Universal Registration Document 2022

EDF R net installed capacity in solar and wind power (in %):

North America 40%

Europe 28%

China, Vietnam and India 12%

South America 11%

Saudi Arabia and United Arab Emirates 5%

Israel 2%

Egypt and Morocco 1%

South Africa 1%

EDF group has operations in Russia in energy services through the Dalkia subsidiary Dalkia Rus and through its Moscow-based office which is in charge of the promotion and development of the Group’s business and new activities in energy transition in Russia. Following the Russia-Ukraine conflict, EDF ceased operations in Russia, taking the decision in March to close its Moscow office, then announcing on 23 May 2022 the sale of Dalkia’s Russian subsidiary (see 3.9.6.1.2 “Main prevention, mitigation and monitoring measures implemented” – “Conflict between Russia and Ukraine”).

Suppliers and subcontractors

The scope of suppliers and subcontractors managed by the Group Purchasing Department represents approximately 11,000 tier-1 suppliers. More than 97% of its purchases are made in France and 99.4% in Europe ⁽¹⁾. Suppliers of certain subsidiaries or suppliers involved in international projects are subject to special vigilance measures. Because the Group’s activities are mainly in the industrial field, EDF exercises upstream vigilance, with regard to any risk of violation of persons’ rights or risk to their health (employees, service providers, local residents, local communities and customers) or risk to the environment prior to making investment decisions, particularly to build, operate, maintain or dismantle facilities.

Scope of the Vigilance Plan

The scope of the Vigilance Plan covers EDF’s activities, the activities of subsidiaries it controls ⁽²⁾, as well as the activities of its suppliers and subcontractors with which the Group has established commercial relations to the extent their activities are related to those relations.

The Organisation of the Group is detailed in section 1.2.1 “Organisation of the Group”.

Dalkia and Framatome subsidiaries with a headcount of over 5,000 employees are integrated in the plan, together with all French and foreign subsidiaries.

RTE and Enedis, respectively the French power transmission and distribution system operators, are independently managed subsidiaries, and therefore publish their own Vigilance Plans.

3.9.4 Methodology regarding Group risk mapping

The process for identifying and prioritising risks used to develop the Vigilance Plan is based on two complementary approaches: Group risk mapping, which includes several risks related to the duty of vigilance, and additional risk mapping, specifically focused on the entities most exposed because of their activity and/or their location.

Under the Group approach described in section 2.1 “Risk management and control of activities”, each Group entity conducts a risk mapping exercise, under the responsibility of management, using a risk typology designed to cover all categories of risk, whether internal or external, operational or strategic, to which the Group is exposed.

It is made up of 5 successive steps: Risk identification, risk assessment, prioritisation, control through the definition of an action plan, managing the action plan which includes monitoring the action plan’s deployment, and measuring its effectiveness.

Risk identification

In order to reasonably ensure that the main risks are being identified, a separate approach for each business process and each asset is combined with a separate approach for each major risk type. In addition, feedback, events, incidents, and near-misses are taken into consideration as a source of risk identification, as well as the results of audits. The identification of risks is the result of a discussion between the main actors: Managers, experts and stakeholders.

Risk assessment and prioritisation

The identified risks are qualitatively prioritised according to:

• their impact, i.e. their potential criticality, assessed using multiple criteria, including the assessment of the impact on the physical or human environment;
• their probability of occurrence, i.e. its degree of likelihood evaluated over a relevant time horizon, estimated on the basis of the history of the activity, feedback, or internal or external expertise;
• their level of risk control, i.e. the efficiency of the actions implemented.

The main purpose of the general risk mapping exercise is to define and implement action plans (prevention, protection, mitigation etc.) to reduce the impact of the risks and/or risk probability.

Group risk governance

The EDF group’s risk map is based on the entities’ risk maps, internal control self- assessments, and cross-analyses of feedback from operational and functional entities.

The Group Risk Management Department identifies and assesses Group-level risks and draws up a Group risk map, which is validated by the Risk Committee chaired by the Group’s Chairman and then presented to the Board of Directors’ Audit Committee.

How Group risk assessment shaped the Vigilance Plan in 2022

Through this approach, the main risks presented in section 2.2 “Risks to which the Group is exposed” have been identified, at the level of the EDF group.

Several of these risks are of strategic importance for the Vigilance Plan:

• ethics or compliance risk (see section 2.2-1D “Ethics or compliance violations”): since 2019, this risk has included a “duty of vigilance” component, implementing a Group action programme and requiring Group entities to report back on their own action in this area;
• adaptation to climate change – physical risks and transition risks (3B): this risk specifically includes a component focused on the impact of the Group’s operations on the climate (see section 3.1.3.2.3 “Climate risk and opportunity scenario analysis”);
• industrial safety violations and impact on environmental assets including biodiversity (4H), with a special focus on nuclear safety (5C) and hydropower safety (4E);
• the risk of managing complex major industrial projects, including EPR projects (4A): this risk includes a component regarding potential impacts of projects on human rights, the environment, health and safety;
• risk operational continuity of supply chains and contractual relationships (4B): this risk specifically includes vigilance-based measures during the contractualisation and contract monitoring stages.