Risk Taxonomy

Geopolitical Tensions at Global Level leading to sanctions/ tariffs and instability in EDP geographies

Increasing use of economic tools, policies, and sanctions as instruments of geopolitical competition. Instead of traditional warfare, nations leverage trade restrictions, tariffs, currency manipulation, and supply chain disruptions to achieve strategic objectives or assert dominance.

Significant risk to the global business environment by creating widespread instability. Escalations between major nations can disrupt trade routes, supply chains, and critical resource access, leading to market volatility and economic uncertainty.

• The intensification of economic wars and geopolitical tensions presents a risk for EDP, especially in the context of the energy sector. These disputes, often manifesting as sanctions, tariffs, and other trade barriers, can disrupt supply chains, inflate costs, and limit market access.

• Trigger of widespread economic disruptions, including supply chain interruptions restricting access to key resources, increased commodity prices, heightened market volatility.

• Geographical and business diversification, including value chain diversification by contracting different equipment suppliers in different geographical areas (e.g., First Solar in the United States). Clear limits to ensure this diversification are set out in the Risk Appetite Framework.

• Establishment of Frame Agreements with main equipment suppliers to secure future MWs volume (with fixed price).

• Compliance Integrity Due Diligence screening of most relevant stakeholders.

• Financial counterparty analysis for all relevant counterparties setting exposure limits according to risk level;

• Continuous monitoring of geopolitical events with external advisors (identifying and quantifying main potential risks).

• Duty of Care in the process of being updated for travelling collaborators.

Climate risks: Physical extreme events and precipitation reduction, regulatory transition risks

Adverse effects of climate change include extreme weather events, chronic changes in physical parameters, and the economic, regulatory, social, and technological shifts required for a low-carbon future.

• Continuous rise in the number and severity of extreme weather events worldwide (e.g., storms, wildfires, heavy precipitation and floods, and landslides events). Reliability of infrastructure to more frequent and severe extreme climate events and overall costs increase (inc. insurance) are major risks.

• Structured climate risks assessment (TCFD) and integration of climate criteria in investment analysis (project in development) with support tool (from Swiss Re).

• Reduction of hydro share in EDP portfolio.

• Prudent energy management through long positions to safeguard against extreme weather conditions.

• Development of specific climate adaption plans, for example:

  • Revision of the dam safety plan in Brazil.

  • Greater involvement with suppliers to ensure the resilience of assets.

• Replacement of conventional grids with compact grids.

Weakening Climate Transition Efforts

The energy transition is at risk due to declining political support and growing social resistance to new projects, which can delay or reverse key initiatives. Political instability, lack of consensus, and local opposition, often fuelled by misinformation or poor stakeholder engagement, create uncertainty, slow infrastructure deployment, and threaten progress toward sustainable energy and climate goals.

• Project delays in countries with stricter environmental requirements. 

  • Pipeline cancellations for projects rendered unprofitable by reduced incentives (e.g., tax credits). 

    • Higher curtailment risk for operational assets if grid investment lags behind decentralized generation needs. 

      • Community opposition and misinformation slowing infrastructure deployment, damaging relationships, and risking reputation. 

      • Regulatory uncertainty increasing compliance complexity and financial pressure. 

      • Strategic impact: Slower progress toward sustainability goals, reduced access to green financing, and diverted resources from innovation, threatening long-term competitiveness.

• Close monitoring of regulatory evolution and active participation in discussions at international & national levels.

• Geographic diversification both by geography and technology with clear limits set out in the Risk Appetite Framework

• Introduction of contractual buffers or merchant nose periods between CODs and PPA start dates to mitigate the possible impact of COD delays due to environmental permits.

• Exposure limits to offshore business.

• Limits to investment in projects that still have not reached the Final Investment Decision.

Increase in Cyber-attacks 

EDP’s growing reliance on digital infrastructure boosts operational efficiency but increases exposure to cyber risks. While its digital transformation prioritizes cyber resilience, the likelihood of more frequent and severe cyber‑attacks remains significant.

• The economic and reputational impact of cybersecurity issues remains a concern, with the frequency and sophistication of cyberattacks expected to continue rising. The impact may affect both IT and OT levels (e.g., attacks on EDP’s generation and distribution assets), particularly in the following areas:

  • Losses resulting from the unavailability of critical EDP systems (e.g., dispatch/plants, billing, customer service).

  • In extreme cases, damage or destruction to physical assets and potential harm to human lives.

  • Data breaches or data loss (personal and other sensitive information).

  • Fines incurred due to GDPR violations.

  • Increased costs driven by higher investments in cybersecurity measures.

  • Damage to EDP’s reputation in the event of a cyberattack that affects power availability or compromises data privacy.

• Dedicated Global SOC (ISO 27001 certified) for continuous security monitoring, detection, and response for the group's IT and OT infrastructure.

• Cyber Executive Committee with top management participation.

• Online and in-person training sessions, phishing simulations, and cyber exercises.

• Cyber risk insurance.

• Ongoing compliance initiatives to adhere to various and dispersed regulations.

• Implementation of a Zero Trust Cybersecurity roadmap based on five key pillars: Security by Design, Resilient Architecture, Integration and Automation, Uniform Governance, Risk and Compliance, and Human Behaviour Security.

• Specific OT cybersecurity roadmaps to address cyber risks in mission-critical infrastructures (e.g., networks, generation, energy management).

• IT/OT Risk Project for identifying and managing the most critical IT/OT assets.

• Participation at strategic, tactical, and operational levels in local and global cyber groups (e.g., World Economic Forum).

Social Risk: Gap in labour market and risk of unavailability of talent for renewable energy companies

The RES sector is growing fast due to higher demand for clean energy solutions and government initiatives to help the transition to low-carbon economies. The rise in RES industry is expected to create great demand for qualified professionals in engineering, project management, installation and maintenance. Meanwhile, demographic trends show a projected decline in EU’s working-age population and stabilization in US. This demographic shift, along with a projected rise in the need for workers in RES assets (3-4x.by 2030 in EU), is expected to create a global shortage of skilled labour in the green economy, reaching 7 million by 2030, mostly in solar & wind sectors. This shortage of skilled labour is a risk to EDP's BP. The company has ambitious targets for 2026-28, with the aim of deploying approximately 5 gigawatts of additional renewable capacity. It is expected a 90% Employees’ digital upskilling plan completion by 2028.

• Increased competition in attracting and retaining specialized talent, leading to more competitive and aggressive recruitment and retention strategies;

• EDP will need to become more involved in strategic workforce planning to identify critical roles, assess skills gaps, and implement measures to mitigate the impact of workforce shortages;

• Heavier investment in innovation and automation to reduce reliance on manual labour, streamline processes, and boost efficiency, as well as invest in research and development;

• Delayed project deadlines and risk of execution of the Business Plan;

• Increased global mobility of the workforce, attracting talent from regions where there is a surplus of qualified labour in the renewable energy sector, increasing global collaboration, and the diversity of the workforce;

• Significant investment in training and development programs to improve the skills of current employees and prepare them for roles in the renewable energy sector.

• Implement proactive and global recruitment strategy to attract young, qualified workers by creating internship/apprenticeship programs offering 1st hand experience to students interested in RES;

• Implement strategies to retain skilled workers (offer competitive compensation packages, career development opportunities and positive work environment);

• Regular assessments of workforce need to identify critical roles and develop strategic learning paths to fill skills gaps;

• Comprehensive training programs focusing on upskilling/reskilling workers to prepare them for jobs in the RES sector (e.g. academic partnerships, peers);

• Promote a flexible, diverse and inclusive workplace to leverage the strengths of a diverse workforce;

• EDP has been working on innovative automation projects to overcome the labour shortage challenge and increase efficiency. It also advocates for government and institutional support (policies, incentives and funding) to boost workforce development efforts.

Change in insurance landscape

The insurance landscape is shifting as insurers revaluate coverage in a fast-changing environment. On one hand, increasingly severe natural disasters driven by climate change are leading to higher premiums, stricter exclusions, and reduced availability of coverage for events like floods, wildfires, and hurricanes. At the same time, the escalating frequency and sophistication of cyberattacks are prompting insurers to tighten policy terms, lower limits, and introduce exclusions for specific cyber outcomes (e.g., impact on physical assets). Additionally, heightened regulatory scrutiny and litigation risks related to environmental legal claims (e.g., concentration of chemical components) are causing insurers to reevaluate liability coverage, raising premiums or limiting options for affected industries.

• The overall shift in insurance policies drives up expenses associated with securing adequate coverage or addressing existing risks, meaning that EDP will have a higher cost with insurance premiums and/or decrease the ability to mitigate risk through insurance.

• Lack of protection for insurance also leads to additional costs with infrastructure fortification for EDP assets, advanced cybersecurity measures, and alternative risk transfer mechanisms to mitigate gaps in coverage and ensure business continuity.

• Boost Infrastructure Resilience against extreme weather events to reduce vulnerability/potential damages;

• Ensure assets in bundles (geographies/types of assets) to ensure all assets/risks are included;

• Work with insurers to avoid inappropriate risk premiums/exclusions;

• Apply robust cybersecurity measures (advanced threat detection systems, regular vulnerability assessments, training);

• Diversify Risk Transfer Strategies (catastrophe bonds, captives, risk-sharing partnerships) to offset traditional insurance coverage gaps;

• Boost Risk Assessment/Planning (regular risk analysis, advanced analytics) to anticipate/prepare for threats (climate, cyber, liability risks);

• Engage in Stakeholder Collaboration (insurers/peers) to defend fair/sustainable insurance solutions;

• Increase Compliance/Safety Standards to minimize liability risks of hazardous substances/chemical components;

• Build Financial Reserves for Self-Insurance against high-prob. risks reducing reliance on external coverage.