EDF / 2019 Universal registration document

3. Non-financial performance

EDF, a company committed to a just and fair transition

Whistleblowing system In 2018, the EDF Executive Committee decided to upgrade its system to secure the handling of alerts and increase personal data confidentiality and security. It decided to set up a single alert system for all alerts under the Sapin II Law and the law on “duty of care” (“devoir de vigilance”), as well as alerts from employees alleging harassment and discrimination. The Group Ethics & Compliance Division is the system’s contact for the Group. This Group system benefits all Group entities, except for the subsidiaries in the regulated sector, Enedis and RTE  (2) , which have their own whistleblowing system to respect their managerial independence. The Group’s Ethics & Compliance Whistleblowing System is accessible at all times on the EDF group website, its interface is available in several languages (French, English, Italian, Portuguese, Dutch and Mandarin) in France and abroad, and whistleblowers can submit their alerts in the language of their choosing  (3) . The EDF group Ethics & Compliance Whistleblowing System allows Group employees and external staff (temporary workers, service provider employees, etc.) or occasional employees (fixed-term contracts, apprentices, trainees, etc.), as well as third parties, to report actions of which EDF group or its employees are the culprits or victims. Once the report has been submitted, the whistleblower receives confirmation within 72 hours informing them that the admissibility assessment has begun. Whistleblowers can submit reports anonymously in countries where this is authorised. Alerts can be reported anonymously, as long as the severity of the reported facts is established and the factual elements are provided in precise and sufficient detail, so as to provide evidence for the reality of the reported facts. The Group Ethics & Compliance Division assesses the admissibility of an alert, which depends on this scope of application and the whistleblower’s relationship with the Company. This admissibility is independent of whether the alleged facts are well-founded or not, which can only be determined through an alert handling process. Once a ruling has been made on admissibility, the whistleblower is informed of the protective measures from which they benefit (protection under the Sapin II law, French Labour Code, etc.). These vary according to their status (victim or witness, individual or corporation, etc.), their relationship with the Company (employee, external service provider, third party, etc.) and the themes involved (fraud, harassment, serious environmental damage, etc.). Each alert that is deemed admissible is handled. The Group Ethics & Compliance Division appoints a case manager and, if necessary, is assisted by Ethics & Compliance Officers and other experts to handle alerts. When the investigations have been completed, a report is drawn up by the case manager. If the allegations in the alert are proven or partially proven, an action plan is implemented. The Group Ethics & Compliance Division monitors the progress of this action plan and ensures it has been fully implemented before the alert is closed. Alert results are consolidated and included in the annual ethics & compliance report submitted to the Executive Committee and presented to the EDF Board of Directors’ Governance & Corporate Responsibility Committee. In 2019, this Division recorded 53 admissible alerts; 81% came from Group employees; 44 alerts were about incidents occurring in France and 9 abroad; 39 related to EDF and 14 to Group subsidiaries. Most whistleblowing alerts (59%) related to harassment/discrimination. In 2019, more than 2/3 of alerts handled were sufficiently circumstantiated to result in corrective actions or disciplinary sanctions. The average handling time for these alerts was 112 days.

Compliance with the REMIT regulation  (1) In accordance with the Group Ethics & Compliance Policy, entities concerned must put in place a European REMIT regulation compliance programme. A “Group Compliance Officer” was appointed in September 2017 and was tasked with preventing risks of non-compliance, by developing an appropriate control environment. The practical implementation of this REMIT regulation by the EDF group, the implications for entities as well as the related processes and controls are described in a memorandum of instructions. An online staff training tool has been set up. It is freely available on VEOL, the EDF group intranet. Preventing breaches of competition law EDF group has made awareness of and adherence to competition law a major priority for its employees. With this in mind, the Group has implemented a Competition Law Compliance Programme since 2010. The programme, which is binding on all employees, aims to ensure that all operations of subsidiaries and entities of the Group in France and worldwide comply with competition law. After rolling out an e-learning module between 2010 and 2015 which trained over 5,400 employees, in France and abroad, since 2016 a more non-specialised Serious Game called: “Cap Antitrust” is accessible to all employees on the Group’s internal training portal, in multiple languages (French, English and Italian). Personal data protection EDF, which appointed a Personal Data Officer (PDO) in France as early as 2006, appointed its Data Protection Officer (DPO), pursuant to EU regulation 2016/679 of 27 April 2016 known as the general data protection regulation (GDPR). The DPO is the Lead Manager for the Group. The DPO is responsible for ensuring compliance with regulations relating to the protection of personal data within the Company, whether with regard to the personal data of its customers, employees, service providers or partners. The work carried out to bring the Group in line with the requirements of the GDPR notably led to the appointment of around twenty DPOs In the course of its activities, particularly in the nuclear field, EDF and its subsidiaries carry out a range of operations to meet their own needs or the needs of third parties, requiring the use of goods and technologies including dual-use goods and technologies (“DUG”) that can expose it to certain risks inherent in French, European and/or foreign regulations, some of which have extraterritorial scope and can require, subject to exceptions, the issuing by the competent authorities of a license/authorisation prior to any transfer, export, re-export, brokerage, and/or transit of such goods and technologies. A Group Export Control & International Sanctions Director was appointed in August 2019. The Group Ethics & Compliance Policy describes compliance procedures to be implemented regarding export control of dual-use goods and technologies. The Duty of Care programme The EDF Duty of Care plan drawn up in accordance with French law no. 2017-399 of 27 March 2017 relating to the duty of care of parent companies and ordering companies, is implemented in practice via a “Duty of Care programme”, which is stipulated in the Group Ethics & Compliance Policy and which Executives must implement within their entities. The operational requirements of this programme as well as the related processes and controls are described in a “duty of care” memorandum of application. A Duty of Care (DoC) Compliance Officer is tasked with managing and coordinating the duty of care plan and reporting on its effective implementation based on feedback from the entities, in conjunction with the Legal Affairs Division, Group Ethics & Compliance Division, and Group Risk Division. A Duty of Care Officer appointed at each entity is tasked with coordinating the implementation of the entity’s Duty of Care Programme and reporting on its effective implementation. The DoC Compliance Officer manages this network of Officers. A mandatory self-assessment form on this theme has been added to the internal control guide. at subsidiaries across France and Europe. Export control (dual-use goods)

(2) Distribution network operator Enedis and transmission operator RTE are managed independently. (3) www.edf.fr/edf/alerte-ethique. (1) Regulation (EU) No 1227/2011 of the European Parliament and of the Council of 25 October 2011 on wholesale energy market integrity and transparency.

148

EDF | Universal registration document 2019

www.edf.fr