www.se.com Schneider Electric Universal Registration Document 2021 264 Chapter 3 – How we manage risk at Schneider Electric 3. Management practice risks 3.1 IT systems management (continued) Risk monitoring and management The Group regularly examines alternative solutions to protect against those risks, performs regular compliance checks on service provider service level agreements, performs system monitoring, and has developed contingency plans and incident response capabilities to mitigate the effects of any information system failure. The Group undergoes constant evolution and planning pertaining to its information systems, which encompasses but is not limited to: • ERP transformation and the evolution of the Group’s financial systems to prepare for digital offers; • Elimination of legacy IT applications and associated hardware to simplify the landscape and mitigate risks linked to obsolescence; • Build and operate regional co-location hubs for high availability in an effort to ensure the sustainability of the IT landscape with ongoing focus on business continuity and disaster recovery planning for hardware and software. All new applications are subject to certification testing, attempting to remove system vulnerabilities. These systems are housed either in data centers (either managed by the Group internally or by service providers), in co-locations hubs, or are cloud-based applications. In 2021, the Group continued to reduce legacy IT applications through a dedicated “Technical Debt Reduction” program. 3.2 Pricing strategy Risk description Not only has raw material and foreign exchange rate fluctuation impacted our cost base significantly, but it has also resulted in a sharp increase in freight rates and a shortage of components worldwide. Such fluctuations, if not offset by tactical pricing decisions in compliance with national and international laws, can negatively impact the Group’s profitability. The Group was able to overcome these cost impacts by reacting adequately over the cycle. In addition, our strategic pricing program contributed a substantial amount. Risk monitoring and management To anticipate negative impact on profitability, the Group has reinforced its comprehensive global pricing program with robust compliance, commercial policy, pricing, and quotation tools. 2021 Specific events – COVID-19 In the continuity of 2020, the COVID-19 pandemic has accentuated and accelerated this regionalization trend. The multiple waves of the pandemic have impacted the different global regions in complex ways. In 2021, the Group has seen a few indirect consequences on the supply chain; for example, with the many shortages and shipping delays. This complex new environment is requiring strong resilience. 2022 Specific events – Russia – Ukraine As a consequence of the hostilities, which commenced at the end of February, 2022 between Russia and Ukraine, and the unstable geopolitical situation, the Group has seen several direct and indirect impacts on its employees, stakeholders and business. Continuous risk identification, assessment and mitigation is being performed. It focuses, first, on the humanitarian aspects including the support provided by the Group to the Group employees and their families. Further, it encompasses, in no particular order: the financial and operational impacts resulting from sanctions and counter-sanctions, the cybersecurity increased threats on both the Group assets and its customers’ safety and products, and the potential unavailability or loss of critical suppliers. In 2021, Ukraine represented a revenue of 70M€ and Russia a revenue of about 640M€. It is a total of around 2% of the Group’s global revenues, with no significant impact on the Group’s balance sheet. As of February 2022, and to answer to this fast evolving environment, the Group activated its crisis cells and preparedness plans in order to be in a position to respond effectively to a wide range of scenarios. 3.4 Key risks