leaving a positive legacy for our world Our General Counsel, Chief Risk & Compliance Officer is the executive sponsor of our ESG program and works with a cross-functional team of experts, including representatives from: Human Resources Growth and Development/Energy Management Supply Chain and Procurement Merchandising Store Operations Finance and Accounting Marketing Legal, Risk and Governance This team drives ESG strategy across the four pillars and governance. In addition, we have many other associates across the company who are passionate about ESG and contribute in different ways and we welcome feedback from the investor community as well. Corporate Strategy Board oversight Ulta Beauty’s Board of Directors and Executive Team have overall oversight and accountability for ESG within the organization. The Board has three committees, each of which touches ESG issues in its own way: The Nominating & Corporate Governance Committee is responsible for developing a diverse Board, and periodically reviews company policies, practices and risks regarding ESG, including risk oversight by each committee as well as the full Board. The Compensation Committee oversees human capital risks and periodically reviews the company’s diversity, equity and inclusion (DEI) policies and practices. The Audit Committee discusses policies and practices related to cyber risks including information security and also oversees enterprise risk assessments and risk management. In addition to the oversight our committees provide, our Board provides oversight of environmental and climate risks as part of its oversight of our business operations and impact. Our Board discusses and provides guidance on ESG topics multiple times throughout the year. On a quarterly, biannual or annual basis, as appropriate, the Board reviews topics including: o Cybersecurity and technology scorecard o DEI and other human capital statistics o Updates on DEI policies and practices o Updates on Board diversity and Board succession planning o Updates on leadership succession planning o Comprehensive ESG program updates including all pillars o Comprehensive cybersecurity updates o IR shareholder engagement updates (also reported quarterly on ESG Dashboard) o Review of ESG Report o Enterprise Risk Assessment and risk policy updates including insurance o Ethics and compliance update Environment Product People Supplemental Data Community 2021 ESG Report 7 Introduction