Eurazeo / 2019 Universal Registration Document

Risk management Risk factors

Technologies and data 4.2.1.6

MODERATE Risk that ITsystemattacks and/oroutagesaffect the confidentiality, availability and/or integrity ofEurazeo’sdigital data and that of its partners, and notably prevent Eurazeofrom ensuring business continuity, compliance with personal data and/or insider information regulations,or limitingthe effecton its image/reputationwith regardto partners and stakeholders. In the conductof its activities, Eurazeo uses IT infrastructures and applications to collect, process and producedataand, in particular,confidential and strategic data. Technical failures (equipment,software, network,etc.) or IT attacks (malware, intrusions, etc.) could impair the availability,integrity andconfidentiality ofdataandhavenegative consequences for the Company's business andreputation. TheCompany’sdigitaltransformation, the developmentof cloud system data storage,or the increaseduse of key and/or business olutions in SaaSmodeincrease Eurazeo’s vulnerability to cyber-attacks. Theyalsoincrease Eurazeo’sdependencyon the reliability of third-partyIT systems. IT securityis a priorityfor Eurazeo.For several years, a certain number of initiativeshaveaimedto implement suitablemeasuresto protectits digital assets, as wellas thoseof its portfolio companies. The cyber risk prevention system is notably supported by: a Digital Security Committee (chaired by the Chief Financial Officer and memberof the Executive Board, bringing togethertheRisks,Digital, Security and IT Departments), a Chief InformationSecurityOfficer(CISO),an InformationSystemsSecurity Policy (ISSP),andthe deployment of varioustechnical measures reinforcing the security of access to digital resources. To check that this system iseffective, IT security auditsand intrusion tests are regularly performedandcorrective action is taken wherevulnerabilitiesare identified. Eurazeo has also taken out cyber andfraud insurance policies. With regard to continuity, the Eurazeo disaster recovery plan (based on redundant i frastructure locatedat two remotesites) istested annually; this should enable the Company to continue its activitiesin the eventof an IT incident andavoid dataloss. Potentialeffects

Examples of risk mitigation measures Cyberthreatprevention system: EurazeoDigitalSecurity Committee, • Cybersecurity Audits, ISSP, CISO, Cyber Roadmap,awareness campaigns for employees andportfolio companies, etc. Disaster Recovery Plan, testedannually • Insurance policies: Cyber, Fraud • Governance: cyber-security issues feature on the Audit Committee • agendaat least twice a year.

Leakof confidential and/or strategic data relating to the activities • of Eurazeo, its portfolio companies, its investmentpartnersor other stakeholders Use ofinsider informationby a hacker • Use ofsensitive andconfidential databy a hacker for fraudulent • purposes (see 4.2.1.7) Infringementof personaldataprotectionregulations •

04

Fraud 4.2.1.7

MODERATE Risk that Eurazeo falls victimto fraud (usuallyembezzlement), particularly for paymentsmadeas partof closingand/ordistribution operations. Duringtransaction closing operations or funddistributions, payment orders are given for sums sometimes totaling several hundred million euros, which are transferred to third-party bank accounts. These transactions expose Eurazeo to a greaterisk ofembezzlementby fraudsters.Criminal organizations have developed increasinglysophisticated fraud techniques which can include id ntitytheft,strategicintelligence andcyber-attacks. To mitigatethisrisk,Eurazeohas establisheda strictinternalcontrolframework for payment processes, andregularly raisesemployee awareness regardingfraud. Alongside this,the cyberrisk prevention system developed by Eurazeo (see 4.2.1.5) aimsto securedata linked to sensitive transactions andpayments. Finally, Eurazeo has also taken out cyberandfraud insurance policies. Potentialeffects Losses linked to embezzlement • Impact on reputationwith regard tobanks, insurers, investment • partners andother stakeholders Examples of risk mitigation measures Cyberrisk prevention system •

Internal controls governing payment • Insurance policies: Cyber, Fraud • Risk awareness/training •

/ EURAZEO

119

2019 UNIVERSAL REGISTRATION DOCUMENT