technicolor - 2019 Universal registration document

5 DISCLOSURE ON EXTRA-FINANCIAL PERFORMANCE SAFETY OF CUSTOMERS AND PROTECTION OF CONTENT

In 2014, companies in scope of U.S. Law were first required to check as to determine the origin of any 3 TGs conflict minerals (tin, tantalum, and report on the use of conflict minerals in their products. Our tungsten and gold) provided to Technicolor. Note that based on current approach is to rely on the Responsible Business Alliance (RBA), formerly knowledge and suppliers surveyed in 2019, 100% of the smelters Electronics Industry Citizenship Coalition , and Global e-Sustainability identified in the Connected Home supply chain are classified under the Initiative (GeSI) Conflict Minerals Due Diligence reporting template and RMI. Some are still engaged in the RMAP. The majority of smelters are dashboard as a standard questionnaire for conducting inquiries into our located in South East Asia and China. In 2019, Technicolor has also supplier database. The Responsible Minerals Initiative (RMI), formerly started to conduct supplier surveys and due diligence on cobalt sourcing.

Conflict-Free Sourcing Initiative (CFSI), a combined initiative of RBA and GeSI, defined a common industry approach to support the due diligence information requirements. They develop a reporting template for downstream suppliers called the Conflict Mineral Reporting Template (CMRT), and the Responsible Minerals Assurance Process (RMAP), formerly the Conflict-Free Smelter Program (CFSP), that enable companies to work with their supply chains through a common interface: the CMRT is the standard for Conflict Minerals reporting between customers and suppliers. The RMAP is the industry standard for audited smelter conflict-free status. RMI calls on more smelters and refiners to join the efforts to become conflict-free by undergoing the RMI’s independent third-party conflict minerals audit. We extended supplier’s Conflict Mineral surveys to the European market during 2015 through 2019. As such, Technicolor is exercising a due diligence approach by asking its suppliers to conduct investigations in their own supply chain, so As major stakeholder of the content creation and distribution industry, Technicolor is eager to carefully respect and protect Intellectual Property of its own assets and of its customers and suppliers assets. The Group policies and practices cover protection of invention, of physical media content, of physical and online content distribution, and of content creation within our premises and using our network. Respective risks description and risks management are presented in section 3.1.2: (Operational risks): cyber and physical content security for the Production Services • Division (post production, visual effects, animation and games); physical security for the DVD Services Division; • products development and cybersecurity for the Connected Home • segment. Technicolor information technologies security procedures as well as security processes of people and assets are presented in section 3.2.5. As a major actor involved in all steps of the delivery of Media & Entertainment content to the end user, Technicolor has anticipated the new threats in cybersecurity, and implemented an internal program to address them. Organized at the corporate level around an Information

Technicolor takes actions to comply with California Proposition 65 , a standalone program affecting all commercial goods sold in the state of California. Businesses are required to provide warnings if their products can expose consumers or workers to a listed chemical above identified threshold levels, known to the State of California to cause cancer or reproductive harm. Regarding consumer product health and safety, the Group ensures that all products sold comply with all consumer safety regulations applicable in each country where the product is marketed. Additionally, in some emerging markets where safety regulations may not yet be robust, the Group applies its knowledge of appropriate product safety regulations and ensures that emerging market products comply with a higher product safety standard.

Content security, cyber risks and respect of Intellectual Property 5.6.2 GRI [103-1 Customer privacy] [103-2 Customer privacy] [103-3 Customer privacy]

Security Management System (ISMS), this program is now further implemented in the three Business Units (Production Services, DVD Services, Connected Home) focusing on their specific risks. Prevention of growing cybersecurity issues is critical for Technicolor. Hence, Technicolor has decided to achieve certification of its services against the ISO 27001:2013 standard. Technicolor was awarded its first ISO 27001:2013 certificate on December 12, 2019. Technicolor’s certified scope targets its operational service to Connected Home customers, starting with its key management systems. The cryptographic keys are the fundamental bricks of cybersecurity. In Technicolor Connected Home products, they protect the confidentiality of the video content, the integrity of the devices, the authenticity of the firmware. This scope will progressively extend beyond this initial service to certify other operational services that are key to our customers’ security. An internal team of certified hackers assesses the security of Technicolor products, sites and systems. A responsible disclosure process is also implemented together with a public form to report vulnerabilities on Technicolor products and systems. Relations are established with skilled cybersecurity partners, and the CERT-CC to coordinate response to cybersecurity incidents.

TECHNICOLOR UNIVERSAL REGISTRATION DOCUMENT 2019 186