Sustainability Risks

Product development (R)
Risk that the Group does not monitor and/or invest in technological developments for products/services with a consequent adverse impact on competitiveness, on leadership in complex high-potential markets and on the development of more efficient and sustainable solutions that include systems with low emissions of greenhouse gases or other pollutants and that are energy efficient. This also includes the risk associated with technological transition, which, if poorly designed and executed, can lead to long lead times, high costs, operational inefficiencies and low product/process quality.

Cyber security (R)
Risk that the Group suffers a cyber attack aimed at identity, data and information theft (confidential/insider information, sensitive data, bank credentials, etc.), temporary suspension of Company services or sabotage of computer systems, exploitation of the computing power of Company computers for criminal purposes, resulting in reputational damage, loss of turnover, loss of customers and suppliers, penalties and claims, and business interruption.

Supply chain (R)
Risk of not conducting adequate due diligence on potential suppliers, not monitoring their performance over time and/ or not developing solid and long-lasting relationships for medium/long-term business development in line with current and emerging regulations and the Group’s sustainability principles with consequent economic, legal and reputational impacts. This risk includes aspects of economic and financial soundness, capacity and concentration of suppliers in core areas, and control over outsourced activities.

Personnel/Third-Party Integrity (R)
Risk of relationships with third parties (customers, suppliers, strategic partners) of dubious integrity, in terms of ethics and legality in their conduct of business, and that leaders/senior managers or, more generally, Group employees may be involved in improper, unethical or fraudulent conduct, compromising stakeholders’ trust, threatening the company’s reputation and potentially negatively affecting the company’s financial and operational stability.

Brand reputation (R)
Risk that damage to the image (brand) may expose the Group to the loss of customers, profits and competitive advantage. This risk may, for example, arise due to activities/behaviour that do not protect the interests of stakeholders (e.g. customers, the community), either by people within the organization or by external parties with whom the company has business relationships. It includes the risk arising from the dissemination of false and misleading information in digital media (e.g. AI and deep fakes).

Organization and processes (R)
Risk that the Group’s organizational model is unable to support the Group’s business transformation and growth and/or that the system of powers and proxies is not consistent with the Company’s organizational system, risk management strategies, competences and actual monitoring and supervision possibilities, or is not clearly and formally publicized both outside and inside the Company, resulting in activities that harm the interests of third parties and the Company itself. This risk may arise if, for example, there is an inadequate or no reorganization of functions, roles and responsibilities, company processes and procedures, a lack of the necessary skills to manage change, or an unclear description of the powers assigned and their limits.

Directives and standards
Risk of non-compliance with laws, regulations and company by-laws, primary or secondary regulations of emerging countries, and sector-specific regulations, as a result of the evolution and tightening of the national and international legal and regulatory environment. This includes directives and regulations on climate change adaptation and mitigation, business and trade compliance, national and international legislation on cyber security and anticorruption, EU, national and international legislation on the protection and processing of personal data, and rules and regulations applicable to listed companies.

Climate change (R)
Risk that climate change and associated weather phenomena (acute: such as storms, floods, earthquakes, fires or heat waves, and chronic: such as temperature changes, rising sea levels, reduced water availability, loss of biodiversity, etc.), may damage assets (plants, buildings, etc.), cause a production slowdown or stoppage for the Company and/ or suppliers, require unscheduled work to make safe or to adapt to ecological transition.

Commodity (R)
Risk that changes in the price of raw materials (e.g., steel, copper) and commodities (e.g., gas, energy), including those from renewable sources, will affect the Company’s production costs. This risk may arise for example as a result of catastrophic events affecting the supply chain or as a result of changes in customs policies or international agreements regarding import/export.

Environmental (R)
Risk that the Group, in carrying out its production activities, may cause damage to environmental matrices (water, land, air) with consequent harm to the local territory and the community both in the short and medium/long term. This risk may arise due to a lack of timely or adequate transposition of existing and emerging regulations into internal processes, a flawed system of management, control and mitigation of potential environmental impacts arising from its activities (e.g. pollution, energy consumption, environmental disaster, damage to biodiversity) or poor training, information and awareness raising given to individuals.

Carbon Management
The risk refers to the possibility that the Group will encounter challenges related to the management of greenhouse gas (GHG) emissions and related environmental issues. This risk includes potential exposure to regulatory changes and financial impacts arising from carbon or environmental taxes, and reputational risks related to the Group’s sustainable practices and environmental impact.

Health & Safety (R)
Risk that the Group does not invest adequately, including through information and awareness-raising activities, in the protection of health and safety in the workplace, with consequent harm to its own employees and third parties involved in Company activities.

Staff attraction and retention (R)
Risk that the Group is unable to attract and retain highly qualified and competent management personnel with a high level of diversity in terms of age, nationality and gender, or to integrate figures capable of managing the Group's growth and ensuring business transformation into the organizational structure. Disruption of professional relations between the Company and key figures could compromise the achievement of the Company's strategic and operational objectives. This includes the risk that the Company may not be able to offer appropriate remuneration compared to the market or adequate benefits or welfare tools in accordance with the expectations of employees to ensure their loyalty (for example improving the balance between work and personal needs).

Performance management
Risk that the Company does not evaluate and monitor employee performance against assigned targets to the detriment of employee development and the Company's sustainable growth. This risk may derive from individual performance targets that are not aligned with the strategic objectives or specific enough to guide behaviour in support of the corporate strategy, and/ or from the absence of adequate indicators to measure staff performance not only in economic terms but also in terms of sustainable development.

Management System
Risk that the management systems adopted by the Group, understood as the set of procedures, information flows and information systems, are inadequate and/or insufficiently integrated and/or obsolete with respect to the changing needs of the company and what the market offers, jeopardizing the achievement of the corporate objectives, the maintenance of the competitive advantage achieved or the maximization of the return for stakeholders.

Clients
Risk that the company does not pay proper attention to the needs of its customers and to improving the product and service offered, resulting in an inability to meet or exceed their expectations.

Stakeholder engagement & Public Relation

Risk that the Group does not adopt an adequate stakeholder engagement and public relations strategy aimed at building and consolidating long-term relationships with stakeholders. This risk includes corporate communications on sustainability to meet the rating objectives by ESG agencies, disclosure to the market and investors, dialogue with trade union representatives, and relations with institutions and governments aimed at building consensus on issues that are relevant to corporate strategy. Inefficient relationships with local, national and international counterparties (local cities and authorities/associations, legal and government authorities, industrial associations, SMEs, etc.) can damage the Company's image and reputation, diminish its credibility and creditworthiness, and compromise its competitiveness and operations.

Protection of equal opportunities
Risk that the Group does not implement personnel development policies aimed at protecting diversity, fairness and inclusion and promoting equal opportunities. This risk may arise from the non-existence of or discontinued investment in staff awareness-raising and the absence of appropriate means of protection against discrimination.

Human rights
Risk of causing, directly or indirectly, ‘adverse’ impacts on people along its value chain, with reference to its own operations (e.g. employees) and those of its business partners (e.g. contractors’ workers)