Assurance Statement To the Executive BoardOMV AktiengesellschaftVienna Independent limited assurance Report on the consolidated Non-Financial Report 2022 We have performed a limited assurance engagement on the consolidated non-financial report 2022 of OMV Aktiengesellschaft (hereafter “OMV”), Vienna. The limited assurance engagement covers the consolidated non-financial report of OMV Aktiengesellschaft for the financial year 2022 in accordance with the requirements of the Sustainability and Diversity Improvement Act (NaDiVeG) in section 243b and 267a of the Austrian Commercial Code (UGB), the requirements of the EU Taxonomy Regulation and the voluntarily applied GRI-Standards (Update 2021). Responsibilities of the Legal Representatives The legal representatives of the Company are responsible for the proper compilation of the consolidated non-financial report for the financial year 2022 in accordance with the requirements of section 243b and section 267a UGB1 https://www.ris.bka.gv.at/Dokumente/Bundesnormen/NOR40189009/NOR40189009.pdf (NaDiVeG), the requirements of the EU Taxonomy Regulation2https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021R2178&qid=1639643622790 and with the voluntarily applied GRI-Standards (Update 2021)3https://www.globalreporting.org/standards. The legal representatives have signed the Letter of Representation, which we have added to our files. Responsibilities of the Assurance Providers Based on our assurance procedures deemed necessary and our evidence we have obtained, it is our responsibility to assess whether any matters have come to our attention that cause us to believe, that the consolidated non-financial report for the financial year 2022 is not, in all material respects, in accordance with the requirements of section 243b and section 267a UGB (NaDiVeG), the requirements of the EU Taxonomy Regulation and the GRI-Standards (Update 2021). Our assurance engagement has been conducted in accordance with the “International Federation of Accountants’ ISAE 3000 (Revised)” Standard. Our professional duties include requirements in relation to our independence as well as planning our assurance engagement based on the materiality considerations in order to allow us to obtain a limited level of assurance. According to the “General Conditions of Contract for the Public Accounting Professions” our liability is limited. An accountant is only liable for violating intentionally or by gross negligence the contractual duties and obligations entered into. In cases of gross negligence, the maximum liability towards the client and any third party together is EUR 726,730 in the aggregate. Our procedures have been designed to obtain a limited level of assurance on which to base our conclusions. The extent of evidence gathering procedures performed is less than for that of a reasonable assurance engagement (such as a financial audit) and therefore a lower level of assurance is provided. We have performed all the procedures deemed necessary to obtain the evidence that is sufficient and appropriate to provide a basis for our conclusions. Our main procedures were: Obtain an overview over the industry, the business activities as well as the operational and organizational structure of the organization; Interview a selection of senior managers and executives to understand systems, processes and internal control procedures related to the content of the consolidated non-financial report assured, which support the data collection; Review relevant group level, board and executive documents to assess awareness and priority of issues in the consolidated non-financial report and to understand how progress is tracked and internal controls are implemented; Examine risk management and governance processes related to sustainability and critical evaluation of the disclosure in the consolidated non-financial report; Perform analytical procedures at group level; Perform site visits with responsible persons at site level to obtain evidence on performance indicators. In addition, we reviewed data samples of the selected disclosures in the consolidated non-financial report at site level for completeness, reliability, accuracy and timeliness; Review data and processes on a sample basis to assess whether they have been collected, consolidated and reported appropriately at group level. This included assessing whether the data had been reported in an accurate, reliable and complete manner; Review the coverage of material issues which have been raised in stakeholder dialogues, in media reports and environmental and social reports of peers; Assessment whether the requirements according to section 243b and section 267a UGB (NaDiVeG) have been adequately addressed; Assessment whether the requirements of the EU Taxonomy Regulation have been adequately addressed; Assessment whether selected statements and claims in the consolidated non-financial report are reasonable and in accordance with the GRI Standards (Update 2021) and Review whether the GRI Standards (Update 2021) were consistently applied. The objective of our engagement was neither a financial audit nor a financial review of past-oriented financial information. We did not perform any further assurance procedures on data, which were subject of the annual financial audit, the corporate governance report and the risk reporting. We merely checked this data was presented in accordance with the GRI Guidelines. Neither the detection and investigation of criminal offenses, such as embezzlement or other fraudulent actions, nor the assessment of effectiveness and efficiency of management were subject to our engagement. We did not test data derived from external surveys or prospective information. Our assurance engagement solely covers references directly specified in the GRI Content Index. It does not cover any further web references. In our opinion, the evidence we have obtained is sufficient and appropriate to form an assurance conclusion. We submit this report based on our assurance engagement for which, also regarding third parties, the “General Conditions of Contract for the Public Accounting Professions”4Version dated 18 April 2018, published by the Chamber of Public Accountants and Tax Consultants, Chapter 7, https://www.ksw.or.at/Portal- Data/1/Resources/aab/AAB_2018_de.pdf, are binding. Conclusion Based on our assurance procedures performed and the evidence obtained, no matters have come to our attention that cause us to believe that the consolidated non-financial report for the financial year 2022 is not prepared, in all material respects, in accordance with the requirements of section 243b and section 267a UGB (NaDiVeG), the requirements of EU Taxonomy Regulation and with the GRI-Standards (Update 2021). Vienna, 28. March 2023Ernst & Young Wirtschaftsprüfungsgesellschaft m.b.H. Mag. Alexander Wlasto ppa. Susanna Gross, MA Mag. Alexander Wlasto ppa. Susanna Gross, MA 1 https://www.ris.bka.gv.at/Dokumente/Bundesnormen/NOR40189009/NOR40189009.pdf 2 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021R2178&qid=1639643622790 3 https://www.globalreporting.org/standards 4 Version dated 18 April 2018, published by the Chamber of Public Accountants and Tax Consultants, Chapter 7, https://www.ksw.or.at/Portal- Data/1/Resources/aab/AAB_2018_de.pdf schließen NaDiVeG Austrian Sustainability and Diversity Improvement Act schließen EU European Union schließen GRI Global Reporting Initiative schließen ISAE International Standard on Assurance Engagements Contacts and Imprint