CHARTER OF THE RISK OVERSIGHT COMMITTEE
OF THE BOARD OF DIRECTORS OF
Luna Innovations Inc.

The Risk Oversight Committee (the “Committee”) of the Board of Directors (the “Board”) of Luna Innovations Inc. (the “Company”) is responsible for providing assistance to the Board in fulfilling its oversight responsibilities with respect to the risk management, compliance and operational control activities of the Company.

1. PURPOSE

Specifically, the Committee shall assist the Board by monitoring:

1. management’s identification and evaluation of overall enterprise risk (including, without limitation, major strategic, operational, regulatory, information and external risks inherent in the Company’s business);

2. the integrity of the Company’s systems of operational controls regarding legal and regulatory compliance;

3. management’s implementation of the Company’s environmental, social and governance program, including initiatives related to diversity, equity and inclusion; and

4. the Company’s processes for enterprise risk management and mitigation.

Risk management and mitigation are the responsibility of the Company’s management. The Board’s, and by extension the Committee’s, role is one of oversight; in fulfilling that role, the Board and Committee rely on reports and reviews provided by management. Other Board committees have oversight over specific areas of risk, and the Committee will collaborate with those other committees to assist in their oversight and reviews of the Company’s risks that have been specifically delegated to them.

2. COMPOSITION

The Committee shall be comprised of at least three directors, each of whom has been determined by the Board to be “independent” in accordance with the rules of NASDAQ.  The members of the Committee shall be appointed by the Board and continue to be members until their successors are elected and qualified or until their earlier resignation or removal.  Any member of the Committee may be removed, with or without cause, by the Board at any time.

The Board may appoint one member to be the Chairman, who shall chair all regular sessions of the Committee and set the agendas for Committee meetings.  If the Board fails to appoint a Chairman, the members of the Committee shall elect a Chairman by majority vote of the full Committee.

The Committee may form and delegate any of its responsibilities to a subcommittee so long as such subcommittee is solely comprised of members of the Committee and a charter of such subcommittee is approved by the Committee.  The requirements for action by a subcommittee shall, except as otherwise provided by act of the Committee, be the same as applicable to the Committee. 

3. MEETINGS

The Committee shall meet at least quarterly and may meet more frequently as the Committee deems appropriate. Any member of the Committee may call a special meeting of the Committee by notice given to all members.  Notice of meetings shall be given at least 48 hours in advance, provided that, if exigencies of the circumstances pertaining to the matters to be addressed warrant, any lesser notice reasonable under the circumstances shall be sufficient.  No notice of a regularly scheduled meeting shall be required.  Notice may be waived by any member as permitted by law.  Meetings of the Committee may be held telephonically or by other means of communication, provided that each member present may hear and communicate with each other member present.  A majority of the members of the Committee shall constitute a quorum sufficient for the taking of any action by the Committee.  The Committee shall act by vote of a majority of the members of the Committee present (assuming a quorum is present).

4. RESPONSIBILITIES AND AUTHORITY

The responsibilities of the Committee are set forth below. In fulfilling its responsibilities, the Committee is empowered to investigate any matter brought to its attention.  The Committee has the power to retain outside counsel or other advisors for this purpose and will receive adequate funding from the Company to engage such advisors. 

1. Evaluate the Company’s risk exposure and tolerance;
2. Review and evaluate significant risk exposures and the steps management has taken to monitor, control or mitigate, and report such exposures;
3. Review and evaluate the adequacy of the Company’s policies and procedures with respect to risk identification, assessment, control and mitigation;
4. Review and recommend to the Board appropriate corporate environmental, social, and governance (“ESG”) policies developed by management, including policies related to diversity, equity, and inclusion (“DEI”); once adopted, review annually with management and make recommendations to the Board for updates as appropriate;
5. Monitor and advise, in consultation with other committees as necessary, the Board on ESG-related public policy initiatives, including those related to DEI. 
6. Monitor corporate compliance with ESG policies.
7. Review significant reports or findings by regulatory agencies or others relating to risk issues, and assess management’s response;
8. Review the Company’s risk disclosures in all filings with the Securities and Exchange Commission;
9. Together with the Audit Committee, review, assess and discuss with the chief legal officer, the principal financial officer, and the head of internal audit:
   1. Any significant risks or exposures;
   2. Steps taken by management to minimize such risks or exposures; and
   3. The Company’s underlying policies with respect to risk assessment and risk management.
10. Meet with the Compensation Committee, at least annually, to confirm that compensation and incentive pay structures do not encourage unnecessary risk taking and to review and discuss the relationship between risk management policies and practices, corporate strategy and senior executive compensation;
11. As necessary, and at least annually, meet with other Board committees that have oversight over specifically identified risks to review and discuss the identification, monitoring, control, and mitigation of such risks and the potential impact they have on overall enterprise risk management.
12. Report regularly to the Board following each meeting, which reports shall include any recommendations the Committee deems appropriate.  The report to the Board may be an oral report and may be made at any meeting of the Board. 
13. Maintain minutes or other records of meetings and activities of the Committee. 
14. Adopt such additional policies and perform such other activities consistent with this Charter, the Company’s Certificate of Incorporation, the Company’s Bylaws and governing law, as the Committee or the Board deems necessary or appropriate. 

5. ANNUAL SELF-EVALUATION

The Committee shall conduct an annual self-evaluation of the performance of the Committee, including its effectiveness and compliance with this Charter.  In addition, the Committee shall annually review and reassess the adequacy of this Charter and recommend to the Board any improvements to this Charter that the Committee considers necessary or valuable.