257 Life Is On | Schneider Electric www.se.com Chapter 3 – How we manage risk at Schneider Electric Strategic Report 3. A global whistleblowing system, available to employees and external stakeholders, is also managed to combat this risk. In 2021, 585 employee and 70 external stakeholder alerts have been received and managed through follow-up inquiries. In addition, the Group Ethics Charter, the Principles of Responsibility, was updated in September 2021 and renamed the Trust Charter, acting as the new Group Code of Conduct, reinforcing guidance regarding anti-corruption commitments. Beyond the recent updates of the Business Agents Policy (August 2019) and of the Anti-Corruption Policy (November 2019), the new Conflict of Interest Policy was deployed in 2021 and two further policies were finalized at the end of 2021, for deployment early 2022: the updated Gift & Hospitality Policy and the new Philanthropy Policy. Furthermore, a Group-wide Ethics & Compliance risk assessment was carried-out in the second half of 2021, which led to regional and Group level risk maps on corruption matters. Action plans related to global and regional corruption risks were deployed in 2021, and internal controls and internal audit missions were reinforced on compliance risks with several audits performed. 98% of employees exposed to corruption risks have been trained thanks to the yearly mandatory Anti-corruption e-learning. The content of this e-learning is updated each year. A new project to screen the Group’s third parties on anti-corruption matters has been initiated in 2021, with a gradual geographic deployment in waves planned until end 2022; the first wave of screening has been carried-out in Q4 2021. A system built-in segregation of duties control is in place in the Group’s main ERPs. All compliance-related aspects are part of the due diligence undertaken by the Group for mergers and acquisitions, in line with the specific M&A Compliance framework put in place in February 2020. 1.5 Human rights, environmental, and safety issues through the value chain Risk description The exposure of the Group to human rights risks has been increasing for several years, due to the expansion of the Group’s activities in countries with lesser regulatory framework regarding human rights. Specifically, Schneider Electric’s procurement volume represents more than EUR 12 billion with more than 52,000 suppliers. As part of the Duty of Vigilance program in the supply chain, Schneider Electric has performed a risk analysis through its network of suppliers and identified potential risks in the following areas: • Human rights • Environment • Ethical business conduct • Cybersecurity and data privacy The occurrence of these risks with third parties may result in the following impacts on Schneider Electric: Reputation Schneider Electric’s image may be negatively impacted by third parties who: • Do not respect human rights or safety rules for their workers; • Are responsible for pollution and damage to the environment; • Are conducting business in a non-compliant or illegal manner. Disruption of supply chain It may occur due to: • Short-term termination of relations with a supplier; • Events resulting from a lack of safety or insufficient protective measures (e.g., fire prevention) that may affect the supply of components; • Damage to data exchanged with suppliers or digital systems (e.g., virus, malware). Legal Over the past two years, laws regarding human rights protection, such as modern slavery matters in Australia, or the European Union’s new framework on restrictive measures against serious human rights violations and abuses, have increased. Higher coverage of fines imposed on companies, and new regulations requiring a strong compliance program have significantly changed the impact of human rights violations risks. Schneider Electric expects that the exposure will continue to grow, in reference to the current drafting of a Duty of Vigilance directive at European level, as well as the European Action Plan on Human Rights and Democracy 2020-2024, which sets out ambitions and priorities for the next five years in this field. In addition, the current discussions on human rights due diligence framework at United Nations level, supported by the Global Compact that Schneider Electric is part of, will certainly increase the pressure on the private sector to tackle human rights challenges in the supply chain. 2021 Specific events The competent court regarding Duty of Vigilance cases was determined on October 21, 2021 by the joint commission in France (commission composed of seven deputies and seven senators). The judicial court will have jurisdiction over such cases, which is composed of dedicated professional lawyers. Regarding the cases related to non-compliance with the Duty of Vigilance, there has been no update on the substance of the cases, the question of jurisdiction competency being pending. In 2021, a group of associations and NGOs filed a complaint in France against four companies in the textile sector (excluding Schneider Electric) regarding their potential involvement, via suppliers/subcontractors, in human rights violations in China.