The risk management system enables the identification, analysis and management of risks and opportunities associated with the Mondadori Group’s business model.
As part of the ongoing refinement and strengthening of this process, methodological and operational updates were also implemented in 2025, with the aim of establishing a model that remains effective over time and is capable of guiding strategic decisions at every level of the organisation through full risk awareness.
The model adopted, a holistic and integrated approach to risk management known as Enterprise Risk Management (ERM), aims to ensure that the business is run properly and in line with its stated objectives, whilst also providing support in translating the short- and medium-term vision into a practical and sustainable operational plan.
In line with recent regulatory developments, in particular the Corporate Sustainability Reporting Directive (CSRD), the ERM methodology has been integrated to include the risks associated with the main sustainability issues. These were analysed as part of the Double Materiality Analysis, with a view to identifying the topics relevant to the Consolidated Sustainability Statement.
Both the ERM and Double Materiality processes use the same risk assessment tools and methodologies (e.g. probability and impact assessment scales, qualitative/quantitative thresholds). To this end, each Risk Owner is responsible for ensuring that all risks relating to their area, including ESG risks, are assessed in an integrated and consistent manner.
The data, analysed by the Risk Management department, is submitted to the Risk and Sustainability Committee, the Board of Statutory Auditors and the Board of Directors, which has appointed the Chief Executive Officer as the person responsible for the internal control and risk management system. This person is responsible for overseeing, with the support of the Internal Audit department, the identification of key threats and the effectiveness of the control system, taking into account the Group’s specific operational circumstances, as well as acting as the direct point of contact for the Committee and the Board for any updates or critical issues that arise during these activities.

Objectives and related risks the Group intends to manage

The risk management process involves a preliminary distinction between external risks, linked to the characteristics and evolution of the industry as well as stakeholders’ perceptions of the Group’s operating practices, and internal risks, which are in turn classified as follows:

  • strategic: these are set by the Board of Directors, which defines, among other things, key priorities such as strengthening the company’s competitive position, operational efficiency, innovation and expansion into new markets.
  • operational: these relate to the effectiveness and efficiency of business activities (optimisation of production, including through the use of new technologies, growth in market share, etc.).
  • financial: relating to the Group’s financial management, which may affect liquidity, medium- to long-term cash flows and counterparties in any financial or commercial transactions.
  • compliance: these relate to compliance with laws and regulations applicable to the Group. Compliance objectives include the reliability of financial reporting and mandatory sustainability reporting.

Scope of application

The Risk Management Model applies to all Group companies and involves Risk Owners and Risk Specialists, understood as the front-line managers in dedicated operational roles who oversee the risks and opportunities within their remit.

Risk identification, assessment and management

The quantification of the impact of each individual risk is entrusted to the Risk Owners, who assess the probability of occurrence and the impact, thereby defining the Inherent Risk.
As part of the ongoing assessment process, the effectiveness and actual existence of mitigation measures are determined; these may subsequently be subject to verification by the Internal Audit department.
The risks thus identified and assessed, along with the relevant mitigation measures, constitute the residual risks, which are then used to provide an overall Group assessment.
This process makes it possible to identify various types of residual risks, classify each one according to a final probability/impact rating, and then plot them on a Heat Map, which provides an immediate, prioritised overview of the risks requiring the most attention.

2025 risk factors and uncertainties

MACROECONOMIC AND GEOPOLITICAL CONTEXT

Risk associated with a decline in consumption, affecting the profitability of business units

Geopolitical instability, inflation trends and a climate of widespread uncertainty are fuelling fears of a decline in demand and a consequent fall in consumption.
However, the Mondadori Group operates in a market segment that has, on several occasions in the past, shown itself to be less sensitive to fluctuations in the general economic cycle. Furthermore, by virtue of its established leadership position on the national stage, the Group demonstrates greater resilience in the event of a market downturn.

IMPACT OF AI DEVELOPMENTS ON BUSINESS MODELS

Risk arising from the impacts associated with developments in artificial intelligence technologies

The gradual integration of AI into digital ecosystems is profoundly transforming competition dynamics. Not only does this change affect consumption patterns and distribution channels, but also calls into question the viability of current business models, necessitating a review of market dynamics.
To mitigate the impact of the downturn, the Group has for some time been implementing a strategy to monitor and assess the effects of such tools on its production process, with a view to preventing risks and capitalising on opportunities for greater efficiency arising from the introduction of automation tools into its own business processes and those of its key strategic suppliers.

LOGISTICS SUPPLY SERVICES AND MANAGEMENT OF TRANSITION TO THE NEW OPERATOR

Risk arising from increased operating costs linked to potential supply chain issues during the transition phase

The change of logistics partners across all of the Group’s business areas has led to a temporary period of vulnerability in the distribution system. In the short term, this migration could lead to a decline in operational efficiency and an increase in the costs associated with managing the transition to the new operators; added to these factors is the inevitable learning curve faced by the new suppliers.
In 2026, the focus will be on managing the operational integration of new partners, with a view to achieving both operational and financial optimisation in the medium term.

LEGAL RISKS RELATED TO COPYRIGHT AND INTELLECTUAL PROPERTY

Risk arising from legal/contractual exposure to infringements of rights resulting from the active or passive use of AI-based technologies

The legal risk arising from the misuse of AI tools also concerns the security of the information assets used to train or query the models. The Group’s strategy for preventing and mitigating these risks focuses on the following priorities: ensuring legal compliance (contract review), ongoing widespread training of the workforce (awareness and ethical use) and IT oversight of the tools and platforms used within the Group.

ATTRACTING AND RETAINING KEY PERSONNEL

Risk relating to the ability to attract and retain key personnel

In order to respond to changing organisational needs and the growing complexity of business, it may be necessary to step up efforts to attract, develop and retain the best talent, particularly for key managerial roles and staff with strong digital skills, so as not to slow down innovation or lose the company’s know-how.
The Mondadori Group has taken action by introducing long-term incentive schemes, targeted training programmes, measures to improve work-life balance and flexible working arrangements.

CYBER SECURITY AND PROTECTION OF PERSONAL DATA

Risk associated with the unavailability of IT systems due to a cuber attack or incident

The acceleration of digital transformation and the growing structural complexity of the Mondadori Group – partly as a result of the numerous acquisitions made in recent years – combined with the pervasiveness and frequency of increasingly sophisticated cuber threats, give rise to a residual risk of cuber-attacks carried out using new techniques. To this end, the Group has implemented a multi-layered prevention and protection system to ensure the security of its data and business continuity, through measures that include regular system backups and 24/7 external monitoring to prevent and manage attacks in real time.