In order to guarentee compliance with legislation and at the same time monitor and control the risks, the system is divided into a network of protected areas (resources, technologies, instruments and competencies), partially interconnected according to the objectives/risks to be monitored and designed to ensure the achievement of control objectives.

Diagram of the Enterprise Risk Management System of Acea Spa

Antitrust Compliance

The trend in the competition situation on the markets where the Acea Group operates requires growing attention to the matter of compliance with antitrust law and the regulations concerning consumer protection.

Acea believes that competition and consumer protection is a core value for company business activities and pursues its objectives in obersvance of the rules regulating the market. Consistent with the principles set out in the Code of Ethics, the Group specifically abstains from collusive and abusive practices and, more generally speaking, from any practice that might impede the correct functioning of market mechanisms and imply detriment to consumers.
Acea has, therefore, adopted a specific "Antitrust Compliance Programme", with a view to both enhancing internal controls intended to ensure compliance with market and consumer protection legislation and to promoting the development of a corporate culture, oriented towards respect for free market values and fair competition.
In this connection, on 13 December 2018 the Acea Spa Board of Directors approved:

  • the "Manual of Compliance with Antitrust and Consumer Protection Legislation, setting out the main points of the legislation and providing a series of behavioural rules, with which all Acea staff are obliged to comply when carrying out their work;
  • the "Organisational Regulation on Antitrust Compliance and Unlawful Commercial Practices" which defines the corporate organisation for the purpose of effectively implementing the Compliance Programme.

The Compliance Programme, implemented in every Group company under the responsibility of the Company Antitrust Liaison Officer, provides for a series of activities, including:

  • mapping and identification of the areas of activity, structures and corporate processes potentially exposed to Antitrust risks
  • risk identification and assessment
  • definition of the process management systems at greatest antitrust risk
  • staff training and refresher sessions
  • constant monitoring and periodic updating of the programme.

Privacy Governance Model

Following the entry into force of European personal data protection Regulation 679/2016 ("GDPR") on 25 May 2018 and the Italian transposition legislation (Legislative Decree no.101/2018 amending Legislative Decree no.196/03) subsequently introduced only in September 2018, Acea launched an adjustment programme to identify - giving priority to core processes -  the activities to be undertaken to achieve the highest possible level of compliance and, for the same purpose, to give the company a Privacy Governance Model, that is consistent, integrable with and functional to the existing internal control system.

A Data Protection Officer (DPO) was appointed at Group level, supported by an ad hoc structure (DPO Office), contactable at the following address: Some "privacy control units" were also identified to act as internal reference and liaison points with the DPO Office.

The adjustment programme launched, and currently being improved on, integrated numerous initiatives and activities, including:  

  • the mapping of corporate processes
  • the drafting of an initial Register of processing operations model
  • the definition of a risk analysis and assessment model as basis for the methodology and implementation of a first version of the DPIA (Data Protection Impact Assessment)
  • the dissemination of instructions for the processing of managed personal data to the Process Owners and authorised persons
  • the implementation of standardised procedures for handling data subjects' requests
  • identification of the responsibilities and issuing of the operational procedures/instructions for the management of Data Breaches, if any;
  • staff awarness and training activities
  • the approval of a guidance (Guidelines /policies) and operating (instructions) procedural corpus to be available for use by the entire company

QASE management systems

For the sustainability of its operations, Acea acknowledges the fundamental nature of the following values:

  • the promotion of a quality culture
  • respect for the environment and safeguarding of ecosystems
  • the valorisation of people
  • safety in the workplace
  • efficient resource management
  • risk assessment
  • responsible management of its economic, social and environmental impacts
  • dialogue with the parties involved
  • promotion of sustainability in the value chain.

For this reason, in November 2017 Acea senior management signed the new Sustainability Policy and the quality, environment, safety and energy system policy, which sets out the principles, values and commitments undertaken by the company, including them as part of the framework for the pursuance of sustainable development. This policy is an integral part of the Management Systems in compliance with ISO 9001, ISO 14001, OHSAS 18001 and ISO 50001 standards.

Management of quality, environment, safety and energy are central aspects of our corporate policies, as shown by the number of Group companies that have implemented certified integrated management systems.

Table no. 8 – certified Management Systems within Acea Group (as at 31/12/2017)

Acea SpA X
X X X  
Acea Ato 2 SpA X X X X  
Acea Ato 5 SpA
Gesesa SpA X X X    
Acea Elabori SpA
X X X  

UNI CEI EN ISO/IEC 17025:2005
Accreditation of Analysis laboratory

Supervisory Body

Areti SpA X X X X  
Acea Produzione SpA   X X    
Ecognea SpA X   X
  UNI CEI 11352
Acea Energia SpA     X    
Acea8cento Srl          
Acea Ambiente Srl
Aquaser Srl X  X  X   ISO 39001:2012