EDF_REGISTRATION_DOCUMENT_2017

ENVIRONMENTAL AND SOCIETAL INFORMATION − HUMAN RESOURCES Offer sustainable, safe and efficient energy

Hydropower safety 3.2.4.2 EDF operates 433 hydropower plants and manages the reservoirs of 239 large dams in France. The average age of the French hydropower fleet is 72 years. Hydropower safety aims to control risks of the structures rupturing, risks associated with managing structures during flood periods, as well as risks associated with water flow and water level variations during operation. Like the nuclear safety policy, the hydropower safety policy aims for a high level of safety and continuous improvement. See section 1.4.1.5.1.2 “Hydropower safety”.

The Security of Assets against Malicious Acts policy defines the principles, rules and organisation aimed at detecting threats, preventing the risk of malicious acts likely to harm the Group’s assets and limit their consequences. This policy is based on a global approach that aims not only to protect people, the material assets of the Group but also, and with growing priority, its intangible assets. In line with the focus on accountability closer to the ground, each entity of the Group deploys this policy relying on the Security and Economic Intelligence Department, which is responsible for defining reporting guidelines, establishing the “Security” sector and ensuring that the plans put in place are effective and shared. A data management policy completes the system in a spirit of value creation; more focused on the opening and valuation of data; it aims to promote sharing, transversality, and reconciliation of data to produce new knowledge. A 2017 instruction specifies the framework of the requirements applicable to the processing of personal data, the device applicable to meet these requirements, the procedures for monitoring compliance with these requirements, as well as the modalities for running the Group’s subsidiaries. CONTINUITY In 2017, the average outage time, excluding exceptional events, complies with the goal of incentive regulation. Guaranteeing the quality and continuity of the electricity supply is one of the essential duties of Enedis (1) . Supply quality is assessed firstly in relation to the continuity of the routing service, whose incentive regulations were made stricter during the inauguration of TURPE 5. In addition to the average outage time per LV customer, these include introduction of regulation for HVA customer outages and monitoring of average frequency of HVA and LV outages. Enedis addresses these new challenges by increasing the targeting of its investment actions on higher-risk structures, using a Big Data-type statistical approach, while reinforcing its automation program (installation of 12,000 new remote control points over five years). (See section 1.4.4.2 “Distribution – Enedis”). STRATEGIC SUPPLIES The materiality matrix identifies the management and security of strategic supplies among the most material priorities (materiality issue no. 6 Management and security of strategic supplies). This refers to the priorities relating to the risk of EDF’s dependence on its strategic supplies, as well as to the management of risks associated with raw material price fluctuations. For this priority, see section 2.1 “Risks to which the Group is exposed”. QUALITY OF SERVICE AND SUPPLY 3.2.6 MANAGEMENT AND SECURITY OF 3.2.7

3.2.5

SECURITY OF CONNECTED INFRASTRUCTURE (INCLUDING RESPONSIBLE DATA)

3.

Information is an asset that has an essential value for the EDF group, especially in its digital form in our information systems. These must be fully protected and thus contribute to data confidentiality and integrity, continuity of business processes, and compliance with existing laws and regulations. The digital transformation of the Company and its new uses (collaboration, mobility, Cloud, Big Data, Internet of Things, etc.) are both a source of opportunities and risks in the security of information systems. A failure of the information systems, whether of malicious or accidental origin, that results in unavailability, leaks, theft, destruction or alteration of certain information and business processes can be highly damaging for the EDF group: deterioration of image, financial losses, competitive loss, civil and criminal penalties, damage to production tools. In 2017, the Group redefined three additional policies: an “Information Systems Security” policy, a “Security of Assets against Malicious Acts” policy and a “Data Management” policy. The Information Systems Security policy was redefined in 2017 to ensure the protection of information systems, which are essential for the management of the Company’s assets, while enabling businesses to open up and seize opportunities related to Digital technology. Thus, by permitting operation as an “extended enterprise”, this policy plays a crucial role in the success of the Group’s industrial projects. This policy specifies the requirements, responsibilities and security standards necessary to effectively protect the Group’s Information Systems. The management of each EDF group entity is responsible for ensuring the deployment of this policy in its organisation, with resources adapted to the challenges and risks of its business lines. The EDF group’s Director of Information Systems, assisted by its Information Systems Security Officer, and in conjunction with the Business Line Information Systems Directors and Entity Representatives, supports the entities in implementing the policies. It reports on the security status of EDF’s group’s information systems to IS security risk sponsors within the COMEX framework.

Enedis is a fully independent subsidiary. (1)

165

EDF I Reference Document 2017