2.8Statement of the Management Board on Risk Management

Introduction

The Management Board is responsible for establishing and maintaining adequate internal risk management and control systems. The implementation of the internal risk management and control framework at SBM Offshore N.V. (Company) focuses on managing strategic, financial, sustainability, compliance and operational risks, as described in section 2.5.1 of the Management Report. Operational risks relate to the ability to deliver safe, reliable, and efficient projects and operations, while compliance risks relate to adherence to laws, regulations, the Code of Conduct, and internal policies.

As a key part of its scope, Group Risk and Control is responsible for the design of the internal risk management and control framework and reporting in this regard. Internal Audit performs independent monitoring, providing assurance through maturity assessments of the internal control environment. The Risk Assurance Committee, the Management Board, the Audit Committee and the Supervisory Board are involved in oversight and review of risk management and internal control performance, with structured quarterly reviews based on the Risk Appetite Framework and Internal Control Maturity Assessment. Third parties such as external auditor, certification bodies and regulatory bodies or agencies provide additional review and support over the effectiveness of assurance processes.

The Company’s internal risk management and control systems are designed and monitored using the COSO framework and encompass multiple internal control streams including Internal Control over Financial Reporting (ICoFR), Payroll (ICoPAY), Supply Chain (ICoSCM), Sustainability (ICoESG), and Information Technology (ICoSIT). These activities support the Management Board’s execution of the risk assessment and the description of the identified risks in relation to the Company’s risk appetite as referred to in best practice provisions 1.2.1 and 1.4.2(i) of the Dutch Corporate Governance Code, as well as its evaluation of the design and operating effectiveness of the internal risk management and control framework as referred to in practice provision 1.4.2 of the Dutch Corporate Governance Code. In addition, these activities inform the Management Board’s assessment of the effectiveness of the internal risk management and control systems with respect to operational, compliance, and reporting risks, referred to in best practice provision 1.4.2(iii) of the Dutch Corporate Governance Code.

During the financial year 2025, various aspects of risk management were discussed by the Management Board, including the consolidated quarterly Risk Report, Risk Appetite Statement review and the results of the annual Internal Control testing. The results of the annual Internal Control testing campaigns were reviewed and discussed by the Audit Committee, Supervisory Board, and the external auditor. The testing campaigns did not reveal significant control deficiencies and found that conformity rates were consistently maintained throughout the organization.

The VOR (Verklaring Omtrent Risicobeheersing) implementation and associated impacts were also discussed in depth between the risk management function, the Management Board and the Audit Committee ensuring alignment and full compliance with the Dutch Corporate Governance Code.

The internal risk management and control systems are structured to ensure that all main risks are identified, evaluated and managed within the defined risk appetite, and that financial reporting and sustainability reporting do not contain material inaccuracies. The Management Board recognizes the inherent limitations of internal risk management and control systems. Whilst the Company continuously works towards improving its processes and procedures, these systems cannot provide absolute certainty that all risks have been identified or are effectively managed. The level of comfort that they provide is influenced by, among other things, inherent limitations to risk management, business considerations such as the Company’s risk appetite, the complexity of the Company’s operations, and the dynamic nature of the business environment.

Certain risks remain outside the Company’s direct control, as they depend on third parties or external circumstances beyond the organization’s influence.

Statement by the Management Board

With due consideration to the above and in accordance with best practice provision 1.4.3 of the Dutch Corporate Governance Code, the Management Board confirms to the best of its knowledge that:

• The Management Report provides sufficient insights into deficiencies in the effectiveness of the Company’s internal risk management and control systems.
• The internal risk management and control systems of the Company provide reasonable assurance that the financial reporting for the financial year 2025 does not contain any material inaccuracies. This is supported by a mature ICoFR framework, internal control campaigns, internal audit monitoring, and risk assessments related to financial reporting, treasury, and project accounting, all aligned with the Company’s risk appetite statements.
• The internal risk management and control systems of the Company provide at least limited assurance that the sustainability reporting for the financial year 2025 does not contain material inaccuracies. This is supported by an ICoESG framework, quarterly internal control campaigns and internal audit monitoring consistency with CSRD reporting scope, focusing on analytical and qualitative review rather than full testing of control effectiveness.
• The Management Board, at December 31, 2025,  is not aware that the internal risk management and control systems do not provide sufficient comfort that the material compliance and operational risks identified in the section 1.4.2, are effectively managed, where sufficient comfort is to be read as: an appropriate, though not absolute, level of comfort, considering the Company’s compliance policies, the complexity and technical nature of the Company’s activities, the inherent limitations of the internal risk management and control systems and other disclosures on these systems in the Management Report. This level of comfort is aligned with, and supports, the risk appetite statements established for each material reported risk.
• Given the current circumstances, it is justified that the financial reporting for the financial year 2025 is prepared on a going concern basis.
• The identified material risks and uncertainties that are relevant to the expectation of the Company’s continuity for the period of twelve months after the preparation of the report have been included in the Management Report.
• The risk and internal control sections of this annual report can be found in this section and in sections 1.4 and 2.5, they  provide information on the identified material risks and the Company’s risk appetite.

Due to the inherent limitations of risk management and control systems, the above does not imply that these systems provide certainty that the Company’s strategic, operational, compliance and reporting objectives will be realized nor that they can prevent or detect all misstatements, errors, operational issues, fraud or non-compliance with laws or regulations.

Financial and sustainability reporting for the financial year 2025 was based upon the best information available throughout the year and the Company always makes a conscious effort to weigh the potential impact of risk.

The Management Board will continue to enhance the internal risk management and control systems through continuous improvement of operational, compliance, financial reporting and sustainability reporting risk management. Where areas for improvement are identified, specific action plans will be implemented and monitored.

Finally, with, reference to section 5.25c paragraph 2, sub c of the Financial Markets Supervision Act (Wet op het financieel toezicht), the Management Board states that, to the best of its knowledge:

• The financial statements for 2025 give a true and fair view of the assets, liabilities, financial position and profit or loss of the Company and its consolidated companies.
• The Management Report gives a true and fair view of the position as per December 31, 2025, and that of the Company and its affiliated companies development during 2025. Furthermore, the Management Report includes a description of the identified principal risks facing SBM Offshore.

Schiphol, the Netherlands

February 25, 2026

Management Board

Øivind Tangen, CEO

Douglas Wood, CFO