157 Life Is On | Schneider Electric www.se.com 2021 Sustainable Development Report SSE #12: Deploy a ‘Social Excellence’ program through multiple tiers of suppliers This indicator has not yet been deployed by Schneider Electric. SSE #13: 100% of employees trained every year on Cybersecurity and Ethics As per to our Ethics & Compliance and Cybersecurity programs, training of employees on ethics, corruption risks (for eligible employees) and cybersecurity is mandatory. To do so, Schneider Electric launched 3 new trainings as part of the Global Schneider Essentials training campaign reconducted every year with new content: • Since 2018: Training on the Principles of Responsibility (PoR document replaced in September 2021 by Trust Charter Schneider’s Electric Code of Conduct) and Anticorruption. • Since 2020: Training on Cybersecurity. The scope of this KPI is all employees registered in TalentLink (legal entities integrated in Talent Link, Core HR data system) as of November 15: • Principle of Responsibility and Cybersecurity e-learnings: all active employees with Open Ended Contracts (OEC) (exception: Chinese and Bulgarian Fix Term Contracts – FTC – are included), present in the Group on December 31st and hired before December 1st • Anticorruption e-learning : exposed employees identified based on the job description (Schneider Electric System of Reference – description of functions), active, with connectivity type online-corporate credentials, with OEC (exception: Chinese and Bulgarian FTC) present in the Group on December 31st and hired before December 1st This KPI is calculated as followed: the number of employees who completed all required e-learnings assigned based on defined criteria (2 or 3) divided by the number of employees x 100. This indicator was audited by Ernst & Young. SSE #14: 0.38 or below Medical Incident rate Safety is one of the 5 pillars of Schneider Trust Charter, which emphasizes the importance Schneider Electric is placing on its employees, customers, and contractors. Schneider works with many VIP global customers, and they demand the highest standards of Health & Safety management and performance before they engage and continue to do business with Schneider Electric. Moreover, at Schneider Electric our mission is to protect Occupational Health and Safety of employees, customers, contractors, and visitors to our locations. The Group also strives to provide employees safe, pleasant, and efficient workplaces for enhanced wellbeing and effectiveness. As such, we aim to reduce the Medical Incident Rate (MIR) to 0.38 by 2025. The MIR is the number of work incidents requiring medical treatment per million hours worked (i.e. average hours of 500 employees working for one calendar year). Work related injuries and occupational illnesses requiring medical treatment are included. Work incidents may or may not have resulted in time off work. All work-related incidents reported on Schneider Electric sites are counted (including therefore incidents affecting Schneider employees and other employees working under the supervision of Schneider, i.e. temporary workers). All Schneider sites within scope are considered. Medical incidents do not include: visits to a physician or other licensed healthcare professional solely for observation or counselling; the conduct of diagnostic procedures, such as x-rays and blood tests, including the administration of prescription medications used solely for diagnostic purposes (e.g. eye drops to dilate pupils); or first aid. This indicator was audited by Ernst & Young. SSE #15: Reduce by 50% scrap from safety units recalled Schneider Electric’s priority is to delight its customers with an outstanding end-to-end experience. The Group strives to ensure our products’ reliability, safety and cybersecurity to secure customers’ business continuity and protect their people, assets and data. Quality is every customer’s right and every employee’s responsibility. By rationale, with an enhanced emphasis on quality, Schneider products henceforth should have minimal recall. In addition, safety in using Schneider products is of utmost priority and therefore we set this target with the mindset to ensure that our products remain safe for use for our customers. In the unfortunate event of a recall, the Group aims to encourage a circular economy by reusing any parts from the recalled product as possible instead of scrapping it. This KPI is based on all Problem (PRB) opened with Go decision from the Offer Safety Alert Committee (OSAC). Target of weight of scrap need to be included in the OSAC presentation and decision. The used definition of ‘recall’ is a product recalled from Customer sites to Schneider’s premises. Products remediated at customer’s site without physical recall to SE’s premises is excluded. The scope of this KPI includes all physical products sold by Schneider. Software are by definition excluded. Also, safety recalls bound by Non-Disclosure Agreement is excluded. The weight of scrapped materials (in kilograms) is estimated by multiplying the number of physical products scrapped following a safety recall multiplied by the weight of product. The % reduction is calculated by comparing the weight of scrapped materials in the reporting year to that of the baseline (4,202 kilograms in 2020). This indicator was audited by Ernst & Young. SSE #16: In the Top 25% in external ratings for Cybersecurity performance Schneider Electric is continuously and consistently monitoring the security of its digital footprint with the support of cyber scoring agencies and this discipline is applied across the extended ecosystem* (e.g. integrated and non-integrated entities). Our primary scoring agency is BitSight which rates company security maturity between 300 to 820. This rating is calculated in real time with a proprietary algorithm that examines two classes of externally observable data: • configuration information, which represents how diligent a company is in implementing best practices to mitigate risk. • observed security events, which are evidences of cyber events like system compromises or data breaches etc. Security incidents or identified vulnerabilities can negatively impact the company’s rating. They are addressed in a timely manner and the Group strives to maintain the score above 800. *Bitsight scores for non-integrated entities (e.g. Aveva) are not included and are monitored separately. This indicator was audited by Ernst & Young.