Universal Registration Document Fiscal 2025

2 Sustainability at Sodexo

Statement on due diligence [GOV-4]

Sodexo has established a structured due diligence process to identify, assess, prevent, and mitigate actual and potential negative impacts linked to its operations and value chain. This process, which is detailed in section 6.4 Vigilance plan of this document, is aligned with international standards, including the United Nations Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises, and is embedded across Group functions and geographies.

The process combines:

  • Materiality assessment: double materiality analyses (latest in Fiscal 2024) covering environmental, social, and governance impacts, risks, and opportunities;
  • Policies and codes: the Sodexo Code of Conduct, Supplier Code of Conduct, Human Rights Policy, and Global Food Safety Policy set clear expectations for employees and business partners;
  • Risk mapping: regular assessments at Group, regional, and country levels to identify priority human rights, environmental, and compliance risks;
  • Actions and monitoring: deployment of action plans, training, and corrective measures; tracking of KPIs across environmental (climate, biodiversity, pollution, water, resources) and social (employees, value chain workers, affected communities, consumers) domains;
  • Grievance mechanisms: the global Speak Up Ethics Line, accessible 24/7 in multiple languages, ensures that concerns can be raised securely and confidentially, and that remediation processes are applied when needed.

Oversight of the due diligence framework lies with the Sodexo Board of Directors, supported by the Board Sustainability Committee and the internal Ethics and Compliance Committee, while day-to-day coordination is managed by Group ethics, human rights, and sustainability functions.

This governance ensures that due diligence is not a one-off exercise but a continuous process of identification, prevention, mitigation, and remediation, integrated into Sodexo’s decision-making and strategy.

Risk management and internal controls over sustainability reporting [GOV-5]
DESCRIPTION OF THE RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM

Sodexo's risk management and internal control systems relating to sustainability reporting form an integral part of Sodexo's risk management framework, outlined in detail in Chapter 6.

Sodexo's risk management framework is organized according to the "Three Lines of Defense" model, with operational managers acting as the first line of defense, and managing risks directly in operations. They are supported in their efforts by second line of defense functions (for example Supply Management, Sustainability, Human Resources, Health & Safety). Internal Audit form the third line of defense, and they undertake regular assessments of the effectiveness of the risk management and internal control systems.

Sustainability risks have been embedded in Sodexo's risk universe since 2018 and are regularly assessed in the main operational risk assessment, as well as specialized human rights and corruption risk assessments.

Sodexo's standard risk assessment approach and methodology for all risk assessments is outlined in sections 6.2.3 and 6.2.4 respectively. Existing risk criteria and risk evaluation grids were used as a basis for the double materiality analysis conducted in Fiscal 2024.

IDENTIFICATION OF RISKS AND MITIGATION THROUGH CONTROLS

In this first year of reporting, Sodexo established a dedicated CSRD team bringing together expertise in sustainability, finance, internal control, and project management. This team coordinated the reporting process with all key stakeholder functions, while providing guidance, training, and ongoing support.

As part of the reporting cycle, the CSRD team carried out detailed process walkthroughs with each function to map data collection flows and assess potential vulnerabilities. These walkthroughs, combined with regular exchanges with reporting teams and external auditors, led to the identification of four main risk areas: (1) availability of data for certain data points, (2) reliability of data, (3) possible errors in the calculations of quantitative data, particularly manual data (4) incomplete coverage of data points.

To mitigate these risks, Sodexo has already implemented a set of structured actions and controls, including:

  • use of harmonized collection tools where possible, that include automated checks that can rapidly detect anomalies;
  • publication of a KPI dictionary for sustainability reporting, which defines each indicator's calculation method, data source, owner, frequency and granularity. This provides a common reference framework to strengthen data accuracy and reliability;
  • development of a standard extrapolation method for calculated data, where applicable;
  • development of a series of controls specific to sustainability reporting, capitalizing on existing financial controls, which were embedded into the existing internal control framework. These fundamental controls focus on clear communication of reporting instructions and cut-off, segregation of duties and review of data at different organizational levels.

These measures provide the foundation for Sodexo’s sustainability reporting controls. Looking ahead, additional controls will be introduced in Fiscal 2026 as reporting systems and processes mature. A culture of continuous improvement is fostered through regular dialogue and experience-sharing between the CSRD team and teams in charge of reporting, ensuring risks and weaknesses are identified early and addressed promptly.

REPORTING TO MANAGEMENT AND SUPERVISORY BODIES

The CSRD team maintains regular communication with Sodexo’s governance bodies to ensure transparency and oversight of the reporting process. Progress, challenges, and identified risks are systematically reported to the CSRD Steering Committee, including updates on the development and effectiveness of internal controls.

Beyond operational governance, the CSRD Program Director and the Group Internal Control Director provide regular briefings to Sodexo’s Audit Committee.

These updates cover the advancement of the sustainability reporting process, the status of risk mitigation measures, and the continuous reinforcement of data reliability. This structured reporting ensures that both management and supervisory bodies remain fully informed and engaged, and that sustainability reporting is subject to the same rigor and scrutiny as financial reporting.