Exhibit 99.1

2022 report of the Brazilian corporate goverance code itau unibanco holding sa july/2022

1.1.1 The company’s capital stock should be comprised of common shares only. Partially Not Compliant N/A Compliant Compliant Our bylaws provide for two types of shares, common (ON) and preferred (PN) shares, both book-entry, with no par value and in a single class. Each common share entitles its holder to one vote at General Meetings. Preferred shares do not grant voting rights, except in specific cases legally provided for, and give their holders priority on the receipt of non-cumulative minimum annual dividends of R$ 0.022 per share, adjusted in the event of a stock split or reverse stock split, and also the right, in the event of a disposal of control, to be included in a public offering for the acquisition of shares, in order to assure a price equal to 80% of the amount paid per voting share as part of the controlling stockholders, ensuring dividends at least equal to those of common shares. Preferred shares are a legitimate instrument, set forth by law, and their issue has no bearing on the quality of our management, corporate governance level, performance or returns to our Stockholders. Since our incorporation, our controlling Stockholders believe that our capital structure satisfactorily meets our purposes. The Bylaws are available on our investor relations website: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies Bylaws. 1.2.1 Shareholders’ agreements should not bind the exercise of voting rights of any members of management or supervisory and control bodies. Partially Not Compliant N/A Compliant Compliant Given the merger between Itaú and Unibanco, in 2009, regulation through a Shareholders’ Agreement was necessary, including binding the exercise of the voting rights of members of the Board of Directors. We believe that the definition and regulation of stockholding control, as reflected in the Shareholders’ Agreement, is a positive for the smooth running of the business, and does not harm the interests of investors and Company itself, mainly considering: (i) the fiduciary duty of all management members, who should always vote in the best interests of the Company; (ii) the existence of a highly professional management with broad technical expertise; (iii) the significant number of independent members of the Board of Directors, currently representing 41.6% of the total members; and (iv) the existence of rigorous mechanisms, strictly applied by the Company, to prevent conflicts of interest arising in practice. Our Shareholders’ Agreement of IUPAR does not bind the voting rights of any member of the Company’s inspection and control bodies. The Shareholders’ Agreement is available on our investor relations website: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies Others. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 2

1.3.1 The executive board must use stockholders’ general meetings to communicate the conduct of the Company’s business, and management should publish an agenda in advance in order to facilitate and encourage attendance at stockholders’ general meetings. Partially Not Compliant N/A Compliant Compliant We disclosed the Ordinary General Stockholders’ Meeting Manual a month prior its completion, detailing all matters to be resolved and encouraging the attendance of our stockholders via Investor Relations website, email marketing for mailing base and announcement to the market. Since the beginning of the pandemic in COVID-19, we did not make a presentation during the General Meeting to communicate the conduct of our business Nevertheless, the General Stockholders’ Meeting Manual, made available 30 days prior to the event, includes the full text of item 10 of the Reference Form, which details the Executive Officers’ Comments regarding our business. Additionally, in the second half of the year we will hold a public meeting with analysts, where we will bring together our executives to talk about the challenges and strategies of the conglomerate. 1.3.2 Minutes should provide a full understanding of the discussions held at meetings, even if in the form of a summary, and should identify the votes cast by stockholders. Partially Not Compliant N/A Compliant Compliant 1.4.1 The board of directors should conduct a critical analysis of the advantages and disadvantages of the defense measures and its characteristics, especially triggers and price parameters, if applicable, providing relevant explanations. Partially Not Compliant N/A Compliant Compliant 1.4.2 Provisions that prevent the removal of this measure from the bylaws, or so-called “Eternity Clause”, must not be used. Partially Not Compliant N/A Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 3

1.4.3 If the bylaws provide for a tender offer whenever a stockholder or group of stockholders directly or indirectly attains a significant interest in the voting capital, the rule for determining the offer price should not impose additional premiums substantially greater than the shares’ economic or market value. Partially Not Compliant N/A Compliant Compliant 1.5.1 THE COMPANY’S BYLAWS SHOULD ESTABLISH THAT: (I) Transactions involving a direct or indirect disposal of stockholding control should be followed by a tender offer to all stockholders, at the same price and in the same conditions obtained by the selling stockholder; (II) Management should state an opinion on the terms and conditions of corporate reorganizations, capital increases and other transactions leading to a change of control, and state whether these ensure fair and equitable treatment for the company’s stockholders. Partially Not Compliant N/A Compliant Compliant (I) The Brazilian Corporate Law provides for tag along rights of 80% for minority holders of common shares in the case of a disposal of stockholding control. The Company extends the same 80% tag along rights to preferred Stockholders. For this reason, the Company is listed on the ITAG – Special Tag Along Stock Index of B3 – Bolsa, Brasil, Balcăo S.A. (“B3”). (II) With respect to the opinion expressed by management members about possible corporate reorganizations, the Company understands that management may always express its opinion regardless of statutory provisions. 1.6.1 The bylaws should provide that the board of directors should issue an opinion on any tender offer related to shares and securities convertible into or exchangeable for shares issued by the company, and this should include, among other relevant information, the opinion of the board of directors on the possible acceptance of the tender offer and the company’s economic value. Partially Not Compliant N/A Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 4

1.7.1 The company should prepare and disclose a policy on appropriation of earnings defined by the board of directors. Among other matters, this policy should provide for the frequency of dividend payouts and the reference parameters to be used to define the related amounts (such as percentages of adjusted net income and free cash flow). Partially Not Compliant N/A Compliant Compliant 1.8.1 The bylaws should clearly and accurately identify the public interest that has justified the creation of the mixed-capital company in a specific chapter. Partially Not Compliant N/A Compliant Compliant 1.8.2 The board of directors should monitor the company’s activities and establish policies, mechanisms, and internal controls to verify any costs of serving the public interest and any refunds to the company or other stockholders and investors by the controlling stockholder. Partially Not Compliant N/A Compliant Compliant 2.1.1 WITHOUT PREJUDICE TO OTHER LEGAL OR STATUTORY POWERS AND OTHER PRACTICES SET FORTH IN THIS CODE, THE BOARD OF DIRECTORS SHOULD: (I) Define business strategies, taking into account the impacts of the company’s activities on society and the environment, aimed at the continuity of the company and the creation of long-term value; (II) Periodically assess the company’s risk exposure and the effectiveness of its risk management systems, internal controls, and compliance system, and approve a risk management policy in line with these business strategies; (III) Define the company’s values and ethical principles and ensure the company’s transparency in its relationship with all stakeholders; Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 5

(IV) Annually revise the corporate governance system to improve it. Partially Not Compliant N/A Compliant Compliant (I) We have incorporated sustainability into our corporate strategy through a governance structure which is integrated with our business. The Board of Directors annually guides, monitors, approves and proposes improvements to the sustainability strategy and policy, based on a long-term vision. Every six months, the Executive Committee discusses how sustainability trends are integrated into our business, as well as promoting and disseminating this information throughout the organization, monitoring corporate sustainability indicators and projects and ensuring compliance with any voluntary agreements signed. On May 26, 2022, the Board of Directors approved the change in the Internal Charter of the Social Responsibility Committee, which became the Social, Environmental and Climate Responsibility Committee, adding discussions on social, environmental and climate issues to be observed in the conduct of our business, as well as in its relationship with stakeholders. (II) We have a risk management structure aimed at: (i) identifying risks; (ii) analyzing materiality; (iii) measuring risks; (iv) responding to risks; (v) monitoring risks; and (vi) communicating and reporting. In addition, we have a defined governance process for policy reviews applicable to Brazil and to our international units. Policies mostly define institutional guidelines, methodologies and processes, address regulatory requirements and best market practice. We have internal policies that provides guidelines and establish risk management governance, as follow: Capital Management, Credit Risk Management and Control, Integrated Management of Operational Risk, Internal Controls and Compliance, Liquidity Risk Management and Control, Market Risk Management and Control and Compliance Policy. The Risk and Capital Management Committee (CGRC) is responsible for supporting the Board of Directors in carrying out its risk and capital management activities. The Company’s Risk Management Policies are annually revised and approved by the Board of Directors, and are available on our investor relations website: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies Reports. (III) Our Code of Ethics is approved by the Board of Directors and aimed at guiding, preventing and resolving questions and ethical dilemmas and conflicts of interest related to our activities, and preserving transparency, respect and honesty in our relationships with all the stakeholders. The Code of Ethics is divided into four strategic pillars: “Our corporate identity”, “How we interact with our stakeholders”, “Bona fides and our professional attitude” and “How we manage conflicts of interest”. These principles inspire our behaviors and our actions, as well as corporate rules, which guide our integrity and ethic in operations, in order to establish effective links with ours stakeholders, ensuring the quality of our products and services, assessing the environmental and social impacts of the our activities and adopting practices that contribute to the creation of shared value. The Corporate Conduct, Integrity, and Ethics Policy complements the Code of Ethics, establishing a series of procedures aimed at ensuring the dissemination of ethical behaviors and the adoption of proper conduct by all administrators and employees of Itaú Unibanco. We also have a Supplier Relationship Code, in addition to being applied to all management members and employees of Itaú Unibanco, also applies to direct and indirect suppliers. The adoption of these practices is monitored based on the governance established in the Integrity and Ethics Corporate Program. The Code of Ethics, as well as the Corporate Conduct, Integrity, and Ethics Policy, are available on our investor relations website: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies Code of Ethics and Conduct. The Supplier Relationship Code is available at: www.itau.com.br/investor-relations Menu Itaú Unibanco Integrity and Ethics Code of Ethics and Policies. The adoption of all these practices is monitored in accordance with the governance established in the Itaú Unibanco Integrity and Ethics Program, which is described on our Integrity and Ethics page through the link: https://www.itau.com.br/relacoes- com-investors/integrity/ (IV) Our Nomination and Corporate Governance Committee is responsible for supporting the Board of Directors in promoting and supervising discussions related to Corporate Governance. These discussions are periodically updated, formalized and reflected in the Corporate Governance Policy which is approved annually by the Board of Directors. The Committee’s duties include: analyzing and issuing opinions on possible conflicts of interest between the members of the Board of Directors and the companies of the Conglomerate; providing methodological and procedural support for evaluations by the Board of Directors, members, committees and Chief Executive Officer, and discussing the succession of members of the Board of Directors and the Chief Executive Officer, as well as making recommendations on these matters. The Capital and Risk Management Committee has its own internal charter, approved by the Board of Directors and available on our Investor Relations website, along with the Corporate Governance Policy: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 6

2.2.1 THE BYLAWS SHOULD ESTABLISH THAT: (I) The Board of Directors should be composed of a majority of external members, with at least one third being independent members; (II) The Board of Directors should annually assess and disclose the independent members of the Board of Directors, and indicate and justify any circumstances that might compromise their independence. Partially Not Compliant N/A Compliant Compliant 2.2.2 THE BOARD OF DIRECTORS SHOULD APPROVE A NOMINATION POLICY THAT ESTABLISHES: (I) The nomination process for the members of the Board of Directors, including indicating the participation of other corporate bodies of the company in the process; (II) That the Board of Directors should be composed taking into account the availability of its members for the exercise of their duties and the diversity of knowledge, experience, conduct, cultural aspects, age and gender. Partially Not Compliant N/A Compliant Compliant Our Policy for Nominating Management Members sets forth the processes for nominating members for the Board of Directors, its committees and the Executive Board, including the involvement of the Nomination and Corporate Governance Committee in these processes. This Policy also establishes that the nomination process should consider people with different characteristics and profiles, aiming at the complementarity of competencies and diversity, such as gender, race and age criteria, among others The policy is available on our Investor Relations website: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies Policies. 2.3.1 The CEO should not also simultaneously hold the position of Chairman of the Board of Directors. Partially Not Compliant N/A Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 7

2.4.1 The company should implement an annual performance evaluation process for the Board of Directors and its committees and joint committees, and for the chairman and board members, individually considered, and the governance department, if any. Partially Not Compliant N/A Compliant Compliant In accordance with the Internal Charter of the Board of Directors, the evaluation of the Board of Directors itself, its members and Chairman or Co-Chairmen, the related Committees and the Secretariat of the Body is held annually, in accordance with corporate governance best practice. The reelection of members of the Board of Directors and Committees takes into account their positive performance and level of attendance at meetings during their previous term, as well as their experience and level of independence. The evaluation process comprises the following steps: self-evaluation and cross-evaluation of the members of the Board of Directors (members evaluate one another), evaluation of the Board itself by its members, evaluation of the Chairman or Co-chairmen by their Board members, evaluation of the Committees by their members and evaluation of the Secretariat of the Board of Directors by their members. This evaluation is conducted by an independent person, responsible for issuing specific questionnaires to the Board of Directors and to each Committee, as well as for interviewing each of the members of the Board of Directors and the Committees individually. The responses are then analyzed to identify and address possible gaps related to the Board of Directors, the Committees and the Secretariat of the Board of Directors that may be identified by this process, such as deadlines for receiving materials and defining the Board of Directors’ agenda. The Nomination and Corporate Governance Committee provides methodological and procedural support to the evaluation process. This Committee also discusses the evaluation results, as well as the composition and succession plan for the Board of Directors. The Internal Charter of the Board of Directors is available on our Investor Relations website: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies Rules. 2.5.1 The Board of Directors should approve and continuously update a succession plan for the CEO, the preparation of which should be coordinated by the chairman of the Board of Directors. Partially Not Compliant N/A Compliant Compliant Our Succession Policy is approved by the Board of Directors, having been updated on May 26, 2022. In addition to issues related to the succession of our managers, including the CEO, it also addresses recruitment, retention and training matters. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 8

2.6.1 The Company should have an integration program for new members of the Board of Directors, structured in advance, so that such members are introduced to the company’s key people and facilities that address topics which are key to understanding the company’s business. Partially Not Compliant N/A Compliant Compliant To integrate new members into the Board of Directors, the Company carries out an induction program to ensure that these members are introduced to key people and get to know our executive departments, for example, through presentations by executives addressing various areas of expertise, as well as their main challenges. 2.7.1 The compensation of the members of the Board of Directors should be proportional to their duties, responsibilities and time demands. Compensation should not be based on meeting attendance, and any variable compensation of the members of the board should not be bound to short-term results. Partially Not Compliant N/A Compliant Compliant 2.8.1 THE BOARD OF DIRECTORS SHOULD HAVE AN INTERNAL CHARTER THAT SETS FORTH ITS RESPONSIBILITIES, DUTIES AND RULES OF OPERATION, INCLUDING: (I) The duties of the chairman of the Board of Directors; (II) Rules for replacing the chairman of the Board of Directors in the event of absence or vacancy; (III) Measures to be adopted in the event of conflicts of interest; (IV) Definition of a deadline with enough time in advance to receive materials for discussion at meetings, in appropriate detail. Partially Not Compliant N/A Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 9

2.9.1 The Board of Directors should establish an annual calendar with the dates of ordinary meetings, which should not be fewer than six or more than twelve, in addition to calling extraordinary meetings, whenever necessary. this calendar should set forth an annual thematic agenda with relevant issues and dates for discussion. Partially Not Compliant N/A Compliant Compliant 2.9.2 The meetings of the Board of Directors should provide for regular exclusive sessions for external board members, without the presence of the executives and other guests, for the alignment of external board members and discussion of topics that may cause embarrassment. Partially Not Compliant N/A Compliant Compliant 2.9.3 The minutes of the meetings of the Board of Directors should be clearly drafted and include the decisions made, the names of attendees, any dissenting votes and abstentions. Partially Not Compliant N/A Compliant Compliant The Internal Charter of the Company’s Board of Directors expressly establishes in item 6.8 that the minutes of meetings should be clearly drafted and include the decisions made, the names of the attendees, any dissenting votes and abstentions. The Internal Charter of the Board of Directors is available on our Investor Relations website: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies Rules. 3.1.1 WITHOUT PREJUDICE TO ITS LEGAL AND STATUTORY POWERS AND TO THE OTHER PRACTICES SET FORTH IN THIS CODE, THE EXECUTIVE BOARD SHOULD: (I) Follow the risk management policy and, whenever necessary, propose to the Board of Directors any necessary revisions to this policy, in view of changes to the risks to which the company is exposed; Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 10

(II) Implement and maintain effective mechanisms, processes and programs to monitor and disclose the financial and operating performance and the impacts of the company’s activities on society and the environment. Partially Not Compliant N/A Compliant Compliant 3.1.2 The Executive Board should have a dedicated charter establishing its structure, operation and roles and responsibilities. Partially Not Compliant N/A Compliant Compliant 3.2.1 No executive or management positions should be reserved for direct appointment by stockholders. Partially Not Compliant N/A Compliant Compliant 3.3.1 The CEO should be evaluated, on an annual basis, in a formal process conducted by the Board of Directors, based on their achievement of the financial and non-financial performance goals established for the Company by the Board of Directors. Partially Not Compliant N/A Compliant Compliant Our CEO is annually evaluated based on the verification of achievement of financial and non-financial performance targets. The evaluation of the CEO by the Board of Directors was included in the Minutes of Meeting held on December 10, 2021. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 11

3.3.2 The results of the evaluation of other officers, including the CEO’s proposed goals to be agreed and whether the executives should remain in their positions, be promoted or dismissed, should be submitted to, reviewed, discussed and approved by the Board of Directors. Partially Not Compliant N/A Compliant Compliant The other officers are evaluated annually based on the verification of achievement of financial and non-financial performance targets. The evaluation of our Executive Board, is annually discussed by the Personnel Committee and reported to the Board of Directors. 3.4.1 The compensation of the executive board should be defined through a compensation policy approved by the Board of Directors based on a formal and transparent procedure that takes into account the costs and risks involved. Partially Not Compliant N/A Compliant Compliant See explanation of item 3.4.3. 3.4.2 The compensation of the executive board should be bound to results, with medium and long-term goals clearly and objectively related to the creation of long-term economic value for the company. Partially Not Compliant N/A Compliant Compliant See explanation of item 3.4.3. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 12

3.4.3 The incentive structure should be in line with the risk limits established by the Board of Directors and bar a single person from controlling the decision-making process and its respective inspection. Nobody should decide on their own compensation. Partially Not Compliant N/A Compliant Compliant Our Management Members’ Compensation Policy aims to attract, retain and reward meritocratically the work performed by the management members, in addition to encouraging them to conduct our business in a sustainable way, within appropriate risk limits, and always in line with the interests of our stockholders and the culture of the organization. Our compensation policy takes into account market practices, our strategy and appropriate risk management over time so as not to encourage behaviors that could increase the risk exposure above levels considered prudent. The governance structure that defines the compensation comprises clear and transparent processes. Accordingly, to achieve the aforementioned objectives, and with the aim of adopting the best governance practices in Brazil and abroad, as well as ensuring the balance of risk management practices, we have a statutory Compensation Committee reporting to the Board of Directors, whose main duties in according to your Internal Charter, are: (i) setting the compensation policy for the Company’s management, by proposing to the Board of Directors the many forms of fixed and variable compensation, in addition to benefits and special recruitment and termination programs; (ii) discussing, analyzing and overseeing the implementation and operation of the compensation models in place for the Itaú Unibanco Conglomerate, discussing the general principles of the employee compensation policy and recommending any corrections or improvements to the Board of Directors; (iii) proposing to the Board of Directors the aggregate compensation amount for management members to be submitted to the Annual General Stockholders’ Meeting; and (iv) preparing the “Compensation Committee Report” on an annual basis. The Compensation Policy and the Compensation Committee Internal Charter are available on our Investor Relations website: www. itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies. 4.1.1 AMONG OTHER DUTIES, THE STATUTORY AUDIT COMMITTEE SHOULD: (I) Have among its duties to advise the Board of Directors on the monitoring and control of the quality of financial statements, on the internal controls, and on the risk management and compliance; (II) Be made up mostly of independent members coordinated by an independent director; (III) Have at least one independent member with proven experience in all of the following areas: corporate accounting, internal controls, financial and audit, cumulatively; Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 13

(IV) Have its own budget to engage advisors on accounting, legal and other topics, when the opinion of an external expert is required. Partially Not Compliant N/A Compliant Compliant (I) The statutory Audit Committee oversees the quality and completeness of the financial statements, compliance with legal and regulatory requirements, the operation, independence and quality of the work carried out by the independent auditor and the Internal Audit department, and the quality and effectiveness of the internal controls and risk management systems. (II) All members of the Audit Committee are independent, according to Brazilian National Monetary Council (CMN) regulations, and the Board of Directors will terminate the term of office of any member of the Audit Committee if their independence is affected by any actual or potential conflict of interest. Currently, there are no common members on the Company’s Audit Committee and Board of Directors. (III) The Audit Committee members are elected annually by the Board of Directors from among its members or professionals with renowned competence and outstanding knowledge, taking into consideration that at least one of the members of this Committee will be designated as a Financial Expert and must have proven knowledge in accounting and audit. (IV) The Audit Committee Charter sets forth that the Board of Directors shall define the remuneration of the Committee’s members, as well as the budget intended to cover the expenses on its operation, including a forecast of the engagement of external experts to help the Committee comply with its duties. 4.2.1 The Fiscal Council should have a dedicated charter describing its structure, operations, work program, roles and responsibilities, without hindering the performance of its individual members. Partially Not Compliant N/A Compliant Compliant 4.2.2 The minutes of the Fiscal Council meetings should follow the same disclosure rules applicable to the Board of Directors’ minutes. Partially Not Compliant N/A Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 14

4.3.1 The company should establish a policy to engage non-related audit services from its independent auditors, approved by the Board of Directors, to bar the engagement of non-related audit services that might compromise the auditors’ independence. The company should not engage independent auditors who have provided internal audit services to the company for the last three years. Partially Not Compliant N/A Compliant Compliant 4.3.2 The independent audit team should report to the Board of Directors, through the Audit Committee, if applicable. The Audit Committee should monitor the effectiveness of the independent auditors’ work, as well as their independence. It should also assess and discuss the independent auditor’s annual work plan and submit it for appreciation of the Board of Directors. Partially Not Compliant N/A Compliant Compliant 4.4.1 The company should have an internal audit function reporting directly to the Board of Directors. Partially Not Compliant N/A Compliant Compliant The Internal Audit Department is subordinated, at the administrative level, to the Chairman of the Board of Directors, and its activities are supervised by the Audit Committee. The purpose of the Internal Audit Department is to evaluate the activities carried out by the Conglomerate, using audit techniques, allowing management to assess the adequacy of controls, the effectiveness of risk management, the reliability of the financial statements and the compliance with rules and regulations. The Internal Audit Department has an agenda to report to the Governance Meetings held by the Audit Committee, the Executive Committee and the Board of Directors. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 15

4.4.2 If this activity is outsourced, the internal audit services should not be provided by the same firm that audits the financial statements of the company. The company should not hire internal audit services from any independent auditors who have provided internal audit services for the company for the last three years. Partially Not Compliant N/A Compliant Compliant 4.5.1 The company must adopt a risk management policy, approved by the Board of Directors, that includes a definition of the risks for which protection is sought, the instruments used, the organizational structure for risk management, the assessment of the adequacy of the operational structure and internal controls to verify its effectiveness, in addition to defining guidelines to establish acceptable limits for the company’s exposure to these risks. Partially Not Compliant N/A Compliant Compliant See explanation of item 4.5.3. 4.5.2 The board of directors should ensure that the executive board have mechanisms and internal controls to get to know, assess and control risks to keep these risks at levels consistent with the defined limits, including a compliance program aimed at complying with the laws, regulations, and external and internal rules. Partially Not Compliant N/A Compliant Compliant See explanation of item 4.5.3. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 16

4.5.3 The executive board should assess at least once a year the effectiveness of the risk management and internal control policies and systems, as well as the compliance programs, and submit this assessment to the board of directors. Partially Not Compliant N/A Compliant Compliant The Board of Directors is the highest authority with respect to risk management, and is responsible for setting the Company’s risk appetite levels under the risk appetite policy. Under the risk appetite structure, the Company defines a set of measures to capture the key dimensions of major risks, and the process for defining these measures, the limits and the risk appetite requires interactions between executives and the Board of Directors. To help the Board of Directors, the Company established a Risk and Capital Management Committee to submit to the Board of Directors the types of risks to which the Company may be exposed, as well as risk limits and guidelines on the tolerance for risks that may impact the business strategy. The Risk and Capital Management Committee is responsible for supporting the Board of Directors with the performance of its responsibilities related to the Company’s risk and capital management, submitting for the Board’s consideration reports and recommendations on topics such as: approval and review, at least annually, of the policies, strategies and risk and capital management limits; the definition of the Company’s risk appetite, ensuring alignment with the strategy, including acceptable tolerance levels and types of risk to which the Company may be exposed and, finally, the supervision of compliance with the terms of the Company’s risk appetite. At the executive level, risk and capital management is carried out by Senior Committees chaired by the CEO of Itaú Unibanco. Through the commission and committee hierarchy, risks are first discussed at lower levels of authority and, if the level of authority for this topic is higher or the topic is deemed of high importance, it will be submitted to the respective higher level of authority, then discussed with the Board of Directors. Commissions and committees use materials that include recurring and specific risk and capital management reports, including elements relevant to each body, and these materials are also made available to the members of the Board of Directors. The main risk and capital report is the risk appetite report, prepared by the Risk and Capital Management Committee and periodically submitted to the Audit Committee. 5.1.1 The company should have an independent and self-governing Conduct Committee, reporting directly to the Board of Directors, responsible for implementing, transmitting, training, reviewing and updating the code of conduct and the whistleblowing channel, as well as for carrying out inquiries and proposing corrective measures in connection with any violations of the code of conduct. Partially Not Compliant N/A Compliant Compliant The Audit Committee also functions as a Conduct Committee, as it has been designated by the Code of Ethics as responsible for monitoring the Corporate Integrity and Ethics Program, by means of reports from the Internal Audit, Internal Controls and Compliance, Corporate Security Office and Ombudsman Office, as well as through other mechanisms available. The Audit Committee reports directly to the Board of Directors and is made up of independent members, as set forth by the Brazilian National Monetary Council regulation. Additionally, this governance includes the Integrity and Ethics Bodies, which monitor the guidelines of Itaú Unibanco’s Code of Ethics and the Corporate Conduct, Integrity and Ethics Policy through the Corporate Integrity and Ethics Program. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 17

5.1.2 PREPARED BY THE EXECUTIVE BOARD, SUPPORTED BY THE CONDUCT COMMITTEE AND APPROVED BY THE BOARD OF DIRECTORS, THE CODE OF CONDUCT SHOULD: (I) Govern the internal and external relations of the company, by expressing the commitment expected from the company, its directors, officers, stockholders, employees, suppliers and stakeholders, with the adoption of proper conduct standards; (II) Manage conflicts of interest and provide for abstentions of the member of the board of directors, the audit committee and/or the conduct committee, if they are deemed conflicted; (III) Clearly define the scope and reach of actions intended to determine the existence of transactions construed to have been made based on insider information (e.g.: use of insider information for business purposes or for gaining the upper hand when trading securities); (IV) Establish that contracts, agreements, proposals to amend bylaws, as well as policies that guide the entire company, should be negotiated based on ethical principles, and establish a maximum value for goods or services from third parties that management members and employees may accept as gifts or gratuities. Partially Not Compliant N/A Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 18

5.1.3 The whistleblowing channel should be independent, self-contained and unbiased, with its operating working guidelines defined by the Executive Board and approved by the Board of Directors. It should be operated in an independent and unbiased way, and preserve the anonymity of its users, in addition to promptly investigating and taking the measures required. This service may be carried out by a reputable third party. Partially Not Compliant N/A Compliant Compliant The Code of Ethics is a public document, approved by the Board of Directors, applied without distinction to all management members and employees of the Conglomerate in Brazil and abroad. This document encourages the prompt reporting of actual or suspected violations of guidelines, laws, regulations or standards, and advises that each employee’s commitment to the Code’s guidelines is the foundation of the Company’s soundness and continuity. The Code discloses four whistleblowing and/or guidance channels, each with its own specifications. The guidelines for all of these channels are as follow: The secrecy of the investigation should be strictly maintained; anonymity should be ensured for those who want it; investigations should be out on an independent and unbiased way; charges or unsubstantiated accusations should be dismissed; malicious charges or accusations aimed at harming a person should be subject to disciplinary sanctions; and disciplinary sanctions should be applied to any attempted retaliation. These reporting channels are available internally and have the following attributes: a. Ethics Consultancy: channel available to administrators and employees for guidance and solving doubts on ethical issues, such as conflicts of interest and ethical dilemmas. b. Audit Committee: a channel available to administrators and internal employees and the public to receive suspected or actual reports of any noncompliance with legal and regulatory provisions and internal rules, fraud committed by management members, employees or third parties, or errors resulting in significant misstatements. c. Inspector Office: a channel available to administrators, employees, suppliers and the public for reporting illicit acts of any nature. d. Internal Ombudsman’s Office: a channel available to administrators and employees to receive and handle interpersonal conflicts and conflicts of interest in the workplace, ethical misconduct and noncompliance with the related institutional policies such as disrespect, non-compliance with norms, bad nature, favoritism and critical and unacceptable issues such as moral and sexual harassment and discrimination of any kind by management members and employees. 5.2.1 The company’s governance rules should ensure the clear segregation and definition of functions, roles and responsibilities associated with the mandates of all governance agents, and the levels of authority for decision-making at each level should also be defined to minimize possible conflicts of interests. Partially Not Compliant N/A Compliant Compliant Ours governance rules are published in our Corporate Governance Policy, which sets forth clear segregation and definitions of the functions of all governance agents. Additionally, the Code of Ethics and the Corporate Conduct, Integrity and Ethics Policy have specific provisions on conflicts of interest, including the mechanisms adopted to prevent them. All these documents are available on our Investor Relations website: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 19

5.2.2 The company’s governance rules should be made public and determine that any person who is not independent in relation to the issue under discussion or resolution in the company’s management or inspection bodies should promptly state any conflicts of interest or relevant personal interests. If they fail to do so, these rules determine that another knowing person may bring such conflict to light and that as soon as this conflict of interest regarding a specific topic is identified, the involved person shall be kept away, including physically, from such discussions and resolutions. These rules should require this temporary seclusion to be recorded in the minutes. Partially Not Compliant N/A Compliant Compliant The Charter of the Board of Directors includes an express provision establishing rules to prevent possible conflicts, such as prohibiting members of the Board of Directors from taking part in resolutions related to topics with which their interests conflict with those of the Company. Each member should report to the Board of Directors any conflict of interest he/she has as soon as this topic is included in the agenda or proposed by the Board of Directors’ Chairman and, in any case, before the beginning of any discussion of the respective topic. Furthermore, the Bylaws provide that the Board of Directors shall terminate the term of office of any member of the Audit Committee if their independence has been affected by any circumstance of conflict or potential conflict. Finally, the Transactions with Related Parties Policy expressly provides that in situations where a member involved in the approval of the transaction is prevented from deliberating on the matter due to a potential conflict of interest, the said member must declare themselves impeded, explaining their involvement in the transaction and providing details of the transaction and the parties involved. The impediment must be reported in the document containing the resolutions on the transaction. The policy is available on our Investor Relations website: www.itau.com. br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies Policies. 5.2.3 The company should have mechanisms to manage conflicts of interest in relation to votes at general meetings, to receive and deal with alleged conflicts of interest, and to annul votes cast in such conflicting situations, even if this takes place subsequently to voting. Partially Not Compliant N/A Compliant Compliant The Company’s Shareholders’ Manual expressly provides that during a General Meeting, as is the case at meetings of the Company’s management and supervisory bodies, the Shareholders present shall express their opinion on the existence of possible conflicts of interest in any matters under discussion or deliberation, where their independence could be compromised. Also, any present shareholder who has knowledge of a conflicting situation in relation to another shareholder and the subject matter of the resolution must also declare this. When the conflict of interest is manifested, the conflicted shareholder shall refrain from deliberating on that matter. If the conflicted shareholder refuses to abstain from deliberations, the chairman of the General Meeting shall annul the conflicting votes, even after the conclave. The Company’s Shareholders Manual is available on our Investor Relations website: www.itau. com.br/investor-relations Menu Results and Reports regulatory reports Brazilian Securities and Exchange Commission (CVM). Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 20

5.3.1 The bylaws should define which transactions with related parties should be approved by the Board of Directors, with the exclusion of any members with potential conflicts of interest. Partially Not Compliant N/A Compliant Compliant 5.3.2 THE BOARD OF DIRECTORS SHOULD APPROVE AND IMPLEMENT A TRANSACTIONS WITH RELATED PARTIES POLICY, WHICH SHOULD INCLUDE, AMONG OTHER PROVISIONS: (I) Prior to the approval of specific transactions or guidelines for entering into transactions, the Board of Directors should request from the Executive Board market alternatives to the transaction with the related party, adjusted to reflect the risk factors involved; (II) Bar any remuneration to advisors, consultants or intermediaries that could give rise to conflicts of interest with the company, management members, preferred or ordinary stockholders; (III) Bar any loans granted to the controlling party and management members; (IV) Any transactions with related parties that should be supported by independent appraisal reports prepared without the participation of any party involved in this operation, whether a bank, lawyer, or specialized consulting company, among others, based on realistic assumptions and information supported by third parties; (V) Corporate restructuring involving related parties should ensure equitable treatment for all stockholders. Partially Not N/A Compliant Compliant Compliant Our Transactions with Related Parties Policy, approved by the Board of Directors, is in line with the guidelines of the Brazilian Corporate Governance Code, except for the prohibition against loans in favor of the controlling company and the administrators, which are now allowed under Law 4,595/64 and Resolution of the National Monetary Council No. 4,693/18 as they represent the core business of a financial institution, provided they are in line with market conditions and the limits established by the regulations in force. Our Transactions with Related Parties Policy defines the concept of a related party based on the accounting rules, and establishes the rules and procedures for these types of transactions. This policy establishes that such transactions must be executed in writing, based on market conditions, in accordance with our internal practices (such as the specific guidelines specified in our Code of Ethics) and disclosed in our financial statements, based on the materiality criteria defined by the respective accounting standards. Transactions or sets of related transactions with related parties involving amounts higher than R$1.0 million within a period of twelve (12) consecutive months must be approved by our Related Parties Committee, which is entirely composed of independent members of the Board of Directors. In addition, these transactions will be reported on a quarterly basis to the Board of Directors. The full text of the Transactions with Related Parties Policy is available on our Investor Relations website: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies Policies. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 21

5.4.1 The company should adopt, as resolved by the Board of Directors, a policy for trading securities issued by the company, which, without prejudice to compliance with the CVM rules, establishes controls to achieve the monitoring of trades executed, as well as investigations into and sanctions against any party who does not comply with the policy. Partially Not Compliant N/A Compliant Compliant We have a Policy on Trading Securities that sets out the guidelines and procedures to be followed by the Company and related persons in connection with the trading of securities issued by the Company and its subsidiaries in Brazil, including the sanctions applicable in the event of any violation. The Policy sets out that persons bound by the policy are responsible for, among others: (i) keeping secret information related to material facts pertaining to the Company and its subsidiaries, and refraining from using such information to gain the upper hand, for their own benefit or the benefit of others, in the securities market, ensuring that subordinates and third parties he/she trusts keep secret such information and refrain from using it, being held jointly and severally liable for any noncompliance therewith; and (ii) making exclusive use of the Conglomerate’s brokers to trade the securities under this Policy, which have controls in Brazil to prevent trading during blackout periods. The Compliance area monitors adherence with the Policy in relation to the trading of securities issued by the Conglomerate. Any noncompliance is investigated and submitted to our Integrity and Ethics Committee and Disclosure and Trading Committee accordingly. The Policy Regarding the Disclosure of Material Information also sets out other mechanisms to control information secrecy in connection with material facts, such as: (i) persons bound by the policy should ensure the safe storage and transmission of material information (emails, files, etc.), avoiding any type of unauthorized access, and should also restrict the forwarding of improperly protected information to third parties. Material information should always be discussed in restricted and non-public places; and (ii) in relation to the process that gave rise to the material fact, a list of the bound persons who had knowledge of the information before its disclosure should be filed accordingly. 5.5.1 In order to ensure greater transparency in the use of the company’s resources, a policy should be prepared on voluntary contributions, including those related to political activities, to be approved by the Board of Directors and carried out by the Executive Board, setting out clear and objective principles and rules. Partially Not Compliant N/A Compliant Compliant In addition to other corporate policies, such as the Donations Policy and the Sponsorships Policy, the Government and Institutional Relations Policy, update on April 27, 2022, establishes that it is prohibited for all companies of the Conglomerate in Brazil and abroad to contribute, directly or indirectly, to electoral campaigns, candidates for public office or political parties. The Code of Ethics and the Corporate Conduct, Integrity and Ethics Policy also have provisions on electoral or political party contributions. The above documents are available on our Investor Relations website: www.itau.com.br/investor-relations Menu Itaú Unibanco Corporate Governance Rules and Policies. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 22

5.5.2 This policy should set forth that the Board of Directors is the body responsible for approving all expenditure related to political activities. Partially Not Compliant N/A Compliant Compliant 5.5.3 The policy on voluntary contributions of government-controlled companies or companies with recurring, material business relations with the government should bar any contributions or donations to political parties or persons bound to the latter, even if permitted by law. Partially Not Compliant N/A Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 23