Corporate Governance

Overview
U. S. Steel is committed to maintaining the highest standards of corporate governance, ethical conduct and transparency, which we believe are essential for sustained success and long-term stockholder value. We were the first company to hold an annual meeting of stockholders and to publish an annual report.

We believe that a foundation of good corporate governance promotes the long term interests of all our stakeholders and helps build public trust in the Company. Our corporate governance program is described in detail in our 2025 Proxy Statement.

The Board of Directors (Board) monitors and guides the Company’s environmental, social and governance (ESG) practices, reporting metrics and performance; retains overall oversight of sustainability, risk and strategic direction.
Risk Management at U. S. Steel
Each year, U. S. Steel conducts an Enterprise Risk Management (ERM) risk survey for managers to weigh in on the perceived impact, likelihood and velocity of key risks. Survey results form the basis for our annual risk prioritization. In 2024, 95 managers across the organization ranked critical risks. We are currently tracking 23 critical risks, divided into two tiers. In addition, safety and environmental risks are always in the top tier, given their overriding significance to our business. Owners are assigned to all risks to ensure accountability, and they prepare action plans for all top-tier risks. 
 
In 2023, we published our refreshed TCFD Report. 
 
In 2024, we completed our first assessment of nature-related risks, and our inaugural TNFD Report was published in July 2025.  

Sustainability Oversight

In addition, we have an Executive Sustainability Committee, which is composed of C-suite executives and other leaders and meets quarterly. The members oversee segments of our business relevant to ESG, including Sustainability, Strategy, Finance/Risk, Environmental Affairs, Compliance/Legal, Procurement, Operations, Corporate Governance, Government Affairs, Human Resources and Communications/Public Affairs.

This committee is responsible for setting and communicating sustainability metrics, goals and performance, as well as coordinating internal and external sustainability-related communications, such as this annual Sustainability Report, our Task Force on Climate-related Financial Disclosures (TCFD) Report, our Taskforce on Nature-related Financial Disclosures (TNFD) Report and our Climate Strategy Report. Moreover, we have set up subject-specific task forces that work on goal implementation and other sustainability initiatives.

Information Security Risk

U. S. Steel maintains robust processes for assessing, identifying and managing material risks from cybersecurity threats. Our cybersecurity program is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and the risk of cybersecurity threats is integrated into our ERM program. Each quarter, the cybersecurity threat risk action plan is reviewed to provide the status on specific risk mitigation actions and to identify potential new threats. U. S. Steel works closely with our internal and external auditors to assess, plan for, prevent and mitigate potential cybersecurity risks. 
 
We maintain a Cybersecurity Incident Response Plan (CSIRP), which establishes an organizational framework and guidelines intended to facilitate an effective response and handling of cybersecurity incidents that could jeopardize the availability, integrity or confidentiality of U. S. Steel’s assets. The CSIRP outlines roles and responsibilities, criteria for measuring the severity of a cybersecurity incident and an escalation framework. Our Information Security team places a special emphasis on raising awareness of phishing attacks, running phishing exercises at least monthly and tracking awareness of phishing-related incidents as a metric. Special training and education events take place throughout the year, including during Cybersecurity Awareness Month.