EDAG Engineering : Report on the LkSG 2023

Published: 2024-09-09 06:52:03 ET ED4.DE

Report created on: 31.07.2024

Report on the LkSG

(Supply Chain Due Diligence Act)

Reporting period from 01.01.2023 to 31.12.2023

Name of the organization: EDAG Engineering GmbH

Address: Kreuzberger Ring 40, 65205 Wiesbaden

Table of contents

A. Strategy & Anchoring

A1. Monitoring of risk management & responsibility of the Executive Board

A2. Policy statement on the human rights strategy

A3. Anchoring the human rights strategy within the organization

B. Risk analysis and preventive measures

B1. Implementation, procedure and results of the risk analysis

B2. Prevention measures in own business area

B3. Preventive measures for direct suppliers

B5. Communication of the results

B6. Changes in risk disposition

C. Identification of violations and corrective measures

C1. Identification of violations and corrective measures in own business area C2. Identification of violations and corrective actions at direct suppliers C3. Identification of breaches and corrective actions for indirect suppliers

D. Complaints procedure

D1. Establishment of or participation in a complaints procedure

D2. Requirements for the complaints procedure

D3. Implementation of the complaints procedure

1

1

3

7

8

8

15

17

20

21

22

22

23

26

27

27

31

33

E. Review of risk management

34

A. Strategy & Anchoring

A1. Monitoring of risk management & responsibility of the management

What responsibilities were defined for monitoring risk management in the reporting period?

The Head of Legal&Compliance has been appointed Human Rights Officer. The Compliance and Purchasing departments are responsible for the legally compliant implementation of due diligence obligations in accordance with the LkSG is responsible for this. The Compliance department reports any breaches identified to the Executive Board.

Page 1

A. Strategy & Anchoring

A1. Monitoring of risk management & responsibility of the management

Has the management established a reporting process that ensures that it is regularly - at least once a year - informed about the work of the person responsible for monitoring risk management?

It is confirmed that the management has established a reporting process that ensures that it is informed regularly - at least once a year - about the work of the person responsible for monitoring risk management within the meaning of Section 4 (3) LkSG.

Describe the process that ensures reporting to management at least once a year or regularly with regard to risk management.

The Compliance department reports to the Management Board at least once a year and on an ad hoc basis. The reporting covers events relevant to human rights and the environment that were identified as part of the continuous risk analysis in the supply chain and in the company's own business area, as well as the measures taken and their effectiveness.

Page 2

A. Strategy & Anchoring

A2. Policy statement on the human rights strategy

Is there a policy statement that has been prepared or updated on the basis of the risk analysis carried

out during the reporting period?

The policy statement has been uploaded:

https://www.edag.com/fileadmin/user_upload/Group/Unternehmen/Compliance/EDAG_Grunds atzerklaerung.pdf

Page 3

A. Strategy & Anchoring

A2. Policy statement on the human rights strategy

Has the policy statement for the reporting period been communicated?

It is confirmed that the policy statement has been communicated to employees, the works council if applicable, the public and the direct suppliers where a risk was identified in the risk analysis.

Please describe how the policy statement was communicated to the relevant target groups.

The policy statement is published on the Compliance page of the EDAG website and on the

EDAG intranet.

Page 4

A. Strategy & Anchoring

A2. Policy statement on the human rights strategy

What elements does the policy statement contain?

Page 5

A. Strategy & Anchoring

A2. Policy statement on the human rights strategy

Description of possible updates during the reporting period and the reasons for them.

The risk situation did not change essentially in the reporting period, which is why no update was

carried out.

Page 6

A. Strategy & Anchoring

A3. Anchoring the human rights strategy within your own organization

In which relevant departments/business processes was the anchoring of the human rights strategy

ensured during the reporting period?

Describe how responsibility for implementing the strategy is distributed within the various

specialist departments/business processes.

EDAG has defined clear responsibilities for the performance of and compliance with the due diligence obligations under the LkSG. EDAG has defined the responsible bodies in the company for the implementation of the tasks in the guideline for the implementation of due diligence obligations in accordance with the LkSG. The Legal & Compliance department is responsible for implementing the regulatory requirements. The Purchasing department is responsible for checking compliance with the protected legal positions in the supply chain. The Compliance department monitors compliance with the protected legal positions in its own business area. Compliance is supported in this by the various central administrative departments, such as Environmental Management, Energy Management, Occupational Safety and HR. In this context, the Sustainability team manages the sustainability strategy and incorporates the results of the risk analyses into the annual sustainability report.

Describe how the strategy is integrated into operational processes and procedures.

The necessary processes for the responsible departments are part of the EDAG process management system, which is subject to regular review by QM.

Describe which resources & expertise are provided for implementation.

Prior to the implementation of the regulatory requirements in accordance with the LkSG, the necessary personnel requirements were determined and, if necessary, adjusted accordingly.

Page 7

B. Risk Analysis and Preventive Measures

B1. Implementation, procedure and results of the risk analysis

Was a regular (annual) risk analysis carried out during the reporting period to identify, weight and prioritize human rights and environmental risks?

Describe the period in which the annual risk analysis was carried out.

01.01.2023 until 31.12.2023

Describe the risk analysis procedure.

The procedure for carrying out the risk analysis is described in the EDAG guideline for implementing the due diligence obligations in accordance with the LkSG. EDAG uses the web- based software solution from Prewave (www.prewave.com) to fulfill the extensive obligations, such as the risk analysis. The risk analysis is carried out using this software application as follows:

The Prewave system classifies the suppliers reported by EDAG and its own business area into different risk levels. This is done on the basis of a classification (i) into risky and non-risky countries ("country risk") (the registered office of the contractual partner is considered) and (ii) depending on the goods or services supplied, into a risk or non-risk commodity group/industry category ("commodity risk") and (iii) on the basis of a web screening for selected suppliers. Optionally, the assessment may also include (iv) self-disclosures to be completed by the suppliers and (v) information provided by the company on individual risk suppliers.

Re (i): The country risks are determined on the basis of 11 different publicly accessible indices and classified as no risk, low risk, mid risk, high risk and critical risk. As far as can be seen from the indices, these indices deal thematically with the human rights and environmental risks specified in the LkSG.

Re (ii): To determine the commodity risks, Prewave uses its own available data on over

100,000 suppliers. These suppliers are categorized into industries (ISIC standard) and product groups. Prewave has a history of incidents in the individual industries and individual product groups for these 100,000 suppliers. Prewave also assesses the frequency of incidents according to no risk, low risk, mid risk, high risk and critical risk.

Re (iii): In addition, AI-supported web screening is carried out for suppliers with a correspondingly high country and sector risk. This involves searching social media, news and other information available online on the basis of a

Page 8

Supplier keyword and risk keyword searches are used to check whether and which notifications exist for the individual suppliers. Notifications are communicated as so-called "risk alerts".

Re (iv): Optionally, the risk identification can be supplemented by the results from supplier self- disclosures, which the risk suppliers have to complete. For this purpose, Prewave has developed its own questionnaires on the topics of "Working conditions and human rights", "Health and safety" and "Environment".

Re (v): Optionally, EDAG Prewave can name individual risk suppliers, e.g. on the basis of any negative human rights or environmental incidents known within the company within the meaning of the LkSG, to which a certain risk is then also assigned.

The results from (i) to (iii) and optionally also (iv) and (v) are then combined and together form the supplier's 360-degree risk score.

Page 9

Disclaimer

EDAG Engineering Group AG published this content on 09 September 2024 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on September 09, 2024 at 10:51:01 UTC.