Universal Registration Document 2024

4 SUSTAINABILITY REPORT GOVERNANCE MATTERS

4.4.2 ETHICS AND COMPLIANCE MATTERS

Reference Section 4.4.2 Sustainability matter ETHICS

AND COMPLIANCE

IRO

Financial and reputational risks, loss of employee commitment, loss of appeal to stakeholders

Explanation of what is at stake for ADP

Disseminate an Ethics and Compliance programme and promote a culture aimed at: u Detecting and preventing risks in terms of ethics (Sapin II Law), personal data protection (GDPR and equivalents outside the EU), or duty of vigilance (Potier law – environment, Human Rights or health and safety of individuals); u Putting an end to breaches/violations in terms of ethics and compliance; u Protecting staff, managers and Group companies (legal entities) from prosecution and related penalties; u Preserving the Group's reputation, trust and attractiveness to its current and future stakeholders (employees, customers, investors, partners, suppliers, subcontractors, etc.); u Facilitating, collecting and processing whistleblower reports while respecting confidentiality and protecting against reprisals (Sapin II, Potier and Waserman laws); u Promoting a continuous improvement approach to ethics, compliance and duty of vigilance risk management. u Code of ethical conduct and compliance (binding on all Group employees) supplemented by various procedures: gifts and invitations, conflicts of interest, sponsorship, third-party assessments, international sanctions and subsidies, ethics in the HR process, etc.; u Human Rights policy; u Data Protection Policy, its application charter (GDPR compliance management platform) and the data protection impact assessment methodology; u Whistleblowing report handling charter and investigator's guide. u A network of 26 Ethics and Compliance Officers and 20 relays in the parent company's support departments; u Third-party assessment process and pre-acquisition audits (compliance, Human Rights including data protection, cybersecurity, environment) leading to action plans and, if necessary, further post-acquisition audit; u Whistleblowing system accessible on the intranet and website; dedicated, trained and independent team of in-house investigators; u Vigilance Plan and roadmap; u Ethics and compliance controls integrated into the internal control system and identification of E&C controls in the Administrative, Accounting and Financial Manual; u Matrix of the three levels of control; u Ethics and compliance clauses and Supplier CSR Charter; u Action plan and scorecard by consolidated entity; u Group communication, awareness-raising and training plan; u Ethics Committee to deal with emerging issues (artificial intelligence, etc.); u Annual Ethics Climate Barometer; u Membership of associations to challenge and share best practice: Global compact, CEA, EDH, RHSF, IFACI, EpE, AFCDP. Group – all consolidated companies Groupe ADP's Ethics and Compliance (E&C) programme deployed: u Commitment from managers (video, inclusion in governing bodies, letters of commitment, etc.); u Risk mapping (corruption/influence peddling, fraud, Human Rights);

Scope* Policy

Actions

Metrics

Number of third parties assessed Number and type of reports Level of awareness of and confidence in the whistleblowing system Training rate (general module, exposed staff/key functions) Number of incidents of corruption

* The consolidated scope is as described in DR BP-1.

Human Rights and the protection of personal data are ethics and compliance issues also covered by Groupe ADP Compliance Plan.

494

AÉROPORTS DE PARIS w UNIVERSAL REGISTRATION DOCUMENT 2024