technicolor - 2020 Universal Registration Document

5 DISCLOSURE ON EXTRA-FINANCIAL PERFORMANCE SAFETY OF CUSTOMERS AND PROTECTION OF CONTENT

Template (CMRT), and the Responsible Minerals Assurance Process (RMAP), formerly the Conflict-Free Smelter Program (CFSP), that enable companies to work with their supply chains through a common interface: the CMRT is the standard for Conflict Minerals reporting between customers and suppliers. The RMAP is the industry standard for audited smelter conflict-free status. RMI calls on more smelters and refiners to join the efforts to become conflict-free by undergoing the RMI’s independent third-party conflict minerals audit. We extended supplier’s Conflict Mineral surveys to the European market during 2015 through 2019. As such, Technicolor is exercising a due diligence approach by asking its suppliers to conduct investigations in their own supply chain, so as to determine the origin of any conflict minerals (tin, tantalum, tungsten and gold) provided to Technicolor. Note that based on current knowledge and suppliers surveyed in 2020, 100% of the smelters identified in the Connected Home supply chain are classified under the RMI. Some are still engaged in the RMAP. The majority of smelters are located in South East Asia and China. In 2019, Technicolor started to conduct supplier surveys and due diligence on cobalt sourcing. In 2020, Technicolor initiated Mica Sourcing supplier surveys, to establish whether Mica is included in products and parts provided to As major stakeholder of the content creation and distribution industry, Technicolor is eager to carefully respect and protect Intellectual Property of its own assets and of its customers and suppliers assets. The Group policies and practices cover protection of invention, of physical media content, of physical and online content distribution, and of content creation within our premises and using our network. Respective risks description and risks management are presented in section 3.1.1 "Global market and industry risks": cyber and physical content security for the Production Services • Division (post-production, visual effects, animation and games); products development and cybersecurity for the Connected Home • segment; physical security for the DVD Services Division. • Technicolor information technologies security procedures, as well as security processes of people and assets, are presented in section 3.2.5. As a major actor involved in all steps of the delivery of Media & Entertainment content to the end user, Technicolor has anticipated

Technicolor. This mineral mainly originates from India, in challenged regions where there is a risk of unsafe working conditions and child labor. Technicolor takes actions to comply with “California Proposition 65”, officially known as the Safe Drinking Water and Toxic Enforcement Act of 1986. The proposition protects the state’s drinking water sources from being contaminated with chemicals known to cause cancer, birth defects or reproductive harm, and requires businesses to inform Californians about exposures to such chemicals. Per OEHHA guideline (California’s Office of Environmental Health Hazard Assessment), businesses are required to provide warnings if their products can expose consumers or workers to a listed chemical in excess of the identified threshold “safe harbor” level.

Regarding consumer product health and safety, Technicolor ensures that all products sold comply with all consumer safety regulations applicable in each country where the product is marketed. Additionally, in some emerging markets where safety regulations may not yet be robust, Technicolor applies its knowledge of appropriate product safety regulations and ensures that emerging market products comply with a higher product safety standard. Content security, cyber risks and respect of Intellectual Property 5.6.2 GRI [103-1 Customer privacy] [103-2 Customer privacy] [103-3 Customer privacy]

the new threats in cybersecurity, and implemented an internal program to address them. Organized at the corporate level around an Information Security Management System (ISMS), this program is now further implemented in the three Business Units (Production Services, Connected Home, DVD Services) focusing on their specific risks. Prevention of growing cybersecurity issues is critical for Technicolor. Hence, Technicolor has decided to achieve certification of its services against the ISO 27001:2013 standard. Technicolor was awarded its first ISO 27001:2013 certificate on December 12, 2019. Technicolor’s certified scope targets its operational service to Connected Home customers, starting with its key management systems. The cryptographic keys are the fundamental bricks of cybersecurity. In Technicolor Connected Home products, they protect the confidentiality of the video content, the integrity of the devices, the authenticity of the firmware. Due to the Covid-19 context, the certification scope has been kept the same for the 2020 surveillance audit. This scope will progressively extend beyond this initial service to certify other operational services that are key to our customers’ security.

TECHNICOLOR UNIVERSAL REGISTRATION DOCUMENT 2020 190