ESG RISKS

Product development (R)

Risk that the Group does not monitor and/or invest in technological developments of products/services, resulting in a loss of competitiveness, inability to secure complex high-potential markets and failure to develop more efficient and sustainable solutions that include low greenhouse gas or other pollutant emissions and energy-efficient systems. This also includes the risk associated with technological transition, which, if inadequately studied and executed, can lead to long implementation times, high costs, operational inefficiencies and low product/process quality.

Cyber security (R)

Risk that the Group suffers a cyberattack aimed at identity, data and information theft (confidential/privileged information, sensitive data, banking credentials, etc.), temporary suspension of business services or sabotage of IT systems, exploitation of the company’s computing power for criminal purposes, resulting in reputational damage, loss of revenue, loss of customers and suppliers, sanctions and compensation claims, up to business interruption.

Supply chain (R)

Risk of not conducting adequate due diligence on potential suppliers, not monitoring their performance over time and/or not developing solid and lasting relationships for medium- to long-term business development in line with current and emerging regulations and the Group’s sustainability principles, with consequent economic, legal and reputational impacts. This risk includes aspects of economic-financial solidity, supplier capacity and concentration in core areas, and control over outsourced activities.

Personnel/Third-Party Integrity (R)

Risk of engaging with third parties (customers, suppliers, strategic partners) of questionable integrity in terms of ethics and legality in business conduct and that leaders/managers or, more generally, Group employees may be involved in improper, unethical, or fraudulent behavior, undermining stakeholder trust, threatening the company’s reputation, and potentially negatively affecting the company’s financial and operational stability.

Brand reputation (R)

Risk that damage to the brand image exposes the Group to loss of customers, profits and competitive advantage. This risk may arise, for example, from activities/behaviors that do not protect stakeholder interests (e.g., customers, communities), by internal members of the organization or by external parties with whom the Company has business relationships. It includes the risk arising from the spread of false and misleading information on digital media (e.g., AI and deep fakes).

Organization and processes

Risk that the Group’s organizational model is unable to support business transformation and growth and/or that the system of powers and delegations is not consistent with the Company’s organizational system, risk management strategies, skills and actual oversight and monitoring capabilities, or is not clearly and formally communicated both externally and internally, resulting in activities that harm the interests of third parties and the Company itself. This risk may arise, for example, from the absence or inadequate reorganization of functions, roles and responsibilities, business processes and procedures, lack of necessary skills for change management, or unclear assignment of powers and related limits.

Directives and regulations

Risk of non-compliance with laws, regulations and bylaws, primary or secondary regulations of emerging countries, sector-specific regulations, due to the evolution and tightening of the national and international regulatory context. This includes directives and regulations regarding climate change adaptation and mitigation, business and trade compliance, national and international legislation on cybersecurity and anti-corruption, EU, national, and international regulations on personal data protection and processing, and regulations applicable to listed companies.

Climate change (R)

Risk that climate change and associated meteorological phenomena (acute, such as storms, floods, earthquakes, fires, or heatwaves and chronic, such as temperature changes, sea level rise, reduced water availability, loss of biodiversity, etc.) may damage assets (plants, buildings, etc.), cause a slowdown or production stoppage for the Company and/or suppliers and require unforeseen safety or ecological transition adaptation interventions.

Commodity (R)

Risk that changes in the price of raw materials (e.g., steel, copper) and commodities (e.g., gas, energy), including those from renewable sources, impact the Company’s production costs. This risk may arise, for example, from catastrophic events affecting the supply chain or from changes in customs policies/international agreements regarding import/export.

Environmental (R)

Risk that the Group, in carrying out its production activities, may harm environmental matrices (water, land, air), with consequent short- and medium-long-term damage to the territory and community. This risk may arise from untimely or inadequate internal implementation of current and emerging regulations, a deficient system for managing, controlling and mitigating potential environmental impacts from its activities (e.g., pollution, energy consumption, environmental disaster, biodiversity damage), or poor training, information and awareness among individuals.

Carbon Management

The risk refers to the possibility that the Group faces challenges related to the management of greenhouse gas (GHG) emissions and related environmental issues. This risk includes potential exposure to regulatory changes and financial impacts from carbon tariffs or environmental taxes and reputational risks related to sustainable practices and the Group’s environmental impact.

Health & Safety (R)

Risk that the Group does not adequately invest, including through information and awareness activities, in the protection of health and safety in the workplace, resulting in harm to its employees and third parties involved in business activities.

Attraction and retention of personnel (R)

Risk that the Group is unable to attract and retain highly qualified personnel and competent management with a high level of diversity in terms of age, nationality and gender, or to integrate the organizational structure with individuals capable of managing the Group’s growth and ensuring business transformation. The interruption of professional relationships between the Company and key figures could compromise the achievement of the company’s strategic and operational objectives. This includes the risk that the Company is unable to offer adequate remuneration compared to the market or adequate benefits or welfare tools according to employee expectations to ensure their retention (e.g., improving work-life balance and personal needs).

Performance management

Risk that the Company does not evaluate and monitor employee performance against assigned targets, to the detriment of staff development and sustainable growth of the Company itself. This risk may arise from individual performance objectives not aligned with strategic objectives or not specific enough to guide behaviors supporting the company strategy, and/or from the absence of adequate indicators to measure staff performance not only in economic terms but also in terms of sustainable development.

Management System

Risk that the management systems adopted by the Group, understood as a set of procedures, information flows and IT systems, are not adequate and/or sufficiently integrated and/or obsolete compared to changing business needs and market offerings, compromising the achievement of business objectives, the maintenance of the competitive advantage achieved or the maximization of stakeholder returns.

Customers

Risk that the Company does not pay sufficient attention to the needs of its customers and to improving the product and service offered, resulting in an inability to meet or exceed their expectations.

Stakeholder engagement & Public Relation

Risk that the Group does not adopt an adequate stakeholder engagement and public relations strategy aimed at building and consolidating long-term relationships with stakeholders. This risk includes corporate communications on sustainability to meet ESG rating agency objectives, disclosure to the market and investors, dialogue with trade union representatives and relations with institutions and governments aimed at building consensus on issues relevant to the company’s strategy. Inefficient relationships with local, national and international counterparts (communities and local bodies/associations, authorities, judiciary and government, trade associations, SMEs, etc.) can damage the company’s image and reputation, reduce its credibility and creditworthiness, and compromise its competitiveness and operations.

Equal opportunity protection

Risk that the Group does not implement personnel development policies to protect diversity, equity and inclusion and promote equal opportunities. This risk may arise from the absence or discontinuity of investments in staff awareness and the lack of suitable protection tools against discrimination.

Human rights

Risk of causing, directly or indirectly, “adverse” impacts on people along its value chain, with reference to its own operations (e.g., employees) and those of its business partners (e.g., subcontractor workforces).