Corporate Governance

Governance

Fostering a culture where every employee is expected to maintain the highest ethical standards is critical to our success.

We incorporate ethics, integrity, and compliance into every aspect of our business, earning the trust of our employees, consumers, stockholders, suppliers, and business partners.

The WBD Board represents and acts on behalf of WBD stockholders and is committed to sound corporate governance, as reflected through its policies and practices. The Board believes that strong corporate governance is essential to effective fulfillment of its oversight responsibilities and fiduciary duties.

Our Board regularly assesses our governance policies in light of legal requirements and governance best practices. The Board has adopted Corporate Governance Guidelines, which provide a framework for effective governance of the Company. Charters of the three standing Board committees and our bylaws can be found here.

Superman

Ethics and Compliance

Our ethics and compliance standards are articulated in our Code of Ethics, available in 17 different languages and applicable to all directors, officers, executives, and employees worldwide.

The Code sets expectations for ethical conduct, legal compliance, and core values such as tolerance, empowerment, respect, and teamwork.

Ethics and compliance program pillars

Education and Awareness: We use targeted, risk-based training and awareness tools to educate employees, raise sensitivity to key risks, and guide ethical decision-making and behavior.
Prevention and Detection: We drive a culture of integrity, encourage early reporting of concerns or potential violations, and maintain dedicated reporting mechanisms for employees to flag potential issues.
Response and Remediation: We investigate and, when necessary, remediate identified issues promptly, using metrics and data to continuously improve program effectiveness and mitigate risk.

Continuous Improvement: We empower success with integrity through ongoing enhancements to our Ethics and Compliance Program. Our dedicated Compliance team conducts periodic risk assessments, regularly reviews and maintains the Code of Ethics, and implements clear, accessible policies and guidance. We facilitate ongoing training and provide continuous advice to employees. The team executes thorough investigations and remediates concerns as they arise, while regularly assessing and evolving the program to ensure it remains effective and reflects emerging risks.

Training: All WBD regular employees, including part-time employees, receive training on and acknowledge the Code of Ethics at onboarding. Every regular employee is assigned our Code of Ethics acknowledgment annually. Supplemental training and guidance on the Code of Ethics is provided to all regular employees on key topics such as antitrust, anti-bribery, and sanctions. We generally require temporary and other non-regular employees to attest to compliance with WBD policies during onboarding. Function-specific training empowers employees to recognize and manage role-specific risks, and periodic messaging reinforces awareness of policies throughout the year.

Third-Party Risk Management

Our third-party risk management procedures ensure business partners uphold ethical standards aligned with WBD's values, as outlined in the Business Partner Statement of Ethics. These procedures may include screening and due diligence, contractual representations and warranties, training, acknowledgement of our Business Partner Statement of Ethics, and other detailed internal processes and approvals that are required before the Company can undertake certain business activities. Online and in-person trainings are provided for business partners, and periodic risk assessments are conducted in response to reports submitted to our Ethics and Compliance Hotline, material changes to business operations, or regulatory changes.

Internal Audit maintains a dynamic risk assessment and audit plan that is continuously updated to address emerging risks. Compliance risks are routinely assessed throughout the year during audits. When high risk of noncompliance is identified, audits are strategically tailored to thoroughly examine and provide insights on these specific concerns. The findings from these audits drive ongoing enhancements to the Ethics and Compliance Program, as well as related internal and financial controls.

Reporting and Monitoring

WBD is committed to fostering an open environment where employees and external stakeholders feel secure reporting concerns or suspected misconduct. Our Code of Ethics outlines whistleblower policies and strictly prohibits retaliation against anyone who responsibly raises concerns. We comply with EU regulations through a documented EU Whistleblower Policy, detailing reporting procedures, outcomes, and protections.

Employees can report concerns directly to management, People and Culture partners, or the Ethics and Compliance Office. Additionally, any stakeholder — including employees, suppliers, customers and other third parties — can use the Hotline website, which also hosts phone numbers by jurisdiction, to report concerns. The Ethics Hotline, operated by an independent third-party provider, is available worldwide, facilitates anonymous reporting where permitted by law, and allows employees and other stakeholders to make confidential reports. The Ethics Hotline is proactively shared with all employees, including in our Code of Ethics and on our Company intranet, and is prominently featured on the Ethics page of our website so third parties are aware.

All reports are reviewed and, when appropriate, investigated, with lessons learned integrated into future trainings, communications, and programs. Upon receipt, the Ethics and Compliance Office assesses each report and determines the appropriate stakeholder — such as Ethics and Compliance, Legal, and/or People and Culture — to manage, investigate, and remediate the issue as needed. Key metrics and information related to Ethics Hotline reports; other compliance matters; and labor, employment, and benefits matters are maintained by the Ethics and Compliance Office in consultation with other relevant stakeholders.

The Chief Legal Officer provides quarterly updates on Ethics Hotline activity and other ethics matters to the Audit Committee of the Board of Directors, with executive management and other relevant stakeholders receiving periodic reports throughout the year.

Anti-Bribery and Anti-Corruption Compliance

Succession

Anti-Bribery and Anti-Corruption Compliance

The Ethics and Compliance Office, under the advisement of our Chief Legal Officer, oversees anti-bribery and anti-corruption compliance. WBD is committed to complying with all applicable anti-corruption laws.

Our Code of Ethics, Anti-Bribery Anti-Corruption Policy, and Gifts and Entertainment Policy provide guidelines for record keeping, approval procedures, and appropriate conduct related to anti-bribery and anti-corruption. WBD offers periodic, risk-based trainings on these topics to reinforce compliance. Additionally, our Third-Party Due Dilligence and Oversight Guidelines detail procedures for identifying, onboarding, and overseeing third-party relationships in alignment with our values and policies.

The Pitt

Data Privacy Cybersecurity

We view privacy and data protection as a foundational component of the trusted relationship we have with our consumers, business partners, regulators, talent, and employees around the world. As a global media, streaming, and entertainment company operating across television, digital platforms, direct-to-consumer services, advertising ecosystems, and production environments, safeguarding personal data and creative assets is central to maintaining digital trust.

no title

To maintain that trust, we are focused on promoting broad internal awareness of strong privacy and security practices and maintaining comprehensive cybersecurity and privacy programs across our global operations that mitigate risk, protect our data, content, and intellectual property, and ensure legal compliance while enabling responsible innovation, including the use of emerging technologies.

Oversight and Governance: Oversight of privacy and data protection at WBD is cross-functional and led by the Privacy Legal, Global Privacy Services, and Product Compliance teams, which work together to develop and maintain administrative, technical, and operational controls to handle personal data in a manner that is compliant with the law while also being fair, ethical, and transparent. These teams work collaboratively with each other and in partnership with other global stakeholder teams, including the Global Information and Content Security Team (led by the Chief Information Security Officer), Data Governance Office, and internal business stakeholders who act as data protection liaisons for their business teams. The Privacy Legal, Global Privacy Services, Product Compliance, and Cybersecurity leadership teams meet monthly. The Board has delegated responsibility for cybersecurity and data privacy risks to the Audit Committee, which receives quarterly reports on relevant data privacy and cybersecurity issues and updates from our Chief Information Security Officer and our Chief Legal Officer.

Cybersecurity Program

Cybersecurity plays a vital role in supporting operational resilience and reinforcing stakeholder confidence.

Our cybersecurity program is aligned with globally recognized frameworks, including ISO/IEC 27001 and the NIST Cybersecurity Framework, and reflects industry best practices and applicable regulatory requirements. We employ a risk-based approach to identify, assess, and mitigate threats affecting our enterprise systems, production environments, streaming platforms, advertising technology, and content supply chain. We focus on protecting our digital ecosystem across key domains, including cybersecurity operations, cloud security, product security, application security, content security, data security, security engineering, and architecture. We maintain layered identity and access controls designed to restrict system access based on role and business need. We deploy technical safeguards designed to protect sensitive personal data and high-value content assets in transit and rest.

To proactively manage risk, we leverage advanced technologies, conduct routine internal and external audits and assessments, and engage third-party experts for independent testing and validation, including annual penetration testing. Our program incorporates threat intelligence, monitoring, detection, and response capabilities designed to support timely identification and containment of potential threats.

We are committed to continuous improvement to maintain resilience in the face of evolving threats. Our systems are monitored globally, on a 24/7 basis, with automated alerting and detection capabilities. Vendors and partners are subject to cybersecurity due diligence, including assessments of data protection programs and contractual requirements for appropriate security and breach notification obligations. Vendor risk management processes are structured using a risk-based tiering model aligned to the nature of services provided and the sensitivity of data or systems accessed. Higher-risk engagements may be subject to enhanced due diligence, formalized review cycles, and ongoing oversight. We also maintain disaster recovery policies and procedures designed to restore critical systems and data in the event of disruption, using a risk-based approach aligned with ISO/IEC 27001 and NIST standards. Business continuity and disaster recovery plans are periodically evaluated to support operational resilience.

Data Privacy Program: WBD maintains a comprehensive Privacy Policy and a dedicated Children's Privacy Policy which continuously evolve to address legal requirements and emerging technologies. Systems, products, and data use cases are reviewed for privacy issues and requirements. Data protection impact assessments are performed where necessary. We limit data collection and use to specified purposes and delete data in accordance with applicable law and policy. We provide multiple avenues for data subjects to contact us in the event they have questions or concerns about their data privacy. Contracts include privacy and data protection provisions for vendors and other service providers.

Training and Awareness: Employees, including part-time staff with system access, receive cybersecurity and data privacy training during onboarding and at regular intervals thereafter. Completion of required training is monitored to promote enterprise-wide accountability. Role-specific ad hoc training is provided as needed, with additional training for employees who handle sensitive data. Expectations for data privacy and security extend to contractors, who may also receive targeted training based on level of access and responsibilities. Monthly phishing simulations of increasing complexity, together with role-specific monthly privacy "town halls" for product owners, support ongoing awareness for employees. Results are evaluated to inform targeted awareness initiatives and continuous improvement efforts.

Cybersecurity Incident Response: We maintain a comprehensive Cybersecurity Incident Response (CSIR) Plan, designed to manage and mitigate the impact of potential security incidents through a transparent, standardized, and organized process. The plan consists of seven distinct phases and clearly defines the roles and responsibilities of internal and external parties involved in incident response and remediation. It includes protocols for communication planning, legal coordination, and applicable notification processes — including regulatory and SEC reporting obligations. Materiality assessments are conducted in accordance with applicable regulatory standards to determine disclosure and reporting requirements. Following any incident, internal stakeholders are required to document and implement corrective actions to address root causes and enhance future resilience. Significant incidents are escalated to executive leadership and, where appropriate, to the Board's Audit Committee. To ensure continued readiness, WBD conducts annual tabletop exercises both internally and in collaboration with key external vendors, helping to validate response procedures and identify areas for improvement. Insights from exercises and real-world events are incorporated into updates to policies, procedures, and controls.

Responsible AI

We recognize that artificial intelligence (AI) will significantly impact our society and our industry, presenting both opportunities and risks. At WBD, we view AI as a tool for growth and innovation and are committed to learning about and exploring its potential. Current initiatives include use and experimentation in advertising and captioning solutions, with additional applications to enhance productivity and effectiveness.

no title

Managing AI

Creative industries have always been at the forefront of embracing and using new technologies to heighten storytelling and deepen audience connections. As we explore opportunities to use AI in production and across our business, we will continue this tradition of respecting the irreplaceable contributions of human creativity while also ensuring we benefit from the potential enhancements AI can offer.

We are committed to properly vetting use cases, staying abreast of regulatory developments, and making decisions that are thoughtful, responsible, ethical, and legally compliant. Our approach is grounded in a risk-based governance framework designed to support innovation while managing potential legal, operational, cybersecurity, and reputational risks. This includes:

Board-level oversight of significant AI-related risks and developments, including evolving regulatory expectations and enterprise-wide AI use cases. A C-level AI and Data Steering Committee to oversee our use of AI and the development of responsible AI protocols including review of higher-risk AI applications and alignment with data governance standards.
Evaluating potential cybersecurity, data privacy and data protection, intellectual property, and compliance risks associated with AI-enabled technologies.
Guiding principles for our adoption and use of AI as part of a risk-based framework that enables us to identify the risks of proposed uses of generative AI including considerations related to transparency, accountability, fairness, and human oversight.
A cross-functional review process to evaluate proposed AI use cases and support consistent application of governance standards and risk-based safeguards.
Training courses on AI compliance and the use of AI for employees with role-based training tailored to employee responsibilities and level of AI engagement.

Political Spending Engagement in Public Policy Matters

We recognize that many federal, state, and local public policy decisions may affect our business, and we believe that constructively engaging with these issues is in the best interest of the Company and our stockholders.

Our U.S. political activities comply with applicable laws and reporting requirements and with our Company’s policies and principles. Political activities are carried out in the interests of the Company without regard to the private political preferences of our Board or executive team.

Our Board is committed to ensuring transparency and accountability. The Board's Nominating and Corporate Governance Committee reviews our policies and processes related to political activities and recommends revisions and enhancements.

Political Contributions and Expenditures: WBD does not contribute corporate funds to federal candidates. Any contribution by a WBD officer, director, or employee to such candidates must be made solely in a personal capacity and will not be reimbursed by WBD or anyone else. Where legally permitted, WBD may contribute corporate funds to "527 organizations" and to state and local candidates, political parties, committees, and ballot measures. Such contributions must receive prior written approval of the Executive Vice President of Public Policy and Corporate/Government Affairs. Any single contribution above $1,000 must receive prior written approval from the Chief Legal Officer. All corporate contributions are made based on corporate objectives and public policy priorities and not on the basis of the partisan affiliation of the candidate or organization. Information on the Company's corporate political contribution activity for the period from January 1, 2025 through December 31, 2025 is available here. WBD currently does not use corporate funds to sponsor direct independent expenditures or other advertisements related to candidates, political parties, and ballot measures.
Political Action Committee: In accordance with regulations of the U.S. Federal Election Commission ("FEC"), we maintain a federal political action committee called the Discovery Communications, LLC PAC (the "WBD PAC") that accepts voluntary contributions from eligible employees and, in turn, makes contributions to federal candidates and committees. Outgoing contributions made by the WBD PAC are generally split approximately evenly between the two major political parties over the course of an election cycle and are otherwise allocated based on our Company's objectives and policy priorities. Details on contributions made by the WBD PAC can be found on the FEC website.
Trade Associations: WBD belongs to a number of U.S. trade associations for various business-related reasons, such as networking with peer firms and helping develop industry best practices. While the Company pays membership dues, we do not control how such dues are spent, and we may not agree with the position or decision taken by a trade association on a given matter. Information on our 2025 trade association memberships is available here.
Lobbying Activity: The Company may employ and/or retain lobbyists to address issues of interest to the Company. These lobbying activities are conducted in compliance with all legal requirements. We report our lobbying activity related to the federal government of the United States, as required by law, to the Secretary of the Senate and to the Office of the Clerk of the House of Representatives. These reports are available on the websites of those entities. We also disclose state-and local-level lobbying activities to the relevant agencies.
Related Policies: The Company operates under several other policies, which may be related to or applied to political activity in certain circumstances. These include our Code of Ethics, Anti-Bribery Anti-Corruption Policy, Travel and Business Expense Policy, Gifts and Entertainment Policy, among others.