Code of Business Conduct and Ehtics

Mimecast is committed to compliance with all applicable laws and regulations in the UK, the U.S., and everywhere else we do business.

Table of Contents 1. Message from our CEO 8. Deliver a Remarkable Experience 2. Why This Matters • Protect Corporate Opportunities and Assets 3. Compliance Decision Tree • Protect Intellectual Property 4. Mimecaster Responsibilities • Maintain Confidentiality • Protect Personal Data 5. Build Our Company Together • Avoid Conflicts of Interest ▪ Use Sound Judgment in Mimecast9s Financial Operations • No Outside Employment ▪ Prohibit Insider Trading • Responsibly Use Gifts and Entertainment 6. Invest in One Another 9. Bring a Resilient Spirit ▪ Commitment to Workplace Safety • Comply with Anti-Bribery and Anti-Corruption Laws ▪ Mindfulness in Social Media Use • Adhere to International Trade Controls ▪ Commitment to Diversity, Equity, and Inclusion • Follow Competition and Anti-Trust Requirements 7. Make Things Better • Seek Guidance & Report Suspected Violations ▪ Build a Healthy Culture • Disciplinary Action ▪ Involvement with Civic Activities • Participate in Investigations ▪ Commitment to the Environment, Social, and • Prohibition on Retaliation and Victimization Governance Framework • Waivers • Review ©2024 Mimecast. All Rights Reserved.

Message from CEO Mimecasters, Marc van Zadelhoff Our shared goal is to ensure the security and prosperity of organizations, and we are proud to be their trusted cybersecurity partner. Our rapid growth is a testament to each of your contributions, which have helped us expand our customer base and deliver top-notch cybersecurity solutions. Our full potential can only be met if we all maintain the highest level of integrity and ethical standards. We all have a personal responsibility to deal honestly and fairly with our customers, prospects, partners, competitors, and each other. This commitment to integrity is core of who we are as a company and is a shared value across Mimecast. The Mimecast Way provides us with values, and the Code of Business Conduct and Ethics provides us with tools to make the right decisions. All Mimecasters have an individual and corporate responsibility to uphold our Code. Please familiarize yourself with it in its entirety and incorporate it into your daily business activities. Sincerely, Marc van Zadelhoff ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 33

Why This Matters Mimecast is committed to: ❖ Upholding the Mimecast Way; ❖ Promoting the health, safety, and wellbeing of Mimecasters; ❖ Enabling Mimecasters to use their best judgment and common sense when making decisions; ❖ Maintaining the reputation of Mimecast and our business practices; and ❖ Providing clear expectations of our Mimecasters and third parties. ©2024 Mimecast. All Rights Reserved. ©2024 Mimecast. All Rights Reserved.

OUR ACTIONS AS MIMECASTERS PROMOTE INTEGRITY FOR OUR COMPANY, THIRD PARTIES WITH WHOM WE DO BUSINESS, AND EACH OTHER. Mimecast is committed to compliance with all applicable laws and regulations in the UK, the U.S., and everywhere else we do business. To support this effort, Mimecasters are committed to compliance with this Code of Business Conduct and Ethics (the

Compliance Decision Tree Is it legal? Not Sure Yes No ASK FOR HELP Contact: Does it comply with Mimecast policies? STOP Legal Not Sure Yes No Do not proceed. Or There may be serious Does it align with our Mimecast Way? consequences for this action. Compliance Office Contact: Or Not Sure Yes No Legal Your HRBP Would it adversely affect Mimecast, our employees, customers, trading partners and/or other applicable third parties? Or Or Compliance Office Not Sure No Yes Your manager Would you be concerned if it were a news headline? Not Sure No Yes The decision to proceed forward appears appropriate. If you have questions, contact: Legal or Compliance Office. ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 66

Mimecaster Responsibilities ❖ Follow all appliable laws and regulations; ❖ Read and understand the Code; ❖ Speak up if you have a concern or suspect any violations with our policies (See section 8Seek Guidance & Report Suspected Violations9); ❖ As coordinated with the Compliance Office, cooperate with any investigations; and ❖ Seek guidance if you are unsure about Mimecast9s policies: ❖ Legal ❖ Compliance Office ❖ Your HRBP ❖ Your manager ©2024 Mimecast. All Rights Reserved.

Build Our Company Together ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 88

Mimecasters must comply with all financial reporting and accounting regulations applicable to our business. Our principal executive, financial, and accounting officers will use reasonable judgment and perform their responsibilities honestly, ethically, and objectively to ensure that we comply with these regulatory obligations. We must further cooperate with our internal and external auditors with respect to financial reporting Use Sound matters. Mimecasters must use standard agreements and contract processes that Judgment in reflect the actual deal we enter into. Non-standard terms must be reviewed by Legal and approved by the commercial Finance team prior to entering into contractual commitments. We are prohibited from making Mimecast’s side agreements or arrangements with anyone. Financial We must maintain all necessary records, files, and accounts to fully and accurately reflect corporate transactions and the acquisition, maintenance, Operations and disposition of Mimecast9s assets in accordance with generally accepted accounting principles and our accounting policies. We must immediately report to Mimecast any errors or misstatements with respect to the same. We must clearly identify accounts, and we will not create or maintain secret or unrecorded funds or assets. ©2024 Mimecast. All Rights Reserved.

Use Sound Judgment in Mimecast’s Financial Operations We must follow our Global Travel and Expense Reporting Policy and not commit fraud, make false, misleading, or fictitious entries, or list fictitious expenses on expense accounts or petty cash vouchers. We must not make any payment on behalf of Mimecast without Questions? adequate supporting documents, and we must not make any payments ❖ Travel and Expense Hub for any purpose other than what is set forth in the authorizing ❖ Legal documentation. ❖ Compliance Office As a private company, we must not share financial or other performance information about Mimecast with unauthorized third parties without prior written approval from our Chief Financial Officer. We must provide full, fair, accurate, timely, and understandable disclosure in all reports and documents and in public communications we make, including statements we make about Mimecast9s solutions. ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 1010

Prohibit Insider Trading ❖ As part of who we are and our transparent management philosophy, Mimecasters may have access to material, non-public information about our customers, partners, and other entities with whom we do business. Mimecasters must not use or share this information about any company conducting business with Mimecast for financial gain until it becomes public or is no longer material. ❖ This obligation extends to members of our households (e.g., our spouse, significant other, child, parent, or other family member living in the same household). What’s

Invest in One Another ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 1212

Commitment to Workplace Safety Mimecasters are dedicated to maintaining a safe and violence-free workplace. At no time are we permitted to intimidate or threaten physical violence or carry a weapon of any kind into the office or to any Mimecast- sponsored meetings or functions, including those with Mimecast customers, trading partners, or vendors. Questions? Contact: Human Resources ©2024 Mimecast. All Rights Reserved.

Mindfulness in Social Media Use ❖ When sharing Mimecast-related content (e.g., PostBeyond), follow requirements published by Marketing. ❖ Be mindful that your profile and any content you post are consistent with the What if a Mimecaster professional image you present to clients and colleagues, particularly if you receives a request for quotes are

Commitment to Diversity, Equity, and Inclusion ❖ race or color; We treat each other with respect. Mimecast is committed to ❖ religion; providing a work environment that is free of discrimination ❖ sex or gender (including pregnancy, lactation, childbirth, and harassment and seeks to prevent it. or related medical conditions); In our Equal Employment and Anti-Discrimination Policies,, ❖ gender identity or expression; we provide equal opportunity employment and do not ❖ sexual orientation; discriminate. We maintain a strict policy prohibiting ❖ age; unlawful discrimination, harassment, and sexual ❖ national origin or ancestry; ❖ physical or mental disability; harassment against both applicants and Mimecasters and ❖ genetic information (including testing and prohibit such conduct even if it does not rise to the level of characteristics); being unlawful. ❖ veteran status or uniformed servicemember status; or We prohibit discrimination and harassment in the ❖ any other status protected by laws wherever we have workplace based on any legally protected characteristic, employees. including without limitation: More Information: Questions? Equal Employment and Anti- Contact: Discrimination Policy Your HRBP Equal Employment and Anti- Discrimination Policy - Australia Compliance Office ©2024 Mimecast. All Rights Reserved.

Make Things Better ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 1616

Involvement with Build a Civic Activities Healthy Culture We encourage Mimecasters to participate lawfully and In our commitment to make Mimecast the place that we respectfully in civic and political activities. However, do our best work, best teamwork, and greatest learning, these activities must be conducted on our own time and Mimecasters should at all times promote a respectful must not use any Mimecast facilities or assets, including workplace where we have the ability to reach our fullest funds for political contributions of any kind. potential. Mimecasters are not permitted to represent that a political contribution was made on behalf of Mimecast. We strive to create a workplace that actively promotes mental, physical, and emotional wellbeing, requires appropriate and responsible alcohol use, and is free from influence of illicit drugs. What if a third party asks More Information: for a contribution to their charity? Global Illicit Drug Contact: Employee and Alcohol Policy Engagement ©2024 Mimecast. All Rights Reserved.

Commitment to the Environment, Social, and Governance Framework Mimecasters recognize that our commitment to global community resilience will only succeed with an equally robust commitment to protecting our environment and the conservation of natural resources. We remain committed to measuring, mitigating, and reducing our carbon footprint through energy efficiency measures at each of our facilities. We must fully comply with applicable environmental laws and regulations, including those related to recycling and the disposal of wastes. We expect third parties with which we partner to share these commitments. Mimecast is committed to supporting the communities in which we work and live. Although we work tirelessly to deliver cyber resilience more cost effectively, more simply, and more comprehensively than any other vendor by innovating through cloud technology, we also work to build more resilience in our world together through corporate donations, employee gift matching, and volunteerism. We publish our Modern Slavery Act Disclosure Statement to demonstrate our commitment to supporting and promoting human rights in our supply chain and in the communities in which we live and operate. Mimecast has implemented key governance policies designed to demonstrate and enforce our commitment to supporting the resilience of our global community. Questions? More Information: Contact: ESG Council Environmental, Social, and Governance Report ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 1818

Deliver a Remarkable Experience ©©©222000222444 MMMiiimememecacacassst.t.t. AlAlAllll RRRiiiggghhhtststs RRReeessseeerrrvvveeeddd... 1919

Protect Corporate Opportunities and Assets As the stewards of proprietary and confidential information of Mimecast, and that of our We owe a duty of loyalty to Mimecast to always advance its legitimate third parties with whom we business interests. Mimecasters are prohibited from diverting to conduct business, as well as themselves or to others any opportunities that are discovered through the personal data of our the use of Mimecast9s property or information, or as a result of their employees, applicants, position with Mimecast, for improper personal gain or competing with customers, trading partners, Mimecast. and vendors, we work every day to safeguard these assets that make us a leader in cyber resilience. Questions? Contact: Compliance Office ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. ©2024 Mimecast. All Rights Reserved. 2020

Protect Intellectual Maintain Confidentiality Property Mimecast9s intellectual property (e.g., our Mimecasters must honor our confidentiality trademarks, logos, copyrights, trade secrets,

Protect Personal Data Mimecast is committed to the lawful and secure collection, processing, and storage of What is personal data? personal data that is entrusted to us by our customers, applicants, and our employees, as is required by the EU General Data Protection Regulation and other applicable data Any information relating to an privacy regulations worldwide. identified or identifiable person such When handling personal data as part of our responsibilities with Mimecast, we must as a name, telephone number, email ensure that we are following the appropriate safeguards that Mimecast has address, or IP address. It can also include more sensitive information implemented to ensure the protection of such data. such as a social security number or Mimecasters must not collect or otherwise process personal data unless required by national ID, banking information, employment record, sexual our individual roles and there is a valid legal basis to do so, including but not limited to orientation, race, or family status. appropriate consent. We must maintain the confidentiality of personal data that is processed, accessed, or used and must not share it with any other individuals that do not have the appropriate authorization. Questions? We must use personal data for only for the purpose for which it was initially collected, Contact: Compliance Office as disclosed in our contractual terms, and/or as permitted by applicable law. NOTE: professional secrecy obligation under German Law During the performance of our work, Mimecasters may process confidential information subject to professional secrecy under Sec. 203 of the German Criminal Code (Strafgesetzbuch -

Avoid Conflicts of Interest We are always responsible for acting in the best interests of Mimecast. To uphold our reputation for integrity, Mimecasters must avoid situations that create actual No Outside or perceived conflicts of interest between our personal interests (including members of our families or close friends) and the best interests of Mimecast or any of our customers, trading partners, or vendors. We must not engage in any Employment business or personal relationships with anyone in our reporting chain, including but not limited to, renting property, borrowing, or lending money. As always, when in doubt, ask. Mimecasters know that we should not engage in any outside work that If there is a possibility that an actual or perceived conflict of interest may exist, it could interfere with Mimecast9s should be reported promptly to our Compliance Office or your HRBP. business interests or violate any employment obligations that apply Mimecast9s General Counsel may notify the Board of Directors of Mimecast to us. Holding Limited, the parent company of the Mimecast Group, regarding any actual or potential conflicts of interest, depending on the facts and circumstances. Any actual or potential conflict of interest involving a member of the Board of Directors, an executive officer, or member of our Legal team must be disclosed to Questions? the Board of Directors. Contact: Compliance Office ©2024 Mimecast. All Rights Reserved.

Responsibly Use Gifts and Entertainment We value our relationships with customers, trading partners, and vendors. Who is considered a government Building those relationships and creating goodwill might include meals, gifts, official? and entertainment (but never cash). It is important that giving or receiving Anyofficer or employee of a anything of value is appropriate and reasonable in the circumstance and does government or governmental not violate applicable laws and at all times complies with our Global Travel and department or agency, or of a public Expense Reporting Policy. organization. They can also be aperson acting in an official capacity Gifts and entertainment must never be given to individuals who are not for or on behalf of a government, permitted to accept them by applicable law, regulations, or by policies applicable governmental department or agency, to them. or of a public organization. Giving anything of value to a UK, U.S., or other government official is strictly regulated and, in many cases, prohibited by law. Mimecasters must obtain approval from our Compliance Office before providing anything of value to a More Information: government official. Global Travel and Expense Reporting Policy ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 2424

Comply with Anti-Bribery Adhere to International and Anti-Corruption Laws Trade Controls We pride ourselves on selling our solutions based on their merits and we hold ourselves to high standards when dealing with our prospects and customers. Mimecasters must comply with U.S. and Mimecasters are prohibited from offering anything of international trade laws that govern where value that could be perceived as a bribe to win Mimecast can sell its solutions, including business. In all cases, we will decline any business prohibitions on selling into certain countries and to opportunity that is tied to the perception of improper certain restricted parties. Compliance is required influence to close a deal. even if it may result in the loss of business opportunities. We will work with Legal to support Mimecast requires strict adherence to the our international trade compliance obligations, requirements of the UK Bribery Act 2010, U.S. Foreign especially as we move into new markets. Corrupt Practices Act, and any other local laws in the areas where Mimecast conducts business. More Information: Questions? Global Anti-Bribery and Contact: Legal Anti-Corruption Policy ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 2626 ©2024 Mimecast. All Rights Reserved.

Follow Competition and Anti-Trust Requirements Competition, anti-trust, and other similar laws are designed to promote a fair market for all participants and is beneficial to our customers. While Mimecast will always compete vigorously, we will always compete ethically and fairly and in compliance with these laws in the UK, U.S., and anywhere else we conduct business. Mimecast will never enter into anti-competitive agreements with competitors and others around fixing or controlling prices, bid-rigging, non-solicitation of each other9s employees, dividing markets, or other impermissible arrangements. Mimecast will never take unfair advantage of another entity in business dealings on Mimecast9s behalf through the abuse of privileged or confidential information, improper manipulation, concealment, or misrepresentation of material facts. In addition, we will not participate in unfair and deceptive trade practices in promoting our solutions, especially with respect to misleading or false claims about competitors and their solutions. Questions? Contact: Legal ©2024 Mimecast. All Rights Reserved.

Seek Guidance & Report Suspected Violations Mimecast is committed to the highest standards of To raise concerns to our Compliance Office, Mimecast openness and accountability. As part of our Whistleblower offers the following methods: Policies, Mimecasters are expected to report concerns or suspected violations of this Code or other Mimecast By writing via U.S. or international mail to: policies as soon as we become aware of them. We are Chief Compliance Officer encouraged to contact our HR business partner or direct c/o Mimecast North America, Inc. manager, if that is a comfortable option. We can also 191 Spring Street Lexington, MA 02421 USA contact our Compliance Office or our Legal team. (may be anonymous) Certain methods of communications can be anonymous. Mimecast9s Compliance Office manages all inquiries and By phoning or making an online report: strives to maintain confidentiality to the extent permitted Mimecast Reporting Hotline by applicable law. (may be anonymous) Mimecasters must not use these reporting channels in bad faith or in a false or unreasonable manner. In By emailing: addition, we will not use the Reporting Hotline to report Compliance Office grievances that do not involve this Code or other ethics- (anonymity may not be maintained) related issues. More Information: Global Whistleblower Policy Whistleblower Policy - Australia ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 2828

Disciplinary Action Participate in Investigations Mimecast9s management shall take reasonable steps to: (i) monitor and audit compliance with this Code, including the establishment of monitoring and auditing systems that are reasonably designed to investigate and detect Mimecast9s Compliance Office coordinates conduct in violation of this Code; and (ii) when investigations of suspected violations of this Code appropriate, impose and enforce appropriate disciplinary or our other policies or procedures, or any measures for violations of this Code. Disciplinary applicable law or regulation. Mimecast Legal, measures for violations of this Code will be determined at Human Resources, Security, IT, and other functions may participate in any investigation as may be Mimecast9s sole discretion and may include, but are not necessary. Mimecasters always cooperate with limited to, counseling, oral or written warnings, probation Mimecast in any investigation. Mimecasters can or suspension with or without pay, demotions, reductions always contact our General Counsel with any in salary, termination of employment or service, and concerns around any investigation or its outcome. restitution. Mimecast9s management may periodically report to the Board of Directors of Mimecast Holding Company Limited on these compliance efforts including, without limitation, periodic reporting of alleged violations of this Code and the actions taken with respect to any such violation. ©2024 Mimecast. All Rights Reserved.

Prohibition on Retaliation and Victimization As part of our Whistleblower Policies, Mimecast expressly forbids any retaliation against any Mimecaster who, acting in good faith on the basis of a reasonable belief, reports any suspected misconduct or participates in an investigation of a Individuals must not suffer any possible violation of this Code, other policies or detrimental treatment as a result procedures, or any applicable law, rule, or of raising a concern in good faith. regulation. Any person who participates in any such retaliation is subject to disciplinary action, up to and including termination. Contact our Compliance Office immediately with any concerns around retaliation and victimization. More Information: Global Whistleblower Policy Whistleblower Policy - Australia ©©22002244 MMiimemecacasst.t. AlAlll RRiigghhtsts RReesseerrvveedd.. 3030

Waivers Review While some of the policies in this Code must be This Code is approved by the Board of strictly adhered to and no exceptions are Directors of Mimecast Holding Limited. The permitted, in other cases exceptions may be Code is subject to periodic review by possible. Requests for waivers of any part of the Mimecast9s General Counsel, Chief Compliance Code must be submitted to our Compliance Office Officer, and Chief Human Resources Officer. and approved by Mimecast9s General Counsel and Review is conducted in response to significant Chief Human Resources Officer. Waivers requested changes in Mimecast9s business practices or by executive officers or members of the Board of applicable law and regulations, and Directors must be submitted to our Compliance amendments may be made to ensure this Officer and General Counsel and must also be Code remains current with Mimecast9s strategy approved by the Board of Directors. and business objectives and applicable law. This Code is required to be read and acknowledged annually by all Mimecasters. Electronic affirmation confirms that the Code has been read and understood and that there is agreement to comply with the Code. ©2024 Mimecast. All Rights Reserved.