www.se.com Schneider Electric 8 2021 Trust Report 2.2.4 Third-parties compliance Third-party relationship management programs are complex as each third party presents multiple risks and different oversight functions need to be consulted to perform individual risk assessments. For example, business agents can be used for many legitimate purposes, such as to perform tasks that Schneider Electric cannot perform as efficiently; however, experience has shown that using them can be very risky in terms of exposure to bribery or corruption. Schneider Electric Business Agent Policy sets out the rules under which we will determine whether there is a legitimate business purpose before engaging. We also need to ensure that we conduct an effective and efficient due diligence review to ultimately make the most informed decision and mitigate any risks to the best possible extent. We have adopted a risk-based approach to our due diligence enabling our teams to dedicate the most significant part of their time and energy to situations that represent the most risk exposure. Hence, we have various due diligence policies and processes depending on the type of third party subject to the due diligence. Business agents cover all third parties retained entirely or in part to assist Schneider Electric, directly or indirectly, in its business operations, including to obtain a sales order, contract award, permits, licenses, or other business advantage for Schneider Electric. They are subject to a due diligence and approval process, which was centralized with the Business Agent Policy in 2019 with digitization beginning in 2020. Several documents and information are gathered and sent to the Group Compliance team who will perform the due diligence and manage the approval process by analyzing risks of corruption, sanctions, and unethical practices. At the first level of assessment, the business agent could be approved based on the level of risk, or additional checks could be carried out if necessary. The Group Compliance team can request to also review and validate payments to a business agent based on this assessment. Our robust network of suppliers is the foundation of our supply chain, and we extend the same level of ethical control to them as we do to ourselves. Since 2021, the Group Compliance team has been working to further strengthen the controls carried out as well as understanding our risks when doing business with Schneider Electric customers in close collaboration with both digital and export control teams. M&A operations represent specific risks regarding ethics and compliance, specifically corruption and export control risks. With the support of the Group Ethics & Compliance Committee, a specific process and guidelines were put in place in 2020 to ensure full compliance of M&A operations with anti-corruption and export control regulations: this process was built by the Group Compliance Director, the Global Export Control Director, and the M&A team, ensuring a methodology that fit with M&A processes and ways of working. In 2021, this process was extended to the management of Human Rights risk. 2.2.5 Specific accounting controls Schneider Electric has developed accounting control procedures to ensure that books, records, and accounts are not used to hide fraud. Since June 2021, work has been initiated to strengthen specific anti-corruption controls for a defined set of sensitive- judged accounts and transactions. Seven steps to securing long-term value creation in acquisitions 1 4 6 7 2 3 5 Screening Business + Corp. Strategy Day 1 Gate PMI + Integration Team Due Diligence M&A, Functions, Consultants NBO Non-Binding offer Signing Definitive Agreements Timing depends on conditions precedents (such as clearance with Anti-trust Authorities) PMI = Post-Merger Integration Team Closing Funds & Shares Transfer Year 1 Gate PMI + Business Team Integration Wrap up PMI + Business Team Monitoring starts Strategic objectives, performance & synergies 100 Days Gate PMI + Integration Team Post Year 1 Gate PMI + Business Team