Nexa follows a structured process for hazard identification, risk assessment, and risk control, based on the corporate risk management standard (PG-SUS-SUS-013), which is aligned with ISO 31000, ISO 14001, and ISO 45001. Risk management is applied in layers across all operations, following the continuous improvement cycle (PDCA), with critical analyses, audits, and incident learning supporting decision-making. Operational tools such as APR (Preliminary Risk Analysis) in Brazil and Continuous IPERC in Peru are used in a participatory manner before and during activities, enabling the identification and control of risks in real time. For critical activities, formal permits such as PPT (Permit to Work) and PETAR are applied, ensuring prior assessment and authorization of safety conditions.

Workers actively participate in risk management through tools such as Fale Fácil, Right to Refuse, and ORT (Observation of Risks at Work), which allow them to report unsafe conditions, halt activities involving serious risk, and reinforce safe behaviors, without fear of reprisal. The company also promotes training, risk perception workshops, and continuous assessments of working conditions, including specific forms for critical environments, such as underground mines. All incidents are recorded, investigated, and addressed through formal processes, with the definition of corrective and preventive actions and the dissemination of organizational learnings, reinforcing a culture of prevention and the continuous improvement of health and safety performance.