Universal Registration Document 2021

5 DISCLOSURE ON EXTRA-FINANCIAL PERFORMANCE SAFETY OF CUSTOMERS AND PROTECTION OF CONTENT

Technicolor takes actions to comply with “California Proposition 65”, officially known as the Safe Drinking Water and Toxic Enforcement Act of 1986. The proposition protects the state’s drinking water sources from being contaminated with chemicals known to cause cancer, birth defects or reproductive harm, and requires businesses to inform Californians about exposures to such chemicals. Per OEHHA guideline (California’s Office of Environmental Health Hazard Assessment), businesses are required to provide warnings if their products can expose consumers or workers to a listed chemical in excess of the identified threshold “safe harbor” level. Technicolor’s supply chain must report any such dangerous chemical use or presence according to OEHHA guidelines, including hazard (cancer, reproductive harm, or both), to determine if the warning label is required on products. Technicolor also utilizes product testing to support compliance actions. Regarding consumer product health and safety, Technicolor ensures that all products sold comply with all consumer safety regulations applicable in each country where the product is marketed. Additionally, in some emerging markets where safety regulations may not yet be robust, Technicolor applies its knowledge of appropriate product safety regulations and ensures that emerging market products comply with a higher product safety standard. Prevention of growing cybersecurity issues is critical for Technicolor. Hence, Technicolor has decided to achieve certification of its services against the ISO 27001:2013 standard. Technicolor was awarded its first ISO 27001:2013 certificate on December 12, 2019. Technicolor’s certified scope targets its operational service to Connected Home customers, starting with its key management systems. The cryptographic keys are the fundamental bricks of cybersecurity. In Technicolor Connected Home products, they protect the confidentiality of the video content, the integrity of the devices, the authenticity of the firmware. Due to the Covid-19 context, the certification scope was kept the same for the 2020 surveillance audit, but in 2021, the scope was expanded to include the product security testing process performed by the Technicolor Security Office Assessment Team (TSO-AT). ISO 27001:2013 certification was renewed in both 2020 and 2021. The aforementioned TSO-AT, an internal team of certified hackers, assesses the security of Technicolor products, sites and systems. A responsible disclosure process is also implemented together with a public form to report vulnerabilities on Technicolor products and systems. Relations are established with skilled cybersecurity partners, and the CERT-CC (Computer Emergency Response Team - Coordination Center) to coordinate response to cybersecurity incidents.

As an RBA Responsible Minerals Initiative (RMI) member, our approach is to rely on the Conflict Minerals OECD Due Diligence Guidance process developed by the Responsible Business Alliance (RBA). Technicolor uses the RMI Conflict Minerals Due Diligence reporting template (CMRT) and dashboard as a standard questionnaire for conducting inquiries into its supplier database. The Responsible Minerals Assurance Process (RMAP) is the industry standard for audited smelter conflict-free status. RMI calls on more smelters and refiners to join the efforts to become conflict-free by undergoing the RMI’s independent third-party conflict minerals audit. As such, Technicolor is exercising a due diligence approach by asking its suppliers to conduct investigations in their own supply chain, so as to determine the origin of any conflict minerals (tin, tantalum, tungsten and gold) provided to Technicolor. Note that based on current knowledge and suppliers surveyed in 2021, 100% of the smelters identified in the Connected Home supply chain are classified under the RMI. Some are still engaged in the RMAP. In 2019, Technicolor started to conduct supplier surveys and due diligence on cobalt sourcing and initiated Mica Sourcing supplier surveys in 2020, to establish whether Mica is included in products and parts provided to Technicolor. The new Extended Minerals Reporting Template (EMRT), launched by the RMI in 4Q 2021, now also includes Cobalt and Mica and is used by Technicolor manage due diligence in the supply chain. As major stakeholder of the content creation and distribution industry, Technicolor is eager to carefully respect and protect Intellectual Property of its own assets and of its customers and suppliers assets. The Group policies and practices cover protection of invention, of physical media content, of physical and online content distribution, and of content creation within our premises and using our network. Respective risks description and risks management are presented in section 3.1.1: “Global market and industry risks”: cyber and physical content security for Technicolor Creative Studios • (visual effects, animation and games); products development and cybersecurity for the Connected Home • segment; physical security for the DVD Services segment. • Technicolor information technologies security procedures, as well as security processes of people and assets, are presented in section 3.2.5. As a major actor involved in all steps of the delivery of Media & Entertainment content to the end user, Technicolor has anticipated the new threats in cybersecurity, and implemented an internal program to address them. Organized at the corporate level around an Information Security Management System (ISMS), this program is now further implemented in the three segments (Technicolor Creative Studios, Connected Home, DVD Services) focusing on their specific risks.

Content security, cyber risks and respect of Intellectual Property 5.7.2 [103-1 Customer privacy] [103-2 Customer privacy] [103-3 Customer privacy]

TECHNICOLOR UNIVERSAL REGISTRATION DOCUMENT 2021 202