www.se.com Schneider Electric Universal Registration Document 2021 254 Chapter 3 – How we manage risk at Schneider Electric 3.4 Key risks Principal risks The Group risk inventory is organized in three categories and includes 17 key risks identified. The key risks selected and presented below are the risks considered by the Group as specific to its business and identified as having the potential to affect its activity, its image, its financial situation, its results, or the achievement of its objectives. However, the Group may be exposed to other non-specific risks, or risks of which it may not be aware, or risks of which it may be underestimating the potential consequences, or other risks that may not have been considered by the Group as being likely to have a material adverse impact on the Group, its business, financial condition, reputation or outlook. In each category, risks are assessed in terms of potential impact for the Group according to 3 levels (red, yellow, green), the first one being the most likely to affect the Group. The assessment is the result of the process performed as part of the overall risk management mechanism described in “Risk identification and management”, section 3.3.4 on page 252. The impact considered for the assessment is the potential net impact which corresponds to the potential gross impact (financial/human/legal/reputation), after having taken in consideration the current mitigation measures, as well as the probability of occurrence of this risk. The assessment by Schneider Electric of this level of materiality may be changed at any time, in particular should new facts, whether external or specific to the Group, come to light. Categories and Risks Potential net impact Page 1 Event triggered risks 1.1 Risk of cybersecurity on the Schneider Electric infrastructure and its digital ecosystem 255 1.2 Export controls 255 1.3 Strengthening of chemical and resource-related regulations in the Electric and Electronic Equipment space 256 1.4 Corruption linked to B2B and project business 256 1.5 Human rights, environmental, and safety issues through the value chain 257 1.6 Schneider Electric connected products used as a gateway to attack Group’s customers and partners 258 1.7 Product quality 259 1.8 Competition laws 259 1.9 Counterparty risk 260 1.10 Currency exchange risk 260 2 Trend driven risks 2.1 World deglobalization and fragmentation 261 2.2 New players such as digital giants, software players, and energy majors entering the energy efficiency and renewable energy space 261 2.3 Supply chain resilience 262 2.4 Digital evolution and software offers 262 2.5 Attracting and developing talent with a focus on critical skills 262 3 Management practice risks 3 .1 IT systems management 263 3.2 Pricing strategy 264 Key to symbols High impact Medium impact Low impact