EDF_REGISTRATION_DOCUMENT_2017

3.

ENVIRONMENTAL AND SOCIETAL INFORMATION − HUMAN RESOURCES Defining and implementing corporate responsibility

terrorism, and those concerning compliance with the European EMIR regulation. A Stock Exchange Ethics Code, updated in February 2017, complements this Policy. Actions to raise awareness of stock market rules are conducted with Group employees, concerning particularly the precautions and obligations for holders of inside information. Preventing breaches of competition law EDF group is making awareness of and adherence to competition law an absolute priority for its employees. With this in mind, the Group has implemented a Competition Compliance Programme since 2010. The programme aims to ensure that all operations of subsidiaries and entities of the Group in France and worldwide comply with competition law. It applies to all Group employees, particularly as regards their relations with customers, competitors, partners and suppliers. This Competition Compliance Programme covers all aspects of competition law: abuse of dominant position, anti-competitive agreements, concentrations and state aid. The programme entails a number of training sessions, either online or face-to-face. It has given rise to the preparation of numerous training and awareness-raising instruments. After rolling out an e-learning module between 2010 and 2015 which trained over 5,400 employees, in France and overseas, the Legal Department’s Competition Law Unit devised a new general e-learning competition module with a more interactive format. This online offering is completed by tailored face-to-face training for some Group subsidiaries and entities. At the same time, a best practice guide, as well as regular notes and publications on developments in competition law are circulated widely. Personal data protection Personal data protection is now governed in France by the “Loi Informatique et Libertés” (Data Protection Act) no. 78-17 of 6 January 1978, as amended. In response, EDF appointed as of 2006 a Personal Data Officer (PDO) responsible for ensuring personal data protection for both customers and employees and for enforcing this law within the Company. Work has started on preparing the Group for the application from May 2018 of the new provisions of the European General Data Protection Regulation (GDPR). Compliance with industry regulations In application of the EDF group’s Ethics & Compliance Policy, the entities concerned must put in place a REMIT compliance system, the purpose of which is to ensure the transparency and integrity of the functioning of the wholesale energy market, notably by prohibiting insider trading based on privileged information and market manipulation. This Policy also requires entities involved in exporting products on the list of dual-use products appended to EC regulation no. 428/2009 of 5 May 2009 (including exports within the EU) to implement a compliance procedure. Compliance with international sanctions programmes The Group Ethics and Compliance Policy requires the executive directors of Group entities concerned to implement a system to prevent the risk of international sanctions within their entities. The system involves a clause being inserted into each contract entitling EDF to terminate a business relationship with immediate effect in the event of failure to adhere to an international sanctions programme. EDF has put in place a procedure for checking on the integrity of business relations (see Point 3 above) and in support of this has made tools available for the Heads of Ethics and Compliance to verify that there is no risk of international sanctions. The

mapping of these sanctions drawn up by the European Union is posted online on the ethics and compliance intranet.

Training and professionalisation of 3.1.4.5 players The Group Ethics and Compliance Division is developing prevention and training actions and provides deployment tools for all employees. It coordinates a network of professionals in the various entities and has a dedicated forum on the Group intranet. Training sessions on “ethics and compliance” topics The Group Ethics & Compliance Division has put in place a training course on “Prevention of the Risk of Corruption” thus meeting the requirements of the "Sapin II" law. It has been specifically defined as of mid-2016 for directors and managers. This digital training course, which is mandatory for managers, was rolled out in 2017 to managers and exposed personnel. Furthermore, the Group Ethics and Compliance Division has produced awareness-raising videos on the nine subject areas of the Group Ethics & Compliance Policy and made them available on the ethics and compliance intranet. The nine subject areas are: privileged information; international sanctions; harassment and discrimination; the fight against corruption; the fight against fraud; sector regulations; security of personal data; competition law and conflicts of interest. Complementary to this, the Group Legal Division and Group HR Division offer an e-learning module called “Preventing corruption” designed for all employees: this programme deals operationally with the right conduct to adopt in situations involving business relations, conflicts of interest and gifts. Whistleblowing system 3.1.4.6 In 2016, the existing ethics alert system was strengthened and expanded. It now includes issues associated with compliance. EDF’s whitsleblowing system, managed by the Ethics and Compliance Division, enables any employee acting in good faith to flag up a violation of the Group Code of Ethics, the Group Ethics and Compliance Policy and, from 2017, the Code of conduct Ethics and Compliance, confidentially and securely. Since it meets the conditions provided by the "Sapin II" law it benefits from special protection and immunity from criminal liability. The input interface is a page of the EDF website (1) allowing the whistleblower to indicate the subject of the alert and to describe its main features. The whistleblowing system is accessible 7 days a week, 24 hours a day and whistleblowers receive an acknowledgement within 72 hours, notifying them that their alert is being processed. In line with the zero tolerance policy, each warning is processed. The aggregate annual results are presented to the Corporate Governance and Social Responsibility Committee of the Board of Directors. In 2017 the Group Ethics and Compliance Division worked on bringing its whistleblowing system into line with both the requirements established as of the beginning of 2018 by the "Sapin II" law and those relating to EU developments, notably the new General Data Protection Regulation (GDPR) from May 2018 onwards. In 2017 the Group identified 60 “significant breaches” of the Group Ethics & Compliance Policy, 20% less than in 2016. Geographically, 85% of the breaches were in France, reflecting the maturity of the mechanism in the home country.

https://www.edf.fr/edf/alerte-ethique (1)

152

EDF I Reference Document 2017