Technology and Cybersecurity Committee

April 29, 2020

BE IT RESOLVED that, effective April 29, 2020, a Technology and Cybersecurity Committee of the Board of Directors hereby is established to consist of at least three directors, appointed by and serving at the pleasure of the Board of Directors, one of whom shall be appointed by this Board of Directors as the Committee’s chair;

BE IT FURTHER RESOLVED that the basic responsibility of the Technology and Cybersecurity Committee shall be to advise and assist this Board and the Board of Directors of Pacific Gas and Electric Company in fulfilling their fiduciary responsibilities with respect to the oversight and review of (i) risks and opportunities in the utility industry and adjacent industries arising from emerging or competing technologies, (ii) technologies and innovations deployed or contemplated to be deployed by the PG&E Corporation, Pacific Gas and Electric Company, and their subsidiaries (together, the "companies"), and (iii) cybersecurity and information technology programs and issues. More specifically, the Technology and Cybersecurity Committee shall:

  1. Review management, Committee member, and/or third party presentations regarding significant emerging and competing technologies relevant to the companies, the companies' industry and adjacent industries;
  2. Review the companies' strategic direction and planning for technology and innovation, including the financial, strategic and customer- and community- related risks and benefits of proposed significant technology-related projects and initiatives;
  3. Review the risks and opportunities of new technology in which the companies are investing;
  4. Assist the Safety and Nuclear Oversight Committee in implementing technology to mitigate safety risk;
  5. Monitor overall trends in the deployment of technologies in the utility industry;
  6. Review the companies' cybersecurity policies, controls and procedures, including: (a) the companies' procedures to identify and assess internal and external cybersecurity risks, (b) the companies' controls to protect from cyberattacks, unauthorized access or other malicious acts and risks, (c) the companies' procedures to detect, respond to, mitigate negative effects from and recover from cybersecurity attacks, and (d) the companies' controls and procedures for fulfilling applicable regulatory reporting and disclosure obligations related to cybersecurity risks, costs and incidents;
  7. The Committee may, in its discretion, request the assistance or input of senior management in connection with the Committee's review of any matter pursuant to sections (1) through (6) above;
  8. Regularly report on its meetings, actions and recommendations to the Board or as otherwise requested by the Board; and
  9. Review its performance and this Charter from time to time and recommend any proposed Charter changes to the Board.

BE IT FURTHER RESOLVED that the Technology and Cybersecurity Committee shall fix its own time and place of meetings and shall, by a majority vote of its members, and subject to the California Corporations Code and this corporation's Articles of Incorporation and Bylaws, prescribe its own rules of procedure; and

BE IT FURTHER RESOLVED that the Technology and Cybersecurity Committee shall (i) report regularly to the Boards of Directors on the Committee's deliberations and actions taken, and, (ii) with respect to compliance oversight and related matters, report periodically to the Audit Committees; and

BE IT FURTHER RESOLVED that the Technology and Cybersecurity Committee shall have the right to retain or utilize, at this corporation's expense, the services of such firms or persons as the Committee deems necessary or desirable to assist it in exercising its duties and responsibilities; and

BE IT FURTHER RESOLVED that, unless otherwise designated by the Committee, the Corporate Secretary of this corporation, or an Assistant Corporate Secretary, shall serve as secretary to the Technology and Cybersecurity Committee.