Phoenix Energy Responsible Business Report 2026

A summary of risk management activities within our Risk Management Process Model include:

Environmental Governance & Climate Action ESG To improve the transparency of our sustainability reporting, Phoenix has performed a sustainability reporting gap analysis against Global Reporting Initiative (GRI) sustainability standards. The outcomes of the gap analysis have been utilised to improve our sustainability reporting in this Responsible Business Report.

OVERSIGHT

PROCESS

SYSTEMS

REPORT

EVAULATE

IDENTIFY

PEOPLE

OVERSIGHT

Board of Directors The Board of Directors plays a critical role in our risk management process by maintaining oversight of our overall risk management framework. They ensure that risk management processes are effective, aligned with organisational goals and adequately address emerging ULVNV 7KH %RDUG SURPRWH D VWURQJ ULVN FXOWXUH LQWHUQDOO\ DQG VDIHJXDUGV 3KRHQL[ɖV ORQJ WHUP VXFFHVV

REPORT

Internal Audit 7KH ,QWHUQDO $XGLW )XQFWLRQ SURYLGHV DQ impartial assessment of systems and processes established to help Phoenix manage risk, delivering assurance and recommendations for improvement to the Audit Committee as an independent entity.

Committees Our Risk Management & Compliance and Audit Committees monitor risks and internal controls respectively, ensuring compliance with policies and regulatory requirements, enhancing transparency and accountability in our risk management framework.

Risk Groups The Risk Review Group and Network

Performance Group are responsible for the risks relating to the safe management and operation of the Distribution Network through the Asset Management System. Information Security Risk Group is responsible for managing the information security implications to the compromise of information that is stored, processed and transmitted by Phoenix, including oversight of cyber security risk.

EVALUATE

Risk Strategy Statement Our Risk Strategy Statement outlines Phoenix’s approach to managing risks, setting clear objectives and priorities to ensure proactive risk identification, assessment and mitigation across all levels.

Risk Policies Our Risk Policies provide formalised guidelines that outline how our risks are identified, assessed and managed, ensuring consistency compliance and effective mitigation strategies. Our risk policies provide clear direction and establish accountability, aiding decision making a protection of our assets and reputation.

Risk Appetite Our Risk Appetite defines the level of risk Phoenix is willing to tolerate in pursuit of our REMHFWLYHV KHOSLQJ JXLGH GHFLVLRQ PDNLQJ and ensure alignment with our overall strategy and goals.

IDENTIFY

Risk Registers Our Risk Registers are detailed records used to systematically capture and track our identified risks, their likelihood, potential impact, controls and responsible parties. We maintain a series of robust registers across the organisation, ensuring our risks and consistently monitored, assessed and managed appropriately.

Risk Assessments The risk assessment process is fundamental in ensuring both an environment that is safe for staff and members of the public and for facilitating effective and productive working practices within Phoenix. We conduct thorough and comprehensive risk assessments across all areas of the organisation to ensure risks are proactively identified and managed.

50

Responsible Business Report 2026