By means of various agreements, the operational management of the Eurogrid GmbH Group was delegated to the management of 50Hertz Transmission. The management of 50Hertz Transmission consisted of four members in the 2018 financial year: Boris Schucht (CEO), Dr. Dirk Biermann (CMO), Dr. Frank Golletz (CTO) and Marco Nix (CFO). Labor Director Dr. Katharina Herrmann completed the extended management team. She left the company in October 2018. Her successor, Sylvia Borcherding, took over on 1 January 2019.
50Hertz always acts in accordance with the law. Its business activities are subject to numerous national and European regulations. The following main laws and European regulations provide the framework for our business activities:
• the EnWG (German Energy Industry Act)• the EEG (German Renewable Energy Sources Act)• the NEMoG (German Grid User Charge Modernisation Act)• the KWKG (German Combined Heat and Power Act)• the BImSchG (Federal Immission Control Act)• the BNatSchG (Federal Act for the Protection of Nature)• the German Digitisation of the Energy Transition Act• the EU Energy Efficiency Directive• the Fauna-Flora-Habitat (FFH) Directive• the EU Birds Directive.
In the fiscal year 2018, the federal cabinet approved the amendments of the NABEG, which will have an important influence on our business activities. The proposed legislative amendments mainly comprise the simplification and acceleration of approval procedures for laying, strengthening and optimising power lines. The gradual national standardisation of the transmission griduser charges, first set out by the NEMoG in 2017, was refined in2018 with changes in the StromNEV and ARegV, and has resulted in the first 20% national share of network user charges. In addition, effective 1 January 2019, the NEMoG has incorporated there financing of grid connection costs for offshore wind farms from network user charges to a new offshore grid levy according to Sec. 17f EnWG. At a European level, the “Clean Energy for All Europeans” package was negotiated and finalised at the endof 2018.
The laws that are important for sustainability management are described in the "Concepts/Due Diligence" section under "Responsibility". Further information on the laws and directives relevant to our business activities can be found in the Eurogrid Annual Report, in particular in the chapter "Energy law framework" in the sections "European law" and "National law".
GRI 102-16, GRI 415-1
Because legislative activities have a major impact on the business activities of 50Hertz, the company represents its positions transparently and publicly as part of the political process. This is the responsibility of the Communications and Public Affairs department. This political communication is conducted responsibly and without donations to political parties. Ethical principles for political lobbying were set out. The guidelines on conduct in the political arena, which apply for the whole company and are agreed with the management, define these principles. They stipulate that 50Hertz makes no donations to politicians, parties, or political institutions, and when providing sponsorship ensures appropriate consideration and proper balance. Responsibility for contributions to party-affiliated foundations and associations is embedded centrally in the Communications and Public Affairs department. In this way, together with specific training programmes, 50Hertz ensures that employees who are active in terms of social and energy policy are guided in their communications and their actions by clearly defined principles. Furthermore, 50Hertz is entered in the EU Transparency Register and is committed to its Code of Conduct. In 2018, 50Hertz did not make any contributions to politicians or political parties.
GRI 205-1, GRI 205-2
The Company Charter and guidelines on preventing corruption set out 50Hertz’s understanding of correct ethical conduct and make it clear that the Company complies with the law and does not tolerate corruption. These principles flow into organisational measures that are binding for the whole Company.
Since 2010, 50Hertz has had a policy in place that regulates the whistleblower system and prescribes the establishment of an internal Compliance Committee and an external ombudsman. The Compliance Committee comprises one member from Legal Affairs, one member from Human Resources and a compliance coordinator. The ombudsman reports to the Compliance Committee once a year in writing about how it has been used and the number of tip-offs received. If the ombudsman passes on a justified tip-off to 50Hertz, the Compliance Committee is convened immediately to deal with the case in hand and take further internal action if necessary. The Committee reports to the management of 50Hertz annually and on an ad hoc basis as required. In 2018, the ombudsman did not receive any tip-offs about corruption. No significant fines were imposed on 50Hertz in the fiscal year 2018 in connection with general business activities, power line construction projects or operations. The reporting threshold for administrative offences was set at EUR 25,000.
50Hertz also regularly provides all employees involved in the procurement process with training on the basics of procurement, anti-corruption and compliant behaviour. Since 2016, 19 training sessions have been held across different sites for 200 employees from throughout the Company. For 2019, 4 training sessions are planned for an expected 50 participants.
GRI 102-30, GRI 102-11
As part of its systematic risk management, 50Hertz regularly surveys and assesses the following risk areas:
• Protection of life and limb• Profit and loss• Liquidity• Reputation• Supply reliability.
50Hertz aims to avoid risks to the Company’s continued existence,to reduce risk positions as much as possible where feasible and to optimise the opportunity/risk profile. Risk guidelines set down how risks are systematically identified, recorded, assessed and monitored on a quarterly basis. A risk conference is held once a year in which all department heads (secondmanagement level), as risk owners, and the risk manager meet with the management to discuss the most significant risks and risk-related issues. In the area of CSR, for example, these are occupational safety and new requirements from environmental legislation. In the upcoming months the risks assessed and monitored will be extended related to risk based on climate change.
In the sense of a holistic approach to risk management and the principle of precaution, 50Hertz involves suppliers and the associated processes. The company has anchored requirements regarding occupational safety and environmental protection inits purchasing and procurement policy, which are binding for all suppliers. In the future 50Hertz will analyse its influence on the structure of the sustainable supply chain in detail, expand upon documents relevant to its suppliers on sustainability related aspects and make its business partners even more aware of occupational safety, health protection and environmental protection topics.
G4-EUS-DMA Disaster/Emergency Planning and Response
As an operator of critical infrastructure, 50Hertz isrequired to ensure information security under the IT-SiG [“IT-Sicherheitsgesetz”: IT Security Act]. Information must be processed, stored and communicated such that the availability, confidentiality and integrity of the information and the systems are adequately ensured.
To this end, an information security management system was introduced in 2017 and certified in 2018 in accordance with ISO27001. This established security process ensures that IT risks are systematically identified and addressed. In particular, security alerts and warnings that are issued by the German Federal Office for Security Technology (BSI) are recorded and evaluated as part of this process. If required, necessary protective measures are derived and implemented. In the reporting year, no targeted cyberattacks on 50Hertz were registered and no damage from information security incidents was recorded. 50Hertz employees, as well as temporary and external employees, participated in an online training session on information security in2018.
In January 2018, 50Hertz received the ISO 27001 information security management system certification, as a result of which 50Hertz has to fulfil its obligation as an operator of critical infrastructure on the basis of the IT security catalogue of the Federal Network Agency. In November 2018, the repeat audit was performed.
For 50Hertz, security goes beyond its corporate boundaries. Therefore, both internal and external stakeholders receive training in crisis management and communication in the form of regular crisis team exercises, among other things. As a result of this, not only existing structures, processes and reporting channels are evaluated and continuously improved, but the crisis team participants and employees also receive intensive training on how to deal with unexpected events under special stresses and quickly make appropriate decisions to manage crises. These and further measures aim to continuously and holistically increase the resilience of 50Hertz.