Financial Matters Committee (FMC) of the General and Supervisory Board (GSB)

According to EDP’s Articles of Association, EDP’s General and Supervisory Board is primarily responsible for (i) overseeing and supervising the activity of the management of EDP, (ii) advising and assisting the Executive Board in relation to strategy, achievement of goals and compliance with applicable laws; (iii) delivering its opinion about the management report and annual accounts; and (iv) various other functions as described in EDP’s Articles of Association. The activity carried out by the General and Supervisory Board covers, therefore, all the matters related to digital, information technology, and cybersecurity.

In particular, the Financial Matters Committee, which comprises four members, three of which are independent, considers cybersecurity and information technology risks while monitoring EDP’s enterprise risk management system. The FMC monitors the activity of Digital Global Unit (or “DGU”) by supervising the information and communication technology (or "ICT") governance model, ICT information security policies and standards, as well as control mechanisms (cybersecurity and technological risks), with a view to assessing the effectiveness of plans to mitigate the main risks, especially those related to the attacks that may occur on EDP's information and communication systems. The committee also addresses the main activities planned, in which the focus will be on consolidating the roadmaps of initiatives related to information technology (IT) and operational technology (OT) systems, as well as the structure of the global organizational model with the aim of improving the EDP Group's defences. 

Digital and Information Technology Committee

The Executive Board of Directors (EBD) is assisted by specialised committees, one of them is the Digital and Information Technology Committee

The Digital and Information Technology Committee's duties are as follows:

1. Align the Digital and IT global strategy, including information security;
2. Define and consolidate the Digital and Information Technology global budget, including information security;
3. Monitor the development of the main Digital and Information Technology projects.

The Digital & IT Committee is presided by EBD Ana Paula Marques, who is responsible for reporting to the Financial Matters Committee (FMC) on enterprise risk management matters.

The Digital Global Unit's mission is to turn EDP into a truly digital organization, defining a global technological strategy and vision for the Group, integrating digital technology into business domains and transforming the way of working and delivering value.

Additionally, our global Chief Information Security Officer (CISO) attends each Digital and Information Technology Committee meeting and meets regularly with the member of the Board of Directors responsible for the Digital & IT (Ana Paula Marques) and the Audit Committee of the GSB to brief them on technology and information security matter.

Cybersecurity Executive Committee

The governance of information security in the EDP group underwent an evolution during 2023, with the establishment of the Cybersecurity Executive Committee, now taking place every quarter to:

1. Set guidelines for the strategic planning of information security;
2. Assess the company's cybersecurity risks;
3. Monitor scenarios of serious incidents in the energy sector and the organization's cybersecurity risk profile.

Each meeting of this committee is attended by BU’s management, the global Chief Information Security Officer (CISO), global Chief Risk Officer (CRO) and an EBD member.

The EDP group's cybersecurity report status, including risk related matters, is presented annually to the members of the General and Supervisory Board.