Consolidated Edison (ED) Risk Analysis

The Companies' operations require numerous permits, approvals and certificates from various federal, state and local governmental agencies. State utility regulators may seek to impose substantial penalties on the Utilities for violations of state utility laws, regulations or orders or limit the Utilities from recovering costs incurred above amounts set forth in their rate plans. See "Other Regulatory Matters" in Note B to the financial statements in Item 8. The Utilities are also subject to recurring, independent, third-party audits with respect to these regulations and standards. In February 2025, the NYSPSC issued an order directing the NYSDPS to conduct a state-wide audit on the design of utilities' non-executive incentive compensation programs. In addition, the Utilities' rate plans usually include negative revenue adjustments for failing to meet certain operating and customer satisfaction standards. FERC has the authority to impose penalties on the Utilities and the projects that Con Edison Transmission invests in, which could be substantial, for violations of the Federal Power Act, the Natural Gas Act or related rules, including reliability and cybersecurity rules. Environmental agencies may seek penalties for failure to comply with laws, regulations or permits. The Companies may also be subject to penalties from other regulatory agencies. The Companies may be subject to new laws, regulations or other requirements or the revision or reinterpretation of such requirements, which could adversely affect them. See "Utility Regulation," "Competition" and "Environmental Matters – Climate Change" and "Environmental Matters - Other Federal, State and Local Environmental Provisions" in Item 1, "Critical Accounting Estimates" in Item 7 and "Other Regulatory Matters" in Note B to the financial statements in Item 8.

Changes to tax laws, regulations or interpretations thereof could have a material adverse impact on the Companies. Depending on the extent of these changes, the changes could also adversely impact the Companies' credit ratings and liquidity. See "Capital Requirements and Resources – Capital Resources" in Item 1, "Liquidity and Capital Resources – Cash Flows from Operating Activities" in Item 7, "Rate Plans" and "Other Regulatory Matters" in Note B and Note L to the financial statements in Item 8.

The Companies are exposed to risks relating to climate change and related matters. In 2023, CECONY and O&R each completed a climate change vulnerability study that evaluated their respective future climate change adaptation strategies and each developed a climate change resilience plan to address projected physical climate risks and outline proposed resilience investments. See "Environmental Matters – Climate Change" in Item 1. CECONY may also be impacted by environmental regulations regarding emissions reductions such as New York's CLCPA and New York City's Climate Mobilization Act and compliance with such regulations is expected to require significant capital expenditures. In addition, the Companies are unable to predict changes in regulations, regulatory guidance, legal interpretations, policy positions and implementation actions (including executive orders from the federal administration) relating to climate change that may result from the change in Presidential administrations. The Utilities are also responsible for hazardous substances, such as oil, asbestos, PCBs and coal tar, that have been used or produced in the course of the Utilities' operations and are present on properties or in facilities and equipment currently or previously owned by them. The Companies could be adversely affected if a causal relationship between electric and magnetic fields and ad verse health effects were to be established. The Companies may also be adversely affected by developments to legal or public policy doctrines regarding cable that contains lead. See "Environmental Matters" in Item 1 and Note G to the financial statements in Item 8.

The Utilities provide electricity, gas and steam service using energy facilities, many of which are located either in, or close to, densely populated public places. See the description of the Utilities' facilities in Item 1. A failure of, or damage to, these facilities, or an error in the operation or maintenance of these facilities, could result in bodily injury or death, property damage, the release of hazardous substances or extended service interruptions. Natural disasters or impacts of climate change, such as sea level rise, coastal storm surge, inland flooding from intense rainfall, hurricane-strength winds and extreme heat or cold could impact or damage facilities or result in large-scale outages and the Utilities may experience more severe consequences by continuing or resuming operations during and after such events. The Utilities' response to such events may be perceived to be below customer expectations. The Utilities' successful implementation of their maintenance programs reduces, but does not fully protect against, damage to their facilities for which they will be held responsible and which may hinder their restoration efforts. The Utilities could be required to pay substantial amounts that may not be covered by the Utilities' insurance policies to repair or replace their facilities, compensate others for injury or death or other damage and settle any proceedings initiated by state utility regulators or other regulatory agencies. The occurrence of such events could also adversely affect the cost and availability of insurance. Changes to laws, regulations or judicial doctrines could further expand the Utilities' liability for service interruptions. See "Utility Regulation – State Utility Regulation" and "Environmental Matters – Climate Change" in Item 1.

The Companies have developed business processes and use information and communication systems and enterprise platforms for operations, customer service, legal compliance, personnel, accounting, planning and other matters. Many services, including certain information technology services and certain work on the Utilities' electric and gas systems and CECONY's steam system, are provided to the Companies by third-party contractors. The failure of the Companies' or its contractors' business processes or information and communication systems or the failure by the Companies' employees or contractors to follow procedures, their unsafe actions, errors or intentional misconduct, cyber incidents or attacks, or work stoppages could adversely affect the Companies' operations and liquidity and could result in substantial liability, higher costs, increased regulatory requirements and substantial penalties. The violation of laws or regulations by employees or contractors for personal gain may result from contract and procurement fraud, extortion, bribe acceptance, fraudulent related-party transactions and serious breaches of corporate policy or standards of business conduct. Competition for employee and contractor talent may result in operating challenges and increased costs to attract and retain talent. If the Companies are unable to successfully attract and retain an appropriately qualified workforce, their results of operations, financial position and cash flows could be negatively affected. See "Human Capital" in Item 1.

The Companies have been impacted, and expect to continue to be impacted by, global and U.S. supply chain disruptions and shortages of materials, equipment, labor and other resources that are critical to the Companies' business operations, primarily the Utilities' electric transmission and distribution operations. Such disruptions and shortages have resulted in increased prices and lead times for critical orders of materials and equipment needed by the Companies in their operations, such as certain raw materials, microprocessors, semiconductors, microchips, vehicles and transformers. Long lead times for replacement parts could restrict the availability and delay the construction, maintenance or repair of items that are needed to support the Utilities' normal operations and may result in prolonged customer outages, which could in turn lead to unrecovered costs for such service interruptions. Demand for electric equipment is increasing due to the anticipated demand growth, in part driven by data centers, utilities' efforts to meet clean energy goals and in order to prepare for more frequent extreme weather events at a time when manufacturing capacity and supply are decreasing. Geopolitical conflicts have also caused supply chain distributions and shortages. Prices of materials, equipment, transportation and other resources have increased as a result of these supply chain disruptions and shortages and may continue to increase as a result of inflation and the imposition of tariffs. Increases in inflation and the imposition of tariffs may raise the Companies' costs in excess of the costs reflected in the Utilities' rate plans and could also increase the amount of capital that needs to be raised by the Companies.

The failure to identify, plan and execute strategies to address changes in the external business environment could have a material adverse impact on the Companies. Con Edison seeks to provide shareholder value through continued dividend growth, supported by earnings growth in regulated utilities and electric transmission projects. Changes to the competitive landscape, public policy, laws or regulations (or interpretations thereof), customer behavior or technology could significantly impact the value of the Utilities' energy delivery facilities and Con Edison Transmission's investment in electric and gas transmission projects. Such changes could also affect the Companies' opportunities to make additional investments in such assets and the potential return on the investments. The Utilities' gas delivery customers and CECONY's steam delivery customers have alternatives, such as electricity and oil. Distributed energy resources, and demand reduction and energy efficiency investments, provide ways for the energy consumers within the Utilities' service areas to manage their energy usage. The Companies expect distributed energy resources and electric alternatives to gas and steam to increase, and for gas and steam usage to decrease, as the CLCPA and the Climate Mobilization Act continue to be implemented. See "Con Edison Transmission," "Environmental Matters - Clean Energy Future" and "Environmental Matters - Climate Change," "Competition" and "CECONY - Gas Peak Demand" in Item 1.

Pandemic illness could disrupt the Utilities' employees and contractors from providing essential utility services and adversely impact the Companies' liquidity, financial condition and results of operations. See "Aged Accounts Receivable Balances" in Item 7.

The Companies and other operators of critical energy infrastructure and energy market participants face a heightened risk of cyber attack and the Companies' businesses require the continued operation of information systems and network infrastructure. See Item 1 for a description of the businesses of the Utilities and Con Edison Transmission. Cyber attacks may include hacking, viruses, malware, denial of service attacks, ransomware, exploited vulnerabilities or other security incidents, including loss of data and communications and business disruption. Cyber threats in general, and in particular, to critical infrastructure, are increasing in sophistication, magnitude and frequency and the techniques used in cyber attacks change rapidly, including from emerging technologies, such as artificial intelligence, and from nation-state and state-sponsored adversaries as well as criminal actors. Such adversaries have attacked and threatened to attack energy infrastructure and deploy significant resources and employ sophisticated methods to plan and carry out attacks. Risk of these attacks may escalate during periods of heightened geopolitical tensions. Interconnectivity with customers, independent system operators, energy traders and other energy market participants, suppliers, contractors and others also exposes the Companies' information and operational systems and network infrastructure to an increased risk of cyber incidents, including attacks. Such interconnectivity increases the risk that a cyber incident or attack on the Companies could affect others and that a cyber incident or attack on others could affect the Companies. In the event of a significant cyber incident or attack, the Companies could have their operations and the operations of their customers and others materially disrupted. The Companies could also have their financial and other information systems and network infrastructure impaired or damaged; customer and employee information stolen; experience substantial loss of revenues; incur substantial response costs and other financial losses; be subject to increased regulation, litigation and penalties; and damage to their reputation. The Companies have experienced cyber incidents and attacks in the past (such as threat actors exploiting a vulnerability in the Companies' information technology system, malicious attempts to disrupt traffic to their websites and attacks against third-party vendors used by the Companies) and expect to experience them in the future. Although none of these incidents has had a material impact on the Companies, the scope and impact of any future incident cannot be predicted. In the event of a significant cybersecurity incident or attack, the Companies' business strategy, results of operations or financial condition could be materially affected.

Almost all the electricity and gas the Utilities sell to their full-service customers is purchased through the wholesale energy markets or pursuant to contracts with energy suppliers. See the description of the Utilities' energy supply in Item 1. A disruption in the wholesale energy markets or a failure on the part of the Utilities' energy suppliers or operators of energy delivery systems that connect to the Utilities' energy facilities could adversely affect their ability to meet their customers' energy needs and adversely affect the Companies. The Utilities' ability to gain access to additional energy supplies, if needed, depends on effective markets and siting approvals for developer projects, which the Utilities do not control. Extreme cold weather, including events such as the Winter Storm Elliott that occurred in December 2022, has negatively impacted, and may in the future negatively impact, energy infrastructure in the northeastern United States, including the interstate natural gas system. During such extreme cold weather, the Utilities could face supply interruptions or operating issues (e.g., compressor failures, low pressures) on the interstate natural gas pipelines that they rely upon to deliver gas to their customers. Such disruptions to the interstate natural gas system could, in turn, result in unprecedented large-scale gas outages within the Utilities' service territories. In the event of a large-scale outage, the Utilities could be required to pay substantial amounts to restore service, compensate others for injury or death or other damages and settle any proceedings initiated by regulatory agencies. Although the Utilities' rate plans provide for recovery of purchased power costs, increases in electric and gas commodity prices may contribute to a slower recovery of cash from outstanding customer accounts receivable balances. See "Financial and Commodity Market Risks – Commodity Price Risk" in Item 7.