Universal Registration Document 2024

4 SUSTAINABILITY REPORT GOVERNANCE MATTERS

DEPLOYMENT OF THE ETHICS & COMPLIANCE* PROGRAMME IN SUBSIDIARIES

* (Anti-corruption, personal data protection, duty of vigilance and Human Rights).

[G1-ESRS 2 GOV-1-5-(b)] → Disclosure of the expertise of the administrative, management and supervisory

In December 2024, ADP SA opened up all the Ethics and Compliance e-learning modules to its Directors so that they could complete them and ensure that the ethics and compliance culture is properly disseminated within the Group.

bodies on business conduct matters See Directors' skills matrix in section 3.2.2.

The Director of Legal and Insurance, who is a member of the Executive Committee, is present at all meetings and co-leads the Ethics and Compliance Programme with the Director of Ethics and Personal Data.

4.4.2.2. Identification of ethics and compliance risks G1.IRO-1 — Description of the procedures to identify IROs relating to preventing ethics and compliance risks (including corruption) Governance issues were the subject of the materiality assessment described in section 1.4 IRO analysis of this report (see SBM-3 – Summary of the IRO analysis: material impacts and description of the material risks and their interaction with the Group’s strategy, business model and financial position (presentation of the double materiality assessment)). IDENTIFYING ETHICS & COMPLIANCE RISKS: Specific risk mapping is implemented in terms of ethics and compliance. It is based on a Group methodology, with the necessary adjustments to take account of the expectations of external authorities:

Risks relating to corruption (Sapin II law) are identified through specific a mapping process carried out every three years on all entities subject to Sapin II and already present in the Group. For any new entities integrated, the Group carries out a mapping exercise within a year. Corruption risk mapping identifies the scenarios as well as the third parties and populations at risk. Action plans are put in place at the end of each financial year, the latest dating from 2024. They will be formalised in conjunction with the internal control and audit exercises. At the same time, a review of the audit plan is carried out each year to include the issues detected in the corruption risk mapping or via the alerts processed. Fraud risks : Risk mapping was initiated in 2024.

496

AÉROPORTS DE PARIS w UNIVERSAL REGISTRATION DOCUMENT 2024