Euronext // 2021 Universal Registration Document

Risk management & Control Structure 2 Risk Factors

REGULATORY EVOLUTION AND ENHANCED REGULATORY SCRUTINY RISK

Risk Identification and Description

Potential Impact on the Group

Euronext’s business is subject to extensive regulation and supervision at both the European level and national levels in the jurisdictions in which the Group has operations: Belgium, Denmark, France, Ireland, Italy, the Netherlands, Norway, Portugal and the United Kingdom. In addition, the Company has a presence in the United States and Singapore. Regulatory changes may impact the operating environment of Euronext exposing the Group to risks associated with the management of implementing and maintaining compliance with new regulatory requirements. As the Group expands, so has the scope of regulatory requirements to which it is subject and the breath of relevant relationships it must maintain. The factor is an important element in limiting the ability of the Group and its entities to provide certain current or planned services, or to build an efficient, competitive organisation. For example, the Group must obtain regulatory approval to implement significant changes to the operations of the regulated markets, and any material changes to operations and models of its CCP. Failure to obtain the required approvals may prevent the Group from achieving its strategic objectives. Furthermore, regulatory approvals may need to come frommultiple bodies depending on the scope of the projects. Current major cross-organisation projects are the Core Data Centre migration, Borsa Italiana markets migration to Optiq® and the European expansion of Euronext Clearing. With regards to the MiFID II framework, the proposed amendments to MiFIR and MiFID II presented by the European Commission in November 2021 include a number of risks for the Group. Market data business revenues face a risk linked the introduction of a real-time post-trade consolidated tape in the short term, and potentially a pre- and post-trade consolidated tape in the medium term. In addition, while the EU Commission proposes removing Exchange Traded Derivatives (“ETDs”) from the scope of the legislation, there is still a potential risk that Open Access provisions for this asset class remains. The MiFIR proposal is now subject to negotiations by the EU institutions. With regards to CSD-R framework, the Q1 2022 proposal will potentially address access commercial bank money settlement and issuer services passports however the risk that the Group CSDs will need to adapt, requiring resources depending on the extent of the proposal. The entry into force of the new European framework for CCP Recovery and Resolution, compels CCPs to comply with new and enhanced recovery standards and requirements. Further the new regulation awards the competent supervisory and resolution authorities with broad powers, both in the recovery as well as in the resolution phase. The framework will be implemented in 2022 by ESMA, via draft RTS and Guidelines proposal. Beyond market infrastructure regulation, the Group is subject to increased regulation in the areas of IT and cybersecurity, outsourcing and fintech with several legislative proposals currently being negotiated at the EU level. Well designed legislation in respect of IT, cyber security and outsourcing can be expected to assist the Group in its operations on a cross-boarder basis, particularly harmonisation in various reporting obligations is delivered. New legislation as part of the digital finance package will be implemented in the short term, notably DORA (Digital Operational Resilience Act) and a pan- European Pilot Regime to facilitate the emergence of DLT technology. In the medium term the pan-European Pilot Regime will be complemented by a piece of markets legislation covering the trading of crypto assets. If emerging technology and Fintech competitors are able to obtain regulatory approval for similar products or services faster than established companies such as Euronext, or with lower regulatory burdens than regulated entities, the Group’s competitive position could be weakened.

Decisions by Euronext’s regulators to impose measures may impact the competitive situation and possible strategy of the Group. Adherence to new and evolving regulatory regimes implies increase compliance and associated costs of the Group, for instance by requiring the businesses of the Group to devote substantial time and cost to the implementation of new rules and related changes in their operations. It may also impact the ability to outsource certain activities and/or place financial and corporate governance restrictions on the Group and its group entities. As the Group grows its product base and the jurisdictions in which it operates, regulatory oversight of the Group’s activities by additional regulatory bodies potentially increases regulatory constraints or increases compliance requirements. The changes may affect Euronext’s activity and/ or revenue if designed adversely, or could materially increase the costs of, and restrictions associated with, its activities. Any delay or denials by regulatory authorities of approval requested by Euronext required to implement its strategic initiatives, or to pursue business opportunities could have a significant impact on Euronext’s competitive positioning and growth. The debate and changes to the structure of the market data business including both reasonable commercial basis provisions and the creation of a consolidated tape may negatively impact market data business revenues in the short- to medium term. With respect to Open Access, it will allow a venue competing products, which may negatively impact group revenue. The digital finance package will provide more room for Euronext to innovate on DLT use and crypto assets, but also potentially create room for more competition in our core business. In the short term (-5 years), estimated impact, due to the asset perimeter of the digital finance package as it stands, is expected to be limited. Yet in the longer term, the more flexible provisions of the digital finance may be extended to a broader asset perimeter, and hence enable new competition on Euronext’s core activities. Implementation and compliance with DORA may create additional burden to the Group. If competitors (including those in third party jurisdictions) are able to obtain regulatory approval for similar products (including new digital products) or services faster than established companies such as Euronext, or with lower regulatory burdens than regulated entities, the Group’s competitive position may be weakened. The CSD-R review requires close monitoring to avoid unexpected alterations of the current framework hampering the deployment for new post-trade projects and services. The implementation process of the CCP Recovery and Resolution framework performed by ESMA, requires close monitoring to ensure the timely compliance to new requirements and address any potential suboptimal policy choices.

54

2021 UNIVERSAL REGISTRATION DOCUMENT