LEGRAND_REGISTRATION_DOCUMENT_2017

03

INTERNAL CONTROL AND RISK MANAGEMENT Risk factors and control mechanisms in place

R 3.6.3.3 EMPLOYMENT PRACTICES With commercial and industrial sites in nearly 90 countries, more than 37,000 employees worldwide, and countless subcontractors and suppliers, Legrand could face situations in which the Group’s guidelines on working conditions and respect for human rights are not respected, for employees of the Group and/or for its subcontractors. In addition to the ethical concerns this raises, the regulations are also changing, for example with Law no. 2017-399 of March 27, 2017 on the duty of care of parent companies and principal contractors. This law makes it compulsory to have a vigilance plan to identify risks and prevent violations of human rights and fundamental freedoms, or threats to health and safety and the environment. Failure to comply with this obligation could lead to penalties on the Company and corporate civil liability may be incurred. Moreover, apart from the financial and legal risk, non-compliance with these principles could have a major impact on the Group’s image with its stakeholders. The Group is already set up to prevent and limit these risks, since “Respecting human rights” and “Guaranteeing occupational health and safety” are two of the issues covered by the CSR roadmap 2014-2018 (please refer to sections 4.4.1 and 4.4.2, respectively). The Group’s response as part of the vigilance plan is described in section 4.3.2 “Ensuring responsible purchasing”. Detailed information on the systems and governance in place can also be found in these sections. R 3.6.3.4 DATA PRIVACY The Internet of Things (IoT) is leading to an increase in the volume of personal data to be processed. Such data could be used for fraudulent purposes or misappropriated, infringing users’ privacy and security. Given that there is a close link between practical value, security and respect for users’ privacy, any leak, theft or loss of data could have a major impact on user confidence in Legrand’s products, and thus on the Group’s sales. The Group could also be sued for damages. Finally, with the entry into force of the EU General Data Protection Regulation (GDPR), scheduled for May 2018, the Group’s obligations regarding data processing and protection will increase, and it could be fined for failing to meet those obligations.

To address this risk and fulfill its regulatory obligations, the Group has established a program involving a dedicated team, specific governance and several working groups. Detailed information can be found in section 4.2.2.3 of this Registration Document. R 3.6.3.5 ENVIRONMENTAL PROTECTION AND CLIMATE CHANGE The main industrial processes that take place on Legrand’s sites focus on the injection and molding of plastic components, the stamping of metal parts and the assembly of plastic, metal and electronic components, as well as the painting or surface treatment of components, on a less frequent basis. These activities may have an impact on the environment, even if this impact is, by nature, limited. Because of these activities, certain of Legrand’s sites are, like those of similar companies, subject to obtaining permits and authorizations and to extensive and increasingly stringent environmental laws and regulations regarding, in particular: emissions, asbestos, noise, health and safety, the treatment of hazardous substances or preparations, methods of waste disposal, and remedial measures to deal with any potential environmental contamination. If Legrand were to fail to comply with relevant regulations, the authorities could suspend Legrand’s operations and/or may not renew the permits or authorizations it requires to conduct its business. Moreover, Legrand may be required to pay potentially significant fines or damages as a result of past, present or future violations of environmental laws and regulations, even if these violations occurred prior to the acquisition of companies or lines of business by Legrand. The courts and regulatory authorities, or third parties, could also oblige or seek to oblige Legrand to undertake investigations and/or implement remedial measures concerning current or historic contamination of operational or former facilities or to install waste treatment facilities off site. Any of these actions could harm the Group’s reputation and adversely affect its business, results and financial position. Legrand has designed and developed an environmental risk prevention and measurement policy. This policy includes regulatory monitoring supported by a network of environmental correspondents appointed at each Group industrial site who liaise with their equivalent departments in the SBUs and with Group’s headquarters. Concerning the Group’s operational activities, Legrand has rolled out an environmental risk identification policy (“Material Environmental Aspects”). In 2015, the Group also committed to obtaining ISO 50001 certification for multiple sites. At the end of 2017, 92% of industrial and logistics sites consolidated within the

54

REGISTRATION DOCUMENT 2017 - LEGRAND