EDF / 2020 Universal Registration Document

3 NON-FINANCIAL PERFORMANCE Vigilance plan

Stakeholder association 3.6.3 The Global Framework Agreement on Corporate Social Responsibility signed by EDF in 2018 with the Group’s trade unions and two international trade union federations (IndustriAll and ISP) states that EDF’s vigilance plan will be “developed and set up in association with the Company stakeholders, including workers’ representative organisations.” Since 2018, duty of care was on the agenda of all meetings organised with the signatories of the Agreement who sit on the Committee for Dialogue on Social Responsibility (CDRS) in order to discuss the progress of the vigilance plan. The Committee met in April and October in 2020. In October 2020, the Group’s mapping methodology was presented in detail and approved. In 2021, training in partnership with the ILO will be organised for the members of the Committee for Dialogue. Externally, EDF participated in discussions with other companies, lawyers, NGOs, and trade union federations within the framework of the “Entreprises pour les droits de l’homme” (Businesses for Human Rights) (EDH (1) ) non-profit organisation, in order to openly exchange on the expectations of all stakeholders, compare corporate practices and improve vigilance plan preparation processes. EDF participated in the study commissioned by the ILO, which was presented in December 2019 on the implementation of vigilance plans. 3.6.4 Risk mapping approach for the duty of care For EDF, the risks covered under the vigilance plan meet the criteria for “salient risks” in accordance with the UN Guiding Principles on Business and Human Rights. The process for identifying and prioritising risks used to develop the vigilance plan is based on two complementary approaches: general risk mapping, which includes several risks related to the duty of care, and additional risk mapping, specifically focused on the duty of care. Under the general approach described in section 2.1 “Risk management and control of activities”, each Group entity conducts a risk mapping exercise, under the responsibility of management, using a risk typology designed to cover all categories of risk, whether internal or external, operational or strategic, to which the Group is exposed. The identified risks are grouped by level of qualitative importance based on their impact, risk probability and level of control. The impact is assessed using multiple criteria, including non-financial criteria such as “health impact assessment” (health and safety, internally, including providers, or externally) and “assessment of the impact on the physical or human environment”. The main purpose of the general risk mapping exercise is to define and implement action plans (prevention, protection, etc.) to reduce the impact of the risks and/or risk probability. Through this approach, the main risks presented in section 2.2 “Risks to which the Group is exposed” have been identified, at the level of the EDF group. Several of these risks are of strategic importance for the vigilance plan: ethics and compliance risk (see section 2.2 – 1E “Ethics or compliance ● violations”): since 2019, this risk has included a “duty of care” component, implementing a Group-wide action programme and requiring Group entities to report back on their own action in this area; adaptation to climate change – physical risks and transition risks (3B): this risk ● specifically includes a component focused on the impact of the Group’s operations on the climate (see section 3.1.3.2.3 “Scenario-based approach to verify corporate resilience”); Salient risk mapping

industrial safety risk and impact on environmental assets and biodiversity (4G), ● with a special focus on nuclear safety (5C) and hydropower safety (4B); management of large industrial projects (4A): this risk includes a component ● relating to the potential impact of projects on human rights, the environment and health and safety; operational continuity of supply chains and contractual relationships (4E): this risk ● specifically includes vigilance-based measures during the contractualisation and contract monitoring stages. This general risk mapping exercise is supplemented by a specific assessment of the duty of care, using a two-tier methodology: the first level of assessment addresses the operations and projects “in the field” in ● all the Group’s entities and subsidiaries, which implement risk assessments structured by the commitments made by the Group, summarised in the EDF's group reference framework: "Human rights and fundamental freedoms, health and safety, environment and business ethics: the EDF group's commitments and requirements”; the second level of assessment is an interim summary: each entity, on the basis of ● the “field” risk assessments, identifies and assesses its exposure to potential violations of human rights and fundamental freedoms, health and safety and the environment, depending on the nature of its various operations and projects, the countries in which it operates and its suppliers, subcontractors, partners and customers. This second level of assessment is structured through systematic responses to the annual internal control questionnaire, to allow a consolidation at the Group level. An example of this specific assessment approach for the duty of care is the risk assessment conducted by the Group Purchasing Department for the chain of suppliers. It covers all of EDF’s purchasing categories and approximately 12,100 suppliers and subcontractors. The main risks concern: health and safety at work, particularly lifting/handling/maintenance services; ● the environment, mainly by the production of waste during operating and ● dismantling phases of facilities; as well as the use of rare materials, in particular with suppliers of IT and telecommunications equipment; human rights, particularly in the textile industry which supplies Personal Protective ● Equipment for employees. Using this assessment, priorities can be set for supplier evaluations, controls and audits (see section 3.4.2.3.2 “Responsible procurement strategy and practices”). These two approaches (general and specific) identify the “salient” risks, which determine the action to be taken under the vigilance plan. The salient risks are shared with the trade union organisations as part of the Committee for Dialogue on Social Responsibility (CDRS). The salient risks are as follows: Human rights and fundamental freedoms In the area of human rights and fundamental freedoms, the Group’s Ethics and Compliance policy which includes duty of care has led the EDF group to establish a reasonable diligence plan for all of its entities, which is implemented on the ground by identifying salient risks and the related measures to mitigate such risks. These risks are first assessed based on the country where the entity, its subsidiaries and its suppliers do business. For EDF’s activities and projects in Latin America, Asia, Africa and the Middle East, due to local practices and situations and legislation which are less demanding than the standards applicable in OECD countries, the Group identifies: risks of harm to communities, indigenous peoples and vulnerable groups (in ● particular when engaging in dialogue and concertation processes and when there are land issues or displacement of populations); risks due to working conditions, including forced labour and child labour; ● risks due to the practices of security services or companies. ●

(1) e-dh.org

199

EDF - UNIVERSAL REGISTRATION DOCUMENT 2020