our employees whose dedication and expertise make our progress possible every day. We remain grateful for the trust that citizens, customers, and partners place in e-Boks and look forward to continuing the development of secure and responsible digital communication together.
Ulrik Falkner Thagesen Group CEO e-Boks
Introduction
As a secure digital platform for communication, document delivery and storage of important documents, e-Boks delivers an important part of the societal infrastructure that makes modern society function and thrive.
e-Boks has been part of the UN Global Compact (UNGC) since 2018, and the 2025 sustainability report is the 8th time we are reporting on progress against the UNGC Ten Principles and the Sustainable Development Goals. Since 2021, we have reported in alignment with the Carbon Disclosure Project (CDP) and in 2023, we set a baseline for our CO2 emissions in Scope 1, 2 and 3. With this foundational work, we have signed up to the Science-Based Targets initiative (SBTi) in 2024, submitting our CO2 reduction targets for Scope 1 and 2.
In our 2024 report, we raised our ambitions by adding an additional reporting layer. As a result, we report in accordance with the EU’s Voluntary standard for SMEs – VSME. This approach provides our customers and suppliers with access to key ESG metrics aligned with the EU’s internationally comparable indicators.
About e-Boks
In 2001, e-Boks was launched to facilitate a secure and more effective way for companies to communicate with their customers and public authorities with citizens. Since then, e-Boks has played a pivotal role in digitalizing the infrastructure in Denmark and across the Nordics and beyond.
Today, e-Boks is a trusted provider of secure digital infrastructure, offering digital postboxes and document services, while also expanding into value-adding features such as payments, digital consent, and e-wallet functionality. e-Boks plays a critical role in the digital infrastructure of modern society. We offer companies and public authorities an effective, secure, and user-friendly platform for digital communication. As an official Danish “viewing client” for digital post from public authorities, e-Boks enables citizens to receive, store, and manage important and private messages and documents from both public institutions such as tax authorities, health services, and municipalities, and private companies including banks, insurance firms, and utilities.
According to the OECD11, Denmark remains among the best countries in the world to provide 1
digital public services and is no. 1 when it comes to user-driven digital services. Today, 90% of all Danish citizens, 5.4 million Danes, use the secure digital postbox provided by e-Boks, accessed with their personal secure digital ID.
e-Boks Group is an independent company owned by CataCap, providing national digital post solutions to the governments of Denmark, Greenland, Norway, and Oman. e-Boks operates across several B2B markets, including banking, insurance, pension, and telecommunications sectors, partnering with a wide range of companies to digitalize and streamline their communication processes. e-Boks has activities in 8 countries.
In 2023, e-Boks joined the Universal Postal Union Consultative Committee. This partnership underscores our commitment to the sustainable digitisation of global postal services. By leveraging our expertise in secure, encrypted digital platforms, we aim to enhance the efficient and eco-friendly distribution of digital post worldwide.
Purpose and mission
It is e-Boks’ purpose to create better digital societies by:
Reducing the environmental footprint of our public and private partners and their users
Protecting and safe-guarding citizen’s rights
2025 in numbers
30,000 public and private institutions using e-Boks
90% of the Danish population using e-Boks
215 million DKK in net sales
24.8 million user accounts globally
100% GDPR and eIDAS compliant
8 countries using e-Boks
598 million documents sent
How We Create Value for Society
• 25 years of experience as a provider of effective and user-friendly digital infrastructures
• Insights from public-private partnerships in 8 countries
• Co-creation with users
• 30,000 public and private institutions using e-Boks
• Data Centre providers committed to becoming carbon neutral by 2030
• Financial resources
• Diverse talent
Protecting and safeguarding citizen’s rights
Reducing CO2e emissions
• 598 million documents sent through the e-Boks platform
• We strive to source 100% carbon neutral data by 2030
We are committed to SDG 12
• 24.8 million user accounts with access to secure digital post
• 100% GDPR and eIDAS compliant
• 100% delivery guarantee of secure digital documents
Contributing to sustainable development through active participation in UNGC
We are a signatory to the UN Global Compact, and we are committed to the 2030 Agenda for Sustainable Development.
Through helping digitalize countries and companies, we aim to contribute to reducing the material footprint of paper and water per capita and per GDP.
Diverse talent amongst our employees
• 31% women
• 69% men
• 12 nationalities
Labour inspection report
e-Boks fulfils the requirements of the Danish Health and Safety at Work Act according to the latest expection by Danish Working Environment Authority – Arbejdstilsynet (2023).
Lower costs
Up to 80% savings on distribution costs by shifting from physical letters to digital documents.
Our Approach To ESG
With more than 25 years of experience in secure digital infrastructure and partnerships across seven countries, e-Boks creates long-term value through digital innovation, privacy-by-design, and societal engagement. We believe that digitalisati-
on should empower - not exclude - people. That is why we continuously improve accessibility, data security, and climate responsibility in how we design and deliver our services.
e-Boks’ Sustainability Journey: From Commitment to Action
Since 2018, e-Boks has continuously strengthened our sustainability profile by integrating international principles and aligning with globally recognised ESG frameworks.
e-Boks became a signatory to the UN Global Compact (UNGC) in 2018 and remains committed to integrating the Ten Principles related to Human
Rights, Labour, Environment, and Anti-Corruption into our strategy, operations, and supply chain governance. These principles are embedded in our Code of Business Conduct, which is approved by the Board of Directors and Executive Management and extends to all collaborators, contractors, and suppliers. The timeline below highlights key milestones on our ESG journey:
Signatory to UN Global Compact
Joined the Carbon Disclousure project
First CoP report
Report in alignment with ESGstuctures
Report in alignment with GRI
Our Science Based climate targets were approved
Joined the Science Based Targets initiative
Report in alignment with VSME standard
Initiated Supplier governance efforts
Since our first Communication on Progress (COP) in 2019, we have reported annually on our progress, ensuring transparency and accountability.
In the years that followed, we advanced our ESG strategy with concrete actions:
• In 2021, we aligned our reporting with the Global Reporting Initiative (GRI) Standards and participated in the Carbon Disclosure Project (CDP).
• In 2022, we published our first standalone ESG report.
• In 2023, we established our baseline for greenhouse gas emissions and submitted our near-term climate target to the Science Based Targets initiative (SBTi).
• In 2024, our SBTi target was officially approved, reinforcing our climate commitment.
• In 2025, we aligned our 2024 report with the EU’s Voluntary Sustainability Reporting Standard for non-listed SMEs (VSME), applying both the basic and comprehensive modules with a focus on governance, policies, and targets.
Voluntary Sustainability Reporting Standard for non-listed Small- and Mediumsized Enterprises (VSME)
The European Union (EU) is setting a new common standard for developments of the ESG-reporting landscape with among others the development of a Voluntary Sustainability Reporting Standard for non-listed Small- and Medium sized Enterprises (VSME). The aim of this standard is to streamline and optimise the SMEs’ reporting efforts by incorporating the data requests of large undertakings. e-Boks supports the EU’s efforts and applyed the VSME standard for the first time in its 2024 report.
Better Data for Customers and Suppliers
By adopting the EU’s Voluntary Sustainability Reporting Standard for SMEs (VSME), e-Boks provides customers and suppliers with access to key ESG data aligned with EU-recommended indicators. This enhances comparability across countries and industries and supports large customers—
such as financial institutions—in streamlining their own sustainability reporting. By adopting the VSME standard, we are not only increasing transparency but also strengthening our internal policies and setting more ambitious goals for our ESG performance. By reporting under the VSME framework, e-Boks is both future-proofing its governance model and reinforcing its commitment to sustainable growth.
In addition, we have implemented a structured approach to supplier governance, addressing ESG risks and due diligence in our value chain. Our journey up the maturity curve reflects e-Boks’ ambition to contribute actively to the green and digital transitions by improving transparency, accountability, and resilience across our operations and stakeholder relationships.
e-Boks Way of Doing Business:
We place human rights at the core of our business - above all else, it is essential that clients and users trust that e-Boks observes the following principles in the way we develop and manage our systems – integrity, availability, confidentiality, and privacy.
We strive to be a great place to work - our people policy and our Labour Code of Conduct set out to ensure that all e-Boks’ employees, as well as suppliers, no matter where they are in the world, are offered optimal and safe working conditions with respect for their private lives.
At e-Boks, we are in the business of protecting the environment by seeking to decrease our environmental footprint through collaboration with our suppliers, clients and users, as well as by looking at our own emissions. We include a broad range of aspects such as data warehousing to the offering of digital alternatives, and the physical mail distribution and storage of document
Stakeholder trust is our license to operate - trust is a prerequisite for our ability to maintain and grow our business. Our Code of Business Conduct describes how e-Boks strives to engage with our stakeholders with respect and in compliance with rules and regulations, while upholding high ethical standards in everything we do. Acting honestly, decently, and responsibly is a fundamental part of our values. We provide continuous training to our employees, endorse a speak-up culture, and provide means to report unethical behaviour in a safe and anonymous way.
Double Materiality and Stakeholder Engagement
Double materiality means taking an inside-out perspective in the way a company’s actions may impact people and planet, as well as an outside-in perspective in the way sustainability and climate may impact a company’s operations and finances. It builds the foundation for a company’s sustainability strategy decisions and reporting efforts. In 2024, e-Boks conducted its first double materiality
assessment to identify ESG topics that are most material to e-Boks business and stakeholders. The stakeholder map below illustrates our identification of some internal and external factors that can impact – or might be impacted by – e-Boks’ operations and value creation. Our double materiality assessment and stakeholder map has been informed by the DI Digital ESG-kit.
SOCIETAL CRISIS EXTERNAL STAKEHOLDERS
CLOSE STAKEHOLDERS
The most Material Topics for e-Boks
Based on our double materiality assessment and IRO analysis, we have identified the following as our most material topics:
• Business conduct, climate change, own workforce, workers in the value chain, affected communities, and consumers and end-users.
• Circular economy—and, increasingly, biodiversity—are also expected to grow in significance over time.
As a trusted provider to major financial institutions, large private enterprises subject to enhanced sustainability reporting requirements, and the public sector, e-Boks recognises that strong sustainability performance is increasingly essential. This applies not only within our own operations but also across our supply chain and in relation to public procurement, where sustainability criteria are gaining weight as a decisive factor in tenders and partnerships. For more information on e-Boks’ double materiality assessment, see Appendix A.
Our Environmental Responsibility:
Advancing on Targets
As a digital platform and solutions provider, e-Boks’ greatest contribution to fight climate change and build a greener world is to enable the transition towards better digital societies. Every single action counts to deliver on the call for science-based climate action. That is why we at e-Boks have ramped up our efforts to deliver a transparent and insightful account of our CO2e emissions in accordance with the Greenhouse Gas (GHG) Protocol, and we have committed to emissions reduction targets through the Science-Based Targets initiative (SBTi).
We have worked systematically with our CO2e emissions since 2021 and have in accordance calculated our footprint for scope 1, 2 and material scope 3 categories. 2023 is the baseline year for our progress moving forward. All calculations for Scope 1, 2 and 3 have been validated by Hansen Agenda, a third-party expert.
Progress on our Science-based Targets
Our SBTi targets were approved in Q1 2024, and it follows the streamlined validation route for SMEs with a commitment to reduce scope 1 and scope 2 GHG emissions by 42% by 2030 from a 2023 base year, and to measure and reduce its scope 3 emissions. This is classified as a near-term target
and is in line with the Paris Agreement. e-Boks will report on its progress each year, which can also be viewed on the SBTi Target Dashboard.
To reach our near-term target, e-Boks measures our CO2e emissions and accordingly implement actions to reduce impact. In H2 2024, e-Boks took a significant steps converting our fleet of company vehicles to 100% electric. Consequently, e-Boks’ Scope 1 CO2e emissions were reduced by 100% in 2025 compared to the 2023 base year, and a total Scope 1 and Scope 2 CO2e emissions reduction of 16.6%.
Climate Change Risks
e-Boks considers climate change risks in relation to its Information Security Management System (ISMS). This consideration is included as part of Amendment 1 to ISO/IEC 27001:2022, under which e-Boks is certified. The consideration of climate change risks is addressed in the Information Security and Data Privacy Policy.
Our 2025 Climate impacts
Emission Profile and Distribution
In 2025, total Scope 1 and Scope 2 emissions (location-based) amounted to 28.19 tonnes CO₂e—a reduction from 30.84 in 2024 and 33.80 tonnes in 2023. e-Boks has set a target to reduce Scope 1 and 2 emissions to 19.20 tonnes CO₂e by 2030, equivalent to a 42% reduction from the 2023 base year.
However, the vast majority of our CO₂e emissions stem from Scope 3, which accounted for 440.42 tonnes in 2025 - representing over 94% of total emissions. Scope 3 emissions are primarily related to outsourced data processing, cloud infrastructure, and downstream digital document usage. The total CO₂e emissions for 2025 across all scopes were 468.60 tonnes, showing a continued reduction trend from 505.98 tonnes in 2024.
While transport and storage of digital data represent a fraction (1%) of the total CO2e emissions from producing, sending and storing digital letters, we recognize that data centres are still a major contributor to CO2e emissions.
According to the International Energy Agency, data centres worldwide are responsible for 1% of energy-related CO2e emissions. Since 2010, emissions have grown modestly, despite the rapidly growing demand for digital services. This is thanks to the energy efficiency improvement efforts and renewable energy purchases by companies in regions worldwide.
1% = digital transport and storage of data over the network
7% = energy used to produce the letter
23% = lifetime footprint of user’s computer
69% = lifetime footprint of sender’s computer
Nevertheless, emissions must halve by 2030 to get on track with the IEA’s Net Zero Emissions by 2050 Scenario. e-Boks’ data centre providers are Stratu and Aeven, and both companies recognise the importance of reducing CO₂ emissions in their operations. As part of e-Boks’ supplier ESG assessment, the environmental efforts of both data centres are assessed, and a dialogue is initiated to encourage further action where necessary.
As we internationalize our business across the world, we have little direct impact on our customers’ choice of data centre providers. However, we proactively demonstrate the full potential of transitioning to digital post, also advocating for choosing data centre providers that have committed to setting scienced-based targets towards the Paris Climate Agreement.
Another major scope 3 impact is from downstream Category 11: Use of sold products, which amounts to 33.69% of total CO2e emissions. For e-Boks this covers every time a standard digital letter of 1 MB is written and read on a computer using Wi-Fi, representing estimated 3.3 g CO2e per standard digital letter. In comparison, a physical letter of an equivalent size, produced and distributed in Denmark in 2021, was estimated to contribute to 28.7 g CO2e.
This means that e-Boks has an overall positive downstream impact on CO2e, enabling the transition from physical to digital post.
Physical letters
28.7g/CO2e per letter
Digital documents
3.3g/CO2e per document
e-Boks recognizes the need for setting absolute timebound corporate CO2e reduction targets, also in Scope 3. As a digital platform and solutions provider, however, we have limited control over the areas where our biggest CO2e emissions occur, upstream as well as downstream. One crucial metric is the GHG emission intensity figure, which helps us measure the efficiency of our operations in terms of emissions generated based on number of digital documents. This number indicates that even though e-Boks’ total CO2e emissions increase as the number of digital documents also increase, the CO2e emissions pr. unit of output are considered relatively low.
Our GHG emission intensity figure covers scope 1 and scope 2 emissions as these are the material emissions that e-Boks has the most control over. By employing this metric, we continue to drive sustainable progress and embed sustainability throughout our operations. Currently it does not cover scope 3 emissions, as e-Boks has limited direct influence on these emissions.
Source:
Source:
Our Social Responsibility:
Commitment to Human and Labour Rights and Societal Responsibility
At e-Boks we have a deep understanding of our role in society. Our operations effect a wide range of stakeholders from our own employees to workers in our value chain, and to the broader society, including end-users and affected communities.
e-Boks’ mission is to create better and secure digitalisation, where users are in control. As a signatory to the UN Global Compact and a supporter of SDG 16: Peace, Justice and Strong Institutions, we place human rights at the core of our business, and through our commitment to secure digital access and our Code of Business Conduct, we emphasize that all our products and services are designed to support a resilient and inclusive digital infrastructure, while keeping
our users’ needs, rights, and interests in mind. In doing so, we help strengthen democratic access to essential information and reinforce trust between citizens, businesses, and public institutions.
We recognise our influence on:
• The well-being and development of our employees
• Workers in our supply chain, especially in higher-risk geographies, through clear expectations on human rights, labour conditions, and supplier assessments.
• And most significantly, the 24.8 million user accounts of e-Boks globally, whose access to secure, transparent, and reliable digital communication shapes their interaction with
e-Boks’ Social Scopes
As illustrated in the figure Social Scopes (source: Hansen Agenda), our ability to measure and manage impact varies across different stakeholder groups. It is easier to control our impact on our own workforce, than it is on workers in our value chain or on end-users and affected communities. However, the number of individuals influenced
increases significantly in Social Scope 3, where our digital infrastructure reaches 24.8 million user accounts globally. This reinforces the importance of responsible product design, accessibility, and long-term societal trust and dialogue with stakeholders, especially in our role as a provider of critical digital services.
Own workforce
Workers in the value chain
Affected communities, consumers and end-users
The further out in scope, the more difficult it is to measure and control impact.
1
Our Employees
- Attracting, Retaining, and Developing Digital Talent
As a highly specialised knowledge provider, e-Boks’ ability to attract, retain, and develop digital talent is essential to our innovation and long-term success. At the same time the working conditions and possibilities for professional growth are very important for our employees. In 2025, e-Boks employed 78 people on permanent contracts, all based in Denmark.
Adapting the Workplace to a Changing World
As a highly specialised knowledge provider,
e-Boks’ ability to attract, retain, and develop digital talent is essential to our innovation and long-term success. At the same time the working conditions and possibilities for professional growth are very important for our employees.
We aim to make e-Boks a great place to work by fostering a responsible and inclusive workplace that supports employee well-being, professional growth, and equitable working conditions. Our success is reflected in our employee turnover rate
of 10% in 2025, which is well-below the turn-over rate of IT companies in Denmark. We closely monitor this figure as part of our efforts to support retention and employee well-being. Talent recruitment remains a particular challenge in the IT-sector, where competition is high and labour shortages are increasing. To strengthen our talent pipeline, we have launched several initiatives. For example, we collaborate with higher education institutions on student projects. A recent partnership with two DTU students led to e-Boks acquiring a majority stake in the start-up dewa
Training and Development
Learning and development are critical to long-term employee engagement and performance. However, training data for 2025 was not available. We acknowledge this as a gap and are working to strengthen our efforts to improve data collection.
Gender Diversity and Inclusion
e-Boks is committed to promoting gender equality and an inclusive culture. Among our employees, we have a wide age range and growing diversity in nationality and backgrounds. While gender diversity remains a challenge in a male-dominated IT-sector, we always encourage everyone to apply regardless of gender, age, ethnicity, religion or disability.
We are committed to equal opportunities in hiring, pay, and promotion. All employees are entitled to parental leave under Danish law.
Code of Conduct and Grievance Mechanisms
e-Boks has a formal Code of Business Conductand a human rights policy in place for all employees. An independent grievance mechanism is available to report concerns confidentially, including through the Zoios feedback platform and workplace assessments.
Incident Reporting
Working under Danish employment law and regulations, there are no incidents of child labour, forced labour, discrimination or human trafficking
within e-Boks. There were also no confirmed human rights incidents involving workers in the value chain or affected communities.
Policies Supporting Social Responsibility:
• Human Rights Commitment
• Labour Rights Commitment
• Employee Handbook
• Information Security and Data Privacy Policy
• Health & Safety Workplace Assessment
• Zoios employee well-being Survey quarterly
• eYou / People Development Dialogues
Next Steps
We will continue to enhance our social responsibility practices by:
• Strengthening gender balance at all levels
• Improving training data collection and transparency
• Maintaining a zero-accident culture through proactive health and safety measures.
number of employees in 2025 78
nationalities represented amongst our employees in 2025
Workers in the Value Chain
e-Boks is committed to promoting responsible business conduct across its value chain in alignment with the UN Global Compact’s Ten Principles, including those related to human rights and labour standards. To support this commitment, e-Boks has adopted a Code of Business Conduct that sets clear expectations for ethical behaviour, working conditions, and respect for fundamental rights throughout our supply chain.
As part of its ongoing efforts to improve supply chain due diligence, e-Boks is also implementing a supplier assessment process that will evaluate
SOCIAL SCOPE 3
critical suppliers on criteria such as human rights risks, working conditions, and compliance with international standards. This is particularly relevant for suppliers operating in higher-risk geographies, such as our data processing partner in India. Here, e-Boks places special emphasis on ensuring that workers’ rights are respected and that adequate safeguards are in place.
These initiatives reflect e-Boks’ broader ESG commitment and its role in fostering fair, safe, and responsible working conditions beyond its own operations.
Global Reach and Resilience - Affected Communities and End-
users
In 2025, more than 24.8 million user accounts worldwide accessed an e-Boks-powered secure digital postbox to receive, sign, and store essential documents from over 30,000 public and private institutions - including banks, insurance and pension providers, and utility companies. This widespread adoption reflects our core purpose: to build better digital societies and strengthen individuals’ legal identity, enabling secure communication, and promoting transparent access to both public and private services.
The increasing frequency of global crises - from pandemics to geopolitical instability - has underscored the importance of robust, reliable digital infrastructures. These developments have reinforced e-Boks’ role in society, helping to ensure continuity, accessibility, and resilience even in times of uncertainty. As more aspects of daily life are becoming digitalized, the ability to safely access official documents, exercise legal rights, and engage with institutions digitally have become a
basic social necessity - particularly for vulnerable or underserved communities.
Ensuring digital inclusion, privacy, and equal access to information are fundamental to our societal impact. e-Boks is designed to be secure, accessible, and user-friendly for all groups, regardless of digital literacy, age, or socioeconomic status. By maintaining high standards for data protection and universal accessibility, we aim to promote trust and bridge the digital divide.
In Denmark alone, over 90% of the population - equivalent to 5.4 million citizens - access the e-Boks platform using their secure digital ID. This underscores our role not only as a digital service provider, but also as a key enabler of democratic access, individual rights, and institutional trust.
e-Boks proactively collects and applies user feedback to improve the usability, security, and accessibility of its digital services.
Our Governance Responsibility:
Trust, Security, and Stability
At e-Boks, governance begins with trust. As a provider of critical digital infrastructure, we are entrusted with handling sensitive information for millions of citizens, public authorities, and private companies. Ensuring the reliability, stability, and security of our platforms is not just a technical priority — it is a fundamental obligation to society.
Global Reach and Resilience
Recent global crises highlighted just how vital secure and efficient digital infrastructure is for maintaining societal continuity. These developments have further reinforced e-Boks’ role as a critical infrastructure provider, delivering digital
Our users must be confident that they can access their secure digital postbox at any time — and that their data is consistently protected, private, confidential and protected from external threats. This commitment lies at the heart of our governance framework and underpins all our systems, policies, and decisions.
services that are resilient, accessible, and secure — even in times of uncertainty. And the importance of being a trusted partner by public and private institutions.
Governance, Risk, and Information Security
As reflected in our Double Materiality Assessment, strong corporate governance, internal controls, and information security remain among the most material issues for e-Boks – both in terms of societal impact and the financial operational risks we must manage. In a time marked by growing geopolitical instability and increasingly sophisticated cyber threats, maintaining trust in the security, accessibility, and usability of our platform is more critical than ever.
As phishing attempts and cyber threats continue to rise, public trust in traditional emails and text mes-
sages is steadily eroding. In this context, e-Boks is stepping forward as a trusted solution, offering secure digital post services and digital identity solutions that protect both senders and recipients from potential data breaches and brand-damaging cyberattacks. Growing scepticism towards traditional emails and text messages underscores the demand for safer communication methods.
That is why e-Boks continuously strengthens its governance systems and safeguards the data and infrastructure – ensuring both resilience and regulatory compliance.
Corporate Governance and Ownership
e-Boks is an independent company owned by the Danish private equity firm CataCap. The company is governed by a board of directors and an executive management team, who are jointly responsible for ensuring compliance, ethical conduct, and
strategic alignment with our ESG commitments. e-Boks maintains a clear division of responsibilities between board oversight and daily operations.
Gender Diversity at the Governance Level
e-Boks is committed to promoting diversity and inclusion at the governance level, recognising that a broader range of perspectives strengthens decision-making and accountability. As of the 2025 reporting year, e-Boks had a management board comprising 8 executives, of whom two were women and six were men. This corresponds to
Policies and Ethical Standards
e-Boks has implemented a robust set of policies and governance mechanisms to ensure ethical business conduct, data protection, and employee awareness. These policies are integral to our commitment to transparency, accountability, and the responsible handling of information.
a female-to-male management ratio of 0.33, up from 0.25 in 2020. A balanced representation in leadership – both from a perspective of nationality, gender, age and background – remains part of our broader ESG commitment and alignment with good corporate governance practices.
Key Policies and Governance Instruments:
• Code of Business Conduct
• Labour Code of Conduct
• Privacy Policy
• Whistleblower Policy
• Information Security Framework (ISO/IEC 27001:2022 certified)
• Employee eLearning Programme on Security and Privacy
Code of Business Conduct
Employees as well as business partners and suppliers comply to the e-Boks Code of Business Conduct
The Code of Business Conduct covers:
Legal compliance and human rights
Environment
Labour standards
incl. freedom of association, forced labour, child labour, non-discrimination and employment conditions
Health and safety
Non-compliance and corrective action
Confidential information
Anti-corruption
incl. prohibited business practice incl. gifts, hospitality and expenses, money laundering, and breach of competition laws
Labour Code of Conduct and Speak-Up Culture
In 2022, e-Boks introduced a dedicated Labour Code of Conduct to clearly articulate our expectations in relation to human and labour rights — especially as we expand globally. The policy encourages an open “speak-up culture”, where employees are supported in raising concerns and dilemmas related to ethical conduct or potential violations of our labour standards.
Ethical Conduct
All employees at e-Boks are required to adhere to our Code of Business Conduct, which sets
out clear expectations for responsible behaviour. Compliance is monitored through internal processes in our Security and HR functions. Immediate corrective action is taken in case of non-compliance. e-Boks does not tolerate violations of its Code of Business Conduct — whether due to deliberate actions, complacency, indifference, or poor judgement. An independent Whistleblower function allows for remediation without retaliation. In the event of non-compliance, we take prompt remedial action and implement preventive measures to avoid recurrence.
IT Security and Privacy Governance
The e-Boks security governance model and Information Security Management System (ISMS) is based on ISO 27001:2022. This international standard provides organisations across all sectors with guidance on establishing, implementing, maintaining, and continually improving an ISMS.
Our overarching Information Security and Data Privacy Policy address the critical importance of security and compliance with the EU General Data Protection Regulation (GDPR), Network and Information Systems Directive (NIS2) and applicable national Information Security and privacy legislation in all aspects of the business. The Information Security and Data Privacy Policy also describe and supports the functional areas and their security work, which include roles, responsibility, and accountability for the security personnel and the Security Board representing all areas of the organisation.
Supplier Governance
Contractor and supplier selection is subject to a procurement process, which includes a checklist that enables us to conduct due care and due diligence in a structured process that encompasses our e-Boks Code of Business Conduct and high security standards.
Among our key suppliers are data centres hostingand cloud partners which are certified in accordance with the ISO9001:2015, ISO14001:2015 and ISO27001:2022. Our contract templates include our Code of Conduct. e-Boks prepares an annual audit and assurance schedule covering internal and external audits in relation to IT security compliance for e-Boks and its suppliers. Data centres are categorized as high risk from an IT security perspective, and here we conduct annual audits, which includes data centre inspections, user attestations, and testing of effective security controls among others, while simultaneously following up on previous audits to ensure proper security me-
The Security Board is accountable for security and compliance in e-Boks, which ensures that all decisions and solutions have security at its core by incorporating the Defence in Depth principle and Privacy by Design. The Information Security and Data Privacy Policy is part of our Employee Handbook and is mandatory for all employees. In addition, we provide mandatory education and awareness training on a regular basis. Among other things, we have introduced an eLearning system, where all employees are kept up to date on topics such as digital privacy, security, and compliance. Training comprises regular quizzes and questionnaires from both the Security and Compliance team building on the concept of STAR – Stop, Think, Ask, React.
In 2025, two incidents concerning consumers or end-users were reported to the Danish Data Protection Agency (Datatilsynet), which is a lower number of incidents reported than in previous years. The incidents did not lead to regulatory criticism.
asures are addressed. In 2025, the top 10 suppliers were further evaluated/assessed to cover ESG requirements in categories of high, medium, and low risk.
PwC conducts assurance of e-Boks overall IT security and compliance, including third-party assurance of our data centre providers.
The 2025 external auditors’ assurance report by PwC covers GDPR and e-Boks Home Market Solution stated that e-Boks has a high degree of IT security and controls in place with some identified weaknesses of the internal controls. These exceptions were noted and is addressed in accordance with the defined processes for continous improvement under the ISO27001:2022 certified Information Security Management System.
New Supplier Assessment
In 2025, e-Boks developed a supplier ESG-assessment process to strengthen our sustainability governance structures and learn how suppliers implement sustainability practices in their business operations. e-Boks is continuously assessing and improving its own sustainability efforts, and this initiative represents a first step towards extending that assessment to its supply chain. In the reporting period, e-Boks has sent out a supplier assessment questionnaire (SAQ) to a selected group of suppliers based on an internal ESG-risk and -materiality screening.
The SAQ covers ESG topics and corresponding questions, drawn directly from the EU’s voluntary sustainability reporting standard, VSME. This standard is designed to ”provide information that will help satisfy the data needs of large undertakings requesting sustainability information from their suppliers.” e-Boks has chosen to adopt this standard in support of, and alignment with, the EU’s guidelines for ESG data collection from the supply chain.
In addition, the SAQ includes topics relevant to value chain workers’ rights, based on materiality assessment recommendations from the Confederation of Danish Industry (DI) and the Ten Principles of the UN Global Compact.
The information gathered will be used internally to establish an overview of each supplier’s sustainability maturity. This overview will help guide how e-Boks structures and prioritizes its future sustainability efforts within the supply chain.
Anti-Corruption
In 2025, no convictions or fines related to corruption were registered.
ESG Dashboard
On the following pages, e-Boks’ 2025 ESG-data are presented. The data is aligned with the VSME disclosure requirements for the first time, and accordingly data has not been retrieved for disclosure requirements before 2024. The ESG-dashboard includes the disclosure requirements that were deemed material to e-Boks. A full dashboard is available upon request.
Governance
* Currently e-Boks only employs 2030 targets for selected ESG parameters. We are in the process of evaluating how we can best set targets, measure and track relevant KPI’s relating to our ESG activities, in order to ensure a high level of transparency in our reporting.
** The disclosure method for Scope 2 CO2 emissions has been updated, and thus location-based emissions have been seperated from market-based emissions, and only location-based emissions are included in the ESG Dashboard. This aligns with the accounting methods in the VSME-standard and the GHG Protocol. The update applies to all years to ensure comparibility.
*** The 2023 calculation has been performed following the GHG Protocol Corporate Accounting and Reporting Standard, and The Corporate Value Chain (scope 3) Accounting and Reporting Standard. The 2022-2023 variation in Scope 3 and overall can be explained as follows: The original calculation in Scope 3 was based on a life-cycle analysis which included relative CO2 emissions from the production of PCs, as a prerequisite for using e-Boks’ platform. Recognising that this calculation method involves a double counting of emissions, we have in 2023 only included Scope 3 category 11 – the direct consumption of electricity when using e-Boks’ platform – in actuality, scope 1 and 2 for the user – which is in accordance with the GHG protocol. This led to a significant reduction of e-Boks total CO2 impact from 2022 to 2023.
**** 2025 water data will not be available until May, 2026. The report will be updated accordingly.
Sources
Data centres CO2 emissions
Source: https://c2e2.unepccc.org/kms_object/global-growth-potential-of-energy-efficient-datacentres/
Data on paper production in Scandinavian context
Source: https://www.holmen.com/en/paper/sustainability/sustainability-stories/how-to-undrestandcarbon-footprints/
Denmark remains among the best countries in the world to provide digital public services
Source: https://desapublications.un.org/sites/default/files/publications/2024-09/%28Web%20 version%29%20E-Government%20Survey%202024%201392024.pdf
French study with emissions for digital letters
Source: https://www.sami.eco/blog/empreinte-carbone-email
PostNord sustainability reports with data on distribution emissions
Source: https://group.postnord.com/investorrelations/financial-reporting/annual-and-sustainabilityreports/
Third party ESG expert https://www.hansenagenda.dk
Appendix A
Stakeholder Engagement Overview and Structured Engagement
At e-Boks, stakeholder engagement is essential to ensure that our solutions remain relevant, inclusive, and trusted. We maintain structured and ongoing dialogue with a broad range of stakeholders—from employees and clients to regulators, NGOs, and civil society.
Stakeholder Focus Areas
Employees
Current and Future
Talent
Regulators
Policy Makers
Industry Associations
Employee safety, physical and mental health and wellbeing, inclusion, engagement, labour rights, and people development
Employee retention, attraction, and reputation among IT professionals.
Compliance with existing and emerging digital and data-related regulatory frameworks (Danish and International)
Alignment with the EU’s Digital Decade strategy and national priorities for digital public infrastructure (Danish and International)
Sector-wide expectations for ethical, secure, and sustainable digital solutions
Structured Engagement
Ongoing employee–manager dialogues; eYou employee wellbeing pulse with direct manager; quarterly anonymously well-being employee survey, safe and healthy worksplace assessments (APV) every other year; external Whistleblower function
Engagement with higher education institutions; internal talent development initiatives
Ongoing dialogue with national and EU regulatory bodies; participation in public consultations and working groups
Monitoring of policy developments; on-going dialogues with authorities inside and outside the EU
CEO membership in the Danish ICT Policy Committee; participation in Copenhagen FinTech and the Data Ethics Forum (DI and Finansforbundet); consultative committee member of the Universal Postal Union
Public and private clients
Suppliers
Expectations regarding ESG performance and risk management across digital platforms, including financial institutions, utilities, private companies, and public institutions
Due diligence, ESG risks, transparency, and collaboration across the supply chain – key ESG partners include data centres, software providers and other critical providers
Owners Ensure shareholder value
Users and Citizens Security, accessibility, relevance, user-friendliness, and inclusion of e-Boks solutions
Annual ESG partner surveys; ESG requirements in tenders; ongoing dialogue on cyber security, privacy, and sector-specific ESG standards
Supplier assessments; identification of high-risk suppliers; intensified dialogue and alignment with ESG expectations
Annual ESG reporting process
e-Boks citizen panel; in-app feedback prompts; prototyping of new solutions; ongoing dialogue with NGOs representing elderly people and persons with disabilities; reporting of GDPR violations into the Danish Data Protection Agency; Voxmeter annual National Population Survey
e-Boks’ core operations are centred on development and data management. We collaborate with external data centres, to deliver secure and efficient infrastructure and document handling. With a lean organisational structure, our own resource and energy consumption is limited—
Suppliers
and we continuously strive to reduce it further. As a result, our main environmental impact stems from the partners we engage with, the energy consumption of end-users, and the broader positive and negative impacts our services have on customers, end-users, and society.
Own Operations
Customers
Upstream Downstream
e-Boks has identified the following key themes as material for e-Boks from an Impact-Risk-Opportunity (IRO) perspective in alignment with topics from the European Sustainability Reporting Standards (ESRS).
• Climate change: We enable our commercial partners, customers and users to reduce their emissions by transitioning from paper based to digital communication, while also reducing our own footprint
• Biodiversity: By reducing paper consumption, transport, and physical mail, we help lower pressure on natural resources and contribute indirectly to the protection of forests and ecosystems.
• Circular economy: In our own operation we support the reuse and recycling e.g. of IT equipment, contributing to lower waste and improved resource efficiency.
• Own workforce: As a highly specialised knowledge provider, our ability to attract, retain, and develop diverse talent with technological know-how and understanding of the needs of our customers and end-users, is essential to our innovative success, as well as fostering a work environment that support our employees’ well-being.
• Workers in the value chain: We have taken a risk-based approach to our supplier due-diligence process, including a Human- and Labour Rights perspective in accordance with the UNGC principles.
• Affected communities: We are committed to inclusive digital access and support the resilience of digital public services. We support the Copenhagen Pledge on Tech for Democracy as part of our commitment to ensure that digital technologies have a positive impact on democracy and human rights.
• Consumers and end-users: We serve millions of individuals and business owners and are directly responsible for secure, inclusive digital communication with privacy at the core of our service.
• Business conduct: Ethical governance, cybersecurity, and digital trust are central to maintaining our license to operate.
Impact, Risks and Opportunities for e-Boks
Material topics Impact Risk Opportunity
Climate Change
Biodiversity and Ecosystems
e-Boks reduces the need for paper production, printing, and physical mail transport, thereby contributing to customers’ Scope 3 reductions and the broader green transition. e-Boks emits CO2 through its own operations, primarily from energy use in data processing and digital infrastructure.
By reducing paper use and physical mail transportation, e-Boks indirectly contributes to preserving forests and lowering pressure on natural ecosystems.
Exposure to stricter climate regulation, carbon pricing, and high client expectations for low-carbon digital services. Increasing demands for energy data, Scope 3 reporting, and climate targets are putting pressure on digital service providers to document their contributions.
Limited if any – biodiversity is not directly affected by core activities, but perception risk may arise in green procurement contexts.
Demand for climate-friendly IT solutions is growing. e-Boks enables clients to reduce emissions through digital communication. e-Boks can position itself as a low-emission digital communication solution that replaces the high-emission physical letters and transportation, and sets a target aligned with the SBTi.
Supports public and private clients’ biodiversity commitments through dematerialisation and responsible digital practices increases business opportunities.
Circular Economy
e-Boks reduces material waste by reducing the use of paper, printing, and physical transportation through digital communication solutions - both for clients, and within our own operations, e.g. by recycling IT equipment.
Own Workforce
Workers in the Value Chain
Affected Communities
e-Boks influences employee wellbeing, safety, diversity, and skills development in its direct workforce.
Working conditions with e-Boks key suppliers are part of e-Boks’ extended responsibility.
e-Boks provides critical digital infrastructure and plays a key role in ensuring secure digital access to essential public and private communication and services. However, as digitalisation accelerates, there is a risk that certain groups—such as older citizens or people with certain disabilities—may become marginalised if they lack the necessary digital skills or support to engage with digital solutions.
Failure to manage e-waste responsibly could lead to compliance issues, particularly in light of the EU Circular Economy Action Plan and the Waste Electrical and Electronic Equipment (WEEE) Directive, as well as increasing expectations for circular practices in Danish public procurement frameworks within the digital sector.
Talent recruitment and retention challenges – particularly in IT – may hinder innovation and growth.
Lack of documentation on labour practices may lead to exclusion from contracts or criticism from investors and authorities.
Cyber threats and GDPR breaches threaten data privacy, undermines public trust in secure digital platforms, and can cost millions of euros for a business. Digital exclusion of older people and vulnerable groups may impact social cohesion and public trust. This could threaten e-Boks license to operate and, worst case, the loss of trust in using e-Boks as a secure digital platform among public and private clients and end-users.
Enhances resource efficiency and supports procurement preferences for circular digital solutions among potential new clients.
A strong people culture attracts diverse talent and contributes to resilience and competitiveness. Investing in people enhances employer branding in a competitive market.
A strong value chain governance approach demonstrates responsibility and alignment with OECD and EU due diligence expectations and strengthens e-Boks competitiveness.
By working ahead of the data privacy and cyber security compliance curve, and by using state-of-the art security technologies and practices, e-Boks strengthens its own and clients’ competitiveness and resilience. Promoting inclusive access and contributing to resilient digital public services strengthens e-Boks’ social license to operate.
End-users
e-Boks has a direct impact on data protection, digital inclusion, and secure access to essential services for millions of users, who use e-Boks to access essential information. User experience and inclusion have significant societal implications.
Business Conduct Security, ethics, and transparency are directly linked to public trust and the functioning of a digital democracy.
Poor accessibility, low usability, or digital exclusion could lead to reputational damage and complaints.
Non-compliance or unethical behaviour could lead to fines, legal action, and loss of stakeholder trust and clients and erosion of brand value.
A user-friendly, inclusive, and secure platform strengthens both e-Boks and our customers’ relationships with end-users. By ensuring privacy, accessibility, and trust, e-Boks can attract more users and public-private partnerships. By listening to user-experiences and co-creating new solutions, e-Boks can maintain its relevance as a future-fit and value-adding secure digital platform, service and solutions provider.
A strong ethical foundation and high standards of data security and independent remediating action enhance e-Boks’ brand and enable access to public and financial sector partnerships. Strong governance builds resilience, supports expansion in regulated markets, and strengthens partnerships with public and private actors give assess to new markets.
ESG Governance Model
The tables below provide an overview of how material topics are linked to our external commitments and governance structures. The management board oversees implementation.
Enviormental
Climate Change
Biodiversity
Circular Economy
SBTi commitment, Climate risk integrated in ISMS (ISO 27001)
Commitment to SDG 12 & 13; UN Global Compact
Data centre policy and supplier selection criteria
GHG tracking; External validation by Hansen Agenda
Targets set 1.5°C 2030 reduction of Scope 1 and 2: 42% by 2030. Data centres 100% CO₂ neutral by 2030
Every year we will plant trees through Trees for the Future.org resulting in 120,000,000 trees planted by 2030. 1.5 billion documents sent through our platform by 2030
Global Compact, D&I Statement
Labour Code of Conduct; D&I Statement; Whistleblower policy and system; Employees handbook
Supplier Code of Conduct (e.g., restriction against any form of forced or involuntary labour, child labour), Procurement Policy
eYou employee wellbeing pulse with direct manager, quarterly anonymously well-being employee survey, safe and healthy worksplace assessments (APV) every other year
All key suppliers to adhere to CoC
Global Compact; Digital Inclusion Commitment
e-Boks Code of Business Conduct; e-Boks Labour Code of Conduct; Speak up system
Stakeholder dialogue with NGOs; user-centred service design; accessibility audits
User NPS of 30 or above
Global Compact; Digital Inclusion Commitment
Protection and Security Policy (ISO 27001, GDPR, eIDAS)
User Experience Guidelines; Privacy Policy; e-Boks Code of Business Conduct; Speak up system
User panels; in-app feedback; dialogue with civil society; co-creation workshops; User Experience Guidelines; Privacy Policy; Voxmeter annual National Population Survey User NPS of
e-Boks Code of Business Conduct; e-Boks Labour Code of Conduct; Speak-up system
sight
Security and Data Privacy Policy, Digital trust architecture, Data & Information Security 95% staff trained in policy; few incidents reported to DPA (Datatilsynet) and zero criticisms
