Orano - Annual Activity Report 2025 240 4 SUSTAINABILITY STATEMENT Governance information The Company’s ethical culture and business conduct procedures are promoted through the mandatory e-learning module for all employees, who also reaffirm their commitment to the Code of Ethics during their annual review. Regular general communications remind employees of the key principles and periodic training sessions supplement these reminders. The rules state that the variable portion of compensation of 3,200 group managers must not be paid if unethical means have been implemented to achieve the objectives. A corporate culture that incorporates the security of personal data and third-party data Orano aims to be an exemplary group in terms of data protection and cybersecurity. Due to its geographical location and the nature of its activities, the group is exposed to the risks of cyberattacks. To prevent the occurrence of such risks, Orano implements and deploys within the group a data protection program, compliance with the European Data Protection Regulation (GDPR), and a cybersecurity master plan for 2022-2026, drawn up following a cyber maturity benchmark (2021) and taking into account security standards such as the ISO 27001 standard and the NIST cybersecurity framework. The protection of data, as intangible assets, is part of the Protection policy in the same way as the protection of people and the protection of nuclear facilities, materials and their transport. With regard to the protection of personal data, Orano deploys security and confidentiality measures that comply with the GDPR regulation and the Data Protection Act of January 6, 1978. In terms of cybersecurity, Orano has set up an organization and a security policy for its information systems. The IS protection, defense and risk management strategy is based on three pillars: ● the definition and implementation of the security conditions necessary to protect information systems over the long term, in accordance with the needs identified both at the organizational and technical levels; ● audits and controls to verify that risks are controlled and that the effective level of security remains in line with operational, contractual and regulatory expectations; ● resilience and global protection including prevention, detection, alert and response to resist cyber-attacks and defend information systems. The group has a crisis management organization adapted to cybersecurity-type events, as well as business continuity plans including an information system loss component. Regular internal security audits are carried out by the Compliance, Risk and Internal Audit Department and by specialized cybersecurity service providers to measure the effectiveness of the policies implemented. A whistleblowing mechanism guarantees the confidentiality and protection of whistleblowers The whistleblowing mechanism within the group is a complementary channel of expression to dialogue with managers and compliance correspondents. A secure portal for whistleblowing (https://Oranoethic.signalement.net) is accessible to all, i.e. to all group employees, employees and contractors of business partners (suppliers, service providers, subcontractors, customers, etc.), or to recruitment candidates, for any whistleblowing not related to the United States. It should be noted that a specific whistleblowing platform has been deployed for entities based in the United States (https://orano.integrityline.com). Through these systems, employees are able to report any breaches of applicable regulations or of the group’s internal rules and procedures, in particular breaches related to the Code of ethics and business conduct. This system is constantly communicated internally to its employees and externally, notably on its website. However, the group does not have the means to verify the familiarity of its stakeholders with the system or the level of confidence in it. The categories targeted by the whistleblowing mechanism are: 1. human rights, discrimination, moral or sexual harassment, sexist behavior and acts, verbal or physical aggression; 2. breaches of the protection of people and property, theft and misappropriation of assets; 3. breach of safety, security and/or environmental protection; 4. breach of the rules governing the protection of intellectual property, personal data or confidential information; 5. violation of the export control rules, non-compliance with international sanctions; 6. irregularities/quality fraud, document falsification and breach of quality rules; 7. financial fraud, misrepresentation, insider trading, abuse of corporate assets; 8. corruption, influence-peddling, conflicts of interest, undue advantages, money laundering, financing of terrorism; 9. anti-competitive practices; 10. other breach of the rules of the group’s Code of Ethics. Orano pays particular attention to the confidentiality of whistleblowers and the protection of whistleblowers in accordance with legal requirements, and notably the regulatory changes in France in 2022 through the Wassermann law, legislation which transposed the EU directive 2019/1937. Alerts are processed under the group procedure. The Risks, Compliance & Internal Audit Department analyzes the admissibility of alerts filed on the portal. This admissibility is independent of the reality of the alleged facts, which can only be ascertained when dealt with. Where appropriate, investigations are carried out internally or using an external expert, ensuring the impartiality of the investigator. In order to ensure the impartiality and independence of those involved in an investigation, the group has formalized an applicable methodology and supporting tools. Where appropriate, those involved are made aware of the implementation of the methodology. When the alerts issued are proven, appropriate measures are taken. An annual review of ethics alerts makes it possible to verify their correct handling.
RkJQdWJsaXNoZXIy NzMxNTcx