31 Life Is On | Schneider Electric www.se.com Integrated report Strategic Report Our Enterprise Risk Management Schneider Electric places a significant importance on resilience within the values and principles which guide its actions, as a key element for sustainable growth which is part of the Group’s Sustainability value. An Enterprise Risk Management based on the three lines of defense model Schneider Electric uses a hybrid risk management model with central functions and experts in charge of setting risk management mechanisms, establishing policies, and other activities, while the ownership of the risks belongs to the Business Units and Operating Divisions who are responsible for deploying the central framework to manage their risks. Board of Directors and Audit & Risks Committee Accountable to stakeholders for organizational oversight Management Actions (including managing risk) to achieve organizational objectives Internal Audit Independent assurance Governing body roles: Integrity, leadership and transparency 1 st line roles: Business and risk owner, provide products/ services to customers and manage risk 3 rd line roles: Advice on the adequacy and effectiveness of governance and risk management • Divisions, Business Units • Zones, Clusters, Countries • Global Internal Audit • Cyber Security • Compliance • Quality • ... 2 nd line roles: Global Functions Leaders and Experts, oversee risks, set guardrails (policies, process, control), advise and monitor 1 st line Alignment, communication, coordination, collaboration Delegation, direction, resources oversight Accountability, reporting Key Risks The key risks selected and presented below are the risks considered by the Group as the one specific to its business and identified as having the potential to affect its activity (1) . In each category, risks are assessed in terms of potential impact for the Group, the first one being the most likely to affect the Group. (1) However, the Group may be exposed to other non-specific risks, or risks of which it may not be aware, or risks of which it may be underestimating the potential consequences, or other risks that may not have been considered by the Group as being likely to have a material adverse impact on the Group, its business, financial condition, reputation or outlook. Categories and Risks Potential net impact 1 Event triggered risks 1.1 Risk of cybersecurity on the Schneider Electric infrastructure and its digital ecosystem 1.2 Export controls 1.3 Strengthening of chemical and resource-related regulations in the Electric and Electronic Equipment space 1.4 Corruption linked to B2B and project business 1.5 Human rights, environmental, and safety issues through the value chain 1.6 Schneider Electric connected products used as a gateway to attack Group’s customers and partners 1.7 Product quality 1.8 Competition laws 1.9 Counterparty risk 1.10 Currency exchange risk 2 Trend driven risks 2.1 World deglobalization and fragmentation 2.2 New players such as digital giants, software players, and energy majors entering the energy efficiency and renewable energy space 2.3 Supply chain resilience 2.4 Digital evolution and software offers 2.5 Attracting and developing talent with a focus on critical skills 3 Management practice risks 3 .1 IT systems management 3.2 Pricing strategy Key to symbols High impact Medium impact Low impact