EDF / 2020 Universal Registration Document

2 RISK FACTORS AND CONTROL FRAMEWORK Risk management and control of activities Methods and tools : Several methodological documents and tools are made available to the entities to support risk and internal control approaches: a risk analysis methodological guide and a software package (SIGR – Risk management Information System) to support entity risk maps; an internal control guide, a detailed self-assessment framework and a digital platform for sharing and summarising self-assessments (Internal Control Information System). Group risk mapping On the basis of these reports, supplemented by a cross review with the Internal Audit Department, the EDF group Risk Department draws up the consolidated mapping of its major risks, including the overall assessment of internal control and providing Management and governance bodies with a consolidated and regularly updated view of the major risks and their level of control (1) . These documents are validated by the Risk Committee and are presented to the Board of Directors after examination by the Audit Committee. In October 2020, a version of the complementary risk mapping was presented to the Risk Committee, integrating elements related to the Covid crisis. The Risk Committee identifies, within the Group risk mapping, a smaller set of “priority risks” selected as a result of their operational or strategic importance. The Group Ethics and Compliance 2.1.2.2 program The Group Ethics and Compliance Department implements the Group Ethics and Compliance programme on the basis of the following reference frameworks (see section 3.3.2 “Ethics, compliance and human rights”): the Group Ethics and Compliance Policy (PECG), validated by the Executive Committee on 17 May 2016 and reviewed in 2020, which compiles the main rules that Managers must know, respect and ensure compliance within their entities, in strict accordance with the risks of these entities. The PECG is backed up by instruction notes and support guides designed to assist its deployment, including in particular monitoring the integrity of business relations, financial ethics, protection of personal data, the fight against fraud, the management of gifts and invitations and the prevention of conflicts of interest. The PECG is the supra-reference to the Group Ethics Charter and the Ethics and Compliance Code of Conduct, which can be updated according to new applicable regulations and is subject to audit; the Group Ethics Charter built around the Group’s three values (Respect, Solidarity, Responsibility), which defines the requirements that should guide the actions and conduct of the Group employees on a daily basis. An updated version of the Charter, which dates from 2013, has been rolled out throughout the Group as of March 2019; the Code of Ethical Conduct and Compliance published on 1st June 2017 and set out in the internal regulations of the entities, which constitutes the Universal Registration Document for the prevention of corruption and applies to all employees (requirements of the Sapin II Law). An updated version of the code of conduct is currently being discussed with employee representative bodies with a view to it coming into force in 2021; the EDF group ethics and compliance whistleblowing system, which allows employees and external collaborators (temporary staff, employees of a service provider, etc.) or occasional employees (fixed-term contracts, apprentices, trainees, etc.) of the Group, to make a report in accordance with the “Sapin II” Law of 9 December 2016, relating to transparency, the fight against corruption and the modernisation of economic life (see section 3.3.2.4 “Whistleblowing system”). The same alert system is also made available to third parties for issues covered by the “Due Diligence” Act of 27 March 2017 relating to the due diligence obligations of parent companies and ordering companies.

Approval of commitments 2.1.2.3 The EDF group’s Commitments policy sets the framework for commitment decisions in terms of steering, governance and control. This policy applies to all commitment projects, regardless of their amount, for all EDF entities and subsidiaries, excluding regulated subsidiaries while respecting the governance of listed companies. Before each commitment decision, the proposed projects undergo a risk analysis according to a methodological reference framework made available to the entire Group. Strategic projects (beyond the thresholds defined in the Commitments policy) are reviewed by the Group Executive Committee Commitments Committee (CECEG). Draft commitments are reviewed, where appropriate, by the Board of Directors as described in sections 4.2.2.3 “Powers and duties of the Board of Directors” and 4.2.2.8 “Activity of the Board of Directors in 2020”. Strategic disposal projects are investigated separately and supervised by the Disposals Committee (part of the CECEG) to preserve confidentiality and responsiveness. Reliability of financial information – 2.1.2.4 internal accounting and financial controls – Organisation of financial risk management The EDF group has organised its financial risk management around the following functions: Performance Management, reporting , tasked with: contributing to the management of the performance of the Group’s entities by ❯ helping define the Group’s performance plans and by challenging the measures implemented by the entities and business lines. For this purpose, the Finance Department implements a set of management indicators adapted to the economic model of each of the Group’s activities; contributing to budget monitoring through general performance reviews in the ❯ departments and controlled subsidiaries; developing and disseminating financial management methods and processes, ❯ contributing to the dissemination of management culture within the Group; managing the management cycle processes, summarising them and suggesting ❯ decisions to departments and subsidiaries; developing medium- and long-term financial trajectories. ❯ Accountancy: preparing EDF’s financial statements and the Group’s consolidated financial ❯ statements; ensuring accounting compliance through Group reference frameworks based on ❯ accounting standards and the chart of accounts; coordinating the Group’s internal accounting and financial control system, in ❯ accordance with the system presented below. Taxation: ensuring the consistency of tax practices, the requirements of which are listed ❯ in the Group’s Tax policy. The precise provisions in this area are discussed in section 3.4.2.2 “Contribution to development through taxation” of this document; ensuring the proper implementation of legal and declarative obligations, ❯ notably by monitoring the subject; ensuring the accounting follow-up of the deferred tax position and the periodic ❯ justification of the accounts; identifying and controlling the Group’s tax risks. ❯ Finance and Investments: coordinating all the actions inherent in the Group’s balance sheet and financial ❯ result, with the aim in particular of controlling the exposure of the Group’s hedging assets, debt and the Group’s overall balance sheet to financial risks;

(1) Group risk mapping notably includes environmental risks and risks related to climate change (physical risks and transition risks). These risks are described in section 2.2 “Risks to which the Group is exposed”; the strategic response to the challenges of climate change is described in section 3.1 “Carbon neutrality and the climate”.

100

www.edf.fr

EDF - UNIVERSAL REGISTRATION DOCUMENT 2020