Consolidated Edison (ED) Risk Factors

The Companies' operations require numerous permits, approvals and certificates from various federal, state and local governmental agencies. State utility regulators may seek to impose substantial penalties on the Utilities for violations of state utility laws, regulations or orders or limit the Utilities from recovering costs incurred above amounts set forth in their rate plans. See "Other Regulatory Matters" in Note B to the financial statements in Item 8. The Utilities are also subject to recurring, independent, third-party audits with respect to these regulations and standards. In addition, the Utilities' rate plans usually include negative revenue adjustments for failing to meet certain operating and customer satisfaction standards. FERC has the authority to impose penalties on the Utilities and the projects that Con Edison Transmission invests in, which could be substantial, for violations of the Federal Power Act, the Natural Gas Act or related rules, including reliability and cybersecurity rules. Environmental agencies may seek penalties for failure to comply with laws, regulations or permits. The Companies may also be subject to penalties from other regulatory agencies. The Companies may be subject to new laws, regulations or other requirements or the revision or reinterpretation of such requirements, which could adversely affect them. See "Utility Regulation", "Competition" and "Environmental Matters – Climate Change" and "Environmental Matters - Other Federal, State and Local Environmental Provisions" in Item 1, "Critical Accounting Estimates" in Item 7 and "Other Regulatory Matters" in Note B to the financial statements in Item 8.

Changes to tax laws, regulations or interpretations thereof could have a material adverse impact on the Companies. Depending on the extent of these changes, the changes could also adversely impact the Companies' credit ratings and liquidity. See "Capital Requirements and Resources – Capital Resources" in Item 1, "Liquidity and Capital Resources – Cash Flows from Operating Activities" in Item 7, "Rate Plans" and "Other Regulatory Matters" in Note B and Note L to the financial statements in Item 8.

The Companies are exposed to risks relating to climate change and related matters. In 2023, CECONY and O&R each completed a climate change vulnerability study that evaluated their respective future climate change adaptation strategies and each developed a climate change resilience plan to address projected physical climate risks and outline resilience investments. CECONY may be impacted by environmental regulations regarding emissions reductions such as New York's Climate Leadership and Community Protection Act and New York City's Climate Mobilization Act. In addition, the Utilities are responsible for hazardous substances, such as oil, asbestos, PCBs and coal tar, that have been used or produced in the course of the Utilities' operations and are present on properties or in facilities and equipment currently or previously owned by them. The Companies could be adversely affected if a causal relationship between electric and magnetic fields and adverse health effects were to be established. The Companies may also be adversely affected by developments to legal or public policy doctrines regarding cable that contains lead. See "Environmental Matters" in Item 1 and Note G to the financial statements in Item 8.

The Utilities provide electricity, gas and steam service using energy facilities, many of which are located either in, or close to, densely populated public places. See the description of the Utilities' facilities in Item 1. A failure of, or damage to, these facilities, or an error in the operation or maintenance of these facilities, could result in bodily injury or death, property damage, the release of hazardous substances or extended service interruptions. Impacts of climate change, such as sea level rise, coastal storm surge, inland flooding from intense rainfall, hurricane-strength winds and extreme heat or cold could impact or damage facilities or result in large-scale outages and the Utilities may experience more severe consequences from attempting to operate during and after such events. The Utilities' response to such events may be perceived to be below customer expectations. The Utilities' successful implementation of their maintenance programs reduces, but does not fully protect against, damage to their facilities for which they will be held responsible and which may hinder their restoration efforts. The Utilities could be required to pay substantial amounts that may not be covered by the Utilities' insurance policies to repair or replace their facilities, compensate others for injury or death or other damage and settle any proceedings initiated by state utility regulators or other regulatory agencies. The occurrence of such events could also adversely affect the cost and availability of insurance. Changes to laws, regulations or judicial doctrines could further expand the Utilities' liability for service interruptions. See "Utility Regulation – State Utility Regulation" and "Environmental Matters – Climate Change" in Item 1.

The Companies have developed business processes and use information and communication systems and enterprise platforms for operations, customer service, legal compliance, personnel, accounting, planning and other matters. In October 2023, CECONY and O&R replaced their separate existing customer billing and information systems with a single new customer billing and information system to further automate the processes by which the Utilities bill their customers and enhance payment, credit and collections activities. Failures in successfully implementing the new customer billing and information system could adversely affect the Utilities' billing and revenue collection processes and cash flow and could result in higher costs. Many services, including certain information technology services and certain work on the Utilities' electric and gas systems and CECONY's steam system, are provided to the Companies by third-party contractors. The failure of the Companies' or its contractors' business processes or information and communication systems or the failure by the Companies' employees or contractors to follow procedures, their unsafe actions, errors or intentional misconduct, cyber incidents or attacks, or work stoppages could adversely affect the Companies' operations and liquidity and could result in substantial liability, higher costs, increased regulatory requirements and substantial penalties. The violation of laws or regulations by employees or contractors for personal gain may result from contract and procurement fraud, extortion, bribe acceptance, fraudulent related-party transactions and serious breaches of corporate policy or standards of business conduct. Competition for employee and contractor talent may result in operating challenges and increased costs to attract and retain talent. If the Companies are unable to successfully attract and retain an appropriately qualified workforce, their results of operations, financial position and cash flows could be negatively affected. See "Human Capital" in Item 1.

The Companies have been impacted, and expect to continue to be impacted by, global and U.S. supply chain disruptions and shortages of materials, equipment, labor and other resources that are critical to the Companies' business operations, primarily the Utilities' electric and central operations. Such disruptions and shortages have resulted in increased prices and lead times for critical orders of materials and equipment needed by the Companies in their operations, such as certain raw materials, microprocessors, semiconductors, microchips, vehicles and transformers. Long lead times for replacement parts could restrict the availability and delay the construction, maintenance or repair of items that are needed to support the Utilities' normal operations and may result in prolonged customer outages, which could in turn lead to unrecovered costs for such service interruptions. Demand for electric equipment is increasing due to utilities' efforts to meet clean energy goals and in order to prepare for more frequent extreme weather events at a time when manufacturing capacity and supply are decreasing. Geopolitical conflicts have also caused supply chain distributions and shortages. Prices of materials, equipment, transportation and other resources have increased as a result of these supply chain disruptions and shortages and may continue to increase as a result of inflation. Increases in inflation may raise the Companies 'costs in excess of the costs reflected in the Utilities' rate plans and could also increase the amount of capital that needs to be raised by the Companies and the costs of such capital.

The failure to identify, plan and execute strategies to address changes in the external business environment could have a material adverse impact on the Companies. Con Edison seeks to provide shareholder value through continued dividend growth, supported by earnings growth in regulated utilities and contracted electric assets. Changes to the competitive landscape, public policy, laws or regulations (or interpretations thereof), customer behavior or technology could significantly impact the value of the Utilities' energy delivery facilities and Con Edison Transmission's investment in electric and gas transmission projects. Such changes could also affect the Companies' opportunities to make additional investments in such assets and the potential return on the investments. The Utilities' gas delivery customers and CECONY's steam delivery customers have alternatives, such as electricity and oil. Distributed energy resources, and demand reduction and energy efficiency investments, provide ways for the energy consumers within the Utilities' service areas to manage their energy usage. The Companies expect distributed energy resources and electric alternatives to gas and steam to increase, and for gas and steam usage to decrease, as the CLCPA and the Climate Mobilization Act continue to be implemented. See "Con Edison Transmission," "Environmental Matters - Clean Energy Future" and "Environmental Matters - Climate Change," "Competition" and "CECONY - Gas Peak Demand" in Item 1.

Pandemic illness could disrupt the Utilities' employees and contractors from providing essential utility services and adversely impact the Companies' liquidity, financial condition and results of operations.

The Companies and other operators of critical energy infrastructure and energy market participants face a heightened risk of cyber attack and the Companies' businesses require the continued operation of information systems and network infrastructure. See Item 1 for a description of the businesses of the Utilities and Con Edison Transmission. Cyber attacks may include hacking, viruses, malware, denial of service attacks, ransomware, exploited vulnerabilities or other security breaches, including loss of data and communications. Cyber threats in general, and in particular to critical infrastructure, are increasing in sophistication, magnitude and frequency and the techniques used in cyberattacks change rapidly, including from emerging technologies, such as artificial intelligence. Interconnectivity with customers, independent system operators, energy traders and other energy market participants, suppliers, contractors and others also exposes the Companies' information systems and network infrastructure to an increased risk of cyber incidents, including attacks. Such interconnectivity increases the risk that a cyber incident or attack on the Companies could affect others and that a cyber incident or attack on others could affect the Companies. In the event of a cyber incident or attack that the Companies were unable to defend against or mitigate, the Companies could have their operations and the operations of their customers and others disrupted. The Companies could also have their financial and other information systems and network infrastructure impaired, property damaged, and customer and employee information stolen; experience substantial loss of revenues, response costs and other financial loss; and be subject to increased regulation, litigation, penalties and damage to their reputation. In October 2023, threat actors exploited a vulnerability in Citrix NetScaler that was remediated and reported to the relevant regulatory authorities by the Companies. Also during 2023, the Companies experienced increases in malicious attempts to disrupt traffic to their websites and in attacks against third-party vendors employed by the Companies. The Companies have experienced cyber incidents and attacks in the past and expect to experience them in the future. Although none of these incidents has had a material impact on the Companies, the scope and impact of any future incident cannot be predicted. In the event of a cybersecurity incident or attack that the Companies were unable to defend against or mitigate, the Companies' business strategy, results of operations or financial condition are reasonably likely to be materially affected.

Almost all the electricity and gas the Utilities sell to their full-service customers is purchased through the wholesale energy markets or pursuant to contracts with energy suppliers. See the description of the Utilities' energy supply in Item 1. A disruption in the wholesale energy markets or a failure on the part of the Utilities' energy suppliers or operators of energy delivery systems that connect to the Utilities' energy facilities could adversely affect their ability to meet their customers' energy needs and adversely affect the Companies. The Utilities' ability to gain access to additional energy supplies, if needed, depends on effective markets and siting approvals for developer projects, which the Utilities do not control. An extreme cold weather event in December 2022 (Winter Storm Elliott) negatively impacted energy infrastructure in the northeastern United States, including the interstate natural gas system. During Winter Storm Elliott, CECONY faced low pressures on the interstate natural gas pipelines that it relies upon to deliver gas to its customers. Although CECONY maintained system pressure, the low pressure could have resulted in unprecedented large-scale gas outages within CECONY's territory. CECONY estimates that, in the worst case, restoring gas service could have taken months in the event of a complete loss of the system. In the event of a large-scale outage, the Utilities could be required to pay substantial amounts to restore service, compensate others for injury or death or other damages and settle any proceedings initiated by regulatory agencies. In November 2023, FERC, NERC and other regional entities issued recommendations to prevent a recurrence of the effects of Winter Storm Elliott, including establishing and monitoring cold weather reliability standards for interstate natural gas pipelines. Although the Utilities' rate plans provide for recovery of purchased power costs, increases in electric and gas commodity prices may contribute to a slower recovery of cash from outstanding customer accounts receivable balances. See "Financial and Commodity Market Risks – Commodity Price Risk" in Item 7.