Once a year, Mixvoip generates a comprehensive report on its financial health to ensure continuity of performance. This report is prepared by a committee including one external accounting firm and our CFO. It includes key metrics such as debt burden, cash reserves, projected cash flow trends, and revenue. Additionally, the report provides recommendations for maintaining financial stability and resilience. This report is reviewed by the executive committee and the board of directors to ensure adequate funding and proactive risk management.

Organizations can use tools like Tempus, which provides automated time tracking, compliance monitoring, and reporting features to help employers meet the directive’s requirements effectively. Tempus helps streamline compliance processes and ensures transparency in record-keeping, making it easier for organizations to follow Luxembourg’s labor laws and the European Directive.

Non-compliance can result in legal consequences, including fines or other penalties. Additionally, non-compliant companies may face increased risks in terms of employee grievances or reputational damage, emphasizing the importance of adherence to these regulations.

Certain exceptions and flexibilities are allowed and are incorporated into Luxembourg’s labor laws. For instance, specific industries or job roles (like emergency services or seasonal work) may have adapted requirements. However, these exceptions must still prioritize employee safety and well-being.

The directive outlines several key requirements: • Maximum weekly working hours: Employees should not work more than 48 hours per week, on average. • Daily and weekly rest periods: Employees are entitled to a minimum daily rest of 11 consecutive hours and a weekly rest period of at least 24 uninterrupted hours. • Paid annual leave: A minimum of four weeks of paid annual leave. • Breaks: Employees have the right to adequate breaks during work hours, especially if their workday exceeds six hours.

Luxembourg has integrated the requirements of Directive 2003/88/EC into its national labor code. These regulations cover key provisions such as maximum weekly working hours, rest periods, and minimum paid annual leave. Employers in Luxembourg must comply with these laws to meet both national and EU standards.

Yes, the European working time directive 2003/88/EC is mandatory in Luxembourg. As an EU Member State, Luxembourg is required to align its national labor laws with this directive, which sets minimum standards for working hours, rest periods, and annual leave to protect workers’ health and safety.

Mixvoip generates over 12 million in annual revenue, including revenue from subsidiaries with at least 80% ownership.

As of November 1, 2024, Mixvoip employed approximately 63 full-time equivalents (FTEs) respecting local minimum wage regulation. This figure represents the combined employees of Mixvoip SA and its subsidiaries in which Mixvoip holds at least an 80% ownership stake. Outsourced consultants are excluded from this calculation.

On our Impressum you can see in which countries we are registered as telecom operator including the regulatory body and our reference there. In addition to that please check out Our accreditations page to find for example our ISO27001 certification.

Within DORA the Legal Entity Identifier (LEI) is being used. Please head over to our Impressum to see the LEI codes for our entities.

Please head over to our Impressum where we list the LEI for the different entities.

All employees within the company are receiving internal security trainings (GDPR, ISO, …) at a regular basis. Certifications including external and internal trainings are also provided to ensure that employees are following best practices. You can find various certifications under our accreditations page.

RZECZKOWSKI Marcin & KISTINGER Clemens 70, rue des Pres L-7333 Steinsel regulatory@mixvoip.com

Within DORA our type of services are the following, depending on the services we provide to you: - ICT project management - ICT help desk and first level support - ICT security management services - ICT, facilities and hosting services (excluding Cloud services) - Non-Cloud Data storage - Telecom carrier - Network infrastructurre - Hardware and physical devices - Software licencing (excluding SaaS) - ICT operation management - ICT Consulting - Cloud services: SaaS - Cloud services: PaaS - Cloud services: IaaS

A formal risk governance framework is in place as part of our ISO 27001 certification and aligns with NIS2 and DORA requirements. In addition to that it is necessary to fulfill the german TKG and also SERIMA. Management has approved these policies, covering risk assessment, mitigation, monitoring, and review processes.

Mixvoip manages its entire IT infrastructure, including installation, configuration, and operational management like backup and restore, using its own data centers and in-house personnel. While Mixvoip maintains contracts with selected external providers for limited support, such as advanced hardware replacement, these contracts do not grant access to any scoped systems, data, or processing facilities. This approach enables Mixvoip to retain full control over system access and aligns with our stringent security and compliance standards, minimizing reliance on external entities.

The Information Security Program is comprehensively documented under our ISO 27001-certified ISMS and includes policies that have been formally approved by management and communicated to all relevant parties.

The Business Continuity and resilience framework is established per ISO 27001 and further developed under NIS2 and DORA guidelines to ensure ongoing resilience, with policies for response, continuity, and regular review.

We categorize the substitutability of third-party ICT service providers into four levels: • Not Substitutable: The service is unique, with no comparable alternatives available. • Highly Complex Substitutability: Switching providers would require significant effort and high costs. • Medium Complexity in Terms of Substitutability: Comparable providers exist, but switching would involve extra effort and costs due to dependencies. • Easily Substitutable: The provider can be replaced easily, as there are several comparable options available in the market. These levels help us assess the potential impact on service continuity and plan accordingly to maintain reliability for our customers. These levels are used on our third party provider list.

Yes, we have internal monitoring and alert systems in place to check the availability of ICT services provided by our subcontractors, ensuring compliance with DORA requirements.

The impact of subcontracted ICT services depends on the substitutability of the service and how it is integrated into the customer’s operations. While some services may not be easily replaced, our mission is to provide reliable and consistent services to minimize potential disruptions for our customers. You can find the information on our subcontracted ICT services here.

All our ICT subcontractors are classified as Rank 2 under the DORA (Digital Operational Resilience Act) framework.

Mixvoip conducts all operations in EUR.

While Mixvoip does not have a formalized environmental policy with specific targets, sustainability is a key focus, and the company is committed to minimizing its environmental impact. This includes initiatives such as going paperless, offering organic refreshments, using electric vehicles, and planting trees to offset its carbon footprint. Additionally, the data centers operate with 100% green electricity, utilize free cooling, recycle biomass, and continuously monitor energy efficiency to reduce CO₂ emissions and improve sustainability.

Please refer to our Impressum page.

Yes, we rely on subcontractors for ICT service provisioning, in accordance with DORA requirements and GDPR standards. For detailed information about our subcontractors, including provisioning locations and storage details, please refer to our third-party providers.

In line with ISO 27001 guidelines, we have systems in place to monitor and detect security incidents. These are managed by our internal Incident Management Team. Customers can provide a designated contact for incident notifications through email, ticket submission or our web panel. If a security incident occurs, we ensure the designated contact is promptly informed with all relevant details.

Whenever a legal requirement (e.g. Regulators, Law Enforcement, …) is given, Mixvoip grants matching inspection rights For customers we refer to our Terms&Conditions, section 2.4.2

We carry out regular audits and tests to maintain the security and compliance of our services. These include annual certifications like ISO 27001, regulatory audits, and internal vulnerability scans. For more details about our certifications and regulatory framework, please visit our accreditations page.

Mixvoip is ISO 27001 certified, which requires us to have adequate and resilient technical infrastructure to support service continuity. As part of our certification, our technical equipment and continuity measures are reviewed and audited regularly to ensure compliance with ISO 27001 standards. This certification provides assurance that we meet internationally recognized requirements for the security, reliability, and resilience of our technical infrastructure.