QUADIENT - 2020 Universal Registration Document

4 RISK FACTORS AND INTERNAL CONTROL Risk factors

LEGAL RISKS

Risks

Risk management system

Low risks New regulations

Quadient operates in several regions and in different activities. Some activities are under special regulations. This is the case for Mail-Related Solutions and postal regulations. Other activities are also under specific regulations such as intellectual property and data privacy.

The Group legal counsel department and its local delegates follow the evolution of regulations. Group projets are launched to adapt the Group’s processes to new regulations such as Sapin II law and GDPR (a). As of today, the Group is not aware of any governmental, legal or arbitral proceedings likely to have a material impact, or which had over the past 12 months a material impact on the Group’s financial position or profits.

(a)

General Data Protection Regulation.

TECHNOLOGICAL RISKS

Risks

Risk management system

High risks Information system and cyber criminality

Quadient past decentralized organization and growth by acquisitions lead to great diversity in terms of information systems. Harmonization of IT infrastructures, and applications is part of the "Back to Growth" strategy.

A Chief Digital Officer was appointed in 2019. His responsibility is to align operational processes and IT within the Group. All IT teams report to him. This new team aims to focus on operational processes, cooperate with the management team in order to enforce "Back to Growth" strategy. IT security in terms of infrastructure and application is a key topic. A new Quaterly Information Security board and a new global Incident management Process have been established in 2020. The Group's global Information Security Policy has been updated and many communications to employees have been done in order to promote best practises and to avoid cyber attack.

92

UNIVERSAL REGISTRATION DOCUMENT 2020