格尔软件(603232)_公司公告_格尔软件：2024年环境、社会及公司治理(ESG)报告(英文版)_公司公告

格尔软件：2024年环境、社会及公司治理(ESG)报告(英文版)（下载公告）
公告日期:2025-04-26
Contents Innovation as a Driving ForceSafeguarding Customer PrivacyProtecting Data SecuritySustainable Supply ChainIndustry Ecosystem Development Corporate GovernanceRisk and Compliance ManagementBusiness Ethics and Anti-CorruptionParty Leadership Forging aDigital Shield E?cient andRobust Operations0102 Diverse and Inclusive WorkplaceHuman Capital DevelopmentOccupational Health and SafetyCommunity Engagement Environmental Management SystemClimate Change MitigationGreen Operations Striving for a SharedProsperous Future Green and Low-Carbon Operations0304 Message from the ChairmanAbout This ReportAbout KoalSustainable Development Management [Special Topic] Koal's GreenProducts and Solutions Appendix Message from the Chairman 2024 marks the 20th anniversary of the ESG concept and thesecond year of Koal's ESG journey. Over the past two years, theCompany's governance structure has undergone changes. Wehave fully embraced a paperless office system, with gradualimplementation across our six R&D centers, ten delivery centers,and all marketing and service locations. In addition, KoalAcademy has been launched, extending employee benefits toinclude comprehensive training programs, career developmentguidance, and support for mental and physical well-being. Ourcommitment to rural revitalization continues as we partner withGuo Dazhai Township in Fengqing County, Lincang City, YunnanProvince, to help promote the Qiong Ying Ancient Tree Tea" tothe wider world. We understand that ESG is a long-term journey,one that evolves steadily from within, rather than somethingthat can be achieved overnight. With this in mind, Koal willcontinue to strengthen internal capabilities while focusing oure?orts in three key directions: Direction 1: Strengthen data security governance tosafeguard a green digital ecosystem. In today's data-drivenera, data security is not only our lifeline but also a criticalpillar of ESG. We must protect user data with the same rigoras we do our financial assets. This not only involves ensuringthe confidentiality, integrity, and availability of the data,but also integrating ESG principles into the management ofdata throughout its entire lifecycle. Koal will increase R&Dinvestment in areas such as data encryption, access control,and data breach prevention to establish a comprehensivedata protection system—one that offers users a true sense ofease and trust. At the same time, we will actively participatein the formulation of data security standards, driving forwardindustry-wide governance and contributing to a healthy, greendigital ecosystem. In an increasingly competitive cybersecuritylandscape, we aim to stand out through real value creation anddemonstrating Koal's distinctive strengths.Direction 2: Advancing industry collaboration to builda shared future in cybersecurity.The development of thecybersecurity industry is not a solo e?ort of a single company,but rather requires the collective e?orts of the entire industry.At Koal, we are committed to ful?lling our social responsibilitiesunder ESG, collaborating with our peers to break downbarriers and achieve the sharing of technology, expertise, and resources. Through the formation of industry alliancesand joint research initiatives, we aim to collectively addressthe growing complexity of cybersecurity threats. Our vision isto build a new security paradigm centered on cryptographictechnologies and empowered by the integration of multiplesecurity solutions. This includes developing an autonomousand controllable cybersecurity environment grounded incryptographic infrastructure and ultimately achieving a trusted,interconnected, and open framework for security. We will alsodeepen cooperation with universities and research institutionsto cultivate more cybersecurity talent, injecting new energyinto the industry's sustainable growth. Our goal is to build avibrant cybersecurity community, characterized by sharedresponsibility and collective progress.Direction 3: Energizing innovation within the Company tosupport the secure upgrade of digital transformation.Withthe ongoing advancement of new quality productive forces,digital transformation is accelerating in both depth and scale,accompanied by a growing demand for cybersecurity. We aimto seize this opportunity to continuously drive innovation withinthe Company and incorporate ESG principles into our productsand services. We continue to increase investment in advancedtechnologies such as Zero Trust architecture and AI security,focusing on both research and practical application. Throughongoing innovation, we aim to make breakthroughs in critical,foundational, and frontier technologies, delivering smarter,more efficient, and more secure solutions for businesses. Atthe same time, we focus on the pain points and challengesthat enterprises face during digital transformation and offercustomized security services to address them. Our goal is toensure robust cybersecurity throughout the transformationprocess, enabling businesses to navigate the digital wave withpeace of mind and achieve sustainable development.In 2025 and beyond, Koal will remain ?rmly committed to theESG vision and continue advancing on the path of network andinformation security. Let us walk together on the path of ESG—guided by its light, inspired with every step, and dedicated tobuilding a brighter future. Through these collective e?orts, wewill drive the high-quality development of Koal and contributeto a secure and trustworthy digital world for all. Dear colleagues, partners, and all friends who follow and support Koal： From the introduction of the ESG concept by the United Nations Global Compact to the release of annualESG reports by over 2,000 A-share listed companies, ESG has grown from a niche concept into a widelyrecognized topic in mainstream discourse, which is now taking root and gaining real momentum in China.Today, the ESG we are talking about is no longer just a concept or a label, but a transformation of corporatestrategy development and management. It genuinely helps businesses tap into their potential value and inspireresilience in a highly competitive environment. Yang Wenshan, Chairman of Koal Software Co., Ltd.Drawn Together by the Light on the ESG Journey, Inspired Every Step of the Way Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report 0102 About This ReportAbout KoalThis Environmental, Social, and Governance (ESG) report (hereinafter referred to as "the report") is publicly released by Koal SoftwareCo., Ltd. (hereinafter referred to as "Koal"). This report is prepared in accordance with the principles of objectivity, openness, andtransparency, and aims to disclose Koal’s sustainability philosophy, management practices, and key performance results for 2024 toits stakeholders. Organizational Scope: The scope of this report aligns with that of the annual consolidated ?nancial statements of the Company.Time Range: This report covers the period from January 1, 2024, to December 31, 2024. Some content may be extended beyondthis timeframe as deemed appropriate. This report is an annual report.Reporting Scope For ease of expression and reading, Koal Software Co., Ltd. is referred to as "Koal," "the Company," or "we" in this report. De?nition of Terms This report has been compiled according to the GRI Standards by the Global Sustainability Standards Board,Guidelines No.1 of Shanghai Stock Exchange for the Self-Regulation of Listed Companies — Standardized Operation (2023), Guideline No.14of Shanghai Stock Exchange for the Self-Regulation of Listed Companies — Sustainability Report (Trial), Guide No.4 for Self-Regulatory Supervision on Listed Companies of the SSE — Compilation of Sustainable Development Reports,and the UnitedNations Sustainable Development Goals (SDGs). Basis of Preparation All the information and data used in the report are sourced from the Company's official documents statistical reports,and financial statements, as well as information on sustainable development practices of each that have been gatheredand reviewed by the relevant functional departments of the Company. Unless otherwise speci?ed, all monetary amountsmentioned in this report are measured in RMB. Source of Information The Company assures that this report contains no false records, misleading statements, or significant omissions, and isaccountable for the authenticity and accuracy of its content. This report has been reviewed by the Company's Board ofDirectors and is being publicly released.Assurance of Accuracy The electronic version of this report is available on the Shanghai Stock Exchange website (www.sse.com.cn) and the Cninfowebsite (www.cninfo.com.cn). If you have any questions regarding this report, please feel free to contact us through thefollowing channels: Address: Building A2, G60 Commercial Cryptography Industrial Base, No. 1-7, Lane 58, Muchuan Road, Sijing Town, SongjiangDistrict, ShanghaiTel/Fax: 021-62327028/021-62327015Email: stock@koal.comWebsite: www.koal.com Report Access & Contact Founded in March 1998, Koal Software Co., Ltd. (stock code: 603232.SH) stands as a pioneer and leader in China's informationsecurity digital trust sector. The Company went public on the main board of the Shanghai Stock Exchange in April 2017. Koal hasestablished 6 R&D centers and 10 delivery centers, with marketing and service outlets spanning major provincial capitals acrossChina. The Company provides comprehensive security solutions and professional services to over 30 national ministries andcommissions, more than 100 state-owned and central enterprises, and over 200 commercial banks. As a secretariat member of theInfrastructure Group of the State Cryptography Administration, Koal has spearheaded and contributed to the development of over100 relevant standards, including nearly 20 national standards. The Company has been honored twice with the second prize of theNational Science and Technology Progress Award and has garnered more than 20 National Party and Government CryptographyScience and Technology Progress Awards, as well as ministerial and provincial-level Science and Technology Progress Awards. Company Pro?le VisionTo be a leader in cyberspace and digital asset security MissionTo defend digitalsovereignty and safeguard the digital world Corporate CultureUnity, Dedication,Innovation, Security, E?ciency, Sharing Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report 0304 Company Product Series Urumqi Lhasa Chengdu Yunnan Guangzhou Hunan Shanghai HeadquartersHubei Gansu Xi'an Zhengzhou Beijing Headquarters ShenyangInner Mongolia Beijing, Shanghai, Xi'an, Chengdu, Nanjing, Zhengzhou R&D Centers Cyberspace Security Key Laboratory (Shanghai JiaoTong University)Cryptography Application Research Key Laboratory(Shaanxi Normal University)Network Security Joint Laboratory (Jinan University)Network Security Technology Laboratory (JiangsuUniversity of Science and Technology) Joint Laboratories Beijing, Shanghai, Zhengzhou, Shenyang, Xi'an,Wuhan, Chengdu, Urumqi, Lhasa, Guangzhou 10 Delivery Centers 1010 Headquarters Beijing, Shanghai The identity security product series encompasses Public KeyInfrastructure (PKI) and trusted identity control platforms. ThePKI serves as a security foundation, integrating digital certi?cateauthentication systems, certificate registration systems, andcollaborative signature services. It ensures confidentiality,integrity, authenticity, and non-repudiation across various digitalscenarios, forming the cornerstone for building digital trustsystems. The trusted identity control platform amalgamates PKIwith other identity technologies, broadening the scope of identitymanagement. Beyond certificate-based identities, it offersunified lifecycle management for diverse digital entities, alongwith multi-factor authentication, access policy management,and identity risk analysis functionalities, providing platform-levelsupport for constructing robust digital trust systems. Identity Security Product Series The data security product series incorporates fundamentalcryptographic components such as key management systems,cryptographic machines, and digital signature and verificationservers. It also features products like SSL VPN, IPSEC VPN,application-integrated security gateways, data access controlgateways, database encryption systems, and storage encryptiongateways. Additionally, it includes a cryptographic service platformthat facilitates uni?ed management and service-oriented extensionof these components and products. Collectively, this series deliversend-to-end solutions for the collection, transmission, storage, use,and exchange stages of the data security lifecycle, serving as thebedrock for comprehensive data security. Data Security Product Series The IoT security product series is underpinned by commercialcryptography, guided by national standards, and aims to achieveauthentic identity, protocol integrity, and data encryptionacross multi-dimensional spaces including sky, ground, sea, air,network, people, and objects. By implementing authentication,authorization, and encryption technologies in intelligent IoTscenarios, it establishes a scalable security foundation. Thisenables secure and efficient interconnection in smart IoTapplications, prevents unauthorized access to critical information,safeguards sensitive data from breaches, protects individualprivacy, and bolsters the overall security of smart networks. IoT Security Product Series Xi'an R&D Center Shanghai R&D Center Beijing R&D Center Yangtze River Delta Region Bohai Rim Region Western RegionCentral Region Nanjing R&D Center Zhengzhou R&D CenterPearl River Delta Region Chengdu R&D CenterSouthwest Region Shanghai Headquarters Beijing Headquarters Koal Software Co., Ltd. 0506 2024 Environmental, Social and Governance (ESG) Report 2024 in Review Total assets: RMB billion 1.67 Operating revenue: RMB billion 0.529 Total tax contribution: RMB million 41.9318 Net pro?t attributable to shareholdersof listed company: RMB million 36.8121 R&D investment throughoutthe year: RMB million 97.8889 Software re-veri?cation rate: 100% Customer service satisfaction rate: 98.2% Basic earnings per share: RMB share 0.16 Total employee training hours: 9,556.13 0.0209 Greenhouse gas emission intensity: tons of CO Total investment in public welfare/external donations: RMB200,000 Total employees: Female representation: 21% Major service/information security incidents: Procurement material inspection pass rate: 100% equivalent/RMB 10,000 revenue 0807 Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report Awards & Recognitions Honors & Memberships 2023 Top Ten Leading Enterprises inDigital Economy Innovation CCID Net Outstanding ContributingUnit of the Year China Academy of Information andCommunications Technology (CAICT) Yinghua A-Share New Quality Productive Forces Value AwardChina Fund News 2023 Award List of Outstanding Practice Casesof National Standards on Network Security: Second Prize in Financial Sector ApplicationNational Technical Committee 260 onCybersecurity of Standardization Administration of China (TC260) 2024 ESG Practice Case Guided by Shanghai United Media Group, Jiemian News 2024 Top Ten Representative Vendors in Commercial Cryptography Field AQNIU.com ESG New BenchmarkEnterprise AwardStock Star Ranked Second in 2023 China IdentityAuthentication Market Vendor Structure CCID NetGolden Intelligence Award for Koal'sVideo Integrity Protection GatewayInformation Security andCommunications Privacy Magazine 2023 Key Research TopicOutstanding ReportSecurities Association of China Awards & Recognitions Industry Association Memberships Shanghai CommercialCryptography Industry Association -President UnitChina State Secrets Protection Association -Member UnitChinese Association forCryptologic Research - Member UnitChina CybersecurityIndustry Alliance Board Member Unit Yulin Commercial Cryptography Association Board Member Shanghai BlockchainAssociationBoard Member Unit Information Security andCommunications PrivacyMagazine - VicePresident UnitShanghai Information SecurityTrade Association -Board Member UnitTC260 Big Data Working Group Member Unit Shanghai Con?dentiality Work Association - Vice President Unit Shanghai Software Industry Association - Board Member UnitTC260 WG3, WG4 Working Groups - Member UnitShanghai Industrial TechnologyInnovation Promotion Association Board Member Unit Shanghai Securities News Gold Quality Technology Innovation Award Shanghai Securities News First to Pass CAICT Anti-Quantum Cryptography Veri?cation Test for Koal Anti-Quantum (PQC)Security Authentication GatewayChina Academy of Information andCommunications Technology (CAICT)2024 OutstandingContributing UnitCrypto+ Application Promotion Plan (CPII) Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report 0910 Koal attaches great importance to the opinions and concerns of its stakeholders. The Company continuously improves stakeholderengagement mechanisms and communication channels to ensure regular interaction and enable effective stakeholderparticipation in ESG governance.Stakeholder Communication StakeholdersIssues of ConcernCommunication Channels and Methods Shareholders & Investors Corporate governance Risk and compliance management Business ethics and anti-corruption R&D Innovation Product quality and safety Sustainable supply chain General meeting of shareholders Roadshow and performance brie?ng Investor hotline and emailEngagement with small and mediumshareholdersRegular information disclosure (annual ?nancialreport, ESG report, WeChat o?cial account,company website, etc.) Government andRegulatory Bodies Risk and compliance management Business ethics and anti-corruption Information security and privacy protection Climate change mitigation Emissions and waste management Product quality and safety Dedicated reception days Information disclosure platform Government meetings and o?cial visitsRegular information disclosure (annual ?nancialreport, ESG report, WeChat o?cial account,company website, etc.)Communication with industry associations andother organizations Customers Product quality and safety Customer relationship management R&D Innovation Information security and privacy protection Climate change mitigationClean technology opportunities (greenproducts and solutions) Customer satisfaction surveyCommunication with customers before, during,and after sales Customer visits Customer review Third party training Labor and human rights management Diversity and equal opportunities Talent training and development Occupational Health and Safety Employee activities and communication Employee performance communication Internal information communication platform Employee satisfaction survey Employee grievance channels Partners & Suppliers Product quality and safety Sustainable supply chain Climate change mitigation Supplier training On-site audit and communication Regular visits Community and Public Product quality and safety Information security and privacy protection Climate change mitigation Emissions and waste management Community engagement Face-to-face communication Complaint hotline Public welfare activitiesRegular information disclosure (annual ?nancialreport, ESG report, WeChat o?cial account,company website, etc.) Sustainable Development Management Koal places great emphasis on sustainable development management and is committed to embedding sustainability principles across allaspects of its operations. The Company has established and continuously improved its ESG governance framework and management system,formulated ESG-related policies, and developed an efficient ESG management mechanism. ESG strategies are effectively integrated intovarious departments and core business processes, which consistently enhances top-down ESG engagement and management capabilities.The Company has built a comprehensive ESG governance framework encompassing the decision-making, management, and execution levels.The Board of Directors, as the leadership and decision-making body for ESG a?airs, is responsible for reviewing and approving Koal's ESGstrategy, governance framework, major policies, material ESG-related matters, and risk response plans. Under the oversight and guidance of theBoard, the ESG Committee was established, chaired by the Chairman of the Board. The Committee is responsible for de?ning and continuouslyoptimizing the ESG governance structure, setting key ESG strategic goals and plans, reviewing the annual ESG work plans, and supervisingtheir implementation. Under the ESG Committee, the ESG Executive Committee has been formed to oversee the day-to-day managementand implementation of ESG activities. During the reporting period, Koal approved theImplementation Rules of the ESG Committee of KoalCo., Ltd. and released the Announcement on the Establishment of the ESG Committee of Koal Co., Ltd.,marking a signi?cant step forward instrengthening the Company's ESG management system. TheDecision-Making Body TheManagement Body TheExecution Body ESG Governance Structure Koal's ESG Governance Structure Board of Directors Review and approve the Company's ESG strategic planning and objectives, ESG governanceframework, and key policies.Review and approve material ESG matters and the Company's response strategies to major ESG-related risks.Review the Company's ESG-related disclosure documents, including but not limited to the annualESG report. ESG Committe Establish and continuously optimize the Company's ESG governance structure.Aligned with the Company's development strategy, formulate key ESG objectives and plans, reviewthe annual ESG plan, and oversee its execution to ensure successful implementation.Supervise, guide, and optimize key tasks related to environmental protection, social responsibility,and corporate governance of the Company, promoting the Company's sustainable development.Review other major issues related to ESGHandle other matters authorized by the Board of Directors.ESG Executive Committee Coordinate and implement the execution of assigned ESG matters.Monitor and report on project progress and target achievement.Collect and consolidate ESG-related information and data. Employees Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report 1112 Koal places high importance on and consistently re?nes its identi?cation, management, and analysis of material issues. In 2024,the Company updated its analysis methods based on the latest disclosure standards, including theGuidelines No. 14 of ShanghaiStock Exchange for the Self-Regulation of Listed Companies—Sustainability Report (Trial), theGRI Standards,and theIFRS S1General Requirements for Disclosure of Sustainability-related Financial Information.Combining these with the Company'sbusiness characteristics, Koal conducted a double materiality assessment, comprehensively analyzing the impact of ESG issues onthe Company's ?nances as well as on the economy, environment, and society. Based on the identi?cation results, the Companyadjusts its ESG work arrangements promptly to ensure e?ective implementation and optimization of ESG-related work, providingfocused responses to material issues in this report. Material Issue Management Koal's Double Materiality Assessment Process for 2024 With reference to macro-level policies in the regions where the Company operates andindustry-speci?c regulations or standards, ESG issues were identi?ed based on an analysisof internal and external development trends. Both general and industry-speci?c materialissues were recognized through the following approaches: (1) referring to authoritativedomestic and international sustainability reporting guidelines and standards; (2) reviewingleading ESG rating frameworks and sustainability issues of concern within the industry; (3) considering issues of shared concern among internal and external stakeholders, while also taking into account industry characteristics, stage of development, the Company'sbusiness model, and position in the value chain to identify topics of ?nancial or impactmateriality; and (4) incorporating expert opinions. ESG Issue Identi?cation Research was conducted among key internal and external stakeholder groups inaccordance with the principle of double materiality. Both impact materiality andfinancial materiality assessments were carried out, resulting in the 2024 materialitymatrix and the identification and prioritization of material issues for the year.Stakeholder participants included board members, senior executives, employees,customers, suppliers, investors, regulators, media, and the public. Stakeholder Communication and Materiality Analysis The results of impact and financial materiality assessments were integrated andreviewed through two channels: internal management and external experts. TheESG Committee further reviewed and confirmed the findings. For material topics,the report provides focused disclosures covering governance, strategy, risk andopportunity management, as well as relevant indicators and targets. Issue Con?rmation and Reporting Governance Dimension Environmental Dimension Social Dimension Signi?cance of Impact on the Company’s Financial Performance Signi?cance of Impact on Economic,Environmental, and Social Sustainability Low High High Information Security and Privacy ProtectionAddressingClimate ChangeClean TechnologyOpportunities(Green Products andSolutions) Business Ethics andAnti-corruption Product Quality and Safety R&D Innovation Human Resource DevelopmentDiversity and Equal Opportunity Occupational Health and SafetySustainable Supply Chain Labor and Human Rights Management Customer RelationshipManagementCorporate GovernanceRisk and ComplianceManagementResource Utilization and Circular EconomyCommunity Engagement(Including Public WelfareVolunteering and RuralVevitalization Support)Emissions and Waste Management Industry Ecosystem Development MaterialIssues ImpactPeriod Risks and OpportunitiesImpact LevelProductQuality andSafety Short-term,medium-term,long-term Inconsistent code quality and frequent security vulnerabilities may compromise systemstability, eroding user trust.High-quality products can enhance customer trust, increase market share, and providecompetitive advantages. Negative Impact: highly signi?cant;Positive Impact: highly signi?cantInformationSecurityand PrivacyProtection Short-term,medium-term,long-term Data breaches, cyber attacks, and evolving compliance requirements may expose theCompany to compliance risks or reputational damage.Robust internal information security measures can bolster customer con?dence. Negative Impact: highly signi?cant;Positive Impact: highly signi?cantR&DInnovation Short-term,medium-term,long-term Significant R&D investments carry inherent failure risks, while rapid technologicaladvancements may lead to swift product and service obsolescence.Emerging technologies such as AI and cloud computing drive business growth, complementedby policy support accelerating the commercialization of technological achievements. Negative Impact: moderately signi?cant;Positive Impact: highly signi?cantHumanCapitalDevelopment Short-term,medium-term, long-term Inadequate employee training and development may result in strategic and organizationalchange risks, as well as increased employee turnover.A comprehensive employee learning and talent development system will strongly supportthe achievement of strategic goals, enhance brand value and market competitiveness, andgenerate potential business opportunities. Negative Impact: moderately signi?cant;Positive Impact: highly signi?cantBusiness Ethicsand Anti-corruption Short-term,medium-term, long-term Instances of commercial bribery and corruption can incur significant economic costs,legal repercussions, operational risks, and reputational damage.Robust anti-bribery and anti-corruption measures help establish sound internalmanagement systems, optimize processes, and improve operational efficiency andtransparency. NegativeImpact: signi?cant;Positive Impact: moderately signi?cantCustomerRelationshipManagement Short-term,medium-term,long-term Standardized services may fall short of meeting personalized needs, potentially leadingto decreased customer satisfaction.Tailored services can precisely align with customer business models, fostering increaseduser loyalty. NegativeImpact: signi?cant;Positive Impact: moderately signi?cantClimateChangeMitigation Medium-term,long-term Growing demand for climate-friendly products and services may expose the Company tooperational risks such as downward pressure on product prices, increased raw materialcosts, and potential misalignment with market demands.Development and innovation of climate-friendly products and technologies, cateringto customers with environmental protection and energy-saving needs, can unlock newgrowth opportunities. Negative Impact: signi?cant; Positive Impact: signi?cant Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report 1314 Special Topic Koal's Green Products And Solutions As a leading provider of information security services, Koal focuses on leveraging digital technology to enable a greeneconomy. The Company consistently pursues the development of eco-friendly digital technologies, striving to integrateenvironmental protection requirements throughout the entire product lifecycle. For new product development, Koal hasadopted a strategy of "enhancing hardware performance through software optimization," offering more efficient andenvironmentally friendly solutions to customers while reducing energy consumption and carbon emissions. Traditional discrete "CPU + cryptographic card" security solutions face dual challenges in energy consumption andenvironmental protection. Koal has achieved a significant improvement in cryptographic computation efficiency per unitof power consumption by integrating the cryptographic module into the CPU chip, combined with micro-architecture levelenergy e?ciency optimization design. Taking the SM2 algorithm as an example, under the same power conditions, the CPUcryptographic module provides higher SM2 signature performance while avoiding energy efficiency degradation caused by CPU Cryptographic Module — Achieving Improved Computational E?ciency per Unitof Power ConsumptionCase SM2 Signature Performance-to-Power Ratio (TPS/W) Hardware platforms comprehensively implement instruction setoptimization and performance scheduling algorithms, supportingdynamic adjustment of hardware system parameters to achieveoptimal performance and energy e?ciency ratios.Through intelligent algorithm optimization, energy e?ciency on theHygon CPU platform has improved by approximately 15%. Intelligent Algorithms Enhance Energy E?ciency Virtualization Technology Reduces Energy Consumption Code Structure Optimization Decreases Energy Usage Real-time Monitoring and Continuous Improvement New Product Energy Consumption Optimization Deploying monitoring systems on hardware platforms to trackreal-time system utilization of cryptographic and computationalcomponents provides data support for performance optimization ofvarious system modules, ensuring continuous reduction in overalldevice energy consumption. After software optimization, new products achieve an average energysavings of 20% to 30%, e?ectively reducing electricity consumption.The new generation of high-performance digital signature andveri?cation server products, leveraging intelligent algorithms and otheroptimization measures, achieves a performance increase of about200% in the Hygon CPU hardware environment compared to theprevious generation. This signi?cantly improves hardware utilizatione?ciency and reduces energy consumption and carbon emissions. Implementing lightweight virtualization for products such ascloud server cryptographic machines and cryptographic serviceplatform appliances allows more virtual services to run on the samehardware. This increases hardware utilization, reduces the need forphysical devices, and lowers overall energy consumption. Comprehensive code structure optimization, including theintroduction of CPU affinity binding technology in core libraries,precisely allocates processor resources and optimizes memorymanagement mechanisms. This significantly reduces processorload and memory usage, further lowering overall device energyconsumption. 1516 multiple card paralleling in ultra-high performance demandscenarios. By eliminating independent cryptographic cardhardware, PCB board material consumption is reduced,simultaneously lowering energy loss and electronic wastegeneration from both chip-level optimization and system-level streamlining. This contributes to the construction of acomprehensive green computing system, from chip-level energysaving to system-level environmental protection. 1516 2024 Environmental, Social and Governance (ESG) ReportKoal Software Co., Ltd. Forging a Digital Shield Contributing to the UN SDGs Innovation as a Driving ForceSafeguarding Customer PrivacyProtecting Data SecuritySustainable Supply ChainIndustry Ecosystem Development Innovation as a Driving Force Strategy and Approach Koal, upholding its mission to "defend digital sovereignty and safeguard the digital world," has consistently advanced its Integrated ProductDevelopment (IPD) system and re?ned its R&D processes. In May 2024, the Company achieved CMMI Level 5 certi?cation, marking a signi?cantleap in its R&D management capabilities. The Company persistently enhances its R&D management framework, expands its portfolio ofinnovative security product lines, and positions innovation as the core driver of new growth.During the reporting period, the Company re?ned its R&D management structure by integrating the former Technology Center and ProductBusiness Center. All product and R&D personnel were consolidated into product line departments, and the Product and Technology Committeewas established to oversee unified management. To further strengthen front- and back-end support for R&D, the Company set up foursupporting departments: the Product and Ecosystem Management Department, the Infrastructure Department, the Consulting and StrategicProjects Department, and the Innovation and Development Department. These departments work collaboratively to drive the Company'sproduct and technology R&D efforts. This organizational and process optimization enables more effective resource integration and cross-departmental collaboration, fostering innovative thinking and accelerating the development of cutting-edge technologies and products.Koal embraces a dual-drive strategy focusing on technology and products, maintaining substantial R&D investments in emergingtechnologies and products while preserving its leading position in scientific research and innovation. The Company activelycultivates a technology innovation ecosystem that is enterprise-centric, market-oriented, and deeply integrates industry, academia,and research. It adopts a multifaceted approach that balances independent R&D, collaborative research, and strategic projectacquisition, with a primary focus on developing PKI and cryptographic service platforms. This approach aims to nurture newquality productive forces and establish robust security barriers. The Company has established six major R&D centers strategically located in Beijing, Shanghai, Xi'an, Chengdu, Nanjing, andZhengzhou. It has also forged collaborations with multiple domestic research institutions and universities to establish fourjoint laboratories. These initiatives have resulted in the creation of high-level, open scientific and technological innovationplatforms and comprehensive innovation systems, accelerating technological advancement, promoting industrial upgrading, andconsistently contributing to industry development. Positioning and FunctionsSix R&D centers have been established based on two key considerations: addressing the talent needs ofproduction lines and aligning with the distribution of educational and research resources. Co-building of Scienti?c and Technological Innovation Platforms Governance R&D investment throughoutthe year: RMB million 97.8889 R&D workforce professionals Representing % of operating revenue 19.49 Constituting % of total sta? 29.60 Contributed to the formulation ofnational standards Participated in the development of national standards And industry standards in 2024 And industry standards A year-on-year increase of% The Company constantly intensifies itsefforts to attract high-caliber scientific andtechnological talent, refining managementmechanisms that foster the development ofresearch personnel. It implements sustainedincentive plans for core talent and provides adiverse range of online and o?ine professionalskills training for R&D sta?. This has culminatedin the establishment of a product technologyR&D team distinguished by exceptionalprofessional expertise, extensive industryexperience, and robust innovative capabilities.During the reporting period, the Companyconducted over 10 specialized producttechnology training sessions, including"HarmonyOS Next Development Sharing,"a series of courses on "Post-Quantum EraCryptography Research," and foundationaltraining in anti-quantum algorithms. Recruitment and Development of Innovative Talent In 2024, the Company conducted comprehensive training on IPD(Integrated Product Development) and DFX (Design for X). The trainingprimarily focused on strategies to promote DFX work and establishDFX baseline models. DFX, where X represents any stage in the productlifecycle such as manufacturing, testing, or service, requires variousfunctional systems to advance product development activities inparallel with the R&D system. It emphasizes incorporating requirementsfrom di?erent stages and domains as early as the product requirementanalysis and design phases. This training initiative further enhancedthe collaborative development e?ciency and quality across relevantdepartments within the Company, bolstering product competitivenessand R&D capabilities. IPD Integrated Product Development and DFX TrainingCase Key Performance Six R&DCenters Shanghai Jiao Tong University: The Cyberspace Security Key Laboratory was jointly established,leveraging local academic resources in Shanghai to carry out comprehensive collaboration in the ?eld ofnetwork security.Shaanxi Normal University: The Cryptography Application Research Key Laboratory was jointlyestablished. Collaborating with the Xi'an R&D center and local universities, it focuses on in-depthcooperative research in new cryptographic algorithms, participation in national standard formulation, andresearch and design of industry cryptographic application solutions.Jiangsu University of Science and Technology:The Network Security Technology Laboratory was jointly established. Collaborating with the Nanjing R&D center and local Jiangsu universities, it emphasizesapplication innovation and conducts in-depth cooperation in the ?eld of cybersecurity.Jinan University:The Network Security Joint Laboratory was co-established in Guangzhou to conductcutting-edge research on distributed identity and autonomous identity technologies. Four JointLaboratories R&D Platforms Recognized as a National Specialized,Re?ned, Di?erentiated, andInnovative (SRDI) Little GiantEnterprise. % of R&D personnel 8.96 hold master's degrees or higher Undertook over key scienti?c research projects atthe national and provincial/ministerial levelsContributed to the establishment of over third-party digital certi?cation centers in ChinaRecipient of National Science and Technology Progress Awards to date Received over National Party and Government Cryptography Science and TechnologyProgress Awards and provincial-levelScience and Technology Progress Awards. E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 1920 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Post-Quantum Cryptography TechnologyAs a pioneer in cryptographic applications, Koal has established a comprehensive ecosystem in post-quantum cryptography,encompassing technology R&D, product innovation, and collaborative partnerships. The Company has forged alliances withSpecial Topic The Company integrates QuantumRandom Number Generation (QRNG),Quantum Key Distribution (QKD),and other quantum cryptographytechnologies with post-quantumcryptographic algorithms. Thisintegration forms the foundation forfully integrated quantum networksecurity and data security solutions.Through uni?ed key management services, it achieves seamlesscompatibility between quantum and post-quantum keys, providinga robust security barrier againstquantum computing attacks forbusiness systems. In the area oftechnology R&D The Company leverages academicresources to develop cutting-edgecryptographic detection and situational awareness tools, enabling closed-loop management throughout thelifecycle of cryptographic applicationsand e?ectively addressing gaps inthe product line. It has successfully upgraded mainstream productswith post-quantum cryptographiccapabilities and introduced China's?rst series of fully quantum-secureproducts, including quantum-secure PKI/CA, key management systems,cryptographic machines, and VPNs.The Company has also independentlydeveloped post-quantum cryptographic cards and relatedalgorithmic products, establishing a comprehensive post-quantum cryptographic service capability. In the area ofproduct development Koal has taken the lead in establishingthe G60 Quantum CryptographyApplication Innovation Center,partnering with industry leaders topromote technology integration andecosystem development. In the ?nancialsector, it has spearheaded research onpost-quantum cryptography innovation in the securities industry, setting abenchmark for the ?eld. The Companyhas instituted regular technical exchangeforums, convening university experts forseminars on cutting-edge topics suchas post-quantum cryptography andprivacy computing. Through standardsadaptation, technology integration,and cross-domain cooperation, theCompany consistently reinforcesits technological leadership in post-quantum cryptography, deliveringforward-looking, fully quantum-securesolutions across various industries. In the area of ecosystem collaboration Launched the new generation KOAL- SVS digital signature and veri?cation server. Actively participated in the drafting of several key industry researchoutputs, including the Post-Quantum Cryptography ApplicationResearch Report, the Cryptographic Service Maturity Model, andthe Web 3.0 Digital IdentityCryptography Research Report.Recognized as an OutstandingContributing Unit for the Year bythe China Academy of Informationand Communications Technology. Developed a blueprint for next-generation PKIand successfully productized post-quantumcryptographic technologies. A comprehensiverange of post-quantum products was unveiledat the 10th China (Shanghai) InternationalTechnology Fair (CSITF) in 2024. Spearheaded the drafting of theImplementation Guidelines forCryptographic Application and Security Assessment of Government A?airsCloud in the Government A?airs Domainand the Implementation Guidelinesfor Cryptographic Application andSecurity Assessment of GovernmentService Platforms in the Government A?airs Domain, both of which wereo?cially released by the CryptographyEvaluation Joint Committee of the ChineseAssociation for Cryptologic Research. Seamlessly integrated corecryptographic technology with Huawei's HarmonyOS NEXToperating system, promoting digitaland intelligent transformation. Achieved a signi?cant milestoneas Koal's Security Authentication Gateway with Post-QuantumCryptography (PQC) Capabilities became the ?rst to pass the post-quantum cryptography veri?cation test by the China Academy of Information and Communications Technology. Won the Golden IntelligenceAward in China's NetworkSecurity and Information Industryfor the Koal's Gateway for VideoIntegrity Protection. On November 5, 2024, Koal and the School ofComputer Science and Technology at DonghuaUniversity held a university-enterprise cooperationsigning ceremony at the headquarters of the G60Commercial Cryptography Industrial Base. TheDonghua-Koal Industry-Education IntegrationBase was officially inaugurated. Additionally,several key management personnel from Koalwere appointed as off-campus mentors for full-time professional graduate students at DonghuaUniversity, providing project practice guidance andcollaboratively cultivating high-quality talent incomputer science and technology. Establishment of Donghua-Koal Industry-Education Integration Base with Donghua UniversityCase The Company actively responds to the national initiative for developing new quality productive forces by promoting the application of R&Dinnovation outcomes. It focuses on next-generation PKI, leveraging its cryptographic service platform as a ?agship product to support newindustry expansion. Leveraging its Common Building Blocks (CBB) — a cryptographic library and infrastructure platform — the Companysupports four US standards and three Chinese national standards for post-quantum algorithms, with core cryptographic products fullyequipped with post-quantum capabilities. During the reporting period, the Company achieved the following innovative milestones: Advancing New Quality Productive Forces universities to establish post-quantum cryptography laboratories,driving the formulation of national standards and industrialimplementation. It has developed a robust post-quantumcryptographic product portfolio, with its security authenticationgateway successfully passing the PQC application system upgradeverification test conducted by the China Academy of Informationand Communications Technology. E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 2122 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Koal is at the forefront of developing a comprehensive security system for the low-altitude economy, leveraging cryptographictechnology as its core driver for new quality productive forces. As a founding member of the China Low-Altitude EconomyInternational Cooperation Alliance, the Company focuses on three key directions to build a secure ecosystem: Empowering the Low-Altitude Economy and Building the "City in the Sky"Case Establishing a trust servicesystem for low-altitude aircraft by deploying identity-awaredevices and signal monitoringsystems. This system, enhanced by AI, dynamically identi?escooperative and non-cooperativeaircraft, precisely preventing andcontrolling illegal gatherings andother anomalous behaviors, whileproviding crucial data support forcross-departmental governance. Constructing an advanced cloud- edge collaborative securitysystem that implements robust communication protection through cryptographic chips at the edge, while building acentralized cryptographic service platform in the cloud. Thisplatform o?ers comprehensive services such as digitalsignatures and data encryption.Additionally, zero-trusttechnology is integrated to fortify network security protection. Developing a sophisticateddata asset management system that utilizes cutting-edgecryptographic technology forprecise entry and monitoring oflow-altitude geospatial data. Thissystem forms a comprehensive asset library and establishes network security baseline management capabilities, creating a trustworthy andcontrollable digital foundationfor the high-quality developmentof the low-altitude economy. Koal maintains strict adherence to key legislation, including the Patent Law of thePeople's Republic of China, the Trademark Law of thePeople's Republic of China,and theCopyright Law of the People's Republic of China.The Company has implemented comprehensivepolicies such as the Intellectual Property Management Manualand theCompany Patent Work System.A dedicated patent workmanagement team has been established to enhance the identification and control of intellectual property infringement risks andsafeguard intangible assets. While rigorously protecting its own intellectual property, the Company ensures scrupulous respect for thetrademarks, patents, copyrights, and other intellectual property rights of external entities. During the reporting period, the Companyconducted Contract and Compliance Training, which incorporated essential intellectual property content, significantly enhancingemployees' understanding of intellectual property protection. A total of 152 trainee attendances were recorded for the specializedintellectual property training, with a cumulative training duration of 4 hours. Intellectual Property Protection Granted new patents software copyrights Secured a cumulativetotal of patents software copyrights And trademark registrations Key Performance Koal successfullyobtained GB/T 29490-2013 Intellectual PropertyManagement Systemcerti?cation. Launch of the New Generation KOAL-SVS Digital Signature and Veri?cation ServerCaseThe digital signature and verification server is a sophisticated cryptographic device that provides digital signature andveri?cation services based on PKI infrastructure. It employs advanced digital signature and certi?cate technologies to ensurenon-repudiation and integrity protection for data, forming the cornerstone of trust for data collection, storage, transmission,and sharing. Koal's new generation digital signature and veri?cation server boasts enhanced security, superior performance,and user-friendly operations. It comprehensively addresses both server-side and client-side digital signature and veri?cationscenarios, accommodating multi-language and multi-platform application integration needs while supporting centralized Application Practice Based on CPU-Integrated Cryptographic Modules Showcasedat the OpenAnolis Security Conference Case Koal, in strategic collaboration with Hygon Information Technology Co., Ltd., participated in the Private Sessionfor the OpenAnolis Conference 2024. At this event, Koal unveiled its innovative application solution based on CPUcryptographic coprocessor modules. The Company proactively explores technological applications and solutions forintegrating cryptographic coprocessor modules within CPU chips. Their commercial cryptographic application, builton the Hygon platform, features an advanced cryptographic coprocessor module designed to implement public keycryptography (SM2), hash function (SM3), symmetric cryptography (SM4), and random number generation. As of the endof the reporting period, Koal's entire product line has been successfully equipped with the capability to integrate CPUcryptographic modules.management of multiple digital signature and verification servers.Furthermore, this cutting-edge product supports an expanded rangeof algorithms, including SM2, RSA, SM9, international ECC (13 types),and post-quantum cryptography, delivering a 200% performanceimprovement over its predecessor. It o?ers tailored signature capabilitiesfor diverse scenarios, providing robust solutions for government a?airs,?nance, healthcare, and other sectors. With streamlined business logicand intuitive interaction, it significantly enhances usability, enablingusers to e?ortlessly manage complex tasks. Andrademark registrations in 2024 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 2324 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield To e?ectively address various risks including technology development, market competition, intellectual property, and policy andregulatory challenges, Koal has established a Product and Technology Committee. This committee strengthens the evaluationand approval processes for technology and product development projects. Additionally, four supporting departments have beencreated to enhance front- and back-end support. Through cross-departmental collaboration in R&D, marketing, procurement, andquality control, the Company ensures that risk management activities are integrated throughout the entire product and technologydevelopment lifecycle. Throughout the lifecycle of R&D projects, the Company closely monitors market trends, technologicaladvancements, and policy developments. It consistently conducts risk identification, assessment, and monitoring, promptlyadjusting risk management strategies based on changes in internal and external environments. The Company has implementedrisk warning mechanisms and reporting systems to ensure that all R&D activities remain within manageable risk parameters. Impact, Risk, and Opportunity Management Indicators and TargetsManagement Level: Implement product manager responsibility system to restructure product and R&Dpractices.Establish 4 new supporting departments.Merge testing and production to enhance production e?ciency.Implement performance evaluation mechanism for R&D personnel. Target achieved Product Level: Focus on next-generation PKI development.Launch new version of SVS.Utilize cryptographic service platform as flagship product to support new industryexpansion.Deepen user data business to establish foundation for data security product line. Target achieved Support Level: Improve development e?ciency across product lines by establishing Common BuildingBlocks (CBB), a cryptographic library and infrastructure platform.Implement company-wide security testing environment.Develop consulting expert teams for key industries. Target achieved Analysis of R&D RisksResponse Strategies 2024 Target Achievement StatusIndicator/Target Actively participate in domestic and international anti-quantum cryptography standard-setting,dynamically adjusting research directions to align with mainstream standards.Develop a comprehensive innovation system covering technology development, productization, andecosystem collaboration.Conduct regular customer surveys to optimize product functionality and adaptability; implementmodular design to swiftly respond to evolving market demands.Monitor data security regulation dynamics, performing regular compliance reviews to ensure productsmeet the latest policy requirements.Conduct patent infringement risk analysis on the technical content of R&D projects, and incorporatespeci?c intellectual property legal risk review nodes in the contract approval process to identify andmitigate IP risks. Safeguarding Customer PrivacyGovernance Strategy and Approach Data Security Products and ServicesComprehensive Cryptographic Service Capability System Koal prioritizes customer needs, integrating these requirements into product technology development, quality control, and salesprocesses. The Company has established a collaborative response mechanism among product technology, quality, and salesdepartments. This ensures rigorous quality and risk management throughout the product lifecycle, guaranteeing high-qualityproducts while ensuring customer needs are swiftly addressed and clearly implemented across all business chain links. Thisapproach delivers superior products that satisfy customers and signi?cantly enhances market competitiveness. The Company adheres to the strategic policy of "constantly meeting customer and relevant legal and regulatory requirementsthrough secure and reliable product functions and consistently improving service quality." It maintains the principle of "balancingproduct innovation with reliability and security; coordinating technology, progress, and quality." Koal consistently enhancesits quality management system, strictly adheres to quality standards, and provides customers with satisfactory products andexceptional services. Concurrently, the Company actively pursues a "going global" strategy, focusing on expansion under theBelt and Road Initiative. This involves providing data transaction security services for overseas customers and assisting them inaddressing technical challenges and service assurance issues.Technology developmentand integration risksMarket competition risksPolicy and regulatory risksIntellectual property risks Koal has developed a comprehensive cryptographic service capability system, centered around the Cryptographic ServicePlatform. This "1+3" product ecosystem incorporates the Cryptographic Regulatory Platform, Operations Management Platform,and Cryptographic Laboratory. The Cryptographic Service Platform is capable of managing various cryptographic devicesheterogeneously and integrating diverse cryptographic services, offering a wide range of sophisticated cryptographic servicecapabilities for upper-layer applications. E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 2526 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Data Security Product System In today's digital landscape, data has emerged as a critical asset for both businesses and society at large. Data security is not onlyvital for maintaining operational stability and corporate reputation but has also become an essential compliance requirement inan increasingly stringent regulatory environment. Recognizing this, Koal has consistently positioned data security as a cornerstoneof its strategic expansion. The Company constantly invests signi?cant resources in the deep cultivation and innovative R&D withinthe data security domain, striving to deliver exceptional data security products and comprehensive solutions to clients worldwide.Koal excels in integrating cutting-edge technology with practical client needs, crafting bespoke data security solutions for eachcustomer. To achieve this, the Company has assembled a multidisciplinary R&D team. This team comprises seasoned data securityexperts, specialized software engineers, and elite AI algorithm researchers. Their focus is on exploring the frontiers of data securitytechnology and driving practical innovation, resulting in breakthroughs across numerous critical technical areas. Consequently,Koal has developed a comprehensive and multi-layered data security product system that encompasses the entire data lifecyclemanagement, providing clients with a robust data security shield. Data Lifecycle Reliable Data ContentTrustworthy Data CirculationTraceable Data Compliance Integrated Data Security PlatformSecurity SituationAwareness System Security ThreatDetection System Security CapabilityAssessment System Identity and Access Management (IAM) System Public Key Infrastructure (PKI) CryptographicInfrastructure Basic CryptographicService Capabilities Identity Management,Authentication, andAuthorizationIdentityInfrastructure Cryptographic Service PlatformCryptographic MachinesDigital Signature andVeri?cation Key ManagementSystem (KMS)Timestamp The Cryptographic Service Platform and its components o?er ?exibility in tailoring andcombination to meet specific requirements. They can be delivered through variousmeans, including single machine single package, all-in-one machine, data center, cloudplatform, or cryptographic cloud. These solutions provide comprehensive cryptographicintegration, operations, maintenance, and regulatory functions across diverse scenariossuch as cloud environments, big data, mobile terminals, IoT, and AI. Collection Data Transmission Security Data Storage Security Data Processing Security Data ExchangeSecurity Data DestructionSecurityData CollectionSecurity TransmissionStorageUsageExchangeDestruction This option offers straightforward and flexible deployment at a low cost,making it ideal for small enterprises and individual users. Its plug-and-playfunctionality enables rapid deployment and simple maintenance, signi?cantlyreducing the IT management burden. Single Machine Single Package Delivery Supervised Cross-border Data This solution integrates hardware and software in a ready-to-use package,minimizing deployment time. It is particularly suitable for scenarios requiringrapid launch, operating under budget constraints, or involving numeroussmall-scale business applications. All-in-One Machine Delivery This approach provides robust computing and storage resources, capableof handling large-scale data processing. It ensures high availability and faulttolerance, guaranteeing business continuity while o?ering ease of expansionand management. Data Center Delivery By leveraging cloud platform advantages, this method o?ers ?exible resourcemanagement and elastic scaling. It optimizes cost and performance whileenhancing business agility and security. Cloud Platform Delivery This specialized service focuses on encryption, employing advancedtechnology and stringent access control to ensure the security of datatransmission and storage. It simplifies cryptographic management, offeringinstantly accessible cryptographic services. Cryptographic Cloud Delivery E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 2728 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Security Service System Koal has developed a comprehensive, one-stop data security service capability. The process begins with in-depth consulting,enabling clients to gain thorough insights into their data assets and precisely identify potential risks. The Company then providessecurity construction integration services and product implementation services to ensure the smooth deployment of datasecurity solutions. In terms of ongoing support, Koal o?ers a range of data security operations services, including security systemoperations, daily security maintenance, and emergency response services. Regular professional assessments help enterprisesconstantly optimize their security measures, ensuring the continuous enhancement of data security protection capabilities. Thisholistic approach safeguards the digital transformation journey of enterprises. Koal played a pivotal role in developing the CM Financial Technology National Cryptographic Service Platform. Adhering tothe Central Bank's Document No. 140 compliance requirements, they engineered a service platform compatible with multiplevendors' ?nancial cryptographic machines. This platform achieves uni?ed management, centralized monitoring, and standardizedcryptographic service API interfaces. The solution implements a distributed cascading architecture (one master, multiple slavesmodel), incorporating collaborative signature services. It supports mobile key splitting technology and can issue digital certi?catesfor hundreds of millions of users. The platform seamlessly integrates with existing systems such as 4A and Firefly, minimizingapplication modification costs through unified key interface encapsulation. Furthermore, it enhances cryptographic servicesituation awareness and analysis capabilities. Key components include a cryptographic service platform, key management system,cryptographic machine adaptation module, collaborative signature gateway, and mobile cryptographic module. These elementscollectively meet the compliance and operational e?ciency requirements of the ?nancial sector. CM Financial Technology National Cryptographic Service PlatformConstruction ProjectCase In 2023, Koal began its involvement in the Shanghai Municipal Bureau of Finance's Treasury Budget Integration InnovationProject. This initiative aims to modernize electronic management of centralized treasury payments across municipal, district,and town levels while adapting to innovative technologies. The project leverages domestically produced innovative products asits operating platform, incorporating Koal's electronic seal and digital signature security devices to safeguard electronic vouchersand data integrity. By centrally deploying electronic voucher security support components and electronic seals, and utilizinggovernment networks alongside dedicated treasury networks, the project establishes secure connections between ?nancialdepartments, agent banks, and sub-treasuries. The implementation of digital certi?cate-based electronic signatures and sealtechnology signi?cantly enhances the e?ciency of district-level ?nancial payments and bolsters voucher security management. Shanghai Municipal Bureau of Finance Treasury Budget Integration Innovation ProjectCase Product Quality and SafetyBuilding upon on the ISO 9001 Quality Management System and CMMI 5 Capability Maturity Model Integration certi?cation, Koal has formulatedinstitutional documents such as theR&D Project Quality Assessment Measures (Draft)and Quality Management Manual. Focusing on customerneeds, key areas, and core processes, the Company has established a comprehensive quality management system that spans the entireproduct lifecycle to deliver high-quality products and services. Annual internal audits and management reviews of the quality managementsystem are conducted as scheduled, refining existing processes and integrating new requirements into business operations. During thereporting period, Koal maintained an impeccable record with no major quality or safety-related incidents concerning its products and services. During the reporting period, the Company undertook a comprehensive upgrade of its quality management system, drawinginspiration from the CMMI 5 model. This initiative aimed to bolster the implementation of quality management practices, enhanceproduct quality, and improve R&D and testing e?ciency. The result was the establishment of a robust quality management systemthat spans the entire product lifecycle, encompassing requirements, design, coding, testing, production, delivery, and maintenancephases. As part of this e?ort, the Company developed the R&D Project Quality Assessment Measures (Draft). This document servesas a supplement to the existing quality management system, rede?ning activity requirements for each stage of R&D projects. It alsointroduces corresponding assessment and incentive measures designed to foster greater employee initiative in quality-related tasks.Furthermore, the Company has raised the bar for high-level requirement documentation and review processes, thereby strengtheningthe quali?cation rate of high-level requirements and enhancing overall review e?ectiveness. Full Lifecycle Quality Management Key Performance Achieved ISO 9001Quality ManagementSystem Certi?cation Secured CCRCInformationSecurity ServiceLevel 2 Certi?cationObtained ISO 20000Information TechnologyService ManagementSystem Certi?cation Attained CMMI 5Capability MaturityModel IntegrationCerti?cation Acquired ISO 27001Information SecurityManagement SystemCerti?cation Data SecurityConsulting Services Data SecurityImplementation Services Data SecurityOperation Services Service Content Service Content Service Value Service ValueService Content Asset Review ServiceRisk Assessment ServiceSecurity System Construction Security Construction Integration Service Security System OperationDaily Security MaintenanceEmergency Response Service Service Value Clarify Current Data Security Status Identify Risks and IssuesMeet Regulatory Compliance Requirements Customized Solutions Address Protection Capability Gaps Strong Data Security Assurance Continuous Evolution andOptimization Around Business Needs Inventory Assets/Assess Risks Product Implementation/System Construction Ongoing Evaluation/ Continuous Optimization E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 2930 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Product Testing and Recall The Company has established comprehensive institutional documents, including theTest Operation GuidelinesandQuality and SafetyRequirements for Company Products and Software Deliverables.These documents provide clear stipulations on various aspects ofsoftware testing, including test classi?cation, objectives, design, steps, pass criteria, and primary evaluation methods. The testing regimerequires di?erent objects to be evaluated at various stages of the software lifecycle. Notably, all company products must meet internalsecurity testing "Level 1" requirements before they can be cleared for delivery. During the reporting period, the Company successfullyshipped 2,512 hardware products. Each of these products underwent rigorous inspection in accordance with the checkpoints de?ned intheProduct Inspection Speci?cations prior to shipment.The Company has implemented aNon-conforming Product Control Procedureto guide the identi?cation and control of non-conformingproducts at various stages of the product lifecycle. In cases where non-conforming products are discovered after delivery to customersor after use has commenced, the Company conducts a thorough veri?cation of the speci?c circumstances. Based on this assessment,a determination is made regarding whether to notify customers for a potential recall, thereby preventing the unintended use or furtherdelivery of non-conforming products. During the reporting period, the Company did not experience any product recall events.Quality Culture DevelopmentKoal actively fosters a quality-centric culture. The Company regularly conductsquality training sessions for employees to enhance overall quality awareness andimprove management efficiency and product quality. During the reporting period,four comprehensive quality training sessions were held, covering crucial topics suchas project management processes, institutional document dissemination, advancedrequirement writing and review techniques, and sharing of best practices. "Integration Testing ExecutionRequirements and Best Practices Sharing"themed quality training sessionSupply Chain Quality Control Customer Service Management Koal places significant emphasis on supply chain quality control. The Company establishes clear quality standards by signingtheSupplier Product Quality Assurance Agreementwith its suppliers. This agreement delineates speci?c requirements regardingquality responsibilities, issue resolution processes, and problem-handling procedures, ensuring consistent quality throughout theentire supply chain. Additionally, Koal regularly organizes quality-related training and exchange programs with suppliers. Theseinitiatives enable suppliers to gain a deeper understanding of the Company's quality requirements, thereby promoting overallquality improvement across the entire supply chain ecosystem. The Company consistently refines its internal customer service management systems, clearly delineating pre-sales, mid-sales,and after-sales service processes. This comprehensive approach manages all aspects of customer service, encompassing after-sales service requests and handling, hardware warranty services, software defect resolution, product inspection services, customercomplaint management, and system upgrades. The objective is to deliver high-quality, e?cient, and ?exible services with customersatisfaction as the primary focus. Customer Relationship Management Koal prioritizes customer needs and interests, constantly enhancing its service system to improve the precision andprofessionalism of customer service, thereby elevating overall service quality and customer satisfaction. Key Performance Product requirements must adhereto principles of reasonableness,stability, and accuracy, aligningwith CMMI model and templatewriting standards throughout theproduct lifecycle.For system testing-related projects,the involvement of testingpersonnel in requirement reviewsis mandatory to ensure testability. Requirements Regular product maintenance isconducted following managementcontrol documents, includingtheMonitoringandMeasuringEquipment Control Proceduresand Equipment MaintenanceRegulations. Maintenance Upon product arrival at the user site, a structured process of display,installation, adaptation, and debugging is carried out in accordance withguiding documents such as theProduct Delivery Process andImplementationPlan. User satisfaction data is collected as part of this process. Delivery Design processes must prioritizee?ciency and maintainability,following CMMI templates foroutline design.A/B class projects necessitateseparate outline designdocumentation, which is subjectto a "formal inspection" review. Design The production process isgoverned by a set of guidingdocuments, including the Product Assembly ProductionGuidelines, Product InspectionSpeci?cations, ProductFactory Inspection Form, andProduct Protection OperatingInstructions.Adherence tothese documents ensures themanufacture and delivery ofquali?ed products. Production All code must comply withestablished standards, with aparticular emphasis on securitydesign. Unit tests are mandatory,with test cases and resultsmeticulously recorded.These unit tests shouldcomprehensively cover keyelements such as test objects,inputs, and outcomes. Coding Integration testing is conducted following functional acceptance, withA/B class projects requiring independent test cases and defect lists.Con?guration managers are tasked with verifying delivery item compliance.In system testing, test cases must provide full coverage of requirements, andtest reports are subject to review. QA personnel are responsible for checkingthe completeness of test documentation.The Company places signi?cant emphasis on integration testing executionrequirements to verify module functionality, interface integrity, datatransmission accuracy, and compliance with system design speci?cations.This approach facilitates more e?cient problem detection and localization. Testing Achieved coverage of product quality training for R&D personnel. Accumulated a total of hours of 629.83 product quality training. Recorded attendances in product quality training sessions. E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 3132 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield The Company annually undertakes key improvement projects to optimize customer service and enhance service capabilities.During the reporting period, Koal focused on improving customer service capabilities through three main initiatives: strengtheningknowledge base construction, re?ning key customer engagement models, and enhancing ERP system process operations. Pre-SalesMid-SalesAfter-Sales Customer follow-up and feedbackcollection: Conduct regular follow-ups (via phone, email, or on-sitevisits) to assess product usage andservice experience. Identify areas forimprovement through satisfactionsurveys and complaint analysis.Technical support and problemresolution: O?er free maintenanceand remote technical guidancewithin the contract period, establishrapid response mechanisms (e.g.,24/7 availability), and maintainconstant readiness.Customer relationshipmaintenance: Conduct regularcustomer visits to bolster satisfaction. Project implementation: Execute product production or servicepreparation according to standardprocedures, monitoring progress,overseeing quality, and maintainingtimely communication throughoutimplementation.Logistics and delivery: Coordinatetransportation, provide on-sitesupport for installation, debugging,and user training to enhance thecustomer experience. Market research and customerdevelopment: Identify targetcustomers through industryanalysis, competitive research,and customer pro?ling.Requirements analysis andcommunication: Engage inthorough discussions withcustomers to clarify pain points,budget constraints, and timelinerequirements. Solution design: Develop tailoredsolutions based on speci?crequirements. The Company emphasizes the development of professional skills and business acumen within its sales team, regularly conductingtraining to enhance customer service capabilities. These sessions cover key aspects including market analysis, customer needsidentification, and after-sales service, aiming to cultivate a high-quality, efficient customer service team. During the reportingperiod, the Company conducted 35 customer service training sessions. Listening to Customer Concerns Koal prioritizes customer concerns and feedback, implementing robust institutional documents such as theKoal Customer Service Hotline Handling ProcessandCustomer Service Hotline Handling Guidelinesto establish a standardized customer communicationprocess. This system ensures swift response to and resolution of customer issues, enhances the investigation, handling, tracking,and supervision of customer complaints, and conducts thorough post-mortem analyses of customer feedback for continuousimprovement. These measures guarantee timely responses to customer needs and consistently elevate customer satisfaction. Customer service personnelor relevant departmentheads conduct an initialassessment to determinewhether immediate resolutionis required or if the complaintshould be escalated to otherdepartments. Allocate complaints toappropriate departments orteams based on their categoryand severity. Responsible personnelconduct a thoroughinvestigation of the complaint,including understanding thespeci?c circumstances andgathering relevant evidenceand materials.Communicate the proposedsolution to the customer,soliciting their feedback toensure satisfaction. Utilize multiple channels for receivingcustomer complaints, includingcustomer service hotlines, emails,and customer service platforms.Upon receipt of a complaint,customer service personnelmeticulously document all details,including the complainant's basicinformation, speci?c issues raised,and time of complaint. Summarize the complainthandling process, analyzingroot causes and identifyingareas for improvement in thehandling process. After implementing the solution,conduct follow-up assessmentsto gauge customer satisfactionwith the resolution. The Company regularly conducts customer satisfaction surveys. Following on-site customer service, technical support personnel collect customer-completedsatisfaction survey forms and personally deliver them to the department manager.The survey encompasses satisfaction with both the current service and the product.After collecting this information, the Company thoroughly analyzes the surveyresults, promptly adopting targeted improvement measures to consistently optimizeproducts and services and enhance overall customer satisfaction. Customer servicesatisfaction rate % 98.2 Key Performance Strengthening knowledgebase constructionDelivery and maintenance personnelinput their problem-solving methodsand experiences into the knowledgebase in real-time. Professional sta?regularly curate the knowledge base,identifying e?ective information andsegmenting it for use by maintenancepersonnel and customers beforepublication. The Company is undergoing system upgrades, with plans toimplement AI technology for intelligent,generative Q&A to assist maintenancesta? and customers, aiming to provide enhanced service. Re?ning key customer engagement modelsTo ensure premium, continuousservice experience for key customers,the Company has adopted a one-stop, dedicated engagement model. A triad of sales manager, technicalmanager, and project managerprovides ongoing service to keycustomers, with each specialisto?ering tailored service solutionsbased on speci?c customersituations and needs, ensuringprompt response and resolution of customer requirements. Enhancing ERP system process operations The Company has comprehensivelyreviewed and restructured existing businessprocesses within the ERP system, eliminatingunnecessary steps and streamliningprocedures to ensure e?ciency andrationality in each process. By integratingdi?erent business modules, automateddata ?ow is achieved, reducing manualintervention and error rates, signi?cantlyshortening response times, and markedlyimproving customer service satisfaction.Through enhanced ERP system processoperations, the Company has achieveddual improvements in communication and management e?ciency. Assignment Follow-up and Feedback Investigation and Resolution Summary and Improvement Complaint ReceptionPreliminary Analysis E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 3334 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Responsible Marketing Koal adheres strictly to relevant laws, regulations, and industry norms inits operational regions. In compliance with regulatory requirements, theCompany has implemented a rigorous review process and establisheda responsible marketing material review and supervision mechanism.This ensures that all marketing materials undergo approval by authorizedmanagement personnel before release. Products and materials provided tocustomers are accompanied by certi?cation from authoritative institutions.All customer case studies publicly display traceable customer names andcontact information, ensuring authenticity through stringent verificationprocesses. The products provided to customers, in conjunction with othercustomer products, form comprehensive information systems that canonly be activated for use after certification by authoritative departmentsfollowing system deployment. Furthermore, the Company regularlyconducts responsible marketing training for all employees involved inmarketing activities, providing guidance and mandating adherence toapproved messaging during external communications. This preventsthe dissemination of inaccurate, exaggerated, outdated, ambiguous,or undisclosed information. During the reporting period, the Companymaintained a clean record with no signi?cant marketing-related violations. Analysis of CustomerPrivacy Protection Risks Response StrategiesEnhance investment in anti-quantum cryptography and national cryptographicalgorithm upgrades, while actively participating in the formulation of industrystandards (e.g., cryptographic module security testing standards) to maintaintechnological leadership.O?er pre-deployment testing services on the customer side to proactively identifyand resolve adaptation issues.Reinforce product quality control throughout the entire lifecycle, constantlyimproving product quality and enhancing R&D and testing e?ciency.Establish industry-speci?c service teams to provide dedicated technical support forkey customers.Develop a remote operation and maintenance platform, leveraging AI technologyfor predictive fault detection and rapid response. Core cryptographic technologyvulnerability risksProduct compatibility andadaptability risksQuality control risksAfter-sales supportcapability risks Koal has implemented a multifaceted risk prevention and control system that encompasses data security product services,quality management, and customer response. Through systematic risk control, the Company ensures the robust security supportcapability of its cryptographic technology in critical sectors such as government a?airs, ?nance, and national defense, therebyproviding a reliable data security foundation for the development of Digital China. Impact, Risk, and Opportunity Management Indicators and TargetsAverage defect density of submitted product testversions < 20/KLOC Target achievedActual average defect density: 16.96/KLOCTraining plan implementation rate ≥ 95% Target achievedActual implementation rate: 100%Procurement material inspection pass rate ≥ 95% Target achievedActual pass rate: 100%Product production process error detection rate < 10% Target achieved Actual error detection rate: 2.05%Test software recon?rmation rate ≥ 90% Target achieved Actual recon?rmation rate: 100%Customer service satisfaction rate ≥ 95% Target achieved Actual satisfaction rate: 98.2% Indicator/Target2024 Target Achievement Status Total duration of responsible marketing training hours3,248.17Total attendance1,802 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 3536 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Protecting Data Security Koal strictly adheres to relevant laws and regulations, including theCybersecurity Law of the People's Republic of China, theData SecurityLaw of the People's Republic of China, thePersonal Information Protection Law of the People's Republic of China, the State Security Lawof the People's Republic of China, and theMeasures for the Administration of Data Security in the Industry and Information TechnologySector (Trial Implementation). The Company has formulated internal policies and management norms, such as theInformation SecurityManagement System Manual, Network and Information Security Management System,andCon?dentiality Work Assessment and Rewardand Punishment System.These measures contribute to a comprehensive information security management framework and establish anautomated early warning mechanism for information security incidents, safeguarding the Company's information infrastructure, applicationsystems, products, and customer data.Koal has established a Con?dentiality Work Leading Group, integrating information security and con?dentiality practices into the businessprocesses of all departments. The group is led by Director Fan Feng, who bears overall responsibility for the Company's information securityand con?dentiality e?orts. Deputy leader Zhong Jian coordinates and promotes information security and con?dentiality initiatives. Underthe Confidentiality Work Leading Group, the Confidentiality Office manages daily confidentiality operations, while the General Officeoversees network and information security decision-making. Other departments are responsible for implementing information securityand con?dentiality measures within their respective domains, ensuring a standardized, orderly, and e?cient approach to the Company'sinformation security management. As a pioneer and leader in China's information security digital trust sector, Koal consistently enhances its internal information securitymanagement system while providing robust security protection for customers. The Company has established comprehensiveconfidentiality protocols for both employees and the organization, ensuring data security for the Company and its clients. Koal hasdeveloped PKI infrastructure and created an all-encompassing information security, data security, and IoT security service framework.The Company has fully integrated its business systems, email platforms, cloud storage, and other digital assets, implementinggateway IDaaS single sign-on control. Leveraging its distinctive identity management technology and cryptographic applications, Koalcomprehensively manages online business and information flows across sales, procurement, production, customer management,financial management, and human resource functions. This enables secure remote access control in the cloud, establishes acomprehensive information security assurance system, and raises employees' information security awareness, fostering a safe andreliable information environment.Governance Strategy and ApproachKoal adheres to the principle of "security ?rst, prevention as a priority." Drawing upon mainstream domestic and international regulatoryrequirements, general information security management system standards, and industry best practices, the Company has establisheda comprehensive information security and confidentiality management system. It constantly enhances its security managementframework for critical information infrastructure, implementing robust information security measures across policies, organization,personnel, infrastructure, and operations. Concurrently, the Company employs cutting-edge technological solutions to safeguard theintegrity and availability of internal data, thus ensuring comprehensive protection of the Company's information assets. TheManagementBodies TheExecutionBodies Responsible for the daily organization andmanagement of con?dentiality work.Tasked with promoting and executing information security and confidentiality practices withintheir respective areas of operation. Oversee decision-making and implementationof network and information security measures.Other Functional Departments General O?ce and Information GroupCon?dentiality O?ce Service Support System Security Technology System Security OrganizationalStructure Personnel CapabilityRequirements Professional De?nition Security Policy System CryptographyTrust SystemCryptographic SupportCryptographicApplications Cryptographic Application Incident Management Establishing Security Supervision Management System Business Continuity ManagementCompliance Management Asset Management Security OrganizationSecurity Strategy Security Operation System Pre-event Control In-process Protection Post-event Response Implementation Implementation Audit Improvement Detection Response Recovery CryptographicObject Identi?cationAsset ValueManagementSecurity Risk Assessment Situation Overview MeasureSelection PlanFormulationPlan Implementation and Drill Risk Handling SituationalAwarenessRisk HandlingRisk TracingRisk EarlyWarning Avoidance Knowledge Base Security Enhancement Decision-making SuggestionsRisk Monitoring Trusted Cryptographic ServicesResource TrustedMarkingResourceObject Management Resource Authorization Control Dynamic Trusted Authentication ScanningMonitoringEmergency Management Recovery Mechanism Penetration TestingAuditingIncident HandlingDisaster Recovery Measures Tracing Continuity Terminal CryptographicCalculation ModuleTrusted Terminal Marking Trusted Program Anti-counterfeiting Operation Usage Object Marking Local CryptographicCalculation Sandbox Integrated Identity Authentication TerminalEnvironment Anti-theft ofTransmission Tra?cSource Information Encryption Two-way TransmissionAuthenticationChannel Transmission Protection Video Encryptionand CompressionAnti-tampering ofTransmitted InformationNetworkCommunication Boundary AccessAuthentication Boundary Access Control Terminal Identity Authentication BoundarySecurity Application Access AuthenticationData Flow Veri?cation Application AccessControlBehavior Accountability Application Code Signing Application Security Data Flow ControlCentralized Data Control Transparent DataEncryption/Decryption DataControl Security OrganizationSystem The group leader bears overall responsibility for the Company's information security andcon?dentiality e?ortsOversee the implementation of information security and con?dentiality work responsibility systems,and address critical issues in these areas.Review and approve information security and con?dentiality management systems.Allocate human, financial, and material resources to support information security andcon?dentiality initiatives. Con?dentiality Work Leading Group E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 3738 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Information Security Certi?cation and Audit The Company actively pursues the development and implementation of robust information security management systems andqualification certifications. As of the end of the reporting period, the Company has successfully obtained ISO 27001 InformationSecurity Management System certi?cation and two con?dentiality quali?cations.In compliance with theMeasures for the Administration of Integrated Qualifications for Classified Information SystemsandCon?dentiality Standards for Integrated Quali?cations for Classi?ed Information Systems, the Company conducts regular and ad-hoc information security and confidentiality inspections through self-examination and in cooperation with regulatory checks. Acomprehensive audit of all information security and confidentiality matters is completed bi-annually. Additionally, the Companyundergoes aperiodic external inspections of information security by third parties, including government agencies. During thereporting period, the Company conducted two internal information security audits. In September 2024, Koal underwent a specialized information security inspection conducted by the Network Security Corps ofShanghai Public Security Bureau. The inspection focused on two critical areas: network security and supply chain integrity. It involvedan in-depth analysis of the Company's network architecture, data protection systems, and information exchange processes acrossvarious supply chain stages to precisely identify potential vulnerabilities. In response to issues identi?ed in network security and supplychain aspects, the Company established a dedicated remediation team. This team rigorously adhered to the requirements outlinedin the remediation report issued by the Network Security Corps to develop comprehensive improvement plans. Key personnel wereactively assigned to attend meetings at the Network Security O?ce to stay abreast of the latest requirements, ensuring precise ande?ective remediation e?orts to foster a secure, stable, and e?cient operational environment. Special Information Security Review by the Network Security Corps ofShanghai Public Security BureauCase Furthermore, the Company regularly conducts con?dentiality supervision and inspections focusing on sensitive information and personnel.Bi-monthly self-inspections are mandated for personnel handling classified information, reinforcing the importance of adhering toconfidentiality requirements, conducting work in accordance with established protocols, and avoiding disciplinary or legal violations.Monthly self-inspections are scheduled for departments dealing with con?dential business. Department leaders implement and inspectcon?dentiality measures tailored to their speci?c business characteristics. Quarterly inspections are conducted on department leaders'implementation of confidentiality responsibilities, semi-annual checks on the confidentiality responsibility implementation of leadersoverseeing con?dentiality, and annual reviews of the General Manager's con?dentiality responsibility implementation. All supervision andinspection results are meticulously documented in con?dentiality inspection work records. Information Security Management Network Security ManagementThe establishment of private networks by any departmentis strictly prohibited. Network activation is conductedsolely by the O?ce Department following a comprehensivefeasibility study.Any unauthorized modification of company IP addressesor connection methods by departments or individuals isstrictly forbidden. Access to internal network systems byexternal personnel is rigorously controlled. Equipment Security Management The Company provides computer equipment forinternal use. Employees are required to refrain fromunauthorized exchange or disassembly of equipmentand must maintain a clean, safe, and optimal workingenvironment for all computer equipment.Employees must strictly adhere to safety protocolsand proper usage guidelines for computer equipment,including startup and shutdown procedures, and areheld responsible for the security of the computers andrelated equipment under their use.File Storage EncryptionStorage of critical company documents on the C drive(including desktop) is prohibited. Such files must beregularly backed up and stored in designated departmentfolders on the company file server, with each departmentoverseeing review and security management.Upon an employee's departure, the department head isresponsible for transferring all work-related materials to theappropriate department folderEncryption is mandatory for files containing sensitiveinformation. Electronic versions of company certificates,official letters, and other critical documents must includeexplanatory watermarks or purpose annotations. Individualsresponsible for improper handling or usage resulting ininformation leaks or losses will be held fully accountable. Information Con?dentiality Management Company sensitive information is managed underthe principle of "strict management, tight prevention,ensuring security, facilitating work," with complete andsecure handover procedures enforced at every stageInformation transmission must be carried out bydesignated personnel in accordance with establishedprotocols. Transmission through ordinary postal or courierservices is strictly prohibited.Prior to leaving their position or the Company, employeesare required to return all classi?ed materials. Further exitprocedures can only be initiated after confirmation ofcomplete return.The destruction of classi?ed materials must be supervisedby at least two individuals and processed at designatedsecure locations. Information Security Enhancement Technologies and PlansIn 2024, the Company undertook a comprehensive upgrade of its internal security protection systems, significantly elevatingoverall network security levels to safeguard corporate information assets. To further bolster internal information security protectioncapabilities, the Company has formulated a strategic information security enhancement plan for the upcoming year. This planincludes: i) further optimization of existing security strategies to address increasingly sophisticated and covert attack methods;ii) regular review and update of security policies to maintain their e?ectiveness; iii) exploration of AI-based security tools, suchas automated threat detection and response systems, to enhance the intelligence level of security protection; and iv) leveragingmachine learning and big data analysis technologies to improve the accuracy and response speed of threat detection. Delineate network access security zones: Strategically relocate relevant network security access devices todesignated security zones and apply more stringentnetwork policies. Restrict high-risk port usage: Prohibit the use of commonly vulnerable and virus-prone ports such as139, 445, 3389, etc. Enhance basic protection of internal systems: Strengthen SSH con?gurations across systems, avoidusing default ports, and disable unnecessary services(e.g., tcpforward). Implement robust IP whitelistmechanisms for core systems to strictly control accesspermissions and mitigate the risk of lateral movement. Strengthening Internal Network Isolation Deploy WAF systems: Protect OA portals, remote access, and other critical systems from common Web attackssuch as SQL injection and cross-site scripting (XSS),ensuring comprehensive Web application security. Optimizing Rapid Response Deploy XDR systems and increase honeypot nodes: Implement comprehensive monitoring of internalbusiness systems and o?ce computers through XDRsystem deployment for rapid intrusion detection. XDRsystems provide holistic security event detection andresponse capabilities, swiftly identifying potentialthreats through automated analysis and correlation. Strengthen behavior auditing: Enable transparentterminal IP functionality for internal wireless networksand remote access VPNs. Integrate access logs of criticalbusiness systems and DMZ demonstration systems intoa centralized log audit system. Continuous monitoringand analysis of terminal behavior enable real-timedetection and alerts for anomalous activities. Enhancing Monitoring and Traceability Minimize external network mapping ports: Systematically close long-unused temporary portsand implement stringent source IP and validity periodrestrictions for newly opened temporary ports. Regularlyreview and update port mapping policies to ensure onlynecessary ports are exposed externally. Phase out legacy systems: Eliminate obsolete network devices like OpenVPN and WireGuard that are no longermaintained, and uniformly migrate to 7-series securityauthentication gateways and IPSec VPN gateways toenhance overall system security and stability. Reducing Attack Surface E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 3940 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Privacy and Data Security Koal adheres to the principle of "minimal data collection," systematically storing customer information in a robust ERP system. Thisapproach is integrated with the Company's internal information security management system, ensuring both data integrity andcon?dentiality. The system incorporates role-based access controls, applies data masking techniques to critical customer information,and utilizes cryptographic products certi?ed for commercial con?dentiality detection to provide multi-layered protection. Development of Information Security Culture The Company enhances employees' information security awareness and fosters a robust corporate information security culturethrough various channels, including educational campaigns, training sessions, reports, and knowledge competitions. Furthermore,the Company integrates confidentiality education into its comprehensive training plan, disseminating crucial confidentialityknowledge and analyzing current confidentiality work situations during these sessions. This helps employees heighten theirawareness, clarify their responsibilities, and strengthen their commitment to confidentiality. The Company regularly conductscon?dentiality examinations to evaluate training e?ectiveness, enabling employees to gauge their understanding of con?dentiality-related knowledge and incorporate confidentiality practices into their daily work routines. During the reporting period, theCompany conducted four information security and con?dentiality training sessions.Total duration of informationsecurity training hours Total attendance in informationsecurity training Key Performance For new employees, the Company provides comprehensive confidentiality awareness training, requiring them to pass aconfidentiality entry exam before commencing employment. New hires are also obligated to sign confidentiality agreements,which explicitly prohibit the disclosure of any information related to company business and clients. Business personnel are strictlyforbidden from disclosing customer information, work notes, reports, quotations, invoices, and labor contracts. Developers andimplementation sta? are prohibited from revealing source code, system design documents, database structures, and data. Duringthe reporting period, the Company organized a company-wide specialized con?dentiality training program themed "StrengtheningConfidentiality Awareness, Building a Solid Security Defense Line." The final assessment following the training yielded animpressive average score of 97 points across all employees, signi?cantly enhancing the con?dentiality awareness and informationsecurity protection capabilities of the entire workforce. Data Privacy Protection Awareness Project Information Con?dentiality AwarenessProactive Knowledge Maintenance and Updates Authentication and Access Management Awareness Employees are educated on the purpose of regulartraining, which is to enhance their understanding ofdata privacy protection and the critical importanceof safeguarding information security. They areencouraged to internalize and implement theconcept of protecting customer data privacy andsecurity while providing services. Employees are thoroughly educated on thesensitivity of all project-related information(including project contracts, proposals, data,working papers, and reports) and that access isrestricted to employees with appropriate credentialsand permissions. For classi?ed projects, employeesare made acutely aware of the crucial role ofthe Con?dentiality O?ce and the importance ofimplementing stringent con?dentiality requirementsthroughout the entire project lifecycle. Through regular and comprehensive training,employees are kept abreast of the latest securitypolicies and best practices. They are also taughthow to e?ectively apply this knowledge to enhancework e?ciency while maintaining security. Employees are instructed that their digitalcerti?cates are vital symbols of identity and mustbe diligently safeguarded to prevent unauthorizedaccess. They are made to understand that systempermissions for di?erent positions are preset, andthey should only access information and resources within their authorized scope. Data Backup The Company employs a strategic combination of full and incremental backup methodologiesto perform regular backups of data across all critical systems. This includes internal networkinfrastructures, operational platforms, portal websites, corporate email servers, and ERPsystems, to ensure optimal data recovery capabilities in the event of system failures. Data Flow Control Backed-up data ?les are subject to stringent safeguards to prevent unauthorized copyingor destruction. The extraction of databases from the system without proper authorizationis strictly prohibited. Encrypted Storage The system supports encrypted storage for sensitive data ?elds, encompassing personalinformation, sensitive personal information, and enterprise-critical data. E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 4142 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Impact, Risk, and Opportunity Management Koal consistently re?nes its information security and con?dentiality risk management mechanisms. The Company has implementedtheInformation Security Risk Management ProcedureandConfidentiality Management System,establishing robust protocols forongoing information security risk control. This approach ensures early detection and prompt handling of potential risks. The Company adheres to the principle of "prevention-focused, enhanced monitoring; people-oriented, collaborative defense;standardized operations, constant vigilance." A robust mechanism for preventing and responding to information security andconfidentiality incidents has been established. Koal has formulated detailed institutional process documents, including theInformation Leakage Incident Emergency Response Plan, which standardizes emergency response processes and measures forvarious security incidents. This signi?cantly enhances the Company's ability to respond e?ectively to emergencies. To bolster itsinformation security defense capabilities, the Company conducts regular emergency drills and attack-defense exercises as part ofits routine operations. During the reporting period, Koal conducted one comprehensive information security and attack-defenseemergency drill. Information Security Risk Prevention Measures Enforce robust password security protocols, including mandating strong passwords, implementing two-factorauthentication, and requiring periodic password changes.Conduct regular system scans for updates and promptly install new patches to address identi?ed vulnerabilities.Restrict software installation to o?cial or trusted sources only, minimizing malware risks.Enhance network perimeter protection through advanced firewall software or hardware to monitor intrusions andrestrict unauthorized access e?ectively. Implement dual-factor authentication and access control lists to ensure networkaccess is limited to authorized users only. Utilize secure protocols (e.g., HTTPS) to encrypt sensitive data transmission,preventing man-in-the-middle attacks and data theft.Establish regular data backup and emergency recovery plans, storing backup data o?ine in secure locations to ensurerecovery in case of damage. Deploy o?ine backup devices for critical data. Risk Identi?cation Identify risks for eachof the Company'srecognized assets basedon the con?dentiality,integrity, and availabilityrequirements of theinformation theycontain. Compile acomprehensive riskinventory. Risk Analysis Following riskidenti?cation,conduct analysesand descriptions ofpotential impactsfrom realized risks.Employ relevant riskcalculation methodsto quantify risk values. Risk Assessment Evaluate risk analysisresults againstestablished riskcriteria to determinerisk acceptabilityor necessity fortreatment. Documentthe entire riskassessment processfor future reference. Risk Treatment Implement targeted preventivemeasures for each identi?edrisk point, strictly adhering tospeci?ed countermeasures tomitigate the probability of riskoccurrence.Conduct research oncon?dentiality risk assessmentmanagement to enhance overallcon?dentiality managementstandards and proactivelymanage potential risks. Product Lifecycle Security ManagementThe Company integrates rigorous information security requirements throughout the entire product development and designprocess. This establishes a comprehensive information security management system that spans the full product lifecycle, creatinga robust protective framework for all company o?erings. Security Deployment and OperationsHarden products and operational environments based onsecurity hardening guidelines.Strengthen vulnerability management for live networkcomponents through daily updates on the latest open-source component vulnerabilities, proactively reducingpotential security risks.Establish robust vulnerability alert and handlingprocesses, track product vulnerability risks, andimplement a tiered emergency response system based onvulnerability risk levels. Security Testing Re?ne the security testing framework, augmentingsecurity test case design and multi-language security codeexamples to ensure increasingly rigorous and e?ectivetesting processes.Employ a hybrid approach combining automated toolscanning with manual penetration testing to ensureproducts meet security red line requirements.Integrate penetration testing into the release process forkey projects, enhancing pre-launch security assurance.Implement pre-release host checks to ensure all-in-one machines are optimally con?gured and hardenedaccording to security guidelines. Enhance security training programs toelevate employees' security awareness andtechnical pro?ciency.Implement a routine code auditing systemincorporating security self-inspection, statictool scanning, and manual code review. Identify sensitive data using a security red linechecklist and determine appropriate protection levels.De?ne compliance requirements, including Level 2Protection standards and industry-speci?c regulations. Security Requirements Transform security requirements into technicalsolutions based on established security red lines.Conduct peer reviews to ensure comprehensivecoverage of all security requirements. Security Design Security Development Execute e?ective open-source software governance, i.e., fulllifecycle control + deployment package vulnerability + licensescanning, to ensure product safety and regulatory compliance.Initiate the application of AI-assisted security developmenttechniques, such as intelligent coding assistants, to addresspotential security issues. E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 4344 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Information Security Incident Emergency Response Process and Measures Indicators and Targets Koal establishes its information security objectives and strategies based on its information security policy. To ensure businesscontinuity and maintain secure, stable operations, the Company translates information security requirements into actionable andmeasurable objectives across various organizational levels. The achievement of these objectives is directly tied to performanceincentives for the Company's management team. Controlled information leaks: No more than 3 incidents/year Target achievedNo controlled information leak incidents occurred.Con?dential information leaks: Zero incidents/year Target achieved No con?dential information leak incidents occurred.Loss of critical information equipment: Zero incidents/year Target achieved No incidents of critical information equipment loss occurred.Information security/IT service training coverage throughoutthe year: 100% Target achieved All personnel received information security/IT service training.Cumulative large-scale internal network (60% coverage)downtime: Less than 120 minutes/year Target achieved No large-scale internal network (60% coverage) downtime exceeding 120 minutes occurred.Large-scale virus outbreaks (60% of computers infected): Nomore than 1 incident/year Target achieved No large-scale virus outbreaks (60% of computers infected) occurred.Major service/information security incidents: Zero incidents/year Target achieved No major service or information security incidents occurred.System and equipment availability: Maintained at 99% orhigher Target achieved System and equipment availability remained above 99%.Con?dentiality breach incidents: Zero occurrences Target achieved No con?dentiality breach incidents occurred. Indicator/Target2024 Target Achievement StatusIncidentDiscoveryand InitialResponse Anomaly Detection: Monitor servers for anomalies such as potential hacker attacks or unusualprocesses. Conduct preliminary assessments to determine if an intrusion or information leakage hasoccurred.Emergency Plan Activation: Upon con?rmation of an intrusion or leakage, immediately initiate theemergency response plan. Business Impact Evaluation: Assess whether a?ected servers are critical to business operations. If operations remain una?ected, promptly take servers o?ine. In cases where business operations areimpacted, escalate to supervising leadership and implement network isolation protocols, includingdisconnecting external network access. Investigation and LeakCon?rmation Log and File Examination: Inspect database operation logs, server processes, network logs,and suspicious ?les to con?rm the extent of information leakage. Upon discovery, promptlyreport ?ndings to leadership and assemble a dedicated emergency response team. Critical Evidence Preservation: Back up all logs, malicious ?les, and attack traces. In severe cases, escalate the matter to appropriate law enforcement authorities. Leak Source Identi?cation: Conduct analysis of leaked data to pinpoint the source, includingattack vectors and vulnerabilities. Address and rectify identi?ed security weaknesses. Emergency Handlingand System Recovery Threat Elimination: Remove viruses, trojans, and attack files. Implement security measures on compromised servers. Conduct thorough checks on all connected systems to prevent pivot attacksor secondary leaks.System Forti?cation: Update all vulnerability patches, implement encryption for core data, rectifyhigh-risk systems, and establish security baselines.Recovery and Enhanced Monitoring: Restore network connections after con?rming system security.Implement heightened monitoring protocols, with particular emphasis on database access logs. Post-IncidentManagementand Compliance Reporting Incident Documentation and Archiving: Compile detailed incident reports, documenting leakedcontent, potential harm, mitigation measures implemented, and responsible personnel involved.Compliance Reporting: Ensure responsible departments submit written reports to the Company'sCon?dentiality O?ce and leadership group within 24 hours of leak discovery. The Company mustprovide written noti?cation to the Shanghai Secrecy Administration Bureau within 24 hours andsubmit investigation results within 3 months.Internal Leak Handling: For unintentional leaks, follow established virus handling proceduresfor equipment and intensify employee training programs. In cases of intentional leaks, restrictinvolved employees' account privileges, collect log evidence, and, in severe cases, refer the matterto relevant national authorities for further action.Continuous Improvement: Regularly conduct emergency plan drills, and critically assess andrevise operational procedures as needed. Implement encryption storage and leak preventionmeasures for all critical data. E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 4546 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Sustainable Supply ChainKoal consistently enhances its supply chain management system by developing and strictly adhering to policies such astheQualified Supplier SystemandProcurement Management Process.These policies govern the entire lifecycle of supplierrelationships, from admission to evaluation and exit, while fostering robust long-term communication mechanisms with suppliers.This e?ectively mitigates potential risks in the supply chain and promotes sustainability. The Company has implemented the Supply Chain Continuity Assurance Measures, employing various strategies to bolster supplychain risk management. Koal integrates sustainability requirements into supplier collaborations, guiding partners to consistently improve their sustainabilityperformance through procurement contracts, tender requirements, and other formal documents, thereby strengthening supplierESG management. We incorporate ESG criteria such as environmental considerations, business ethics, product quality, andcompliant employment practices into supplier evaluation indicators. Suppliers are required to sign documents including the Integrity Agreement, Partner Integrity and Honesty Commitment Letter, and Supplier Product Quality Assurance Agreementtostandardize supplier ESG management practices. Supplier Lifecycle Management Enhancing Supply Chain Resilience ESG Management in the Supply Chain With reference to the TORDC Evaluation Criteria, the Company conducts annual supplier performanceevaluations based on suppliers' comprehensive performance throughout the year. The results aredocumented in the Supplier Annual Performance Assessment Form and the Supplier Evaluation RecordForm. A Preferred Supplier Evaluation Form is also completed to provide a thorough assessment ofsupplier performance.Supplier Audit Based on the annual supplier performance assessment forms, the Company implements a detailed tieredand categorized management approach for suppliers. This is done in strict accordance with the scoringstandards outlined in the Quali?ed Supplier Evaluation System. The assessment comprehensively considerssuppliers' performance across various aspects, including quality, delivery, and service.Tiered andCategorizedManagement The Company implements a comprehensive supplier evaluation process based on clearly de?ned scoringcriteria. This assessment incorporates data from the annual supplier performance evaluation reports.For suppliers who do not meet speci?ed standards, we initiate a replacement procedure to ensure thecontinued stability of our supply chain and maintains the high quality of our products and services.SupplierExit Suppliers are classi?ed into three priority levels (A, B, C) and three categories based on material importance.The selection and evaluation of project suppliers is a collaborative e?ort involving procurement personnel,project managers, and ?nancial managers, with procurement personnel taking the lead. The team assessessuppliers based on the Company's Preferred Supplier List and TORDC Evaluation Criteria, considering ?vekey dimensions: technology and technical services, quality, responsiveness, delivery performance, andmaterial cost.SupplierAdmission Total number of suppliers Total number of domestic suppliers Key Performance Conduct thorough risk assessments for criticalsuppliers and evaluate potential risks associatedwith natural disasters or political instability.Establish a robust risk management plan and aneffective emergency response system for supplychain disruptions. Conduct monthly inventories of raw materials inwarehouses, promptly updating records after eachcount. Perform daily checks of inventory quantitiesagainst established safety stock levels, withimmediate notification to relevant procurementpersonnel if quantities fall below or exceed speci?edthresholds. Upon receiving low or high stock alertsfrom warehouse managers, swiftly liaise withsuppliers based on actual production requirements.Maintain a minimum 1.5-month safety stock foritems with extended procurement cycles or limitedproduction capacity. Document high-frequency disruption points andissues within the supply chain. Assess suppliers'organizational scale, monitor supplier materialquality data, and regularly review response ratesto quality issues. Regularly monitor the qualification statusand any negative information regarding keyinformation system technology service providers.If monitoring reveals adverse information thatcould impact a service provider's operations,relevant system managers should promptlyreport and assess the situation, preparingappropriate contingency measures. Incorporatecomprehensive contingency plans for suddensupplier issues into the Company's emergencymanagement framework to enhance overallsupply chain resilience. Develop a comprehensive supply chain risk management plan Establish safety stock levels Forecast risks across supply chain stages Implement an emergency mechanism for supply chain disruption risks E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 4748 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield The Company places significant emphasis on supplier capacity building and supports suppliers in improving product qualitythrough targeted training and assistance, with the aim of jointly building a mutually bene?cial supply chain system. During thereporting period, Koal conducted two comprehensive training sessions for suppliers. Empowering Suppliers In 2024, Koal organized two supply chain ESG training sessions for suppliers. These sessions systematically sharedESG management practices, covering crucial topics such as supply chain environmental responsibility, anti-corruptionnorms, and business ethics standards, enhancing collaboration in environmental protection, social responsibility,and governance capabilities. During on-site visits, the Company conducted thorough examinations of suppliers'green factory initiatives. Through productive exchanges on green manufacturing technological innovations andenvironmental management experiences, the initiative provided bilateral empowerment for optimizing green supplychain development. Supply Chain ESG Training and ExchangeCase In November 2024, Koal and Huawei formalized their collaboration in the HarmonyOS ecosystem by signing a HarmonyOSMemorandum of Cooperation at the Enterprise Essential Applications HarmonyOS Forum. As a Huawei Kunpeng native Partnering with Huawei to Build a Secure EcosystemCase Industry Ecosystem DevelopmentKoal is acutely aware of its responsibility and obligation to promote industry development. While focusing on its core business,the Company actively contributes to building the industry ecosystem through various strategic initiatives, including enterprisecooperation, educational outreach, industry talent cultivation, and active participation in in?uential industry forums.Industry CollaborationKoal places a high value on collaborative development within the industry. The Company has forged a strategic partnershipwith Huawei to build a robust security ecosystem and joined forces with Guotai Junan Securities Co., Ltd. to promote the large-scale application of domestic cryptographic technologies, accelerating the process of replacing imported technologies withdomestically controlled alternatives. Additionally, the Company leverages its entry into the commercial cryptography industrialpark as a strategic opportunity to integrate upstream and downstream resources, fostering a powerful industry cluster e?ect. Koalis also deeply involved in Shanghai's information technology innovation initiatives, driving the leap from pilot projects to full-scaleimplementation of domestic technologies across various sectors. At Guotai Junan Securities's 2024 Financial TechnologyCulture Festival forum, Koal entered into a comprehensivestrategic cooperation agreement with Guotai JunanSecurities Co., Ltd. Both entities are committed to deepeningcooperation in capital and technology domains, harnessingtheir respective expertise and resources to jointly advanceinnovative applications and development of commercialcryptographic technology within the securities industry.Moving forward, they will explore novel scenarios and pilotapplications of cutting-edge cryptographic technologyin the securities sector, collaboratively promoting theimplementation and evolution of high-security, domesticallycontrollable products based on national cryptographicsystems in critical areas such as ?nance. Collaborating with Guotai Junan Securities to Promote Domestic Cryptographic ApplicationsCase In October 2023, Koal's newly acquired headquarters, situated in the G60 Commercial Cryptography Industrial Base A2in Shanghai's Songjiang District, was completed and became operational. This industrial base represents a science andtechnology innovation and application demonstration site, implemented by Shanghai to foster the development ofthe commercial cryptography industry. It aligns with national guidelines on cryptographic application and innovativedevelopment, under the framework of the Yangtze River Delta integration strategy. By establishing its Shanghaiheadquarters in this strategic location, the Company positions itself to bene?t from industry cluster e?ects, facilitatingtechnical exchanges, fostering cooperation, and driving innovation with related enterprises, ultimately enhancing theCompany's brand recognition and market in?uence. Joining Industrial Park to Leverage Industry Cluster E?ectsCase development partner, Koal will leverage the Kunpenghardware infrastructure, openEuler systems, and theKunpeng DevKit development toolkit to focus on constructingrobust network security trust systems. The Company willdevelop native cryptographic applications tailored for keysectors, including government agencies, military and defenseindustries, and financial institutions. Koal aims to createcutting-edge digital asset security solutions for the Kunpengarchitecture while constantly optimizing commercial softwareperformance, thereby contributing to the development of ane?cient, stable, and innovative data security ecosystem. E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 4950 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Since 2019, Koal has proactively responded to governmental directives by establishing and operatingthe Shanghai Information Technology Application Innovation Engineering Adaptation Center,supporting Shanghai's Party and government information technology innovation reform initiatives.As the project transitioned into a normalization phase, the adaptation center evolved into theShanghai Information Technology Application Innovation Comprehensive Service Center in early2022. While maintaining core services such as innovation adaptation, engineering veri?cation, andpromotional training, the center has significantly enhanced its capabilities in after-sales support,talent cultivation, and security early warning systems. It provides comprehensive support forinformation technology innovation work across Party and government entities and has graduallyexpanded its services to industry users. In March 2022, the Shanghai Municipal Health Commission'sInformation O?ce designated the center as the sole authorized adaptation certi?cation institution forShanghai's medical industry. As of December 2024, the center has processed adaptation applicationsfor 855 products from 171 manufacturers, with 614 products from 131 manufacturers successfullycompleting adaptation certi?cation and receiving o?cial validation reports. Promoting Shanghai's Information Technology Innovation DevelopmentCase Koal actively engages in educational initiatives promoting cryptographic security. The Company participated in the"Cryptographic Security in Government Agencies" event, a key component of the National Security Education Day, heldat the Information Plaza in Henan Province. Organized by various government and industry bodies, the event featuredKoal alongside over 20 cryptography companies in a dedicated exhibition area. The companies showcased cutting-edgeapplications and practical outcomes of commercial cryptography in government affairs, emphasizing the critical role ofcryptographic security as a cornerstone of information security. This initiative not only enhanced government officials'understanding and proper usage of cryptographic security but also promoted the widespread adoption and development ofcommercial cryptographic technology, signi?cantly contributing to the security of government a?airs information. Participating in National Security Education Day ActivitiesCase Koal has developed a distinctive cryptography exhibition hall, creating an immersive educational platform with diverse zonesfocused on cryptographic technology applications and industry education. The hall is strategically divided into four primaryfunctional areas. The model solution display area systematically presents real-world implementations of cryptographictechnology in government a?airs and urban governance through various models, including the General O?ce of the CPC CentralCommittee model, the Changning model, and two Shanghai-speci?c models. The application display area visually demonstratesindustry chain collaboration results through ecosystem partner logos, adaptation scenarios (e.g., ?nancial systems, governmentplatforms), and advanced security products (e.g., root certi?cate issuance systems, key management systems). The innovativebusiness display area highlights cutting-edge technologies and products such as video conferencing equipment and cloud-based solutions. Through scenario-based presentations, ecosystem synergy, and interactive experiences, Koal's cryptographyexhibition hall comprehensively promotes understanding and awareness of cryptographic technology among visitors. Company Cryptography Exhibition HallCase In collaboration with industry experts, Koal has authoredLittle Crypto's Adventures in theFour Great Classical Novels.This innovative work ingeniously uses China's four great classicalnovels as a backdrop to craft engaging storylines that allow readers to enjoy the narrative whilegaining a more intuitive and profound understanding of cutting-edge developments in China'sinformation security ?eld. The book artfully showcases the information security stories behindChina's quantum cryptography, resulting in a comprehensive read that seamlessly combinestechnical knowledge, entertainment value, and educational content. Collaborative Authorship of Little Crypto's Adventures in the Four Great Classical NovelsCase Educational Outreach Koal actively engages in educational outreach initiatives focused on cryptographic security knowledge, enhancing public awarenessthrough innovative online and offline popular science promotions. The Company has developed a professional cryptographictechnology exhibition hall, employing interactive and scenario-based methods to educate the public about the practical applicationsand security concepts of cryptographic technology. Furthermore, the Company has collaborated with industry experts to createLittleCrypto's Adventures in the Four Great Classical Novels, an engaging and accessible series that interprets complex cryptographicknowledge for a younger audience. This initiative aims to spark interest in cryptographic technology among young people, nurturingpotential talent for the industry's long-term development. E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 5152 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Koal actively participates in industry talent cultivation. In partnership with the Shanghai Information TechnologyApplication Innovation Comprehensive Service Center and Shanghai Technical Institute of Electronics & Information, theCompany has co-established the ?rst-of-its-kind information technology innovation training room in Shanghai's highervocational colleges. This cutting-edge facility not only serves the college's information technology innovation curriculumand research needs but also provides advanced teacher training for secondary and higher vocational colleges andindustry professionals. It o?ers a dynamic platform for deep integration of industry, academia, research, and practicalapplication. By leveraging the strengths of higher vocational colleges, the information technology innovation industry,and leading manufacturers, the Company, along with other partner enterprises, cultivates application-oriented talentsthat meet evolving industry needs, signi?cantly contributing to the high-quality development of vocational education. Co-establishing an Information Technology Innovation Training RoomCase Koal hosted an immersive visit for students from Shanghai Dianji University, providing a meaningful hands-on experience forstudents in the Software Engineering Excellence Program. During the visit, students gained insights into Koal's development Hosting Student Visits from Shanghai Dianji UniversityCase Industry Talent CultivationKoal places a strong emphasis on cultivating industry talent through systematic training and evaluations, school-enterprisecooperation, and integration of production and education to inject new vitality into the industry. During the reporting period, theCompany nurtured a total of 216 information technology innovation talents through comprehensive training and assessments,including 22 internal and 194 external participants. Additionally, the Company co-established an information technologyinnovation training room with Shanghai Technical Institute of Electronics & Information. In June 2024, Koal, as a vanguard in the commercial cryptography industry, showcased its groundbreaking achievementsin post-quantum cryptography at the 10th CSITF. The Company unveiled the nation's first comprehensive post-quantumcryptography solution, a milestone in the ?eld. This cutting-edge solution incorporates core products such as quantum-safeVPNs and quantum-safe key management systems, featuring critical functionalities including secure networking and advancedkey management. Notably, it has pioneered in successfully passing the rigorous PQC application system upgrade veri?cationtest conducted jointly by the CAICT and VIAVI, achieving seamless transition to post-quantum cryptographic algorithms.Furthermore, the Company exhibited innovative applications that synergize cryptographic technology with frontier ?elds suchas AI, blockchain, and privacy computing. Through engaging keynote speeches at the data element sub-forum, interactivecryptography education experiences, and targeted regulatory promotion, the Company signi?cantly raised public awareness ofthe value of commercial cryptography technology and catalyzed a deeper understanding within the industry. Participation in the 10th China (Shanghai) International Technology Fair (CSITF)Case In July 2024, Koal, as a pioneer and leader in China's information security and digital trust domain, co-organized the InformationTechnology Innovation Application Work Exchange Meeting at the Global Digital Economy Conference 2024. This high-profileconference addressed critical issues such as deepening digital cooperation, coordinating aid to Tibet, bridging the digital divide Co-organizing the Information Technology Innovation Application Work Exchange Meeting at the Global Digital Economy Conference 2024Case Industry ExchangeTo swiftly gain insights into the latest industry developments, policy changes, and market trends, Koal actively engages in a wide range ofindustry forums and academic exchanges. The Company has strategically joined multiple industry associations and academic alliancesto forge close business connections, expand collaboration opportunities, and contribute signi?cantly to industry development throughshared resources. During the reporting period, Koal participated in 37 diverse industry exchange activities. As of the end of the reportingperiod, the Company had joined a total of three national-level academic societies and industry alliances. between eastern and western regions, and stimulating digital culturaltourism consumption. The Company's Deputy Chief Engineer,Lang Wenhua, delivered a keynote report titled "New GenerationDigital Trust System Architecture and Practice." This presentationsystematically elucidated Koal's technological advancements andpractical achievements in the digital trust ?eld, thereby contributingsignificantly to industry-wide digital transformation efforts andfostering the robust development of the digital economy. trajectory, corporate achievements, and research directions.They also acquired in-depth knowledge of cryptographictechnology principles and their real-world applicationscenarios. Furthermore, through lectures organized by theInformation Technology Innovation Center, the Companyinspired students to focus on the development of domestictechnologies and actively support China's burgeoninginformation technology industry through practicalengagement, aiming to nurture the next generation ofinformation technology talents. E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations 5354 2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield E?cient andRobust Operations Contributing to the UN SDGs Corporate GovernanceRisk and Compliance ManagementBusiness Ethics and Anti-CorruptionParty Leadership Corporate Governance Koal adheres to a comprehensive set of laws and regulations, including theCompanyLaw of the People's Republic of China, theSecurities Law of the People's Republicof China, theCode of Corporate Governance for Listed Companies, theListingRules of the Shanghai Stock Exchange, and theGuidelines No. 1 of the ShanghaiStock Exchange for Self-regulation of Listed Companies — Standardized Operation.In alignment with itsArticles of Associationand other normative documents, theCompany has established a governance structure that ensures clear responsibilities,independent operations, and e?ective checks and balances. This structure comprisesthe General Meeting of Shareholders, the Board of Directors, and the Board ofSupervisors. The governance system delineates distinct responsibilities amongthe power organ, decision-making body, supervisory body, and executive body.This arrangement fosters coordinated operations and mutual oversight, constantlyenhancing corporate governance efficiency. The General Meeting of Shareholders,consisting of all shareholders, serves as the highest authority. The Board of Directorsoversees strategic decisions and daily operations, while the Board of Supervisorsmonitors the Board of Directors and management. Through clear division ofresponsibilities and e?cient collaboration, these bodies collectively ensure scienti?cand standardized corporate governance, safeguarding the interests of both theCompany and its shareholders. During the reporting period, Koal further re?ned itsgovernance mechanisms. The Company introduced new guidelines, including theESG Committee Implementation Rulesand thePublic Opinion Management System.Additionally, it revised existing protocols such as theBoard of Directors Rules ofProcedureand theIndependent Director System. These actions aim to enhance thescienti?c nature, standardization, and transparency of corporate governance.The nomination and selection process for governance body members, includingdirectors and supervisors, strictly adheres tothe Company Law of the People'sRepublic of China and Koal's Articles of Association. This approach ensures bothfairness and professionalism in appointments. While the Board of Directors'membership remained unchanged during the reporting period, its scope ofresponsibilities expanded with the establishment of the ESG Committee. Organization Chart Board of SupervisorsBoard of Directors Remunerationand AppraisalCommitteeStrategyCommittee ESGCommittee AuditCommittee NominationCommittee As the Company's supreme authority, the General Meeting of Shareholders is responsiblefor reviewing annual budgets and financial reports, electing or replacing directors andsupervisors, approving profit distribution plans, and making critical company decisions. Itoperates in compliance with regulations such as theRules for the Shareholders' Meetings ofListed Companiesand Koal's ownRules of Procedure for General Meeting of Shareholders. Themeetings combine on-site and online voting to ensure the protection of shareholders' rights. general meetings of shareholders were held during the year, at which resolutionswere reviewed and approved. Accountable to the General Meeting of Shareholders, the Board of Directors' responsibilitiesinclude convening general meetings of shareholders, formulating business strategies,preparing budgets and ?nancial reports, proposing pro?t distribution plans, and structuringinternal management. The Board operates through ?ve specialized committees: the StrategyCommittee, the Audit Committee, the Nomination Committee, the Remuneration andAppraisal Committee, and the ESG Committee. These committees handle specific Board-authorized matters and provide expert advice for decision-making.Mr. Zhang Keqin, an independent director, serves as the chair of the Audit Committee. Mr.Ma Lizhuang, also an independent director, serves as the chair of both the NominationCommittee and the Remuneration and Appraisal Committee. Independent directorsconstitute the majority and serve as chairs in the Audit Committee, the NominationCommittee, and the Remuneration and Appraisal Committee, ensuring professionalism andindependence in the decision-making process.The Board of Directors convened meetings over the year, during which resolutionswere reviewed and approved, with a % attendance rate among all Board members. Over the year, Audit Committee meetings, Nomination Committee meeting,Remuneration and Appraisal Committee meetings, and Strategy Committee meetingwere convened, contributing effectively to the advancement of the Company's strategicdevelopment goals. Reporting to the General Meeting of Shareholders, the Board of Supervisors oversees thelegality of the Company's ?nancial and operational activities. Its duties include inspecting?nancial conditions, monitoring the conduct of directors and senior management, attendinggeneral meetings of shareholders, and ensuring legal compliance in the performance ofduties by ?nancial personnel, directors, and senior management. The Board plays a crucialrole in protecting the legal rights and interests of both the Company and its shareholders. The Board of Supervisors convened meetings over the year, during which resolutionswere reviewed and approved. Board ofSupervisors GeneralMeeting ofShareholders Board of Directors Corporate Governance System General Meetingof Shareholders 5758 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Koal is committed to fostering a diverse Board of Directors. The Company places great emphasis on the backgrounds, skills, andprofessional expertise of Board members, aiming to integrate various perspectives and experiences to guarantee well-informedand efficacious Board decisions. The Board consists of nine members, comprising six non-independent directors and threeindependent directors. These Board members bring a wealth of interdisciplinary knowledge and extensive industry experience,spanning multiple fields including information technology, risk management, finance and accounting, law, and finance. Thiscomposition re?ects a balanced representation of experience, background, and professional capabilities within the Board. TheChair of the Audit Committee possesses a strong professional accounting background, while several directors have extensivepractical experience in risk management and prevention. This includes establishing comprehensive risk management systems andhandling signi?cant risk events, which e?ectively supports the Company's e?orts in risk identi?cation, assessment, response, andmitigation.The nomination process for Board members follows a rigorous selection procedure. The Nomination Committee incorporatesdiversity as a key consideration, thoroughly evaluating candidates' educational backgrounds, industry experience, professionalskills, and career histories. This approach aims to maintain a well-balanced board in terms of competencies, skills, experiences,and cultural and educational backgrounds. Moreover, the Company places high importance on the ethical conduct andleadership reputation of potential Board members. Following review and approval, independent director candidates mustundergo quali?cation and independence assessments conducted by the Shanghai Stock Exchange. They are then elected throughcumulative voting at the general meetings of shareholders, a process that constantly enhances the Company's governancestandards and decision-making capabilities.Koal actively encourages Board members to participate in professional development training and compliance education toenhance their professional competencies and performance capabilities. During the reporting period, the Company's directors,supervisors, and senior management enthusiastically responded to the China Association for Public Companies' initiativeby participating in the "Special Topic on Violations of Laws and Regulations" training. All participants successfully passed theassociated test, demonstrating a significant improvement in their regulatory awareness and compliance capabilities, therebystrengthening the foundation for the Company's stable operations.Throughout the reporting period, all directors of Koal strictly adhered to relevant laws, regulations, and the Company's articlesof association, diligently and prudently ful?lling their responsibilities. Independent directors engaged in Board activities throughvarious means, offering independent opinions on significant matters to ensure scientific decision-making. They effectivelyexercised their supervisory functions, promoting the execution of Board resolutions and ensuring the accuracy of informationdisclosure, thus safeguarding the legal rights and interests of both the Company and its shareholders. The remuneration schemefor Koal's Board members undergoes annual review by the General Meeting of Shareholders. This review takes into accountindustry salary levels, regional development conditions, and job responsibilities to determine appropriate compensation. Doctoral DegreeMaster's DegreeBachelor's Degree and Below NameTypeGender Professional CapabilitiesIndustryExperience Risk Management AccountingLegalYang WenshanChairman, DirectorMale Lu HaitianDirectorMale Ye FengDirector, General ManagerMaleXu YongkangDirectorMale Zhu Litong Director,Deputy General Manager MaleCai GuanhuaDirector, Board SecretaryMaleZhang KeqinIndependent DirectorMaleXiao YongjiIndependent DirectorMaleMa LizhuangIndependent DirectorMale Directors' Educational Background Board Diversity and E?ectiveness 5960 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Koal rigorously adheres to theSecurities Law of the People's Republic of China, theMeasures for the Administration of InformationDisclosure of Listed Companies,and theProvisions on the Registration and Management System of Insiders Who Have Access toInsider Information of Listed Companies, among other pertinent regulations. The Company has implemented a comprehensiveInformation Disclosure Systemto ensure the authenticity, accuracy, and timeliness of disclosures, thereby enhancing transparencyand quality. During the reporting period, Koal issued 4 periodic reports and 99 ad hoc announcements, ensuring equitable accessto information for all shareholders. The Company's disclosures were free from false records, misleading statements, signi?cantomissions, or other improprieties. Concurrently, Koal vigilantly monitored public sentiment and market trading patterns tosafeguard investors' legal interests e?ectively. Information Disclosure Koal is dedicated to fostering a relationship of mutual trust and timely communication with investors. The Company consistentlyre?nes its internalInvestor Relations Management Systemand has established diverse communication channels. Through directphone lines, email correspondence, interactive investor relations platforms, and on-site research opportunities, the Companyaddresses investor inquiries and engages in substantive dialogues. This approach enables investors to gain comprehensiveinsights into the Company's business model, development strategies, and ?nancial position, facilitating informed investmentdecisions. On the investor relations platform, the Company's Securities Department consults with technical managers to ensureresponses are both accurate and technically sound. Koal maintains a steadfast policy against concept hype and exaggeration,prioritizing honest and responsible communication to bolster investor trust and satisfaction. In 2024, Koal disseminated 163announcements and related materials, conducted 3 performance briefings, engaged in 125 offline and 24 online investorexchanges, issued 4 investor record forms, responded to 53 investor inquiries on the sseinfo.com platform, fielded 66 directphone calls, and addressed 10 email inquiries. Investor Communication Koal acknowledges the critical role of investor relations management in maintaining corporate reputation and investor con?dence,diligently monitoring and responding to diverse investor concerns. The Company proactively identi?es and mitigates potentialrisks, standardizes procedures for general meetings of shareholders (convening, holding, deliberating and voting), and ensuresinvestors' rights to information and participation in major corporate decisions. This comprehensive approach e?ectively safeguardsinvestor interests and reinforces market trust. Investor Rights Protection In November 2024, the Company's Director andBoard Secretary took part in a high-quality dialoguehosted by Stock Star. The discussion centered on"Leveraging cryptography as a niche approach tosafeguard the broader development of data elementsecurity." The executive provided comprehensiveinsights into Koal's expertise in the cryptographydomain, the Company's current business operations,and prospective development opportunities. In December 2024, the Company's Director andGeneral Manager engaged in an executive interviewwith Securities Daily. During the conversation, heemphasized that "Cryptographic technology o?ersfour key attributes in addressing data securitychallenges: authenticity, integrity, non-repudiation,and confidentiality. Furthermore, the Company'scryptographic solutions excel in terms of timelinessand cost-effectiveness, positioning them as theoptimal strategy for ensuring data security." Company Executives Engage inHigh-Quality Dialogue with Stock Star Company General Manager Participatesin Securities Daily Executive InterviewCaseCase Guided by the annualSpecial Audit Report onthe Summary of Non-operating Fund Occupationand Other Related Fund Transactions, issued byShanghai Certified Public Accountants (SpecialGeneral Partners), and the Company'sSpecialSystem for Preventing Fund Occupation byMajor Shareholders and Related Parties, Koalexplicitly prohibits controlling shareholders,actual controllers, and their affiliates frommisappropriating company funds, therebyprotecting the legal rights of all shareholdersand creditors. Recognizing the technical complexity of the commercialcryptography industry, Koal proactively engages withinstitutional investors through strategy meetings, site visits,and investor conferences to enhance understanding of theCompany's operations and industry dynamics.Koal upholds the principle of equal treatment for all shareholders.Small and medium shareholders can participate in general meetingsof shareholders either in person or through online voting platforms.For significant issues potentially impacting minority investors, theCompany separately tallies and discloses their votes. Shareholdermeeting agendas include dedicated Q&A sessions for small and mediuminvestors to voice their opinions and suggestions. Meeting schedulesand locations are strategically chosen to maximize participation, withmodern technology utilized to enhance shareholder engagement. Whenreviewing profit distribution proposals, independent directors andspecialized committees diligently provide thorough opinions. Relevantproposals undergo scrutiny by both the Board of Directors and the Boardof Supervisors before submission to the General Meeting of Shareholders,ensuring robust protection of minority shareholder interests. Koal has instituted a comprehensivePublic Opinion ManagementSystemto strengthen investor communication and enhancetransparency and credibility. Additionally, the Companymaintains a 24-hour investor hotline staffed by dedicatedpersonnel to ensure prompt and effective responses toinvestor inquiries. Investor Education Public OpinionManagementFund Management Protection of MinorityShareholders' Rights Koal rigorously complies with domestic legislation such as theEnterprise Income Tax Law of the People's Republic of China, as wellas international tax regulations. The Company has implemented a comprehensive tax management system to ensure complianttax reporting and payment, upholding regulatory compliance and e?ciency in tax administration. We are committed to refrainingfrom transferring value to low-tax jurisdictions, avoiding tax structures lacking commercial substance, adhering to the arm'slength principle for transfer pricing, and eschewing the use of con?dential jurisdictions or so-called "tax havens" for tax avoidancepurposes. Throughout the reporting period, Koal reported no signi?cant tax violations. Tax Management Investor Relations Management Website link: https://haokan.baidu.com/v?pd=wisenatural&vid=2494321514928199420 Website link: http://www.zqrb.cn/video/gaoduanfangtan/2024-12-20/A1734683382689.html 6162 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield 6261 Comprehensively identify internal and externalrisks across all facets ofcompany operations. Consistently re?nerisk managementprocesses throughfeedback mechanisms,establishing a closed-loopmanagement system. Employ quantitative toolsto analyze the probability and impact of risks. Constantly track risk statusto ensure risks remain within acceptable parameters. Develop targeted riskmitigation strategies based on risk assessment outcomes. Risk Identi?cationContinuous Improvement Risk Assessment Risk Monitoring Risk ResponseIn alignment with theBasic Standard for Enterprise Internal Control, theGuidelines for the Application of Enterprise InternalControl, and other pertinent regulatory requirements, Koal has formulated itsInternal Control System and Internal Audit System,customized to its specific operational context. The Company consistently enhances its risk and compliance managementframework to guarantee the legality and compliance of its business activities. Risk and Compliance Management Koal has established well-de?ned responsibilities and decision-making protocols for risk and compliance management throughthe collaborative e?orts of the Board of Directors, Board of Supervisors, and Management. Koal consistently enhances its riskidenti?cation and response capabilities,streamlining business managementprocesses. The Company implementsa comprehensive approach to riskidentification, assessment, response,monitoring, and continuousimprovement across its core businesssegments. Through thoroughidentification and managementof market, operational, financial,legal compliance, and technologicalrisks, the Company ensures resilientdevelopment in a complex marketlandscape. Moreover, the Companyintegrates Environmental, Social,and Governance (ESG) risks into itscomprehensive risk managementsystem, further identifying andaddressing potential risks in quality,safety, environmental protection, andanti-corruption, thereby bolsteringcorporate resilience. Risk Management Structure Risk Identi?cation and Response To enhance employee compliance awareness, the Company regularly conducts specialized training sessions encompassinghistorical compliance risk analysis, case studies, compliance reviews, risk assessment and response techniques, and internal auditoversight. Through these training initiatives, employees have signi?cantly improved their risk management pro?ciency, furthermitigating compliance risks and fostering stable corporate growth. Risk Training The Board of Directors andBoard of Supervisors oversee and evaluate the e?cacy of risk and compliancemanagement, ensuringtransparency and e?ciency inthe management mechanism. Management is tasked withorchestrating daily internalcontrol operations, safeguardingthe compliance and e?ciency ofmanagement activities. Given the Company'sspecialized business nature,a dedicated Con?dentialityO?ce has been establishedto oversee classi?ed projects,quali?cations, and personnelthroughout their lifecycle,ensuring the security andproper supervision ofcon?dential information. 6364 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Business Ethics and Anti-Corruption Governance Strategy and Approach Impact, Risk, and Opportunity Management Koal is dedicated to cultivating an ethical and transparent business environment. The Company rigorously adheres to pertinentlaws and regulations, including theCompany Law of the People's Republic of China, theAnti-unfair Competition Law of thePeople's Republic of China, theAnti-Monopoly Law of the People's Republic of China, theAnti-Money Laundering Law of thePeople's Republic of China, as well as industry standards. Internal policies such as the Code of Business Ethics, theAnti-briberyand Anti-corruption Policy, and theWhistleblowing and Whistleblower Protection Policy set out detailed requirements for anti-corruption and anti-bribery practices across all aspects of the Company's operations. Koal also actively promotes compliance withethical business conduct and anti-corruption standards among its employees and business partners.The implementation of business ethics and anti-corruption policies is ensured through the collaborative e?orts of the Board ofDirectors, Board of Supervisors, and Audit Committee. A dedicated supervisory body oversees the execution of these policies,while the Company's Internal Audit Department conducts regular reviews and risk assessments to ensure operational compliancewith legal requirements and internal ethical standards. Koal has seamlessly integrated principles of integrity and ethical conduct into its corporate culture and long-term developmentstrategy. These standards extend to the supply chain, safeguarding high-quality development. The Company has institutionalizedthe cultivation of business ethics and anti-corruption culture through documents like theCode of Ethical Conduct, which clearlyde?nes mandatory business ethics standards for employees. All sta? members are required to sign theEmployee Ethical ConductCommitment. Adherence to company values, professional ethics, and behavioral standards serves as a critical criterion foremployee performance evaluations, promotions, and personnel decisions. During the reporting period, Koal reported no majorlitigation cases involving corruption or unfair competition. Koal maintains a zero-tolerance policy towards corruption and unethical business practices. The Company has established open,transparent, and diverse reporting channels, encouraging both internal employees and external partners to disclose violations.Reporting methods include the Company's o?cial telephone line, dedicated hotline, mail, or in-person visits. Upon receiving areport, the Company forms a professional investigation team to conduct an independent inquiry in accordance with relevant lawsand regulations, collaborating with pertinent departments to ensure e?cient information ?ow. Investigation results are reporteddirectly to senior management, with appropriate accountability measures implemented for substantiated allegations.The Company is committed to maintaining strict confidentiality regarding whistleblowers' personal information and reportedmaterials. All reports are handled by designated personnel and managed according to stringent confidentiality protocols. Itis explicitly prohibited to disclose whistleblower information or report status to the accused or to unrelated personnel. Whilesafeguarding whistleblower con?dentiality, the Company also takes severe action against any retaliatory behavior. Veri?ed casesof retaliation are dealt with seriously, and in instances where whistleblowers' rights are severely compromised, the Companypromptly reports to judicial authorities and pursues criminal liability in accordance with the law. The Company has implemented robust centralized procurement management measures and procedural mechanisms. Internally,potential con?icts of interest are scrutinized according to the procurement process system. Externally, business ethics and anti-corruption requirements are incorporated into the Company's template contracts for supplier signature. Alternatively, suppliersmay be required to separately sign anIntegrity Agreement or a Cooperation Partner Integrity Commitment. These documentsmandate compliance with national and local laws, regulations, policies, and industry standards, prohibiting any form of corruption,fraud, extortion, or embezzlement. For non-compliant suppliers, the Company reserves the right to take measures includingsuspension of cooperation or contract termination.Koal strictly adheres to theAnti-unfair Competition Law of the People'sRepublic of China, theAnti-Monopoly Law of the People's Republic ofChina, theSeveral Provisions on Prohibiting Infringements upon TradeSecrets, and relevant fair competition regulations in all operationaljurisdictions. The Company pledges to refrain from collectingcompetitors' trade secrets or con?dential information through illegalmeans and to avoid engaging in activities such as price collusion thatcould disrupt market order. Koal is committed to resisting all forms ofunfair competition and maintaining a level playing field. During thereporting period, the Company reported no violations of anti-unfaircompetition laws or regulations. Anti-Unfair Competition Whistleblowing and Whistleblower Protection Koal has integrated business ethics and anti-corruption risks into its comprehensive risk management framework. To e?ectivelyaddress business ethics-related risks, the Company conducts regular business ethics risk identi?cation and assessment exercises(for detailed processes, please refer to the "Risk and Compliance Management" section of this report). Koal meticulously analyzesfactors that may trigger ethical risks, various potential conflicts of interest, improper benefit transfers, and unfair competitionpractices. The Company has formulated detailed policies and procedures to ensure all business conduct aligns with ethicalstandards and legal requirements. To facilitate timely disclosure of potential risks, the Company constantly enhances itsmonitoring system, incorporating internal audits, compliance checks, and robust whistleblowing mechanisms. The Internal AuditDepartment systematically reviews the implementation of business ethics-related systems and conducts thorough audits andinspections of business ethics risks across various operational scenarios. Audit results, signi?cant ?ndings, and matters requiringattention are regularly reported directly to the Board's Audit Committee and the Chairman, maintaining independence atorganizational, business, and individual levels. Indicators and Targets Indicator/Target2024 Achievement StatusZero occurrence of major corruption incidentsTarget achievedEnsure comprehensive audit coverage of allbusiness areas every three years Target achieved100% e?ective handling rate of reportsTarget achieved Supply Chain Integrity Management 6566 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Party LeadershipSince its establishment in 2001, the Party Branch of Koal Software Co., Ltd. has consistently adhered to Xi Jinping Thought on Socialismwith Chinese Characteristics for a New Era. The branch closely aligns with the Company's development strategy, dedicating itself tostrengthening Party organization and constantly enhancing the cohesion and e?ectiveness of the Party organization. The Party Branchhas maintained a work orientation that integrates Party building with business development, driven by both innovation and service,e?ectively shouldering the responsibility of serving the enterprise and its development.Within the Company's governance structure, Communist Party members account for 44.44% of the management team, includingdirectors, supervisors, and senior executives, demonstrating the signi?cant in?uence of the Party organization at the decision-makinglevel. As of the end of 2024, the Company's Party Branch comprised 82 Communist Party members and 1 probationary member. Thecomposition of the Party membership has been consistently optimized, with steady improvement in overall quality, providing a solidpolitical and organizational foundation for the Company's sustained and stable development. In accordance with Party requirementsand the Company's speci?c circumstances, Koal constantly re?nes its Party-building regulations, promotes the institutionalization andstandardization of Party activities, and strengthens exemplary leadership through the "Internet + Party building" model, transformingthe Party's political and organizational advantages into market advantages that drive enterprise development. The Koal Party Branch, in collaboration with the securities company's Party branch, organized a visit to the China SecuritiesMuseum. During the tour, Party members gained an in-depth understanding of the development of China's capital marketunder the leadership of the Communist Party of China through the museum's comprehensive exhibits, including a lifelikescene of Deng Xiaoping meeting John Joseph Phelan Jr., historical photographs, and detailed archival materials. Thisexperience deepened their understanding of China's economic system reform and ?nancial market development. Party Branch Organizes Collaborative Visit to the China Securities MuseumCase Following the 2023 Red Tour to Jinggangshan led by Chairman Yang Wenshan and General Manager Ye Feng, Koal organizedan educational visit to Zunyi in 2024. Through these activities, the Company further encourages employees to reinforceideals and beliefs, commemorate revolutionary martyrs, adhere to Party principles in password management, and inspirepatriotic enthusiasm. After the journey, senior management personnel composed re?ections expressing their admiration forrevolutionary predecessors and demonstrating their commitment to integrating Party spirit into corporate management andpersonal work practices. Marching Ahead Through Historic Passes to GuizhouCase Embracing the concept of innovative development, the Company advances both online and offlineeducational resources. It has developed the "Theory Classroom" learning platform, guiding Partymembers and cadres to transform theoretical knowledge into a powerful driving force for enterprisedevelopment, achieving a synergy between theory and practice. By the end of the reporting period,Koal's "Theory Classroom" had successfully completed its third session, focusing on six core themes: political discipline, organizational discipline, integrity discipline, mass discipline, work discipline, and lifediscipline. Through carefully designed course content and diverse teaching methods such as specializedlectures, case analyses, and interactive discussions, new vitality has been injected into the Party Branch'slearning activities.Online andO?ineEducation The Company has invested in constructing the "Red Cryptography" exhibition hall, utilizing touch screenscombined with holographic projection technology to vividly showcase "the Party's leadership overcryptography." This initiative integrates Party culture into business areas such as the Internet of Vehiclesand video security, serving as a dedicated platform for promoting Party-building culture.CulturalDisplay Participation in Party Course TrainingCaseIn December 2024, six Party members from the Company actively participated in a Party course training organized by theParty Committee of Shanghai Dongtan Construction Group. The theme focused on an in-depth study and implementationof General Secretary Xi Jinping's new ideas, viewpoints, and assertions on comprehensively deepening reform, as well as thespirit of the Third Plenary Session of the 20th CPC Central Committee. The training aimed to further assist Party members andcadres in thoroughly assimilating General Secretary Xi Jinping's pivotal speeches and directives, as well as the core principlesoutlined in the Third Plenary Session of the 20th CPC Central Committee. The primary objective was to strengthen thetheoretical foundation of Party members and cadres while simultaneously enhancing their political acumen. 6768 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Striving for a SharedProsperous Future Contributing to the UN SDGs Diverse and Inclusive WorkplaceHuman Capital DevelopmentOccupational Health and SafetyCommunity Engagement Diverse and Inclusive Workplace Koal consistently upholds the principle of "forward-looking planning and diverse talent acquisition." In alignment with theCompany's strategic objectives and business development trajectory, Koal proactively plans its talent deployment. Through acomprehensive series of measures, the Company ensures precise talent identification, effective recruitment, and standardizedemployment processes, attracting a wide spectrum of talents to establish a robust foundation for sustainable corporate growth. Koal places great emphasis on attracting diverse talent, actively welcoming individuals from various backgrounds, cultures,genders, and professional skillsets. The Company is dedicated to cultivating an inclusive workplace ecosystem that offersemployees extensive opportunities for growth while constantly infusing the organization with innovation and a competitive edge.Compliant Employment Koal advocates for equitable and fair recruitment principles, rigorously adhering to international human rights standards includingtheInternational Bill of Human Rights, theILO Conventions, theILO Declaration on Fundamental Principles and Rights at Work,theUN Guiding Principles on Business and Human Rights, and the ten principles of the UN Global Compact. The Companymeticulously complies with pertinent domestic regulations and policies, such as theLabor Law of the People's Republic of China,and theLabor Contract Law of the People's Republic of China.Koal has implemented internal policies, including theKoal EmployeeRecruitment Management SystemandEmployee Handbook, to govern the entire talent acquisition process. The Company ?rmlyopposes discrimination based on gender, education, age, race, family status, religious beliefs, or cultural background. It strictlyprohibits child labor, forced labor, and any form of discrimination or harassment, actively promoting fair employment practices.Koal conducts regular and rigorous audits of its recruitment and employment processes. To ensure full compliance with lawsand regulations at every stage of employment, the Company actively encourages employees to report any violations of companypolicies or regulations through established channels. All reported infractions are subject to thorough investigation and addressedwith utmost seriousness. When necessary, corrective measures are implemented, ranging from warnings and public reprimands todemerits or termination of employment contracts. During the reporting period, Koal reported zero incidents involving child laboror forced labor. Compliant Hiring Key Performance Total number of employees Senior managementFrontline employees Middle management Number ofemployees by hierarchicallevel Employees aged 29 and underEmployees aged 40-49Employees aged 60 and above Employees aged 30-39Employees aged 50-59 Employees with associatedegrees or belowEmployees with graduate/MBA degrees Employees withbachelor's degreesEmployees with doctoraldegrees or above Number ofemployees by educationallevel Number of employees recruited duringthe reporting period Employee labor contract signing rate100%Number of newly recruitedfresh graduates Social insurance coverage rate100% Employee turnover rate 23.95% Male employeesFemale employees Number ofemployeesby gender 210153 Number ofemployees by age Employees from the Chinese mainland, HongKong, Macao, and TaiwanOverseas employees Number ofemployeesby region Contract employeesTemporary workers/ labor dispatch/interns Number ofemployees byemployment type Male employeesFemale employees Employees aged 29 and underEmployees aged 40-49Employees aged 60 and above Employees aged 30-39Employees aged 50-59 19.75% 4.20% 10.22% 7.95% 5.33% 0.34% 0.11% Employeeturnover rate by gender Employee turnover rate by age 7172 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Koal champions and embraces diverse, equitable, and inclusive cultures, lifestyles, and work practices. The Company profoundly respectsemployee diversity and individual di?erences, actively fostering an inclusive corporate culture. Diversity and inclusion principles are woveninto the fabric of the Company's operations, in?uencing recruitment, employment practices, training initiatives, promotion processes,and compensation and benefits structures. This ensures equal opportunities and expansive career development platforms for everyemployee. During the reporting period, Koal recorded no complaints related to discrimination or harassment.For female employees, the Company is dedicated to providing equitable career development opportunities, ensuring fair compensationand bene?ts, and e?ectively eliminating gender-based income disparities. Koal actively o?ers equal training and promotion opportunitiesfor female employees, supporting and nurturing their diverse skill sets. The Company encourages women to assume managementpositions, breaking through traditional career limitations and ensuring increased participation and growth opportunities across variousfunctions and management areas. Furthermore, the Company prioritizes female employees' reproductive health, o?ering commercialmaternity insurance and providing statutory prenatal leave, maternity check-up leave, maternity leave, breastfeeding leave, and parentalleave. Male employees are granted statutory paternity leave (care leave) to encourage shared family responsibilities, fostering a moresecure and stable work environment for female employees and supporting their long-term career development. During the reportingperiod, Koal implemented several initiatives to ensure female employees' career continuity, growth, and development: Ongoing optimization of gender structure across various job categories and management levels;Regular organization of gynecological examinations and provision of health consultation services;Establishment of Mommy Rooms as dedicated spaces for mothers and infants, equipped with breastfeeding and rest facilities to alleviateconcerns for pregnant and breastfeeding employees;Organization of Women's Day celebration events and female leadership forums, providing platforms for female employees to showcasetheir talents and exchange experiences, thereby stimulating their potential and creativity. Diversity and Equal Opportunity Key Performance Percentage offemale employees21% Percentage of employeeswith disabilities2% Percentage of newfemale hires19%Percentage of female employeesin middle management 17.74% Percentage of ethnicminority employees3%Percentage of female employeesin senior management 8.3% Human Capital Development Koal has developed and implemented a comprehensive suite of policies, including theTalent Recruitment System, CompensationStructure System, Employee Promotion Management System, andTraining Management System. These policies effectivelyoptimize human resource planning, ensuring that employees are utilized to their full potential while mitigating organizational risksassociated with key talent turnover or shortages.The talent strategy at Koal is spearheaded by the Human Resources Department and subsequently submitted to the Board ofDirectors for approval. The Company consistently re?nes its human resource management system to ensure seamless alignmentwith overall corporate strategic objectives. Under the Board of Directors, a Remuneration and Appraisal Committee has beenestablished to formulate and oversee the implementation of remuneration policies and assessment standards for directors andsenior management. The Company's HR Director is charged with developing human resource plans that align with the overallcorporate strategy, providing critical support and recommendations for strategic decision-making from a human resourcesperspective. The Human Resources Department takes responsibility for formulating and executing the Company's human resourceplanning, goal-setting, policies, and procedures. With clearly delineated responsibilities across various levels, these structurescollectively drive the Company's human capital development initiatives. Governance International Women's Day event Koal has implemented a comprehensive human rights risk management system that spans the entire employment lifecycle.This system is founded on principles derived from theInternational Bill of Human Rights, the ILO Conventions, theUN GuidingPrinciples on Business and Human Rights, and theLabor Law of the People's Republic of China. The Company has developed keypolicy documents, such as the Koal Employee Rights Code, to proactively mitigate human rights risks and ensure robust protectionof labor rights across all core business operations. This code encompasses crucial provisions including the prohibition of forcedlabor and child labor, freedom of association, diversity and inclusion, and anti-discrimination measures. Its scope extends to allregular employees, interns, and other personnel throughout the Company's direct and indirect subsidiaries and a?liated entities.During the reporting period, Koal reported no signi?cant labor or human rights risk incidents. Labor and Human Rights Management "We unequivocally reject all forms of forced labor and are committed to safeguardingour employees' rights to freedom and personal dignity. Our recruitment processes are?rmly rooted in the principle of voluntariness. We strictly prohibit the use of forced,bonded, indentured, or involuntary labor, including prison labor. Our Company haszero tolerance for any form of coercion, threats, or restriction of personal freedomaimed at compelling employees to work or engage in overtime. We rigorously adhereto relevant labor organization conventions and local laws and regulations applicableto our business operations, and strictly refrain from employing child labor inaccordance with legal standards." Excerpt from theKoal Employee Rights Code 7374 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Koal has established a diverse array of open recruitment channels and a comprehensiveKoal talent pool, enabling precise identification of talent gaps in key positions. TheCompany conducts regular talent assessments, enriches its talent reserves, and fosterstalent pipeline development. Guided by corporate strategy, Koal has constructed ane?cient and equitable talent attraction system. On one hand, the Company introduceshigh-caliber human resources through external recruitment to fill critical positionsand expands its talent sources through diversi?ed channels such as social media anduniversity collaborations, thereby enhancing recruitment efficiency and improvingthe match between positions and talents. On the other hand, the Company uncoversexisting talent through internal recruitment, ensuring that recruitment plans closelyalign with strategy through internal and external synergy, thus optimizing humanresource allocation and structure. Moreover, the Company places signi?cant emphasison talent integration and development, particularly focusing on the recruitment andonboarding experience of campus hires. By consistently re?ning recruitment strategies,Koal achieves full-cycle management of talent, encompassing "precise introduction -e?cient empowerment - continuous retention." Talent Attraction Key PerformanceRecognized as a "2024 Top Employer"by Lagou Recruitment. Koal places a strong emphasis on talent cultivation and development, offering employees a robust platform for continuouslearning and growth. Through a comprehensive array of internal and external learning activities tailored for all staff members,the Company aims to enhance professional skills, broaden perspectives, and expand career development opportunities. Regularevaluations of various training and development programs are conducted to ensure they e?ectively support employees' personalcareer trajectories, thereby providing a solid foundation of talent for the Company's sustainable growth. To further align corporate strategy with talent development, Koal has established an internal training institution - the KoalAcademy. This academy is designed to serve the Company's core business objectives and strategic goals, emphasizing anoperational philosophy of "derived from business, serving the business." It plays a crucial role in supporting Koal's strategictransformation. As a key component of the Company's talent development ecosystem, Koal Academy strengthens employeecapabilities through an integrated "training-and-practice" model while also serving as a vehicle for standardized corporate culturedissemination. In the future, it is poised to become a driving force for organizational change. During the reporting period, theCompany formulated theKoal Academy Charter, which outlines the training management framework and lays the groundwork fora strategy-driven talent cultivation ecosystem. Employee Training Koal prioritizes employee growth and development, o?ering comprehensive and targeted training programs tailored to individual needs Cultural Dissemination Employee of the Month Recognition Middle and JuniorManagement Leadership Training Koal AcademyKoal Academy Charter E-Learning PlatformTraining Management Policies Sales-focusedDevelopment Implementation ExpertiseR&D SkillEnhancement New Employee Onboarding Executive-level External Training Outstanding Employee Awards Special ProjectAssignments Work RoleTransitions Culture-DrivenInitiatives LeadershipDevelopmentPrograms SupportSystems BusinessSupportTraining Koal's talent strategy is meticulously crafted to align with industry characteristics and the Company's overall business strategy.Talent review serves as a pivotal tool in realizing this strategy, and the Company has established a robust process encompassing"re?ning talent standards - talent selection methods - talent cultivation."Strategy and Approach Conduct targeted campus recruitment talks at key universities (e.g., Shanghai University ofElectric Power, Donghua University) Employees interested in internal job opportunities submit detailed self-recommendationreports orCompetition Application Formsto the HR Department, either in writing or viaemail. The HR Department conducts a comprehensive evaluation of all submissions andproposes a shortlist of candidates for competitive interviews. Upon selection, anInternalTransfer Noticeis issued to the relevant department, and the successful candidate formallyassumes the new role following a structured work handover process. Set up internship bases at partner universities, providing hands-on training and project-basedlearning opportunities.Collaborate with universities to design bespoke IT innovation-related courses, integrating real-world corporate cases into the curriculum.Co-develop an IT innovation training facility with Shanghai Technical Institute of Electronics &Information, addressing teaching, research, faculty development, and industry training needs. Establish joint training bases: Enter into school-enterprise cooperation agreements with Shanghai University of ElectricPower, Donghua University, and Shanghai Polytechnic University. Foster industry-academia-research collaboration: School-EnterpriseCooperation InternalRecommendation and JobCompetition Proactively expand diverse social recruitment channels, leveraging a mix of onlineprofessional recruitment platforms, o?ine talent market job fairs, social media outreach,executive search ?rms, and HR service companies. This multifaceted approach e?ectivelyreaches potential talents from varied backgrounds and professional domains, establishing acomprehensive, multi-tiered talent acquisition pipeline. SocialRecruitment 7576 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Koal has enhanced its new employee training system, implementing a comprehensivemodel that integrates "online self-study and on-the-job guidance" with "learningand assessment." This approach is designed to accelerate the adaptation period andboost new employee performance. To further support new employee development,the Company has instituted a mentorship program that encourages mutual selectionbetween employees and mentors. Each new hire is paired with a mentor whoprovides personalized on-the-job guidance throughout their initial adjustment phase. Koal has developed tiered leadership training plans catering to employees acrossvarious levels of the organization. The Company o?ers a diverse range of comprehensiveand systematic management and leadership courses, delivered through both onlineand o?ine platforms. These programs are tailored for current and aspiring managers,aimed at expanding their perspectives, pushing boundaries, and regularly updatingtheir knowledge and skills for practical application in business development.In an e?ort to foster youthful and innovative leadership while enhancing managementcapabilities to support steady business growth, the Company sponsors promising youngmanagers to participate in prestigious programs such as the China Europe InternationalBusiness School (CEIBS) EMBA, PBC School of Finance (PBCSF) EMBA, and AdvancedManagement Programme (AMP). Furthermore, to unlock the potential of middle-levelmanagers, Koal engages external experts to conduct empowering leadership training.These sessions, conducted in an open and trusting environment, are designed toenhance critical thinking, project planning, and re?ective skills within the talent pool,ultimately driving the precise achievement of key business objectives. New Employee Training Leadership Training New employee online training session Empowering leadership training session To facilitate the growth anddevelopment of employeesacross various professionaltracks, Koal designs annualskill training plans tailoredto speci?c job requirements.These comprehensiveplans encompass crucialareas such as R&D, testing,implementation, and sales,ensuring that each employeeacquires all necessary skillsand professional knowledge.This ongoing enhancementof employees' professionalcapabilities aids in clarifyingtheir career trajectories anddevelopment goals. Professional Skills Training Koal professional skillstraining session Key Performance Percentage of trained employees by genderTraining coverage rate formale employees100% Training coverage rate forfemale employees100% Percentage of trained employees byemployee categoryTraining coverage rate forsenior employees100% Training coverage rate for temporaryworkers/labor dispatch/interns 100% Training coverage rate formid-level employees100% Training coverage rate forfrontline employees 100% Total investment inemployee training 537,000 Annual traininghours per employee 14.26 Total attendance of trainingthroughout the year7,237 Training coverage rate100% Total employee training hours9,556.13 Average training hours per employeeby employee categoryAverage training hours per temporaryworker/labor dispatch/intern 14.42 Average training hours perfrontline employee 14.42 Average training hours persenior employee 11.76 Average training hours per mid-levelemployee and technical specialist 11.76 Koal AcademyTotal training attendanceat Koal Academy 1,068 Total training hoursat Koal Academy1,267.20 E-Learning PlatformTotal course views on onlinetraining platform Total course viewing hourson online training platform 682.9 RMB 7778 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Koal proactively creates opportunities for employees to access high-quality external educational resources, introducingpremium, specialized training programs to help employees deepen their expertise in their respective ?elds. In 2024, the Companycollaborated with multiple external institutions to implement diverse training initiatives, including sponsoring select youngmanagers to attend prestigious programs such as the CEIBS EMBA, PBCSF EMBA, and AMP, providing robust support for employeegrowth and professional development. Collaboration with External Institutions Key Performance training sessions were conducted for R&D and testing positions, with total attendances.642,084 training sessions were conducted for implementation positions, with total attendances. 251,107 training sessions were conducted for sales positions, with total attendances.22762 Koal prioritizes employee career development, having established a comprehensive promotion system. Recognizing technology as thecore of its productivity, the Company has implemented a "dual-track" promotion path, o?ering advancement opportunities in bothmanagement and technical roles. This structure creates an open, transparent, and well-de?ned career development framework. Career DevelopmentEmployee Development T1 Software EngineerT2 Senior EngineerT3 Principal EngineerT4 Technical ExpertT5 Domain Expert T6 Technical Leader M1 AssistantR&D Manager M3 R&D Director M2 R&D Manager M4 Technical Director Manag em ent Sequenc e The Company actively encourages and supports employees in their pursuit of higher degrees, publication of academic papers,and acquisition of professional certifications. Through a system of incentive subsidies, Koal aims to enhance employees'professional qualifications. The Company has implemented theRevised Measures for Encouraging and Rewarding EmployeePaper PublicationsandMeasures for Encouraging and Rewarding Employees Obtaining Quali?cation Certi?cates, which clearlyde?ne reward standards for these achievements. Upon approval, employees can receive bene?ts such as expense reimbursementand performance bonuses, facilitating continuous professional growth. During the reporting period, 26 employees successfullyobtained relevant professional quali?cation certi?cates and were rewarded accordingly. Education and Quali?cation Support Koal has implemented a robust compensation structure and employee evaluation system. The Company regularly assesses employees'performance, capabilities, and attitudes, providing a solid foundation for salary adjustments, promotions, and training decisions.Compensation levels are benchmarked against industry peers, taking into account employees' job performance and positionrequirements. The Company offers competitive base salaries and performance-based pay, including annual bonuses and project-speci?c incentives. Furthermore, an employee stock ownership plan has been introduced to establish a medium to long-term incentivemechanism that promotes risk- and pro?t-sharing, enabling employees to bene?t from the Company's growth and development.The Company's compensation system consists of base salary, performance pay, allowances, and bonuses. Senior managementcompensation is determined based on factors such as position, responsibilities, capabilities, and market salary trends. Their variablecompensation is linked to the Company's operational performance and individual performance evaluation results, aligning theirinterests with the Company's development and growth. The compensation structure for general sta? includes base salary, performancepay, year-end performance bonuses, and allowances. The year-end performance bonus is closely tied to the Company's overalloperational results and a comprehensive evaluation of individual behavior and achievements. This approach ensures that bonusesare e?ectively linked to organizational and individual performance evaluation results, allowing for dynamic management of employeeincome. This system has proven e?ective in enhancing employee satisfaction and productivity while reducing turnover rates amongcore sta?. Additionally, the Company conducts regular market salary surveys to ensure its compensation levels remain competitive,attracting and retaining top talent. During the reporting period, all employees and departments underwent regular performanceevaluations, with all management personnel and general staff, particularly those in non-sales functions, receiving compensationcommensurate with their evaluation results. Scienti?c Compensation Structure Koal has established a comprehensive compensation structure and a scienti?cally designed remuneration system. The Companyhas developed and constantly re?nes its compensation, assessment, and incentive policies to provide employees with externallycompetitive and internally equitable compensation and bene?ts packages.Compensation and Bene?ts The Company regularly conducts performance evaluations, adhering to the principles of "openness, equity, and fairness." Annualand long-term performance assessments are carried out for the Company, departments, and individuals. Overall performanceobjectives are cascaded and implemented across various departments, ensuring that each team and employee has clear goalsand responsibilities, leading to efficient task completion. For employees at different levels and in various roles, a combinationof qualitative and quantitative methods is used to comprehensively evaluate key performance indicators and work objectives.Individual performance achievements are directly linked to personal bonus coefficients. Through scientific guidance, timelysupervision, and objective measurement, the Company ensures a comprehensive and fair assessment of employee performance.To motivate employees to focus on both company and departmental performance, the Company links these performance resultsto the overall bonus pool, encouraging employees to recognize their value and contribution within the organization. Koal hasestablished open channels for performance communication, actively collecting employee feedback and fostering timely coachingand communication between superiors and subordinates. This approach helps both employees and the organization improveperformance and achieve their goals. Employee Performance Evaluation and Feedback T e c hnical Sequen c e 7980 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Koal has implemented a comprehensive, multi-faceted welfare system that encompasses all employees. Beyond the statutorybasic bene?ts, the Company o?ers an extensive range of non-monetary bene?ts to its entire workforce, covering health protectionand life support. This enhances employees' sense of belonging and well-being, fostering a warm and supportive workplaceenvironment that drives high-quality enterprise development. Employee Bene?ts and Welfare Statutory SocialInsurance andHousing Fund In compliance with national regulations, the Company contributes to social pension insurance,medical insurance, unemployment insurance, work-related injury insurance, maternity insurance,and housing provident fund for eligible employees.Leave Bene?ts The Company has established a robust leave system, including paid annual leave, marriageleave, maternity leave, and sick leave, ensuring that employees' rest and personal needs areadequately addressed.Health Care The Company provides employees with comprehensive medical insurance and healthmanagement services, including regular physical examinations and health consultations,focusing on both physical and mental well-being.Employee Care The Company attends to employees' personal needs and family circumstances, o?ering servicessuch as birthday wishes and support for children's education. Work-Life Balance The Company regularly organizes various cultural and sports activities for employees, including?tness sessions and sports competitions. Koal consistently invests in optimizing the office environment, creating comfortable, safe, and creative workspaces equippedwith state-of-the-art o?ce facilities and ergonomic work equipment to enhance the employee experience. To promote work-lifebalance, the Company actively organizes a diverse range of engaging employee activities, such as regular team-building events,cultural and sports competitions, and holiday celebrations. These initiatives strengthen communication and interaction amongemployees, fostering a warm and harmonious corporate family atmosphere. To support employees in achieving work-life balance and to enhance their identi?cation with and sense of belonging tothe enterprise, Koal organized a summer cryptography exploration tour for employees' children. This activity provided anopportunity for employees' children to understand corporate culture, promoting the inheritance of corporate values anddemonstrating the Company's care for future generations and commitment to social responsibility. Koal Children's Summer Cryptography Exploration TourCase Human Resources DepartmentAll types of complaint handling As per company policyGeneral Manager HotlineDirect reporting of major issuesGeneral Manager Email Submission of written suggestions and complaints Koal places great importance on employee communication and exchange, respects employees' opinions and suggestions, andactively builds positive employee relations. The Company strives to create an equitable, harmonious, open, and transparentcommunication environment for all employees.Koal has established a multi-dimensional communication system that transcendshierarchical barriers, providing employees with open and diverse communicationchannels. These include suggestion (complaint) boxes, on-site complaints, writtencomplaints, a general manager hotline, and a general manager email. The Companyencourages employees to freely share views and suggestions across all levels,constantly improving reporting procedures and handling processes, ensuringthat every employee concern receives a prompt response and appropriate action.Additionally, the Company respects employees' freedom of association rights to join,form, or not join unions in accordance with local laws. For employees who join legallyrecognized unions, the Company is committed to engaging in constructive dialogueand collective bargaining with unions or employee representatives. Employee Engagement and Communication Open Communication Channels Channel TypeFunctional PositioningResponse Time Commitment Key Performance Collective bargaining agreementsigning rate in 2024: 93% 8182 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Koal has implemented an open and confidential formal grievance reportingprocedure that covers all regular employees and part-time personnel. Employeesare encouraged to promptly appeal to their superiors or the Human ResourcesDepartment when experiencing any unfair treatment. The Company has designatedpersonnel to receive and handle employee grievances and reports. The HumanResources Department serves as the grievance reception center, working inconjunction with the Internal Audit Department to manage the reception,investigation, processing, and follow-up of grievances. Based on principles ofauthenticity, confidentiality, and effectiveness, the Company ensures timelyacceptance of each reasonable report and conducts independent investigations.The Company strictly maintains the confidentiality of the complainant's personalinformation and the content of the complaint, taking necessary measures to protectthe safety and legal rights of the complainant. Any retaliation against complainantsor information leaks, once veri?ed, will be dealt with severely. Grievance Reporting Procedure Koal regularly conducts employee satisfaction surveys to comprehensively gatheremployee opinions and suggestions, listening to employee voices and demandsacross multiple dimensions. The Company consistently improves its managementpractices based on employee satisfaction survey data analysis and feedback.During the reporting period, in response to commuting challenges identi?ed in theemployee satisfaction survey, the Company developed a commute optimization plan,adding early peak hour services and simultaneously enhancing the station coverageof two existing commuter routes. Satisfaction Survey Employee satisfaction ratein 202475% Koal places paramount importance on human capital risk management, meticulously identifying key areas of potentialvulnerability. The Company employs a continuous process of risk identi?cation, assessment, response, and monitoring of humancapital risks, guided by its strategic objectives. By integrating insights from employee satisfaction surveys, Koal consistentlyre?nes its human resource management strategies throughout the entire talent lifecycle, encompassing "attraction, development,utilization, and retention." This comprehensive approach ensures that human capital development risks remain withinmanageable parameters, enabling high-quality organizational growth through a high-caliber talent pool. Strategic and organizationalchange risksCore technical talent attrition risksSkills and business needsmismatch risksInsu?cient international talentreserve risksPerformance incentive andcompensation competitivenessrisksDiversity and inclusion risksInsu?cient training anddevelopment risksCompliance and employment risks Enhance human capital risk identi?cation and assessment mechanisms,maintaining an up-to-date human capital risk inventory.Implement a scienti?cally robust human resource management system,featuring demand-driven strategic talent pool planning. Conduct regulartalent and organizational assessments aligned with the Company's strategicdirection and business development trajectory, e?ectively mitigating,reducing, or transferring identi?ed risks.Prioritize the recruitment of technical talent that aligns with the Company'sevolving needs while conducting targeted, specialized training for existingemployees to enhance skill adaptability.Establish clear and measurable performance standards, foster opencommunication and feedback channels, and constantly re?ne performancemanagement tools and processes.Implement regular employee satisfaction surveys to identify potentialissues in talent management processes and develop targeted improvementinitiatives. Impact, Risk, and Opportunity Management Analysis of HumanCapital Risks Response Strategies Indicators and Targets Human resource cost control ≤ 100%Target achievedEmployee training rate 100%Target achieved Indicator/Target2024 Achievement Status Occupational Health and Safety Koal rigorously adheres to pertinent laws and regulations, including theLaw ofthe People's Republic of China on the Prevention and Control of OccupationalDiseasesand theProvisions on the Supervision and Administration of OccupationalHealth at Work Sites, while fully complying with the requirements of the ISO 45001management system. The Company consistently enhances its occupational health-related policies and regulations, establishes robust procedures for identifying andaddressing potential risks and opportunities, and implements comprehensivedaily supervision and inspection protocols. By prioritizing health and safety acrossall business operations, the Company ensures the safeguarding of employees'occupational health. Key PerformanceKoal has obtained ISO 45001Occupational Health and SafetyManagement System certi?cation. 8384 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield The Company has appointed dedicated Management Representatives and Employee SafetyRepresentatives for the Occupational Health and Safety Management System. These individuals aretasked with establishing, implementing, and enhancing the occupational health and safety managementsystem, as well as coordinating and addressing related issues that arise during system operation.EstablishManagementStructure The Company has formulated and constantly re?nes a comprehensive set of safety managementand occupational health-related regulations, including theFire Safety Management SystemandFireControl Procedures. Furthermore, aQuality, Environmental, and Occupational Health and SafetyManagement Manualhas been compiled to bolster workplace safety protection e?ectiveness andfoster a high-quality, healthy, and secure working environment for all employees.DevelopManagementPolicies The Company has established speci?c occupational health and safety objectives, targeting "zeromajor safety incidents" and "zero major fire incidents." To facilitate the achievement of theseobjectives, the Company cascades them across functional departments and formulates tailoredmanagement and evaluation plans, thereby ensuring the e?ective implementation of preventivemeasures and reinforcing the foundation of its occupational health and safety management.Regular internal audits, management reviews, and external audits of the ISO 45001 managementsystem are conducted to ensure continued compliance with system standards.Set AnnualObjectives The Company has implemented a robust Hazard Identi?cation, Risk Assessment, and Risk ControlPlanning Procedure to standardize the process of hazard identification and evaluation. Thisprocedure clearly delineates operational requirements, including risk avoidance, risk reduction,and risk acceptance measures, ensuring comprehensive coverage of safety risk managementacross all business processes and enhancing overall risk resilience.Safety Risk Management Process: Planning and organization, hazard identification, riskassessment, determination of signi?cant hazards, risk control evaluation, and implementation.Address SafetyRisks To address potential emergencies in daily operations and workplace scenarios, the Company hasimplemented an Emergency Preparedness and Response Control Procedure alongside specificemergency plans for various safety incidents. These protocols encompass a comprehensivemanagement process, from emergency preparation and response to drill execution and post-drillanalysis, ensuring 100% implementation of plans and full coverage for all employees.The Company regularly organizes diverse safety emergency drills, simulating real-world emergencysituations to constantly refine response measures and enhance the emergency managementcapabilities of all personnel. During the reporting period, Koal conducted two safety emergency drills.Key Performance Health and safetyinvestmentRMB 225,000 Occupational diseaseincidence rate: 0% Work safety accidentsthroughout the year: Number ofwork-related fatalities: Health and safetytraining coverage: 100%Work-related injury rate: 0% Workdays lost due towork-related injuries: Community Engagement Koal is committed to enhancing urban and rural public infrastructure and supporting the advancement of education, science andtechnology, culture, health, and sports in the public sector. The Company actively encourages its employees to participate in socialvolunteer activities, thereby giving back to society with tangible actions. In an effort to strengthen east-westsupport collaboration between Shanghai'sChongming District and Yunnan Province'sLincang City, Koal has partnered withGuodazhai Township in Fengqing County.The Company established the QiongyingAncient Tree Tea Professional Cooperativeas a designated industry collaborationproject. This initiative invested RMB200,000 in purchasing Qiongying ancienttree tea, benefiting over 800 localhouseholds and boosting the revitalizationof rural industries. Rural Revitalization Koal's designated industry collaboration project - QiongyingAncient Tea Targeted Harvesting Base Total charitabledonations and externalcontributionsRMB200,000 Rural revitalization e?orts Koal has developed non-pro?t research and study bases for schools, focusing on key themes such as "digital economy," "cryptography,"and "information technology innovation." These centers provide teachers and students with opportunities to gain insights into thedevelopment and trends of the information technology innovation industry, as well as the role of cryptographic technology as securityfoundations through interactive learning experiences. The Company offers complimentary access to its facilities, including serverrooms, IT innovation adaptation and veri?cation practice areas, and cryptography factories. This allows visiting schools to witness?rsthand the increasing capabilities of domestically produced, independent, and controllable server systems. Charitable Education Support In 2024, four Koal employees demonstratedtheir commitment to social responsibility byparticipating in blood donation drives. Theiractions not only contributed to alleviatingthe shortage of medical blood supplies butalso inspired fellow employees to engage insimilar charitable activities. Voluntary Blood Donation Koal employees at the blood donation site RMB 200,000 ConductEmergency Drills 8586 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield2024年环境、社会及公司治理（ESG）报告 Green andLow-Carbon Operations Contributing to the UN SDGs Environmental Management SystemClimate Change MitigationGreen Operations Environmental Management System Koal has implemented a comprehensive environmental management frameworkbased on the ISO 14001 Environmental Management System, ensuring compliancewith relevant domestic and international laws, regulations, and standards, includingtheEnvironmental Protection Law of the People's Republic of Chinaand theEnergyConservation Law of the People's Republic of China. The Company has developeda suite of policy documents, such as theEnvironmental Management Manualand Environmental Monitoring and Measurement Procedures. Koal regularly conductsenvironmental risk assessments, organizes company-wide environmental protectiontraining, and implements awareness-raising initiatives, aiming to mitigate theenvironmental impact of its operations. During the reporting period, the Companyreported no environmental pollution incidents, received no environmentaladministrative penalties, and experienced no major environmental accidents.Koal has established a robust environmental management structure and process. The General Manager assumes overall leadershipresponsibility for environmental management, coordinating related activities across business operations. The ManagementRepresentative ensures the establishment, implementation, and maintenance of environmental management system processes.Each functional department is tasked with identifying and evaluating environmental factors and potential hazards within theirarea, setting departmental environmental objectives, and monitoring progress towards these goals. Key Performance ObtainedISO 14001Environmental ManagementSystem certi?cation. The Company carries out regular on-site inspections and supervision to identify andaddress gaps in environmental management practices, ensuring the e?ective operation ofthe environmental management system. The Company has developed and regularly updates theEmergency Preparedness andResponse Management Procedure. Annual environmental emergency drills are conductedto prepare for potential incidents and mitigate environmental impacts. During thereporting period, the Company executed 2 environmental emergency response drills.The Company actively promotes an environmental protection culture. Employeesenthusiastically participate in tree-planting activities organized by the industrial park. Based on the environmental management targets, each operating location creates annualenvironmental management work plans that comply with relevant national and regionalregulations and align with their speci?c circumstances. General ManagerManagement RepresentativeFunctional Departments Oversee the establishment,implementation, and maintenanceof environmental managementsystem processes.Report to the General Manager onthe environmental managementsystem's performance andinternal audit results, includingimprovement recommendations. Identify and assess environmentalfactors and potential hazardswithin their department.Develop departmentalenvironmental objectives andmonitor their achievement status. Establish environmental policiesand objectives aligned with theCompany's strategic direction.Integrate environmentalmanagement system requirementsinto business operations and securenecessary resources.Ensure company-wideunderstanding and implementationof environmental policies,promoting process-basedapproaches and risk-based thinking. EnvironmentalManagement ProcessDe?neEnvironmentalManagement Objectives DevelopEnvironmentalManagement Plans ImplementEnvironmentalManagementAudits ConductRoutineEnvironmental Monitoring Foster aRobustEnvironmentalCulture EnhanceEnvironmental EmergencyManagement Establish quanti?ableenvironmentalmanagement targets: Achieve 100% classi?eddisposal of solid waste. Internal Audit: The Company conducts annual internalreviews of its environmental management system,following theManagement Review Control Procedureand Internal Audit Procedure. Corrective actions areproposed and monitored based on review ?ndings. External Audit: The Company undergoes annual third-party environmental audits from external stakeholders. In 2024,Koal conducted internalaudit review and underwent external audit. 8990 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield Climate Change Mitigation In response to global climate change, Koal actively supports the national "dual carbon" goals. The Company adheres to theframework recommendations outlined in theGuidelines No. 14 of Shanghai Stock Exchange for the Self-Regulation of ListedCompanies—Sustainability Report (Trial), proactively identifying various risks that climate change poses to its business operations.By integrating four key dimensions - climate change-related governance, strategy, impact, risk and opportunity management, andindicators and targets - Koal actively develops response measures. These e?orts aim to enhance the Company's resilience in theface of climate change scenarios and constantly improve its ability to address climate risks. Physical Risks AcutePhysicalRisks Severe climate events such as typhoonsand ?oods may lead to extreme weatheror natural disasters, potentially a?ectingKoal's infrastructure, servers, and otherequipment across various operationalsites. This could result in a series of director indirect economic losses, includingasset damage, increased repair costs, andhigher insurance premiums. Short-term,medium-term Revenuedecline, costincrease,liability rise,and assetimpairment Implement timely forecasting andwarning systems for extreme weatherevents. Develop comprehensiveemergency response plans for extremeweather scenarios. Stockpile emergencysupplies and conduct regular emergencydrills to enhance response capabilities.Prioritize climate-resilient areaswhen selecting new operational sites,thoroughly considering local historicaldata on natural disasters.ChronicPhysicalRisks Climate change-induced rise in averagetemperatures increases the need forventilation and cooling in o?ce spaces.This could negatively impact the normaloperation and lifespan of the Company'sservers and other hardware, while alsoleading to increased energy consumptionand operational costs. Medium-term,long-term Revenuedecline and costincrease Consistently optimize energy e?ciencyand implement robust monitoringof energy use. Enhance precisionmanagement of energy consumptionthrough advanced statistics andmonitoring systems. Actively promotegreen o?ce practices among employees. Transition Risks Policy andRegulatoryRisks As progress is made towards "dualcarbon" goals, stricter domestic andinternational policies and regulationsare being introduced to mitigate climatechange. The gradual advancement ofcarbon emissions trading mechanismsexposes the Company to heightenedcompliance risks. Short-term,medium-term Revenuedecline and costincrease Closely monitor changes in internationaland domestic environmental and carbon-related laws, regulations, and policies.Strengthen compliance managementstrategies in alignment with theCompany's speci?c circumstances. Market Risks In?uenced by climate change and globalenergy transition, prices for energy(electricity, steam), water, and hardwarefacilities are likely to increase, leading tohigher operational costs.As demand for climate-friendly productsand services grows, the Company mayface operational risks such as pressure onproduct pricing, increased raw materialcosts, and potential misalignment ofproducts with evolving market demands. Medium-term,long-term Revenuedecline, costincrease,liability rise,and assetimpairment Forge strategic partnerships with high-quality collaborators to bolster supplychain resilience and risk responsecapabilities.Intensify research and application e?ortsin green products and solutions to stayahead of changing market trends. TechnologyRisks Investment in research and applicationof new green products and technologiesmay lead to decreased product demandand revenue if customers do not acceptthese innovations. Short-term,medium-term Revenuedecline and costincrease Conduct rigorous feasibility studieson the R&D and application of greenproducts and solutions. Actively engagein industry collaborations and workclosely with value chain partners topromote low-carbon technology R&Dand application.ReputationalRisks Increasingly stringent environmentalperformance disclosure requirementsincrease compliance costs associatedwith maintaining or enhancing corporatereputation. Short-term,medium-term Cost increase Monitor market regulatory and disclosurerequirements across various regions andimplement comprehensive compliancemeasures. Category Risk/OpportunityType Risk/OpportunityDescription ImpactPeriod PotentialFinancialImpact ResponseMeasures Assume a leadership role in managing and decision-making on climate change issuesOversee climate change management decisions.Review and approve climate action strategic planning, goals, implementation progress,climate risk and opportunity assessment results, and overall management status. Board of Directors and ESG Committee Function as the executive body of the ESG Committee, coordinating the comprehensiveimplementation of climate change issue managementGuide the design and execution of strategies, objectives, and initiatives related to climatechange issues.Assess and manage climate change-related risks and opportunities.Regularly collate and summarize the progress and e?ectiveness of climate change-relatedwork, providing comprehensive reports to the ESG Committee. ESG Executive Committee Manage and supervise the execution of speci?c climate-related workSpearhead the implementation of climate-related actions across various business units,supporting company-wide climate strategy implementation.Execute energy use optimization and carbon reduction plans at the operational level. Functional Departments TheManagement Bodies TheExecution Bodies The Company has seamlessly integrated climate change-related functions into its ESG governance structure, clearly delineatingmanagement responsibilities across various levels. This facilitates comprehensive discussions on climate change-related issues,enables the identification of climate risks and opportunities, and supports the development of targeted measures to addressclimate change. Governance The Company has conducted a comprehensive analysis and assessment of climate change risks (including physical risks andtransition risks) and opportunities facing its business operations.Strategy and Approach 9192 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield ClimateOpportunities Productsand Services The Company's development andinnovation of climate-friendly productsand technologies, catering to customerswith environmental protection andenergy-saving needs, can unlock newgrowth opportunities. Short-term,medium-term Revenuegrowth Capitalize on opportunities for greentransformation and upgrade. Developtargeted products and technologies thatnot only meet basic customer needs butalso incorporate environmentally friendlytechnologies.ResourceE?ciency Achieve dual bene?ts of cost savings andenvironmental protection by adoptingenergy-e?cient technologies andequipment to reduce energy consumptionin operations. Short-term,medium-term Revenuegrowth Integrate energy-saving technologies andequipment across all operational facets,driving down energy costs. ? Greenhouse gas emissions reported here refer exclusively to carbon dioxide emissions and do not encompass other greenhouse gas types suchas methane and nitrous oxide emitted from other sources. Scope 2 greenhouse gas emissions represent emissions caused by purchased electricityand heat. The electricity emission factor is derived from the Announcement on the Release of Carbon Dioxide Emission Factors for Electricity in 2022(Announcement No. 33 of 2024) jointly issued by the Ministry of Ecology and Environment and the National Bureau of Statistics. Greenhouse Gas Emissions Direct greenhouse gas emissions (Scope 1)tons of CO equivalent Indirect greenhouse gas emissions (Scope 2)tons of CO equivalent1,104.22Total greenhouse gas emissions (Scope 1 and Scope 2) ?tons of CO equivalent1,104.22 Greenhouse gas emission intensitytons of CO equivalent/RMB 10,000 revenue 0.0209 Perform in-depth materiality analysis andfinancial impact assessment of climate risks andopportunities, developing key response strategies.The ESG Executive Committee, functionaldepartments, branches, and controlled subsidiariesimplement targeted risk management andresponse initiatives, developing comprehensiverisk treatment plans. The ESG Committee regularlymonitors and tracks implementation progress toensure e?ectiveness. Conduct a thorough assessment of the impactperiod and materiality level of climate risks andopportunities, leveraging internal research,industry studies, and external recommendations.Identify climate risks and opportunities withinthe industry and along the value chain, forminga comprehensive risk inventory.Screen risks and opportunities relevant toKoal based on internal and external expertrecommendations, databases, and othercredible sources. Conduct preliminary identification of climate riskand opportunity types, including physical risks,transition risks, and climate opportunities, basedon disclosure recommendations from authoritativesources such as theGuide No. 4 for Self-RegulatorySupervision on Listed Companies of the SSE —Compilation of Sustainable Development Reports(Draft for Comments)and theIFRS S2 Climate-related Disclosures. Climate Risk-Opportunity ResearchIdentify Risk-Opportunity Inventory Climate Risk-OpportunityMateriality Analysis and Assessment Climate Risk andOpportunity Management Climate Risk and Opportunity Identi?cation, Analysis, Evaluation, and Management Process To address potential risks and capitalize on opportunities brought about by climate change, Koal has established a robust processand framework for managing climate risks and opportunities. Through a combination of internal research, industry studies, andexternal recommendations, the Company systematically identi?es, analyzes, evaluates, and manages signi?cant climate changerisks and opportunities. Based on comprehensive risk identification results, a climate risk-opportunity matrix and targetedmitigation measures are developed, promoting the integration of climate risk management into the company-wide multi-departmental risk management process to actively address climate change challenges. Impact, Risk, and Opportunity Management Indicators and Targets Category Risk/Opportunity Type Risk/Opportunity Description ImpactPeriod PotentialFinancial Impact ResponseMeasures 9394 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield We maximize the use of natural light, turning off unnecessarylighting fixtures when daylight is sufficient. Natural light isprioritized in window-adjacent office areas. The number oflighting ?xtures is adjusted according to area-speci?c functionalrequirements, with reasonable control of lighting brightness.Lighting in corridors, meeting rooms, restrooms, and other publicareas is turned o? when unoccupied, and lighting schedules areset based on actual usage patterns to avoid waste. Lighting electricity management We require employees to turn o? computers, printers, copiers,and other equipment when not in use. Devices are set to sleepmode or turned o? when not used for extended periods (over1 hour). Double-sided printing and copying are promoted toreduce paper consumption and equipment power usage. O?ce equipment management We set summer air conditioning temperature no lowerthan 26°C and winter temperature no higher than 20°C.Human comfort is balanced with energy-saving needs byadjusting temperature (every 1°C change) to optimize energyconsumption. Air conditioning cooling capacity is reasonablyadjusted based on server heat generation and server roomambient temperature to ensure the server room temperatureremains within the specified range while reducing airconditioning energy consumption. Air conditioning temperature control We display compelling green energy-saving slogans onprominent large screens, consistently exposing employeesto green energy-saving concepts during daily work. Thisapproach subtly enhances energy conservation awarenessamong sta?. Energy conservation andenvironmental protection promotion Green OperationsKoal actively promotes green and low-carbon operational practices, incorporating climate change considerations into its businesscontrol processes. The Company consistently improves its environmental performance in areas such as energy usage, waterresource management, and waste disposal. By implementing energy-saving measures, ensuring proper waste management, andfostering a green culture, Koal creates an environmentally friendly o?ce environment, thereby reducing the environmental impactof its operations. ? Total energy consumption is calculated in tons of standard coal equivalent, in accordance with the General Rules for Calculation of theComprehensive Energy Consumption (GB/T 2589-2020) issued by the State Administration for Market Regulation and the StandardizationAdministration of China. Purchased electricity10,000 kWh205.78Total energy consumption ? tons of standard coal equivalent252.91Energy consumption intensity tons of standard coal equivalent/RMB 10,000 revenue 0.0048 2024UnitIndicator We have established energy management policies, including theElectricity Saving Management Measures. Through variousinitiatives, we strive to reduce greenhouse gas emissions and actively address climate change. Energy Management 9596 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield For electronic equipment such as servers, hosts, hard drives, and computers, we have established an internal equipmentallocation platform to reassign devices suitable for downgraded use between different departments or projects within theCompany. Hard drives with remaining storage capacity and read/write speeds suitable for non-critical operations are removedfrom high-performance hosts and installed in o?ce computers with lower storage requirements for secondary utilization. Equipment downgrading We repurpose refurbished equipment within the Company and explore external reuse channels, such as collaborating withsmall enterprises to sell idle but still functional computers at discounted prices.Equipment recycling We extensively utilize ERP systems, encouraging employees to store, share, and approve documents electronically. Forinstance, through the Company's internal cloud storage system, employees can conveniently store and retrieve variousdocuments, replacing traditional paper ?le cabinets.Paperless o?ce We prioritize the purchase of environmentally friendly, biodegradable, or recyclable materials, reducing environmentalpollution and resource waste.Green procurementWe have installed faucets with temperature-controlledautomatic shut-off functions in public restrooms toprevent water waste caused by prolonged water ?ow.Regular inspections of water facilities are conducted,and leaks are promptly repaired to ensure effectiveutilization of water resources. We dynamically adjust the supply of bottled waterbased on seasonal variations, reasonably increasingsupply during high-consumption summer monthsand reducing allocation during low-consumptionwinter months. The provision of individual bottledwater in daily o?ce scenarios has been discontinued,with employees encouraged to use centralized waterdispensers instead. We carry out regular maintenance and inspectionsof water dispensers to ensure normal operation ofheating/cooling functions, preventing equipmentmalfunctions that could lead to water waste. We conduct employee awareness campaigns,encouraging the use of personal water bottles toreduce disposable paper cup consumption. Thisapproach also mitigates water waste from bottledwater dispensers due to casual usage (e.g., over-dispensing and discarding unconsumed water). Water equipment managementO?ce drinking water management Drinking water equipment maintenanceWater conservation promotion Water ResourceConsumption Total water consumptiontons202,322Water consumption intensitykg/RMB 10,000 revenue3.82 2024UnitIndicator Waste Discharge Papertons1.15Toner cartridges/4 Ink cartridges/95Non-hazardous waste intensitykg/RMB 10,000 revenue0.22 2024UnitIndicator The Company's primary water consumption is attributed to daily office use, with the municipal water supply serving as themain source. We have designed and implemented efficient water resource management measures for our business activities,establishing plans to reduce water consumption. By adopting appropriate measures to achieve water management goals, weconstantly improve our water usage performance. The Company primarily generates waste in the form of o?ce paper, courier boxes, ink cartridges, toner cartridges, waste ?uorescenttubes, and discarded electronic equipment. We actively encourage waste reduction, recycling, and reuse, aiming to minimize wastegeneration where feasible and mitigate the environmental impact of waste disposal.Water Resource ManagementWaste Management 9798 E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield 9798 Appendix Key Performance Table IndicatorUnit202220232024Operating revenueBillion RMB0.660 0.5610.529Net pro?t attributable to shareholders of theparent company Million RMB-93737Total assetsBillion RMB1.7461.6611.670Total tax paymentMillion RMB68.7196 29.682841.9318Basic earnings per shareRMB/share -0.04 0.16 0.16 Economic Performance Corporate Governance IndicatorUnit202220232024 Total number of Board membersPersons999Proportion of independent directors%33.33%33.33%33.33%Major corruption and bribery incidentsCases000R&D Innovation IndicatorUnit202220232024 Total R&D investmentMillion RMB92.766698.599997.8889R&D investment as a percentageof operating income %14.07%17.57%18.49%Number of newly granted patentsItems8913Cumulative number of granted patentsItems586784Number of newly registeredsoftware copyrights Items//15Cumulative number of registeredsoftware copyrights Items//197 Products and Services IndicatorUnit202220232024 Incoming material inspection pass rate%//100%Software retesting con?rmation rate%//100%Customer service satisfaction rate%93%99.1%98.2% Supply Chain Management IndicatorUnit202220232024 Total number of suppliersCompanies666864Number of domestic suppliers Companies666864Number of overseas supplierCompanies000Information Security and Privacy Protection IndicatorUnit202220232024 Number of major service/information security incidentsTimes000Annual training coverage rate for information security/information technology services %100%100%100%Number of data breach incidentsTimes000Employment IndicatorUnit202220232024 Total number of employeesPersons923821679Number of employees recruited during the reporting periodPersons16812375Number of employeesby gender MalePersons758657537FemalePersons165164142Number of employeesby hierarchical level Senior managementPersons667Middle managementPersons11011682Entry-level employeesPersons807699590Number of employeesby age 29 years old and belowPersons41032121030-39 years oldPersons34032229340-49 years oldPersons15015815350-59 years oldPersons19152060 years old and abovePersons453Number of employeesby region Chinese employeesPersons923821679Overseas employeesPersons000 Number of employeesby educational level Employees with associatedegrees or below Persons245246170Employees with bachelor's degreesPersons616516455Number of employees withgraduate/MBA degrees Persons595651Number of employees with bachelor'sdegrees or above Persons333Number of employeesclassi?ed byemployment type Regular employeesPersons913791663Temporary workers/labordispatch/interns Persons103016Employee turnover rate%20%28%23.95%Employee turnover rateby gender Male employees%77%80%19.75%Female %23%20%4.20% Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report 99100 Employee turnoverrate by age 29 years old and below%54%51%10.22%30-39 years old%32%33%7.95%40-49 years old%13%13%5.33%50-59 years old%1%3%0.34%60 years old and above%0%0%0.11% Employment IndicatorUnit202220232024 Proportion of female employees%18%20%21%Proportion of minority employees%2%3%3%Proportion of employees with disabilities%1%1%2%Proportion of female employees in middle management%//17.74%Proportion of female employees in senior management%//8.3% Diversity and Equal Opportunities IndicatorUnit202220232024 Total investment in employee trainingMillion RMB/1.62020.537Total attendance of training throughout the yearAttendance6,1499,9187,237Annual training hours per employeeHours8,108.2819,668.639,556.13Annual training hours per employeeHours8.7823.6714.26Training coverage rate%56%99%100%Averagetraining hoursper employeeby employeecategory Temporary workers/labor dispatch/internsHours0.100.8614.42Entry-level employeesHours8.6922.8014.42Mid-level managers and key technical personnelHours1.053.3411.76Senior management personnelHours0.060.1711.76 Employee Training IndicatorUnit202220232024 Investment in health and safetyMillion RMB0.05660.36660.225Annual production safety incidentsCases020 Health and Safety Work injury rate%0%0.2%0%Occupational disease incidence rate%0%0%0%Number of employee fatalities due to work-related incidentsPersons000Number of working days lost due to work-related injuriesDay01800 Health and Safety IndicatorUnit202220232024 Total investment in public welfare and external donationsMillion RMB//0.2 Community Engagement and Public Welfare IndicatorUnit202220232024 Purchased electricityMillion kilowatt hours//2.0578Total energy consumption Tons of standard coal//252.91Energy consumption intensity Tons of standard coal/RMB10,000 of revenue //0.0048Direct greenhouse gas emissions (Scope 1)Tons of CO equivalent//0Indirect greenhouse gas emissions (Scope 2)Tons of CO equivalent//1,104.22Greenhouse gas emissions (Scope 1 and 2) Tons of CO equivalent//1,104.22Greenhouse gas emission intensity Tons of CO equivalent/RMB10,000 of revenue //0.0209Total water consumptionTons//202,322Water consumption intensityTons/RMB 10,000 revenue / /3.82Non-hazardous waste emission intensitykg/RMB 10,000 revenue / /0.22Note 1. Total energy consumption: Calculated in terms of tons of standard coal in accordance with GB/T 2589-2020 General Rules for Calculation ofComprehensive Energy Consumption issued by the State Administration for Market Regulation and the Standardization Administration of China.Note 2. Greenhouse gas emissions: Refers only to carbon dioxide (CO ) emissions and does not include other types of greenhouse gases such asmethane (CH ) or nitrous oxide (N O) from other emission sources. Scope 2 greenhouse gas emissions: Emissions resulting from the consumption ofpurchased electricity and heat. The electricity emission factor is based on the Notice on the Release of the 2022 Electricity Carbon Dioxide EmissionFactors (Announcement No. 33 [2024]) jointly issued by the Ministry of Ecology and Environment and the National Bureau of Statistics. Environmental Performance Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report 101102 Indicator Index Table Reporting Framework Shenzhen Stock Exchange Sustainability Reporting Guidelines GRI 1: Foundation 2021 Message from the Chairman//About This Report/2-2,2-3About Koal2-1,2-6,2-23 Sustainable Development Management Article 12 (1), Article 12 (2), Article 12 (4), Article12 (5), Article 13, Article 14 (1), Article 14 (2),Article 14 (2), Article 15 (3), Article 17, Article18 (1), Article 18 (2), Article 18 (3), Article 18 (4),Article 51, Article 52, Article 53 (1), Article 53 (2) 2-9,2-13,2-14,2-16,2-29,3-1,3-2,3-3[Special Topic] Koal's Green Productsand Solutions Article 20, Article 28, Article 37(II)302-5Forging a Digital Shield Innovation as a Driving Force Article 11, Article 19, Article 41, Article 42 (1), Article 42 (2), Article 42 (3), Article 42 (4) 203-1,416-1Safeguarding Customer Privacy Article 11, Article 19, Article 44, Article 47 (1),Article 47 (2), Article 47 (3), Article 47 (4) 3-3,418-1Protecting Data Security Article 11, Article 19, Article 48 (1), Article 48 (2),Article 48 (3), Article 48 (4) 203-2,416-1,417-1,417-2,417- 3,418-1Sustainable Supply ChainArticle 44, Article 45(1), Article 45(2), Article 46204-1,308-1,414-1,414-2Industry Ecosystem Development//E?cient and Robust OperationsCorporate Governance/2-10,2-12,2-27,2-15,3-3Risk and Compliance Management// Koal has reported the information referenced in this index for the period from January 1, 2024 to December 31, 2024, in accordancewith theGuidelines No. 14 of Shanghai Stock Exchange for Self-Regulation of Listed Companies—Sustainability Report (Trial)andwith reference to the GRI Standards. Reporting Framework Shenzhen Stock Exchange Sustainability Reporting Guidelines GRI 1: Foundation 2021Business Ethics and Anti-Corruption Article 11, Article 19, Article 54, Article 55 (1), Article 55 (2),Article 55 (4), Article 56 (1), Article 56 (2) 2-27,3-32-27,3-3,205-2,206-1,205-2,206-1Party Leadership//Striving for a Shared Prosperous FutureWorkplace Diversity andInclusion Article 49, Article 50 (I)2-7,401-1,405-1,406-1Human ResourceDevelopment Article 11, Article 19, Article 50 (1), Article 50 (3)401-2,404-1,404-2,404-3Occupational Healthand Safety Article 50 (2) 403-1,403-2,403-3,403-5,403-8,403-9,403-10Community EngagementArticle 38, Article 39(1), Article 39(2), Article 39(3), Article 40203-1,203-2Green and Low-CarbonOperationsEnvironmentalManagement System Article 29, Article 33(1), Article 33(2), Article 33(3)2-27Climate Change Mitigation Article 11, Article 19, Article 20, Article 21, Article 22 (1), Article 22 (2), Article 22 (3), Article 23 (1), Article 23 (2), Article 23 (3), Article 24, Article 25 (3), Article 26, Article 27 201-2,3-3,302-5,305-1,305-2,305-4Green OperationsArticle 34, Article 35(1), Article 35(3), Article 36(1) 2-27,3-3,302-1,302-3,303-5,305-1,305-2,305-4,306-3,306-4,306-5AppendixKey Performance Table//Indicator Index Table// Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report 103104 Koal Software Co., Ltd. Address: Building A2, G60 Commercial Cryptography Industrial Base, No. 1-7, Lane 58,Muchuan Road, Sijing Town, Songjiang District, Shanghai, ChinaTel: +86 021-62327010Fax: +86 021-62327015
附件： ↘公告原文阅读

Contents

Innovation as a Driving ForceSafeguarding Customer PrivacyProtecting Data SecuritySustainable Supply ChainIndustry Ecosystem Development

Corporate GovernanceRisk and Compliance ManagementBusiness Ethics and Anti-CorruptionParty Leadership

Forging aDigital Shield

E?cient andRobust Operations0102

Diverse and Inclusive WorkplaceHuman Capital DevelopmentOccupational Health and SafetyCommunity Engagement

Environmental Management SystemClimate Change MitigationGreen Operations

Striving for a SharedProsperous Future

Green and Low-Carbon Operations0304

Message from the ChairmanAbout This ReportAbout KoalSustainable Development Management

[Special Topic] Koal's GreenProducts and Solutions

Appendix

Message from the Chairman

2024 marks the 20th anniversary of the ESG concept and thesecond year of Koal's ESG journey. Over the past two years, theCompany's governance structure has undergone changes. Wehave fully embraced a paperless office system, with gradualimplementation across our six R&D centers, ten delivery centers,and all marketing and service locations. In addition, KoalAcademy has been launched, extending employee benefits toinclude comprehensive training programs, career developmentguidance, and support for mental and physical well-being. Ourcommitment to rural revitalization continues as we partner withGuo Dazhai Township in Fengqing County, Lincang City, YunnanProvince, to help promote the Qiong Ying Ancient Tree Tea" tothe wider world. We understand that ESG is a long-term journey,one that evolves steadily from within, rather than somethingthat can be achieved overnight. With this in mind, Koal willcontinue to strengthen internal capabilities while focusing oure?orts in three key directions:

Direction 1: Strengthen data security governance tosafeguard a green digital ecosystem. In today's data-drivenera, data security is not only our lifeline but also a criticalpillar of ESG. We must protect user data with the same rigoras we do our financial assets. This not only involves ensuringthe confidentiality, integrity, and availability of the data,but also integrating ESG principles into the management ofdata throughout its entire lifecycle. Koal will increase R&Dinvestment in areas such as data encryption, access control,and data breach prevention to establish a comprehensivedata protection system—one that offers users a true sense ofease and trust. At the same time, we will actively participatein the formulation of data security standards, driving forwardindustry-wide governance and contributing to a healthy, greendigital ecosystem. In an increasingly competitive cybersecuritylandscape, we aim to stand out through real value creation anddemonstrating Koal's distinctive strengths.Direction 2: Advancing industry collaboration to builda shared future in cybersecurity.The development of thecybersecurity industry is not a solo e?ort of a single company,but rather requires the collective e?orts of the entire industry.At Koal, we are committed to ful?lling our social responsibilitiesunder ESG, collaborating with our peers to break downbarriers and achieve the sharing of technology, expertise,

and resources. Through the formation of industry alliancesand joint research initiatives, we aim to collectively addressthe growing complexity of cybersecurity threats. Our vision isto build a new security paradigm centered on cryptographictechnologies and empowered by the integration of multiplesecurity solutions. This includes developing an autonomousand controllable cybersecurity environment grounded incryptographic infrastructure and ultimately achieving a trusted,interconnected, and open framework for security. We will alsodeepen cooperation with universities and research institutionsto cultivate more cybersecurity talent, injecting new energyinto the industry's sustainable growth. Our goal is to build avibrant cybersecurity community, characterized by sharedresponsibility and collective progress.Direction 3: Energizing innovation within the Company tosupport the secure upgrade of digital transformation.Withthe ongoing advancement of new quality productive forces,digital transformation is accelerating in both depth and scale,accompanied by a growing demand for cybersecurity. We aimto seize this opportunity to continuously drive innovation withinthe Company and incorporate ESG principles into our productsand services. We continue to increase investment in advancedtechnologies such as Zero Trust architecture and AI security,focusing on both research and practical application. Throughongoing innovation, we aim to make breakthroughs in critical,foundational, and frontier technologies, delivering smarter,more efficient, and more secure solutions for businesses. Atthe same time, we focus on the pain points and challengesthat enterprises face during digital transformation and offercustomized security services to address them. Our goal is toensure robust cybersecurity throughout the transformationprocess, enabling businesses to navigate the digital wave withpeace of mind and achieve sustainable development.In 2025 and beyond, Koal will remain ?rmly committed to theESG vision and continue advancing on the path of network andinformation security. Let us walk together on the path of ESG—guided by its light, inspired with every step, and dedicated tobuilding a brighter future. Through these collective e?orts, wewill drive the high-quality development of Koal and contributeto a secure and trustworthy digital world for all.

Dear colleagues, partners, and all friends who follow and support Koal：

From the introduction of the ESG concept by the United Nations Global Compact to the release of annualESG reports by over 2,000 A-share listed companies, ESG has grown from a niche concept into a widelyrecognized topic in mainstream discourse, which is now taking root and gaining real momentum in China.Today, the ESG we are talking about is no longer just a concept or a label, but a transformation of corporatestrategy development and management. It genuinely helps businesses tap into their potential value and inspireresilience in a highly competitive environment.

Yang Wenshan, Chairman of Koal Software Co., Ltd.Drawn Together by the Light on the ESG Journey, Inspired Every Step of the Way

Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report

0102

About This ReportAbout KoalThis Environmental, Social, and Governance (ESG) report (hereinafter referred to as "the report") is publicly released by Koal SoftwareCo., Ltd. (hereinafter referred to as "Koal"). This report is prepared in accordance with the principles of objectivity, openness, andtransparency, and aims to disclose Koal’s sustainability philosophy, management practices, and key performance results for 2024 toits stakeholders.

Organizational Scope: The scope of this report aligns with that of the annual consolidated ?nancial statements of the Company.Time Range: This report covers the period from January 1, 2024, to December 31, 2024. Some content may be extended beyondthis timeframe as deemed appropriate. This report is an annual report.Reporting Scope

For ease of expression and reading, Koal Software Co., Ltd. is referred to as "Koal," "the Company," or "we" in this report.

De?nition of Terms

This report has been compiled according to the GRI Standards by the Global Sustainability Standards Board,Guidelines No.1 of Shanghai Stock Exchange for the Self-Regulation of Listed Companies — Standardized Operation (2023), Guideline No.14of Shanghai Stock Exchange for the Self-Regulation of Listed Companies — Sustainability Report (Trial), Guide No.4 for Self-Regulatory Supervision on Listed Companies of the SSE — Compilation of Sustainable Development Reports,and the UnitedNations Sustainable Development Goals (SDGs).

Basis of Preparation

All the information and data used in the report are sourced from the Company's official documents statistical reports,and financial statements, as well as information on sustainable development practices of each that have been gatheredand reviewed by the relevant functional departments of the Company. Unless otherwise speci?ed, all monetary amountsmentioned in this report are measured in RMB.

Source of Information

The Company assures that this report contains no false records, misleading statements, or significant omissions, and isaccountable for the authenticity and accuracy of its content. This report has been reviewed by the Company's Board ofDirectors and is being publicly released.Assurance of Accuracy

The electronic version of this report is available on the Shanghai Stock Exchange website (www.sse.com.cn) and the Cninfowebsite (www.cninfo.com.cn). If you have any questions regarding this report, please feel free to contact us through thefollowing channels:

Address: Building A2, G60 Commercial Cryptography Industrial Base, No. 1-7, Lane 58, Muchuan Road, Sijing Town, SongjiangDistrict, ShanghaiTel/Fax: 021-62327028/021-62327015Email: stock@koal.comWebsite: www.koal.com

Report Access & Contact

Founded in March 1998, Koal Software Co., Ltd. (stock code: 603232.SH) stands as a pioneer and leader in China's informationsecurity digital trust sector. The Company went public on the main board of the Shanghai Stock Exchange in April 2017. Koal hasestablished 6 R&D centers and 10 delivery centers, with marketing and service outlets spanning major provincial capitals acrossChina. The Company provides comprehensive security solutions and professional services to over 30 national ministries andcommissions, more than 100 state-owned and central enterprises, and over 200 commercial banks. As a secretariat member of theInfrastructure Group of the State Cryptography Administration, Koal has spearheaded and contributed to the development of over100 relevant standards, including nearly 20 national standards. The Company has been honored twice with the second prize of theNational Science and Technology Progress Award and has garnered more than 20 National Party and Government CryptographyScience and Technology Progress Awards, as well as ministerial and provincial-level Science and Technology Progress Awards.

Company Pro?le

VisionTo be a leader in cyberspace

and digital asset security

MissionTo defend digitalsovereignty and safeguard

the digital world

Corporate CultureUnity, Dedication,Innovation, Security,

E?ciency, Sharing

Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report

0304

Company Product Series

Urumqi

Lhasa

Chengdu

Yunnan

Guangzhou

Hunan

Shanghai HeadquartersHubei

Gansu

Xi'an

Zhengzhou

Beijing Headquarters

ShenyangInner Mongolia

Beijing, Shanghai, Xi'an, Chengdu, Nanjing, Zhengzhou

R&D Centers

Cyberspace Security Key Laboratory (Shanghai JiaoTong University)Cryptography Application Research Key Laboratory(Shaanxi Normal University)Network Security Joint Laboratory (Jinan University)Network Security Technology Laboratory (JiangsuUniversity of Science and Technology)

Joint Laboratories

Beijing, Shanghai, Zhengzhou, Shenyang, Xi'an,Wuhan, Chengdu, Urumqi, Lhasa, Guangzhou

10 Delivery Centers

1010

Headquarters

Beijing, Shanghai

The identity security product series encompasses Public KeyInfrastructure (PKI) and trusted identity control platforms. ThePKI serves as a security foundation, integrating digital certi?cateauthentication systems, certificate registration systems, andcollaborative signature services. It ensures confidentiality,integrity, authenticity, and non-repudiation across various digitalscenarios, forming the cornerstone for building digital trustsystems. The trusted identity control platform amalgamates PKIwith other identity technologies, broadening the scope of identitymanagement. Beyond certificate-based identities, it offersunified lifecycle management for diverse digital entities, alongwith multi-factor authentication, access policy management,and identity risk analysis functionalities, providing platform-levelsupport for constructing robust digital trust systems.

Identity Security Product Series

The data security product series incorporates fundamentalcryptographic components such as key management systems,cryptographic machines, and digital signature and verificationservers. It also features products like SSL VPN, IPSEC VPN,application-integrated security gateways, data access controlgateways, database encryption systems, and storage encryptiongateways. Additionally, it includes a cryptographic service platformthat facilitates uni?ed management and service-oriented extensionof these components and products. Collectively, this series deliversend-to-end solutions for the collection, transmission, storage, use,and exchange stages of the data security lifecycle, serving as thebedrock for comprehensive data security.

Data Security Product Series

The IoT security product series is underpinned by commercialcryptography, guided by national standards, and aims to achieveauthentic identity, protocol integrity, and data encryptionacross multi-dimensional spaces including sky, ground, sea, air,network, people, and objects. By implementing authentication,authorization, and encryption technologies in intelligent IoTscenarios, it establishes a scalable security foundation. Thisenables secure and efficient interconnection in smart IoTapplications, prevents unauthorized access to critical information,safeguards sensitive data from breaches, protects individualprivacy, and bolsters the overall security of smart networks.

IoT Security Product Series

Xi'an R&D Center

Shanghai R&D Center

Beijing R&D Center

Yangtze River Delta Region

Bohai Rim Region

Western RegionCentral Region

Nanjing R&D Center

Zhengzhou R&D CenterPearl River Delta Region

Chengdu R&D CenterSouthwest Region

Shanghai Headquarters

Beijing Headquarters

Koal Software Co., Ltd.

0506

2024 Environmental, Social and Governance (ESG) Report

2024 in Review

Total assets: RMB

billion

1.67

Operating revenue: RMB

billion

0.529

Total tax contribution: RMB

million

41.9318

Net pro?t attributable to shareholdersof listed company: RMB

million

36.8121

R&D investment throughoutthe year: RMB

million

97.8889

Software re-veri?cation rate:

100%

Customer service satisfaction rate:

98.2%

Basic earnings per share: RMB

0.16

Total employee training hours:

9,556.13

0.0209

Greenhouse gas emission intensity:

tons of CO

Total investment in public welfare/external donations: RMB200,000

Total employees:

Female representation:

21%

Major service/information security incidents:

Procurement material inspection pass rate:

100%

equivalent/RMB 10,000 revenue

0807

Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report

Awards & Recognitions

Honors & Memberships

2023 Top Ten Leading Enterprises inDigital Economy Innovation

CCID Net

Outstanding ContributingUnit of the Year

China Academy of Information andCommunications Technology (CAICT)

Yinghua A-Share New Quality Productive

Forces Value AwardChina Fund News

2023 Award List of Outstanding Practice Casesof National Standards on Network Security:

Second Prize in Financial Sector ApplicationNational Technical Committee 260 onCybersecurity of Standardization Administration

of China (TC260)

2024 ESG Practice Case

Guided by Shanghai United Media

Group, Jiemian News

2024 Top Ten Representative Vendors

in Commercial Cryptography Field

AQNIU.com

ESG New BenchmarkEnterprise AwardStock Star

Ranked Second in 2023 China IdentityAuthentication Market Vendor Structure

CCID NetGolden Intelligence Award for Koal'sVideo Integrity Protection GatewayInformation Security andCommunications Privacy Magazine

2023 Key Research TopicOutstanding ReportSecurities Association of China

Awards & Recognitions

Industry Association Memberships

Shanghai CommercialCryptography Industry

Association -President UnitChina State Secrets

Protection Association -Member UnitChinese Association forCryptologic Research

- Member UnitChina CybersecurityIndustry Alliance

Board Member Unit

Yulin Commercial Cryptography Association

Board Member

Shanghai BlockchainAssociationBoard Member Unit

Information Security andCommunications PrivacyMagazine - VicePresident UnitShanghai Information SecurityTrade Association -Board Member UnitTC260 Big Data Working Group

Member Unit

Shanghai Con?dentiality

Work

Association - Vice

President Unit

Shanghai Software Industry

Association - Board

Member UnitTC260 WG3, WG4 Working

Groups -

Member UnitShanghai Industrial TechnologyInnovation Promotion Association

Board Member Unit

Shanghai Securities News Gold Quality Technology Innovation Award

Shanghai Securities News

First to Pass CAICT Anti-Quantum Cryptography

Veri?cation Test for Koal Anti-Quantum (PQC)Security Authentication GatewayChina Academy of Information andCommunications Technology (CAICT)2024 OutstandingContributing UnitCrypto+ Application Promotion Plan (CPII)

Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report

0910

Koal attaches great importance to the opinions and concerns of its stakeholders. The Company continuously improves stakeholderengagement mechanisms and communication channels to ensure regular interaction and enable effective stakeholderparticipation in ESG governance.Stakeholder Communication

StakeholdersIssues of ConcernCommunication Channels and Methods

Shareholders & Investors

Corporate governance Risk and compliance management Business ethics and anti-corruption R&D Innovation Product quality and safety Sustainable supply chain

General meeting of shareholders Roadshow and performance brie?ng Investor hotline and emailEngagement with small and mediumshareholdersRegular information disclosure (annual ?nancialreport, ESG report, WeChat o?cial account,company website, etc.)

Government andRegulatory Bodies

Risk and compliance management Business ethics and anti-corruption Information security and privacy protection Climate change mitigation Emissions and waste management Product quality and safety

Dedicated reception days Information disclosure platform Government meetings and o?cial visitsRegular information disclosure (annual ?nancialreport, ESG report, WeChat o?cial account,company website, etc.)Communication with industry associations andother organizations

Customers

Product quality and safety Customer relationship management R&D Innovation Information security and privacy protection Climate change mitigationClean technology opportunities (greenproducts and solutions)

Customer satisfaction surveyCommunication with customers before, during,and after sales Customer visits Customer review Third party training Labor and human rights management Diversity and equal opportunities Talent training and development Occupational Health and Safety

Employee activities and communication Employee performance communication Internal information communication platform Employee satisfaction survey Employee grievance channels

Partners & Suppliers

Product quality and safety Sustainable supply chain Climate change mitigation

Supplier training On-site audit and communication Regular visits

Community and Public

Product quality and safety Information security and privacy protection Climate change mitigation Emissions and waste management Community engagement

Face-to-face communication Complaint hotline Public welfare activitiesRegular information disclosure (annual ?nancialreport, ESG report, WeChat o?cial account,company website, etc.)

Sustainable Development Management

Koal places great emphasis on sustainable development management and is committed to embedding sustainability principles across allaspects of its operations. The Company has established and continuously improved its ESG governance framework and management system,formulated ESG-related policies, and developed an efficient ESG management mechanism. ESG strategies are effectively integrated intovarious departments and core business processes, which consistently enhances top-down ESG engagement and management capabilities.The Company has built a comprehensive ESG governance framework encompassing the decision-making, management, and execution levels.The Board of Directors, as the leadership and decision-making body for ESG a?airs, is responsible for reviewing and approving Koal's ESGstrategy, governance framework, major policies, material ESG-related matters, and risk response plans. Under the oversight and guidance of theBoard, the ESG Committee was established, chaired by the Chairman of the Board. The Committee is responsible for de?ning and continuouslyoptimizing the ESG governance structure, setting key ESG strategic goals and plans, reviewing the annual ESG work plans, and supervisingtheir implementation. Under the ESG Committee, the ESG Executive Committee has been formed to oversee the day-to-day managementand implementation of ESG activities. During the reporting period, Koal approved theImplementation Rules of the ESG Committee of KoalCo., Ltd. and released the Announcement on the Establishment of the ESG Committee of Koal Co., Ltd.,marking a signi?cant step forward instrengthening the Company's ESG management system.

TheDecision-Making Body

TheManagement

Body

TheExecution

Body

ESG Governance Structure

Koal's ESG Governance Structure

Board of Directors

Review and approve the Company's ESG strategic planning and objectives, ESG governanceframework, and key policies.Review and approve material ESG matters and the Company's response strategies to major ESG-related risks.Review the Company's ESG-related disclosure documents, including but not limited to the annualESG report.

ESG Committe

Establish and continuously optimize the Company's ESG governance structure.Aligned with the Company's development strategy, formulate key ESG objectives and plans, reviewthe annual ESG plan, and oversee its execution to ensure successful implementation.Supervise, guide, and optimize key tasks related to environmental protection, social responsibility,and corporate governance of the Company, promoting the Company's sustainable development.Review other major issues related to ESGHandle other matters authorized by the Board of Directors.ESG Executive Committee

Coordinate and implement the execution of assigned ESG matters.Monitor and report on project progress and target achievement.Collect and consolidate ESG-related information and data.

Employees

Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report

1112

Koal places high importance on and consistently re?nes its identi?cation, management, and analysis of material issues. In 2024,the Company updated its analysis methods based on the latest disclosure standards, including theGuidelines No. 14 of ShanghaiStock Exchange for the Self-Regulation of Listed Companies—Sustainability Report (Trial), theGRI Standards,and theIFRS S1General Requirements for Disclosure of Sustainability-related Financial Information.Combining these with the Company'sbusiness characteristics, Koal conducted a double materiality assessment, comprehensively analyzing the impact of ESG issues onthe Company's ?nances as well as on the economy, environment, and society. Based on the identi?cation results, the Companyadjusts its ESG work arrangements promptly to ensure e?ective implementation and optimization of ESG-related work, providingfocused responses to material issues in this report.

Material Issue Management

Koal's Double Materiality Assessment Process for 2024

With reference to macro-level policies in the regions where the Company operates andindustry-speci?c regulations or standards, ESG issues were identi?ed based on an analysisof internal and external development trends. Both general and industry-speci?c materialissues were recognized through the following approaches: (1) referring to authoritativedomestic and international sustainability reporting guidelines and standards; (2) reviewingleading ESG rating frameworks and sustainability issues of concern within the industry;

(3) considering issues of shared concern among internal and external stakeholders, while

also taking into account industry characteristics, stage of development, the Company'sbusiness model, and position in the value chain to identify topics of ?nancial or impactmateriality; and (4) incorporating expert opinions.

ESG Issue Identi?cation

Research was conducted among key internal and external stakeholder groups inaccordance with the principle of double materiality. Both impact materiality andfinancial materiality assessments were carried out, resulting in the 2024 materialitymatrix and the identification and prioritization of material issues for the year.Stakeholder participants included board members, senior executives, employees,customers, suppliers, investors, regulators, media, and the public.

Stakeholder Communication and Materiality Analysis

The results of impact and financial materiality assessments were integrated andreviewed through two channels: internal management and external experts. TheESG Committee further reviewed and confirmed the findings. For material topics,the report provides focused disclosures covering governance, strategy, risk andopportunity management, as well as relevant indicators and targets.

Issue Con?rmation and Reporting

Governance Dimension Environmental Dimension Social Dimension

Signi?cance of Impact on the Company’s Financial Performance

Signi?cance of Impact on Economic,Environmental, and Social Sustainability

Low

High

Information Security and Privacy ProtectionAddressingClimate ChangeClean TechnologyOpportunities(Green Products andSolutions)

Business Ethics andAnti-corruption

Product Quality and Safety

R&D Innovation

Human Resource DevelopmentDiversity and Equal Opportunity

Occupational Health and SafetySustainable Supply Chain

Labor and Human Rights Management

Customer RelationshipManagementCorporate GovernanceRisk and ComplianceManagementResource Utilization and Circular EconomyCommunity Engagement(Including Public WelfareVolunteering and RuralVevitalization Support)Emissions and Waste Management

Industry Ecosystem Development

MaterialIssues

ImpactPeriod

Risks and OpportunitiesImpact LevelProductQuality andSafety

Short-term,medium-term,long-term

Inconsistent code quality and frequent security vulnerabilities may compromise systemstability, eroding user trust.High-quality products can enhance customer trust, increase market share, and providecompetitive advantages.

Negative Impact:

highly signi?cant;Positive Impact:

highly signi?cantInformationSecurityand PrivacyProtection

Short-term,medium-term,long-term

Data breaches, cyber attacks, and evolving compliance requirements may expose theCompany to compliance risks or reputational damage.Robust internal information security measures can bolster customer con?dence.

Negative Impact:

highly signi?cant;Positive Impact:

highly signi?cantR&DInnovation

Short-term,medium-term,long-term

Significant R&D investments carry inherent failure risks, while rapid technologicaladvancements may lead to swift product and service obsolescence.Emerging technologies such as AI and cloud computing drive business growth, complementedby policy support accelerating the commercialization of technological achievements.

Negative Impact:

moderately signi?cant;Positive Impact:

highly signi?cantHumanCapitalDevelopment

Short-term,medium-term,

long-term

Inadequate employee training and development may result in strategic and organizationalchange risks, as well as increased employee turnover.A comprehensive employee learning and talent development system will strongly supportthe achievement of strategic goals, enhance brand value and market competitiveness, andgenerate potential business opportunities.

Negative Impact:

moderately signi?cant;Positive Impact:

highly signi?cantBusiness

Ethicsand Anti-corruption

Short-term,medium-term,

long-term

Instances of commercial bribery and corruption can incur significant economic costs,legal repercussions, operational risks, and reputational damage.Robust anti-bribery and anti-corruption measures help establish sound internalmanagement systems, optimize processes, and improve operational efficiency andtransparency.

NegativeImpact: signi?cant;Positive Impact:

moderately signi?cantCustomerRelationshipManagement

Short-term,medium-term,long-term

Standardized services may fall short of meeting personalized needs, potentially leadingto decreased customer satisfaction.Tailored services can precisely align with customer business models, fostering increaseduser loyalty.

NegativeImpact: signi?cant;Positive Impact:

moderately signi?cantClimateChangeMitigation

Medium-term,long-term

Growing demand for climate-friendly products and services may expose the Company tooperational risks such as downward pressure on product prices, increased raw materialcosts, and potential misalignment with market demands.Development and innovation of climate-friendly products and technologies, cateringto customers with environmental protection and energy-saving needs, can unlock newgrowth opportunities.

Negative

Impact: signi?cant;

Positive

Impact: signi?cant

Koal Software Co., Ltd.2024 Environmental, Social and Governance (ESG) Report

1314

Special

Topic

Koal's Green Products

And Solutions

As a leading provider of information security services, Koal focuses on leveraging digital technology to enable a greeneconomy. The Company consistently pursues the development of eco-friendly digital technologies, striving to integrateenvironmental protection requirements throughout the entire product lifecycle. For new product development, Koal hasadopted a strategy of "enhancing hardware performance through software optimization," offering more efficient andenvironmentally friendly solutions to customers while reducing energy consumption and carbon emissions.

Traditional discrete "CPU + cryptographic card" security solutions face dual challenges in energy consumption andenvironmental protection. Koal has achieved a significant improvement in cryptographic computation efficiency per unitof power consumption by integrating the cryptographic module into the CPU chip, combined with micro-architecture levelenergy e?ciency optimization design. Taking the SM2 algorithm as an example, under the same power conditions, the CPUcryptographic module provides higher SM2 signature performance while avoiding energy efficiency degradation caused by

CPU Cryptographic Module — Achieving Improved Computational E?ciency per Unitof Power ConsumptionCase

SM2 Signature Performance-to-Power Ratio (TPS/W)

Hardware platforms comprehensively implement instruction setoptimization and performance scheduling algorithms, supportingdynamic adjustment of hardware system parameters to achieveoptimal performance and energy e?ciency ratios.Through intelligent algorithm optimization, energy e?ciency on theHygon CPU platform has improved by approximately 15%.

Intelligent Algorithms Enhance Energy E?ciency

Virtualization Technology Reduces Energy Consumption

Code Structure Optimization Decreases Energy Usage

Real-time Monitoring and Continuous Improvement

New Product Energy Consumption Optimization

Deploying monitoring systems on hardware platforms to trackreal-time system utilization of cryptographic and computationalcomponents provides data support for performance optimization ofvarious system modules, ensuring continuous reduction in overalldevice energy consumption.

After software optimization, new products achieve an average energysavings of 20% to 30%, e?ectively reducing electricity consumption.The new generation of high-performance digital signature andveri?cation server products, leveraging intelligent algorithms and otheroptimization measures, achieves a performance increase of about200% in the Hygon CPU hardware environment compared to theprevious generation. This signi?cantly improves hardware utilizatione?ciency and reduces energy consumption and carbon emissions.

Implementing lightweight virtualization for products such ascloud server cryptographic machines and cryptographic serviceplatform appliances allows more virtual services to run on the samehardware. This increases hardware utilization, reduces the need forphysical devices, and lowers overall energy consumption.

Comprehensive code structure optimization, including theintroduction of CPU affinity binding technology in core libraries,precisely allocates processor resources and optimizes memorymanagement mechanisms. This significantly reduces processorload and memory usage, further lowering overall device energyconsumption.

1516

multiple card paralleling in ultra-high performance demandscenarios. By eliminating independent cryptographic cardhardware, PCB board material consumption is reduced,simultaneously lowering energy loss and electronic wastegeneration from both chip-level optimization and system-level streamlining. This contributes to the construction of acomprehensive green computing system, from chip-level energysaving to system-level environmental protection.

1516

2024 Environmental, Social and Governance (ESG) ReportKoal Software Co., Ltd.

Forging a Digital Shield

Contributing to the UN SDGs

Innovation as a Driving ForceSafeguarding Customer PrivacyProtecting Data SecuritySustainable Supply ChainIndustry Ecosystem Development

Innovation as a Driving Force

Strategy and Approach

Koal, upholding its mission to "defend digital sovereignty and safeguard the digital world," has consistently advanced its Integrated ProductDevelopment (IPD) system and re?ned its R&D processes. In May 2024, the Company achieved CMMI Level 5 certi?cation, marking a signi?cantleap in its R&D management capabilities. The Company persistently enhances its R&D management framework, expands its portfolio ofinnovative security product lines, and positions innovation as the core driver of new growth.During the reporting period, the Company re?ned its R&D management structure by integrating the former Technology Center and ProductBusiness Center. All product and R&D personnel were consolidated into product line departments, and the Product and Technology Committeewas established to oversee unified management. To further strengthen front- and back-end support for R&D, the Company set up foursupporting departments: the Product and Ecosystem Management Department, the Infrastructure Department, the Consulting and StrategicProjects Department, and the Innovation and Development Department. These departments work collaboratively to drive the Company'sproduct and technology R&D efforts. This organizational and process optimization enables more effective resource integration and cross-departmental collaboration, fostering innovative thinking and accelerating the development of cutting-edge technologies and products.Koal embraces a dual-drive strategy focusing on technology and products, maintaining substantial R&D investments in emergingtechnologies and products while preserving its leading position in scientific research and innovation. The Company activelycultivates a technology innovation ecosystem that is enterprise-centric, market-oriented, and deeply integrates industry, academia,and research. It adopts a multifaceted approach that balances independent R&D, collaborative research, and strategic projectacquisition, with a primary focus on developing PKI and cryptographic service platforms. This approach aims to nurture newquality productive forces and establish robust security barriers.

The Company has established six major R&D centers strategically located in Beijing, Shanghai, Xi'an, Chengdu, Nanjing, andZhengzhou. It has also forged collaborations with multiple domestic research institutions and universities to establish fourjoint laboratories. These initiatives have resulted in the creation of high-level, open scientific and technological innovationplatforms and comprehensive innovation systems, accelerating technological advancement, promoting industrial upgrading, andconsistently contributing to industry development.

Positioning and FunctionsSix R&D centers have been established based on two key considerations: addressing the talent needs ofproduction lines and aligning with the distribution of educational and research resources.

Co-building of Scienti?c and Technological Innovation Platforms

Governance

R&D investment throughoutthe year: RMB

million

97.8889

R&D workforce

professionals

Representing

% of operating revenue

19.49

Constituting

% of total sta?

29.60

Contributed to the formulation ofnational standards

Participated in the development of

national standards

And industry standards in 2024

And

industry standards

A year-on-year increase of%

The Company constantly intensifies itsefforts to attract high-caliber scientific andtechnological talent, refining managementmechanisms that foster the development ofresearch personnel. It implements sustainedincentive plans for core talent and provides adiverse range of online and o?ine professionalskills training for R&D sta?. This has culminatedin the establishment of a product technologyR&D team distinguished by exceptionalprofessional expertise, extensive industryexperience, and robust innovative capabilities.During the reporting period, the Companyconducted over 10 specialized producttechnology training sessions, including"HarmonyOS Next Development Sharing,"a series of courses on "Post-Quantum EraCryptography Research," and foundationaltraining in anti-quantum algorithms.

Recruitment and Development of Innovative Talent

In 2024, the Company conducted comprehensive training on IPD(Integrated Product Development) and DFX (Design for X). The trainingprimarily focused on strategies to promote DFX work and establishDFX baseline models. DFX, where X represents any stage in the productlifecycle such as manufacturing, testing, or service, requires variousfunctional systems to advance product development activities inparallel with the R&D system. It emphasizes incorporating requirementsfrom di?erent stages and domains as early as the product requirementanalysis and design phases. This training initiative further enhancedthe collaborative development e?ciency and quality across relevantdepartments within the Company, bolstering product competitivenessand R&D capabilities.

IPD Integrated Product Development and DFX TrainingCase

Key Performance

Six R&DCenters

Shanghai Jiao Tong University: The Cyberspace Security Key Laboratory was jointly established,leveraging local academic resources in Shanghai to carry out comprehensive collaboration in the ?eld ofnetwork security.Shaanxi Normal University: The Cryptography Application Research Key Laboratory was jointlyestablished. Collaborating with the Xi'an R&D center and local universities, it focuses on in-depthcooperative research in new cryptographic algorithms, participation in national standard formulation, andresearch and design of industry cryptographic application solutions.Jiangsu University of Science and Technology:The Network Security Technology Laboratory was jointly

established. Collaborating with the Nanjing R&D center and local Jiangsu universities, it emphasizesapplication innovation and conducts in-depth cooperation in the ?eld of cybersecurity.Jinan University:The Network Security Joint Laboratory was co-established in Guangzhou to conductcutting-edge research on distributed identity and autonomous identity technologies.

Four JointLaboratories

R&D Platforms

Recognized as a National Specialized,Re?ned, Di?erentiated, andInnovative (SRDI) Little GiantEnterprise.

% of R&D personnel

8.96

hold master's degrees or higher

Undertook over

key scienti?c research projects atthe national and provincial/ministerial levelsContributed to the establishment of over

third-party digital

certi?cation centers in ChinaRecipient of

National Science and

Technology Progress Awards to date

Received over

National Party and Government

Cryptography Science and TechnologyProgress Awards and provincial-levelScience and Technology Progress Awards.

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

1920

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Post-Quantum Cryptography TechnologyAs a pioneer in cryptographic applications, Koal has established a comprehensive ecosystem in post-quantum cryptography,encompassing technology R&D, product innovation, and collaborative partnerships. The Company has forged alliances withSpecial Topic

The Company integrates QuantumRandom Number Generation (QRNG),Quantum Key Distribution (QKD),and other quantum cryptographytechnologies with post-quantumcryptographic algorithms. Thisintegration forms the foundation forfully integrated quantum networksecurity and data security solutions.Through uni?ed key management

services, it achieves seamlesscompatibility between quantum

and post-quantum keys, providinga robust security barrier againstquantum computing attacks forbusiness systems.

In the area oftechnology R&D

The Company leverages academicresources to develop cutting-edgecryptographic detection and situational

awareness tools, enabling closed-loop management throughout thelifecycle of cryptographic applicationsand e?ectively addressing gaps inthe product line. It has successfully

upgraded mainstream productswith post-quantum cryptographiccapabilities and introduced China's?rst series of fully quantum-secureproducts, including quantum-secure

PKI/CA, key management systems,cryptographic machines, and VPNs.The Company has also independentlydeveloped post-quantum

cryptographic cards and relatedalgorithmic products, establishing

a comprehensive post-quantum

cryptographic service capability.

In the area ofproduct development

Koal has taken the lead in establishingthe G60 Quantum CryptographyApplication Innovation Center,partnering with industry leaders topromote technology integration andecosystem development. In the ?nancialsector, it has spearheaded research onpost-quantum cryptography innovation

in the securities industry, setting abenchmark for the ?eld. The Companyhas instituted regular technical exchangeforums, convening university experts forseminars on cutting-edge topics suchas post-quantum cryptography andprivacy computing. Through standardsadaptation, technology integration,and cross-domain cooperation, theCompany consistently reinforcesits technological leadership in post-quantum cryptography, deliveringforward-looking, fully quantum-securesolutions across various industries.

In the area of ecosystem collaboration

Launched the new generation KOAL-

SVS digital signature and

veri?cation server.

Actively participated in the drafting

of several key industry researchoutputs, including the Post-Quantum Cryptography ApplicationResearch Report, the Cryptographic

Service Maturity Model, andthe Web 3.0 Digital IdentityCryptography Research Report.Recognized as an OutstandingContributing Unit for the Year bythe China Academy of Informationand Communications Technology.

Developed a blueprint for next-generation PKIand successfully productized post-quantumcryptographic technologies. A comprehensiverange of post-quantum products was unveiledat the 10th China (Shanghai) InternationalTechnology Fair (CSITF) in 2024.

Spearheaded the drafting of theImplementation Guidelines forCryptographic Application and Security

Assessment of Government A?airsCloud in the Government A?airs Domainand the Implementation Guidelinesfor Cryptographic Application andSecurity Assessment of GovernmentService Platforms in the Government

A?airs Domain, both of which wereo?cially released by the CryptographyEvaluation Joint Committee of the ChineseAssociation for Cryptologic Research.

Seamlessly integrated corecryptographic technology with

Huawei's HarmonyOS NEXToperating system, promoting digitaland intelligent transformation.

Achieved a signi?cant milestoneas Koal's Security Authentication

Gateway with Post-QuantumCryptography (PQC) Capabilities

became the ?rst to pass the

post-quantum cryptography

veri?cation test by the China

Academy of Information and

Communications Technology.

Won the Golden IntelligenceAward in China's NetworkSecurity and Information Industryfor the Koal's Gateway for VideoIntegrity Protection.

On November 5, 2024, Koal and the School ofComputer Science and Technology at DonghuaUniversity held a university-enterprise cooperationsigning ceremony at the headquarters of the G60Commercial Cryptography Industrial Base. TheDonghua-Koal Industry-Education IntegrationBase was officially inaugurated. Additionally,several key management personnel from Koalwere appointed as off-campus mentors for full-time professional graduate students at DonghuaUniversity, providing project practice guidance andcollaboratively cultivating high-quality talent incomputer science and technology.

Establishment of Donghua-Koal Industry-Education Integration Base with Donghua UniversityCase

The Company actively responds to the national initiative for developing new quality productive forces by promoting the application of R&Dinnovation outcomes. It focuses on next-generation PKI, leveraging its cryptographic service platform as a ?agship product to support newindustry expansion. Leveraging its Common Building Blocks (CBB) — a cryptographic library and infrastructure platform — the Companysupports four US standards and three Chinese national standards for post-quantum algorithms, with core cryptographic products fullyequipped with post-quantum capabilities. During the reporting period, the Company achieved the following innovative milestones:

Advancing New Quality Productive Forces

universities to establish post-quantum cryptography laboratories,driving the formulation of national standards and industrialimplementation. It has developed a robust post-quantumcryptographic product portfolio, with its security authenticationgateway successfully passing the PQC application system upgradeverification test conducted by the China Academy of Informationand Communications Technology.

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

2122

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Koal is at the forefront of developing a comprehensive security system for the low-altitude economy, leveraging cryptographictechnology as its core driver for new quality productive forces. As a founding member of the China Low-Altitude EconomyInternational Cooperation Alliance, the Company focuses on three key directions to build a secure ecosystem:

Empowering the Low-Altitude Economy and Building the "City in the Sky"Case

Establishing a trust servicesystem for low-altitude aircraft

by deploying identity-awaredevices and signal monitoringsystems. This system, enhanced

by AI, dynamically identi?escooperative and non-cooperativeaircraft, precisely preventing andcontrolling illegal gatherings andother anomalous behaviors, whileproviding crucial data support forcross-departmental governance.

Constructing an advanced cloud-

edge collaborative securitysystem that implements robust

communication protection

through cryptographic chips

at the edge, while building acentralized cryptographic service

platform in the cloud. Thisplatform o?ers comprehensive

services such as digitalsignatures and data encryption.Additionally, zero-trusttechnology is integrated to fortify

network security protection.

Developing a sophisticateddata asset management system

that utilizes cutting-edgecryptographic technology forprecise entry and monitoring oflow-altitude geospatial data. Thissystem forms a comprehensive

asset library and establishes

network security baseline

management capabilities,

creating a trustworthy andcontrollable digital foundationfor the high-quality developmentof the low-altitude economy.

Koal maintains strict adherence to key legislation, including the Patent Law of thePeople's Republic of China, the Trademark Law of thePeople's Republic of China,and theCopyright Law of the People's Republic of China.The Company has implemented comprehensivepolicies such as the Intellectual Property Management Manualand theCompany Patent Work System.A dedicated patent workmanagement team has been established to enhance the identification and control of intellectual property infringement risks andsafeguard intangible assets. While rigorously protecting its own intellectual property, the Company ensures scrupulous respect for thetrademarks, patents, copyrights, and other intellectual property rights of external entities. During the reporting period, the Companyconducted Contract and Compliance Training, which incorporated essential intellectual property content, significantly enhancingemployees' understanding of intellectual property protection. A total of 152 trainee attendances were recorded for the specializedintellectual property training, with a cumulative training duration of 4 hours.

Intellectual Property Protection

Granted

new patents

software copyrights

Secured a cumulativetotal of

patents

software copyrights

And

trademark registrations

Key Performance

Koal successfullyobtained GB/T 29490-2013 Intellectual PropertyManagement Systemcerti?cation.

Launch of the New Generation KOAL-SVS Digital Signature and Veri?cation ServerCaseThe digital signature and verification server is a sophisticated cryptographic device that provides digital signature andveri?cation services based on PKI infrastructure. It employs advanced digital signature and certi?cate technologies to ensurenon-repudiation and integrity protection for data, forming the cornerstone of trust for data collection, storage, transmission,and sharing. Koal's new generation digital signature and veri?cation server boasts enhanced security, superior performance,and user-friendly operations. It comprehensively addresses both server-side and client-side digital signature and veri?cationscenarios, accommodating multi-language and multi-platform application integration needs while supporting centralized

Application Practice Based on CPU-Integrated Cryptographic Modules Showcasedat the OpenAnolis Security Conference

Case

Koal, in strategic collaboration with Hygon Information Technology Co., Ltd., participated in the Private Sessionfor the OpenAnolis Conference 2024. At this event, Koal unveiled its innovative application solution based on CPUcryptographic coprocessor modules. The Company proactively explores technological applications and solutions forintegrating cryptographic coprocessor modules within CPU chips. Their commercial cryptographic application, builton the Hygon platform, features an advanced cryptographic coprocessor module designed to implement public keycryptography (SM2), hash function (SM3), symmetric cryptography (SM4), and random number generation. As of the endof the reporting period, Koal's entire product line has been successfully equipped with the capability to integrate CPUcryptographic modules.management of multiple digital signature and verification servers.Furthermore, this cutting-edge product supports an expanded rangeof algorithms, including SM2, RSA, SM9, international ECC (13 types),and post-quantum cryptography, delivering a 200% performanceimprovement over its predecessor. It o?ers tailored signature capabilitiesfor diverse scenarios, providing robust solutions for government a?airs,?nance, healthcare, and other sectors. With streamlined business logicand intuitive interaction, it significantly enhances usability, enablingusers to e?ortlessly manage complex tasks.

Andrademark registrations

in 2024

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

2324

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

To e?ectively address various risks including technology development, market competition, intellectual property, and policy andregulatory challenges, Koal has established a Product and Technology Committee. This committee strengthens the evaluationand approval processes for technology and product development projects. Additionally, four supporting departments have beencreated to enhance front- and back-end support. Through cross-departmental collaboration in R&D, marketing, procurement, andquality control, the Company ensures that risk management activities are integrated throughout the entire product and technologydevelopment lifecycle. Throughout the lifecycle of R&D projects, the Company closely monitors market trends, technologicaladvancements, and policy developments. It consistently conducts risk identification, assessment, and monitoring, promptlyadjusting risk management strategies based on changes in internal and external environments. The Company has implementedrisk warning mechanisms and reporting systems to ensure that all R&D activities remain within manageable risk parameters.

Impact, Risk, and Opportunity Management

Indicators and TargetsManagement Level:

Implement product manager responsibility system to restructure product and R&Dpractices.Establish 4 new supporting departments.Merge testing and production to enhance production e?ciency.Implement performance evaluation mechanism for R&D personnel.

Target achieved

Product Level:

Focus on next-generation PKI development.Launch new version of SVS.Utilize cryptographic service platform as flagship product to support new industryexpansion.Deepen user data business to establish foundation for data security product line.

Target achieved

Support Level:

Improve development e?ciency across product lines by establishing Common BuildingBlocks (CBB), a cryptographic library and infrastructure platform.Implement company-wide security testing environment.Develop consulting expert teams for key industries.

Target achieved

Analysis of R&D RisksResponse Strategies

2024 Target Achievement StatusIndicator/Target

Actively participate in domestic and international anti-quantum cryptography standard-setting,dynamically adjusting research directions to align with mainstream standards.Develop a comprehensive innovation system covering technology development, productization, andecosystem collaboration.Conduct regular customer surveys to optimize product functionality and adaptability; implementmodular design to swiftly respond to evolving market demands.Monitor data security regulation dynamics, performing regular compliance reviews to ensure productsmeet the latest policy requirements.Conduct patent infringement risk analysis on the technical content of R&D projects, and incorporatespeci?c intellectual property legal risk review nodes in the contract approval process to identify andmitigate IP risks.

Safeguarding Customer PrivacyGovernance

Strategy and Approach

Data Security Products and ServicesComprehensive Cryptographic Service Capability System

Koal prioritizes customer needs, integrating these requirements into product technology development, quality control, and salesprocesses. The Company has established a collaborative response mechanism among product technology, quality, and salesdepartments. This ensures rigorous quality and risk management throughout the product lifecycle, guaranteeing high-qualityproducts while ensuring customer needs are swiftly addressed and clearly implemented across all business chain links. Thisapproach delivers superior products that satisfy customers and signi?cantly enhances market competitiveness.

The Company adheres to the strategic policy of "constantly meeting customer and relevant legal and regulatory requirementsthrough secure and reliable product functions and consistently improving service quality." It maintains the principle of "balancingproduct innovation with reliability and security; coordinating technology, progress, and quality." Koal consistently enhancesits quality management system, strictly adheres to quality standards, and provides customers with satisfactory products andexceptional services. Concurrently, the Company actively pursues a "going global" strategy, focusing on expansion under theBelt and Road Initiative. This involves providing data transaction security services for overseas customers and assisting them inaddressing technical challenges and service assurance issues.Technology developmentand integration risksMarket competition risksPolicy and regulatory risksIntellectual property risks

Koal has developed a comprehensive cryptographic service capability system, centered around the Cryptographic ServicePlatform. This "1+3" product ecosystem incorporates the Cryptographic Regulatory Platform, Operations Management Platform,and Cryptographic Laboratory. The Cryptographic Service Platform is capable of managing various cryptographic devicesheterogeneously and integrating diverse cryptographic services, offering a wide range of sophisticated cryptographic servicecapabilities for upper-layer applications.

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

2526

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Data Security Product System

In today's digital landscape, data has emerged as a critical asset for both businesses and society at large. Data security is not onlyvital for maintaining operational stability and corporate reputation but has also become an essential compliance requirement inan increasingly stringent regulatory environment. Recognizing this, Koal has consistently positioned data security as a cornerstoneof its strategic expansion. The Company constantly invests signi?cant resources in the deep cultivation and innovative R&D withinthe data security domain, striving to deliver exceptional data security products and comprehensive solutions to clients worldwide.Koal excels in integrating cutting-edge technology with practical client needs, crafting bespoke data security solutions for eachcustomer. To achieve this, the Company has assembled a multidisciplinary R&D team. This team comprises seasoned data securityexperts, specialized software engineers, and elite AI algorithm researchers. Their focus is on exploring the frontiers of data securitytechnology and driving practical innovation, resulting in breakthroughs across numerous critical technical areas. Consequently,Koal has developed a comprehensive and multi-layered data security product system that encompasses the entire data lifecyclemanagement, providing clients with a robust data security shield.

Data Lifecycle

Reliable Data ContentTrustworthy Data CirculationTraceable Data Compliance

Integrated Data Security PlatformSecurity SituationAwareness System

Security ThreatDetection System

Security CapabilityAssessment System

Identity and Access Management (IAM) System

Public Key Infrastructure (PKI)

CryptographicInfrastructure

Basic CryptographicService Capabilities

Identity Management,Authentication, andAuthorizationIdentityInfrastructure

Cryptographic Service PlatformCryptographic MachinesDigital Signature andVeri?cation

Key ManagementSystem (KMS)Timestamp

The Cryptographic Service Platform and its components o?er ?exibility in tailoring andcombination to meet specific requirements. They can be delivered through variousmeans, including single machine single package, all-in-one machine, data center, cloudplatform, or cryptographic cloud. These solutions provide comprehensive cryptographicintegration, operations, maintenance, and regulatory functions across diverse scenariossuch as cloud environments, big data, mobile terminals, IoT, and AI.

Collection

Data Transmission

Security

Data Storage

Security

Data Processing

Security

Data ExchangeSecurity

Data DestructionSecurityData CollectionSecurity

TransmissionStorageUsageExchangeDestruction

This option offers straightforward and flexible deployment at a low cost,making it ideal for small enterprises and individual users. Its plug-and-playfunctionality enables rapid deployment and simple maintenance, signi?cantlyreducing the IT management burden.

Single Machine Single Package Delivery

Supervised Cross-border Data

This solution integrates hardware and software in a ready-to-use package,minimizing deployment time. It is particularly suitable for scenarios requiringrapid launch, operating under budget constraints, or involving numeroussmall-scale business applications.

All-in-One Machine Delivery

This approach provides robust computing and storage resources, capableof handling large-scale data processing. It ensures high availability and faulttolerance, guaranteeing business continuity while o?ering ease of expansionand management.

Data Center Delivery

By leveraging cloud platform advantages, this method o?ers ?exible resourcemanagement and elastic scaling. It optimizes cost and performance whileenhancing business agility and security.

Cloud Platform Delivery

This specialized service focuses on encryption, employing advancedtechnology and stringent access control to ensure the security of datatransmission and storage. It simplifies cryptographic management, offeringinstantly accessible cryptographic services.

Cryptographic Cloud Delivery

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

2728

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Security Service System

Koal has developed a comprehensive, one-stop data security service capability. The process begins with in-depth consulting,enabling clients to gain thorough insights into their data assets and precisely identify potential risks. The Company then providessecurity construction integration services and product implementation services to ensure the smooth deployment of datasecurity solutions. In terms of ongoing support, Koal o?ers a range of data security operations services, including security systemoperations, daily security maintenance, and emergency response services. Regular professional assessments help enterprisesconstantly optimize their security measures, ensuring the continuous enhancement of data security protection capabilities. Thisholistic approach safeguards the digital transformation journey of enterprises.

Koal played a pivotal role in developing the CM Financial Technology National Cryptographic Service Platform. Adhering tothe Central Bank's Document No. 140 compliance requirements, they engineered a service platform compatible with multiplevendors' ?nancial cryptographic machines. This platform achieves uni?ed management, centralized monitoring, and standardizedcryptographic service API interfaces. The solution implements a distributed cascading architecture (one master, multiple slavesmodel), incorporating collaborative signature services. It supports mobile key splitting technology and can issue digital certi?catesfor hundreds of millions of users. The platform seamlessly integrates with existing systems such as 4A and Firefly, minimizingapplication modification costs through unified key interface encapsulation. Furthermore, it enhances cryptographic servicesituation awareness and analysis capabilities. Key components include a cryptographic service platform, key management system,cryptographic machine adaptation module, collaborative signature gateway, and mobile cryptographic module. These elementscollectively meet the compliance and operational e?ciency requirements of the ?nancial sector.

CM Financial Technology National Cryptographic Service PlatformConstruction ProjectCase

In 2023, Koal began its involvement in the Shanghai Municipal Bureau of Finance's Treasury Budget Integration InnovationProject. This initiative aims to modernize electronic management of centralized treasury payments across municipal, district,and town levels while adapting to innovative technologies. The project leverages domestically produced innovative products asits operating platform, incorporating Koal's electronic seal and digital signature security devices to safeguard electronic vouchersand data integrity. By centrally deploying electronic voucher security support components and electronic seals, and utilizinggovernment networks alongside dedicated treasury networks, the project establishes secure connections between ?nancialdepartments, agent banks, and sub-treasuries. The implementation of digital certi?cate-based electronic signatures and sealtechnology signi?cantly enhances the e?ciency of district-level ?nancial payments and bolsters voucher security management.

Shanghai Municipal Bureau of Finance Treasury Budget Integration Innovation ProjectCase

Product Quality and SafetyBuilding upon on the ISO 9001 Quality Management System and CMMI 5 Capability Maturity Model Integration certi?cation, Koal has formulatedinstitutional documents such as theR&D Project Quality Assessment Measures (Draft)and Quality Management Manual. Focusing on customerneeds, key areas, and core processes, the Company has established a comprehensive quality management system that spans the entireproduct lifecycle to deliver high-quality products and services. Annual internal audits and management reviews of the quality managementsystem are conducted as scheduled, refining existing processes and integrating new requirements into business operations. During thereporting period, Koal maintained an impeccable record with no major quality or safety-related incidents concerning its products and services.

During the reporting period, the Company undertook a comprehensive upgrade of its quality management system, drawinginspiration from the CMMI 5 model. This initiative aimed to bolster the implementation of quality management practices, enhanceproduct quality, and improve R&D and testing e?ciency. The result was the establishment of a robust quality management systemthat spans the entire product lifecycle, encompassing requirements, design, coding, testing, production, delivery, and maintenancephases. As part of this e?ort, the Company developed the R&D Project Quality Assessment Measures (Draft). This document servesas a supplement to the existing quality management system, rede?ning activity requirements for each stage of R&D projects. It alsointroduces corresponding assessment and incentive measures designed to foster greater employee initiative in quality-related tasks.Furthermore, the Company has raised the bar for high-level requirement documentation and review processes, thereby strengtheningthe quali?cation rate of high-level requirements and enhancing overall review e?ectiveness.

Full Lifecycle Quality Management

Key Performance

Achieved ISO 9001Quality ManagementSystem Certi?cation

Secured CCRCInformationSecurity ServiceLevel 2 Certi?cationObtained ISO 20000Information TechnologyService ManagementSystem Certi?cation

Attained CMMI 5Capability MaturityModel IntegrationCerti?cation

Acquired ISO 27001Information SecurityManagement SystemCerti?cation

Data SecurityConsulting Services

Data SecurityImplementation Services

Data SecurityOperation Services

Service Content

Service Value

Service ValueService Content

Asset Review ServiceRisk Assessment ServiceSecurity System Construction

Security Construction

Integration Service

Security System OperationDaily Security MaintenanceEmergency Response Service

Service Value

Clarify Current Data Security Status

Identify Risks and IssuesMeet Regulatory Compliance

Requirements

Customized Solutions

Address Protection

Capability Gaps

Strong Data Security Assurance

Continuous Evolution andOptimization Around Business Needs

Inventory Assets/Assess Risks

Product Implementation/System Construction

Ongoing Evaluation/

Continuous Optimization

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

2930

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Product Testing and Recall

The Company has established comprehensive institutional documents, including theTest Operation GuidelinesandQuality and SafetyRequirements for Company Products and Software Deliverables.These documents provide clear stipulations on various aspects ofsoftware testing, including test classi?cation, objectives, design, steps, pass criteria, and primary evaluation methods. The testing regimerequires di?erent objects to be evaluated at various stages of the software lifecycle. Notably, all company products must meet internalsecurity testing "Level 1" requirements before they can be cleared for delivery. During the reporting period, the Company successfullyshipped 2,512 hardware products. Each of these products underwent rigorous inspection in accordance with the checkpoints de?ned intheProduct Inspection Speci?cations prior to shipment.The Company has implemented aNon-conforming Product Control Procedureto guide the identi?cation and control of non-conformingproducts at various stages of the product lifecycle. In cases where non-conforming products are discovered after delivery to customersor after use has commenced, the Company conducts a thorough veri?cation of the speci?c circumstances. Based on this assessment,a determination is made regarding whether to notify customers for a potential recall, thereby preventing the unintended use or furtherdelivery of non-conforming products. During the reporting period, the Company did not experience any product recall events.Quality Culture DevelopmentKoal actively fosters a quality-centric culture. The Company regularly conductsquality training sessions for employees to enhance overall quality awareness andimprove management efficiency and product quality. During the reporting period,four comprehensive quality training sessions were held, covering crucial topics suchas project management processes, institutional document dissemination, advancedrequirement writing and review techniques, and sharing of best practices.

"Integration Testing ExecutionRequirements and Best Practices Sharing"themed quality training sessionSupply Chain Quality Control

Customer Service Management

Koal places significant emphasis on supply chain quality control. The Company establishes clear quality standards by signingtheSupplier Product Quality Assurance Agreementwith its suppliers. This agreement delineates speci?c requirements regardingquality responsibilities, issue resolution processes, and problem-handling procedures, ensuring consistent quality throughout theentire supply chain. Additionally, Koal regularly organizes quality-related training and exchange programs with suppliers. Theseinitiatives enable suppliers to gain a deeper understanding of the Company's quality requirements, thereby promoting overallquality improvement across the entire supply chain ecosystem.

The Company consistently refines its internal customer service management systems, clearly delineating pre-sales, mid-sales,and after-sales service processes. This comprehensive approach manages all aspects of customer service, encompassing after-sales service requests and handling, hardware warranty services, software defect resolution, product inspection services, customercomplaint management, and system upgrades. The objective is to deliver high-quality, e?cient, and ?exible services with customersatisfaction as the primary focus.

Customer Relationship Management

Koal prioritizes customer needs and interests, constantly enhancing its service system to improve the precision andprofessionalism of customer service, thereby elevating overall service quality and customer satisfaction.

Key Performance

Product requirements must adhereto principles of reasonableness,stability, and accuracy, aligningwith CMMI model and templatewriting standards throughout theproduct lifecycle.For system testing-related projects,the involvement of testingpersonnel in requirement reviewsis mandatory to ensure testability.

Requirements

Regular product maintenance isconducted following managementcontrol documents, includingtheMonitoringandMeasuringEquipment Control Proceduresand Equipment MaintenanceRegulations.

Maintenance

Upon product arrival at the user site, a structured process of display,installation, adaptation, and debugging is carried out in accordance withguiding documents such as theProduct Delivery Process andImplementationPlan. User satisfaction data is collected as part of this process.

Delivery

Design processes must prioritizee?ciency and maintainability,following CMMI templates foroutline design.A/B class projects necessitateseparate outline designdocumentation, which is subjectto a "formal inspection" review.

Design

The production process isgoverned by a set of guidingdocuments, including the

Product Assembly ProductionGuidelines, Product InspectionSpeci?cations, ProductFactory Inspection Form, andProduct Protection OperatingInstructions.Adherence tothese documents ensures themanufacture and delivery ofquali?ed products.

Production

All code must comply withestablished standards, with aparticular emphasis on securitydesign. Unit tests are mandatory,with test cases and resultsmeticulously recorded.These unit tests shouldcomprehensively cover keyelements such as test objects,inputs, and outcomes.

Coding

Integration testing is conducted following functional acceptance, withA/B class projects requiring independent test cases and defect lists.Con?guration managers are tasked with verifying delivery item compliance.In system testing, test cases must provide full coverage of requirements, andtest reports are subject to review. QA personnel are responsible for checkingthe completeness of test documentation.The Company places signi?cant emphasis on integration testing executionrequirements to verify module functionality, interface integrity, datatransmission accuracy, and compliance with system design speci?cations.This approach facilitates more e?cient problem detection and localization.

Testing

Achieved

coverage of product

quality training for R&D personnel.

Accumulated a total of

hours of

629.83

product quality training.

Recorded

attendances in

product quality training sessions.

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

3132

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

The Company annually undertakes key improvement projects to optimize customer service and enhance service capabilities.During the reporting period, Koal focused on improving customer service capabilities through three main initiatives: strengtheningknowledge base construction, re?ning key customer engagement models, and enhancing ERP system process operations.

Pre-SalesMid-SalesAfter-Sales

Customer follow-up and feedbackcollection: Conduct regular follow-ups (via phone, email, or on-sitevisits) to assess product usage andservice experience. Identify areas forimprovement through satisfactionsurveys and complaint analysis.Technical support and problemresolution: O?er free maintenanceand remote technical guidancewithin the contract period, establishrapid response mechanisms (e.g.,24/7 availability), and maintainconstant readiness.Customer relationshipmaintenance: Conduct regularcustomer visits to bolster satisfaction.

Project implementation: Execute

product production or servicepreparation according to standardprocedures, monitoring progress,overseeing quality, and maintainingtimely communication throughoutimplementation.Logistics and delivery: Coordinatetransportation, provide on-sitesupport for installation, debugging,and user training to enhance thecustomer experience.

Market research and customerdevelopment: Identify targetcustomers through industryanalysis, competitive research,and customer pro?ling.Requirements analysis andcommunication: Engage inthorough discussions withcustomers to clarify pain points,budget constraints, and timelinerequirements.

Solution design: Develop tailoredsolutions based on speci?crequirements.

The Company emphasizes the development of professional skills and business acumen within its sales team, regularly conductingtraining to enhance customer service capabilities. These sessions cover key aspects including market analysis, customer needsidentification, and after-sales service, aiming to cultivate a high-quality, efficient customer service team. During the reportingperiod, the Company conducted 35 customer service training sessions.

Listening to Customer Concerns

Koal prioritizes customer concerns and feedback, implementing robust institutional documents such as theKoal Customer Service Hotline Handling ProcessandCustomer Service Hotline Handling Guidelinesto establish a standardized customer communicationprocess. This system ensures swift response to and resolution of customer issues, enhances the investigation, handling, tracking,and supervision of customer complaints, and conducts thorough post-mortem analyses of customer feedback for continuousimprovement. These measures guarantee timely responses to customer needs and consistently elevate customer satisfaction.

Customer service personnelor relevant departmentheads conduct an initialassessment to determinewhether immediate resolutionis required or if the complaintshould be escalated to otherdepartments.

Allocate complaints toappropriate departments orteams based on their categoryand severity.

Responsible personnelconduct a thoroughinvestigation of the complaint,including understanding thespeci?c circumstances andgathering relevant evidenceand materials.Communicate the proposedsolution to the customer,soliciting their feedback toensure satisfaction.

Utilize multiple channels for receivingcustomer complaints, includingcustomer service hotlines, emails,and customer service platforms.Upon receipt of a complaint,customer service personnelmeticulously document all details,including the complainant's basicinformation, speci?c issues raised,and time of complaint.

Summarize the complainthandling process, analyzingroot causes and identifyingareas for improvement in thehandling process.

After implementing the solution,conduct follow-up assessmentsto gauge customer satisfactionwith the resolution.

The Company regularly conducts customer satisfaction surveys. Following on-site customer service, technical support personnel collect customer-completedsatisfaction survey forms and personally deliver them to the department manager.The survey encompasses satisfaction with both the current service and the product.After collecting this information, the Company thoroughly analyzes the surveyresults, promptly adopting targeted improvement measures to consistently optimizeproducts and services and enhance overall customer satisfaction.

Customer servicesatisfaction rate

98.2

Key Performance

Strengthening knowledgebase constructionDelivery and maintenance personnelinput their problem-solving methodsand experiences into the knowledgebase in real-time. Professional sta?regularly curate the knowledge base,identifying e?ective information andsegmenting it for use by maintenancepersonnel and customers beforepublication. The Company is undergoing

system upgrades, with plans toimplement AI technology for intelligent,generative Q&A to assist maintenancesta? and customers, aiming to provide

enhanced service.

Re?ning key customer

engagement modelsTo ensure premium, continuousservice experience for key customers,the Company has adopted a one-stop, dedicated engagement model.

A triad of sales manager, technicalmanager, and project managerprovides ongoing service to keycustomers, with each specialisto?ering tailored service solutionsbased on speci?c customersituations and needs, ensuringprompt response and resolution of

customer requirements.

Enhancing ERP system

process operations

The Company has comprehensivelyreviewed and restructured existing businessprocesses within the ERP system, eliminatingunnecessary steps and streamliningprocedures to ensure e?ciency andrationality in each process. By integratingdi?erent business modules, automateddata ?ow is achieved, reducing manualintervention and error rates, signi?cantlyshortening response times, and markedlyimproving customer service satisfaction.Through enhanced ERP system processoperations, the Company has achieveddual improvements in communication and

management e?ciency.

Assignment

Follow-up and Feedback

Investigation and

Resolution

Summary and Improvement

Complaint ReceptionPreliminary Analysis

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

3334

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Responsible Marketing

Koal adheres strictly to relevant laws, regulations, and industry norms inits operational regions. In compliance with regulatory requirements, theCompany has implemented a rigorous review process and establisheda responsible marketing material review and supervision mechanism.This ensures that all marketing materials undergo approval by authorizedmanagement personnel before release. Products and materials provided tocustomers are accompanied by certi?cation from authoritative institutions.All customer case studies publicly display traceable customer names andcontact information, ensuring authenticity through stringent verificationprocesses. The products provided to customers, in conjunction with othercustomer products, form comprehensive information systems that canonly be activated for use after certification by authoritative departmentsfollowing system deployment. Furthermore, the Company regularlyconducts responsible marketing training for all employees involved inmarketing activities, providing guidance and mandating adherence toapproved messaging during external communications. This preventsthe dissemination of inaccurate, exaggerated, outdated, ambiguous,or undisclosed information. During the reporting period, the Companymaintained a clean record with no signi?cant marketing-related violations.

Analysis of CustomerPrivacy Protection Risks

Response StrategiesEnhance investment in anti-quantum cryptography and national cryptographicalgorithm upgrades, while actively participating in the formulation of industrystandards (e.g., cryptographic module security testing standards) to maintaintechnological leadership.O?er pre-deployment testing services on the customer side to proactively identifyand resolve adaptation issues.Reinforce product quality control throughout the entire lifecycle, constantlyimproving product quality and enhancing R&D and testing e?ciency.Establish industry-speci?c service teams to provide dedicated technical support forkey customers.Develop a remote operation and maintenance platform, leveraging AI technologyfor predictive fault detection and rapid response.

Core cryptographic technologyvulnerability risksProduct compatibility andadaptability risksQuality control risksAfter-sales supportcapability risks

Koal has implemented a multifaceted risk prevention and control system that encompasses data security product services,quality management, and customer response. Through systematic risk control, the Company ensures the robust security supportcapability of its cryptographic technology in critical sectors such as government a?airs, ?nance, and national defense, therebyproviding a reliable data security foundation for the development of Digital China.

Impact, Risk, and Opportunity Management

Indicators and TargetsAverage defect density of submitted product testversions < 20/KLOC

Target achievedActual average defect density: 16.96/KLOCTraining plan implementation rate ≥ 95%

Target achievedActual implementation rate: 100%Procurement material inspection pass rate ≥ 95%

Target achievedActual pass rate: 100%Product production process error detection rate < 10%

Target achieved

Actual error detection rate: 2.05%Test software recon?rmation rate ≥ 90%

Target achieved

Actual recon?rmation rate: 100%Customer service satisfaction rate ≥ 95%

Target achieved

Actual satisfaction rate: 98.2%

Indicator/Target2024 Target Achievement Status

Total duration of responsible marketing training

hours3,248.17Total attendance1,802

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

3536

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Protecting Data Security

Koal strictly adheres to relevant laws and regulations, including theCybersecurity Law of the People's Republic of China, theData SecurityLaw of the People's Republic of China, thePersonal Information Protection Law of the People's Republic of China, the State Security Lawof the People's Republic of China, and theMeasures for the Administration of Data Security in the Industry and Information TechnologySector (Trial Implementation). The Company has formulated internal policies and management norms, such as theInformation SecurityManagement System Manual, Network and Information Security Management System,andCon?dentiality Work Assessment and Rewardand Punishment System.These measures contribute to a comprehensive information security management framework and establish anautomated early warning mechanism for information security incidents, safeguarding the Company's information infrastructure, applicationsystems, products, and customer data.Koal has established a Con?dentiality Work Leading Group, integrating information security and con?dentiality practices into the businessprocesses of all departments. The group is led by Director Fan Feng, who bears overall responsibility for the Company's information securityand con?dentiality e?orts. Deputy leader Zhong Jian coordinates and promotes information security and con?dentiality initiatives. Underthe Confidentiality Work Leading Group, the Confidentiality Office manages daily confidentiality operations, while the General Officeoversees network and information security decision-making. Other departments are responsible for implementing information securityand con?dentiality measures within their respective domains, ensuring a standardized, orderly, and e?cient approach to the Company'sinformation security management.

As a pioneer and leader in China's information security digital trust sector, Koal consistently enhances its internal information securitymanagement system while providing robust security protection for customers. The Company has established comprehensiveconfidentiality protocols for both employees and the organization, ensuring data security for the Company and its clients. Koal hasdeveloped PKI infrastructure and created an all-encompassing information security, data security, and IoT security service framework.The Company has fully integrated its business systems, email platforms, cloud storage, and other digital assets, implementinggateway IDaaS single sign-on control. Leveraging its distinctive identity management technology and cryptographic applications, Koalcomprehensively manages online business and information flows across sales, procurement, production, customer management,financial management, and human resource functions. This enables secure remote access control in the cloud, establishes acomprehensive information security assurance system, and raises employees' information security awareness, fostering a safe andreliable information environment.Governance

Strategy and ApproachKoal adheres to the principle of "security ?rst, prevention as a priority." Drawing upon mainstream domestic and international regulatoryrequirements, general information security management system standards, and industry best practices, the Company has establisheda comprehensive information security and confidentiality management system. It constantly enhances its security managementframework for critical information infrastructure, implementing robust information security measures across policies, organization,personnel, infrastructure, and operations. Concurrently, the Company employs cutting-edge technological solutions to safeguard theintegrity and availability of internal data, thus ensuring comprehensive protection of the Company's information assets.

TheManagementBodies

TheExecutionBodies

Responsible for the daily organization andmanagement of con?dentiality work.Tasked with promoting and executing information security and confidentiality practices withintheir respective areas of operation.

Oversee decision-making and implementationof network and information security measures.Other Functional Departments

General O?ce and Information GroupCon?dentiality O?ce

Service Support System

Security Technology System

Security OrganizationalStructure

Personnel CapabilityRequirements

Professional De?nition

Security Policy System

CryptographyTrust SystemCryptographic SupportCryptographicApplications

Cryptographic Application

Incident Management

Establishing Security Supervision

Management System

Business Continuity

ManagementCompliance Management

Asset Management

Security OrganizationSecurity Strategy

Security Operation System

Pre-event Control

In-process Protection

Post-event Response

Implementation

Audit

Improvement

Detection

Response

Recovery

CryptographicObject Identi?cationAsset ValueManagementSecurity Risk Assessment

Situation Overview

MeasureSelection

PlanFormulationPlan Implementation and Drill

Risk Handling

SituationalAwarenessRisk HandlingRisk TracingRisk EarlyWarning

Avoidance Knowledge Base

Security Enhancement

Decision-making

SuggestionsRisk Monitoring

Trusted Cryptographic

ServicesResource TrustedMarkingResourceObject Management

Resource Authorization Control

Dynamic Trusted

Authentication

ScanningMonitoringEmergency Management

Recovery Mechanism

Penetration TestingAuditingIncident HandlingDisaster Recovery Measures

Tracing

Continuity

Terminal CryptographicCalculation ModuleTrusted Terminal Marking

Trusted Program Anti-counterfeiting Operation

Usage Object Marking

Local CryptographicCalculation Sandbox

Integrated Identity

Authentication

TerminalEnvironment

Anti-theft ofTransmission Tra?cSource Information

Encryption

Two-way TransmissionAuthenticationChannel Transmission

Protection

Video Encryptionand CompressionAnti-tampering ofTransmitted InformationNetworkCommunication

Boundary AccessAuthentication

Boundary Access

Control

Terminal Identity

Authentication

BoundarySecurity

Application Access

AuthenticationData Flow Veri?cation

Application AccessControlBehavior Accountability

Application Code

Signing

Application

Security

Data Flow ControlCentralized Data Control

Transparent DataEncryption/Decryption

DataControl

Security OrganizationSystem

The group leader bears overall responsibility for the Company's information security andcon?dentiality e?ortsOversee the implementation of information security and con?dentiality work responsibility systems,and address critical issues in these areas.Review and approve information security and con?dentiality management systems.Allocate human, financial, and material resources to support information security andcon?dentiality initiatives.

Con?dentiality Work Leading Group

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

3738

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Information Security Certi?cation and Audit

The Company actively pursues the development and implementation of robust information security management systems andqualification certifications. As of the end of the reporting period, the Company has successfully obtained ISO 27001 InformationSecurity Management System certi?cation and two con?dentiality quali?cations.In compliance with theMeasures for the Administration of Integrated Qualifications for Classified Information SystemsandCon?dentiality Standards for Integrated Quali?cations for Classi?ed Information Systems, the Company conducts regular and ad-hoc information security and confidentiality inspections through self-examination and in cooperation with regulatory checks. Acomprehensive audit of all information security and confidentiality matters is completed bi-annually. Additionally, the Companyundergoes aperiodic external inspections of information security by third parties, including government agencies. During thereporting period, the Company conducted two internal information security audits.

In September 2024, Koal underwent a specialized information security inspection conducted by the Network Security Corps ofShanghai Public Security Bureau. The inspection focused on two critical areas: network security and supply chain integrity. It involvedan in-depth analysis of the Company's network architecture, data protection systems, and information exchange processes acrossvarious supply chain stages to precisely identify potential vulnerabilities. In response to issues identi?ed in network security and supplychain aspects, the Company established a dedicated remediation team. This team rigorously adhered to the requirements outlinedin the remediation report issued by the Network Security Corps to develop comprehensive improvement plans. Key personnel wereactively assigned to attend meetings at the Network Security O?ce to stay abreast of the latest requirements, ensuring precise ande?ective remediation e?orts to foster a secure, stable, and e?cient operational environment.

Special Information Security Review by the Network Security Corps ofShanghai Public Security BureauCase

Furthermore, the Company regularly conducts con?dentiality supervision and inspections focusing on sensitive information and personnel.Bi-monthly self-inspections are mandated for personnel handling classified information, reinforcing the importance of adhering toconfidentiality requirements, conducting work in accordance with established protocols, and avoiding disciplinary or legal violations.Monthly self-inspections are scheduled for departments dealing with con?dential business. Department leaders implement and inspectcon?dentiality measures tailored to their speci?c business characteristics. Quarterly inspections are conducted on department leaders'implementation of confidentiality responsibilities, semi-annual checks on the confidentiality responsibility implementation of leadersoverseeing con?dentiality, and annual reviews of the General Manager's con?dentiality responsibility implementation. All supervision andinspection results are meticulously documented in con?dentiality inspection work records.

Information Security Management

Network Security ManagementThe establishment of private networks by any departmentis strictly prohibited. Network activation is conductedsolely by the O?ce Department following a comprehensivefeasibility study.Any unauthorized modification of company IP addressesor connection methods by departments or individuals isstrictly forbidden. Access to internal network systems byexternal personnel is rigorously controlled.

Equipment Security Management

The Company provides computer equipment forinternal use. Employees are required to refrain fromunauthorized exchange or disassembly of equipmentand must maintain a clean, safe, and optimal workingenvironment for all computer equipment.Employees must strictly adhere to safety protocolsand proper usage guidelines for computer equipment,including startup and shutdown procedures, and areheld responsible for the security of the computers andrelated equipment under their use.File Storage EncryptionStorage of critical company documents on the C drive(including desktop) is prohibited. Such files must beregularly backed up and stored in designated departmentfolders on the company file server, with each departmentoverseeing review and security management.Upon an employee's departure, the department head isresponsible for transferring all work-related materials to theappropriate department folderEncryption is mandatory for files containing sensitiveinformation. Electronic versions of company certificates,official letters, and other critical documents must includeexplanatory watermarks or purpose annotations. Individualsresponsible for improper handling or usage resulting ininformation leaks or losses will be held fully accountable.

Information Con?dentiality Management

Company sensitive information is managed underthe principle of "strict management, tight prevention,ensuring security, facilitating work," with complete andsecure handover procedures enforced at every stageInformation transmission must be carried out bydesignated personnel in accordance with establishedprotocols. Transmission through ordinary postal or courierservices is strictly prohibited.Prior to leaving their position or the Company, employeesare required to return all classi?ed materials. Further exitprocedures can only be initiated after confirmation ofcomplete return.The destruction of classi?ed materials must be supervisedby at least two individuals and processed at designatedsecure locations.

Information Security Enhancement Technologies and PlansIn 2024, the Company undertook a comprehensive upgrade of its internal security protection systems, significantly elevatingoverall network security levels to safeguard corporate information assets. To further bolster internal information security protectioncapabilities, the Company has formulated a strategic information security enhancement plan for the upcoming year. This planincludes: i) further optimization of existing security strategies to address increasingly sophisticated and covert attack methods;ii) regular review and update of security policies to maintain their e?ectiveness; iii) exploration of AI-based security tools, suchas automated threat detection and response systems, to enhance the intelligence level of security protection; and iv) leveragingmachine learning and big data analysis technologies to improve the accuracy and response speed of threat detection.

Delineate network access security zones: Strategically

relocate relevant network security access devices todesignated security zones and apply more stringentnetwork policies.

Restrict high-risk port usage: Prohibit the use of

commonly vulnerable and virus-prone ports such as139, 445, 3389, etc.

Enhance basic protection of internal systems:

Strengthen SSH con?gurations across systems, avoidusing default ports, and disable unnecessary services(e.g., tcpforward). Implement robust IP whitelistmechanisms for core systems to strictly control accesspermissions and mitigate the risk of lateral movement.

Strengthening Internal Network Isolation

Deploy WAF systems: Protect OA portals, remote access,

and other critical systems from common Web attackssuch as SQL injection and cross-site scripting (XSS),ensuring comprehensive Web application security.

Optimizing Rapid Response

Deploy XDR systems and increase honeypot nodes:

Implement comprehensive monitoring of internalbusiness systems and o?ce computers through XDRsystem deployment for rapid intrusion detection. XDRsystems provide holistic security event detection andresponse capabilities, swiftly identifying potentialthreats through automated analysis and correlation.

Strengthen behavior auditing: Enable transparentterminal IP functionality for internal wireless networksand remote access VPNs. Integrate access logs of criticalbusiness systems and DMZ demonstration systems intoa centralized log audit system. Continuous monitoringand analysis of terminal behavior enable real-timedetection and alerts for anomalous activities.

Enhancing Monitoring and Traceability

Minimize external network mapping ports:

Systematically close long-unused temporary portsand implement stringent source IP and validity periodrestrictions for newly opened temporary ports. Regularlyreview and update port mapping policies to ensure onlynecessary ports are exposed externally.

Phase out legacy systems: Eliminate obsolete network

devices like OpenVPN and WireGuard that are no longermaintained, and uniformly migrate to 7-series securityauthentication gateways and IPSec VPN gateways toenhance overall system security and stability.

Reducing Attack Surface

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

3940

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Privacy and Data Security

Koal adheres to the principle of "minimal data collection," systematically storing customer information in a robust ERP system. Thisapproach is integrated with the Company's internal information security management system, ensuring both data integrity andcon?dentiality. The system incorporates role-based access controls, applies data masking techniques to critical customer information,and utilizes cryptographic products certi?ed for commercial con?dentiality detection to provide multi-layered protection.

Development of Information Security Culture

The Company enhances employees' information security awareness and fosters a robust corporate information security culturethrough various channels, including educational campaigns, training sessions, reports, and knowledge competitions. Furthermore,the Company integrates confidentiality education into its comprehensive training plan, disseminating crucial confidentialityknowledge and analyzing current confidentiality work situations during these sessions. This helps employees heighten theirawareness, clarify their responsibilities, and strengthen their commitment to confidentiality. The Company regularly conductscon?dentiality examinations to evaluate training e?ectiveness, enabling employees to gauge their understanding of con?dentiality-related knowledge and incorporate confidentiality practices into their daily work routines. During the reporting period, theCompany conducted four information security and con?dentiality training sessions.Total duration of informationsecurity training

hours

Total attendance in informationsecurity training

Key Performance

For new employees, the Company provides comprehensive confidentiality awareness training, requiring them to pass aconfidentiality entry exam before commencing employment. New hires are also obligated to sign confidentiality agreements,which explicitly prohibit the disclosure of any information related to company business and clients. Business personnel are strictlyforbidden from disclosing customer information, work notes, reports, quotations, invoices, and labor contracts. Developers andimplementation sta? are prohibited from revealing source code, system design documents, database structures, and data. Duringthe reporting period, the Company organized a company-wide specialized con?dentiality training program themed "StrengtheningConfidentiality Awareness, Building a Solid Security Defense Line." The final assessment following the training yielded animpressive average score of 97 points across all employees, signi?cantly enhancing the con?dentiality awareness and informationsecurity protection capabilities of the entire workforce.

Data Privacy Protection Awareness

Project Information Con?dentiality AwarenessProactive Knowledge Maintenance and Updates

Authentication and Access Management Awareness

Employees are educated on the purpose of regulartraining, which is to enhance their understanding ofdata privacy protection and the critical importanceof safeguarding information security. They areencouraged to internalize and implement theconcept of protecting customer data privacy andsecurity while providing services.

Employees are thoroughly educated on thesensitivity of all project-related information(including project contracts, proposals, data,working papers, and reports) and that access isrestricted to employees with appropriate credentialsand permissions. For classi?ed projects, employeesare made acutely aware of the crucial role ofthe Con?dentiality O?ce and the importance ofimplementing stringent con?dentiality requirementsthroughout the entire project lifecycle.

Through regular and comprehensive training,employees are kept abreast of the latest securitypolicies and best practices. They are also taughthow to e?ectively apply this knowledge to enhancework e?ciency while maintaining security.

Employees are instructed that their digitalcerti?cates are vital symbols of identity and mustbe diligently safeguarded to prevent unauthorizedaccess. They are made to understand that systempermissions for di?erent positions are preset, andthey should only access information and resources

within their authorized scope.

Data Backup

The Company employs a strategic combination of full and incremental backup methodologiesto perform regular backups of data across all critical systems. This includes internal networkinfrastructures, operational platforms, portal websites, corporate email servers, and ERPsystems, to ensure optimal data recovery capabilities in the event of system failures.

Data Flow Control

Backed-up data ?les are subject to stringent safeguards to prevent unauthorized copyingor destruction. The extraction of databases from the system without proper authorizationis strictly prohibited.

Encrypted Storage

The system supports encrypted storage for sensitive data ?elds, encompassing personalinformation, sensitive personal information, and enterprise-critical data.

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

4142

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Impact, Risk, and Opportunity Management

Koal consistently re?nes its information security and con?dentiality risk management mechanisms. The Company has implementedtheInformation Security Risk Management ProcedureandConfidentiality Management System,establishing robust protocols forongoing information security risk control. This approach ensures early detection and prompt handling of potential risks.

The Company adheres to the principle of "prevention-focused, enhanced monitoring; people-oriented, collaborative defense;standardized operations, constant vigilance." A robust mechanism for preventing and responding to information security andconfidentiality incidents has been established. Koal has formulated detailed institutional process documents, including theInformation Leakage Incident Emergency Response Plan, which standardizes emergency response processes and measures forvarious security incidents. This signi?cantly enhances the Company's ability to respond e?ectively to emergencies. To bolster itsinformation security defense capabilities, the Company conducts regular emergency drills and attack-defense exercises as part ofits routine operations. During the reporting period, Koal conducted one comprehensive information security and attack-defenseemergency drill.

Information Security Risk Prevention Measures

Enforce robust password security protocols, including mandating strong passwords, implementing two-factorauthentication, and requiring periodic password changes.Conduct regular system scans for updates and promptly install new patches to address identi?ed vulnerabilities.Restrict software installation to o?cial or trusted sources only, minimizing malware risks.Enhance network perimeter protection through advanced firewall software or hardware to monitor intrusions andrestrict unauthorized access e?ectively. Implement dual-factor authentication and access control lists to ensure networkaccess is limited to authorized users only. Utilize secure protocols (e.g., HTTPS) to encrypt sensitive data transmission,preventing man-in-the-middle attacks and data theft.Establish regular data backup and emergency recovery plans, storing backup data o?ine in secure locations to ensurerecovery in case of damage. Deploy o?ine backup devices for critical data.

Risk Identi?cation

Identify risks for eachof the Company'srecognized assets basedon the con?dentiality,integrity, and availabilityrequirements of theinformation theycontain. Compile acomprehensive riskinventory.

Risk Analysis

Following riskidenti?cation,conduct analysesand descriptions ofpotential impactsfrom realized risks.Employ relevant riskcalculation methodsto quantify risk values.

Risk Assessment

Evaluate risk analysisresults againstestablished riskcriteria to determinerisk acceptabilityor necessity fortreatment. Documentthe entire riskassessment processfor future reference.

Risk Treatment

Implement targeted preventivemeasures for each identi?edrisk point, strictly adhering tospeci?ed countermeasures tomitigate the probability of riskoccurrence.Conduct research oncon?dentiality risk assessmentmanagement to enhance overallcon?dentiality managementstandards and proactivelymanage potential risks.

Product Lifecycle Security ManagementThe Company integrates rigorous information security requirements throughout the entire product development and designprocess. This establishes a comprehensive information security management system that spans the full product lifecycle, creatinga robust protective framework for all company o?erings.

Security Deployment

and OperationsHarden products and operational environments based onsecurity hardening guidelines.Strengthen vulnerability management for live networkcomponents through daily updates on the latest open-source component vulnerabilities, proactively reducingpotential security risks.Establish robust vulnerability alert and handlingprocesses, track product vulnerability risks, andimplement a tiered emergency response system based onvulnerability risk levels.

Security Testing

Re?ne the security testing framework, augmentingsecurity test case design and multi-language security codeexamples to ensure increasingly rigorous and e?ectivetesting processes.Employ a hybrid approach combining automated toolscanning with manual penetration testing to ensureproducts meet security red line requirements.Integrate penetration testing into the release process forkey projects, enhancing pre-launch security assurance.Implement pre-release host checks to ensure all-in-one machines are optimally con?gured and hardenedaccording to security guidelines.

Enhance security training programs toelevate employees' security awareness andtechnical pro?ciency.Implement a routine code auditing systemincorporating security self-inspection, statictool scanning, and manual code review.

Identify sensitive data using a security red linechecklist and determine appropriate protection levels.De?ne compliance requirements, including Level 2Protection standards and industry-speci?c regulations.

Security Requirements

Transform security requirements into technicalsolutions based on established security red lines.Conduct peer reviews to ensure comprehensivecoverage of all security requirements.

Security Design

Security Development

Execute e?ective open-source software governance, i.e., fulllifecycle control + deployment package vulnerability + licensescanning, to ensure product safety and regulatory compliance.Initiate the application of AI-assisted security developmenttechniques, such as intelligent coding assistants, to addresspotential security issues.

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

4344

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Information Security Incident Emergency Response Process and Measures

Indicators and Targets

Koal establishes its information security objectives and strategies based on its information security policy. To ensure businesscontinuity and maintain secure, stable operations, the Company translates information security requirements into actionable andmeasurable objectives across various organizational levels. The achievement of these objectives is directly tied to performanceincentives for the Company's management team.

Controlled information leaks: No more than 3 incidents/year

Target achievedNo controlled information leak incidents occurred.Con?dential information leaks: Zero incidents/year

Target achieved

No con?dential information leak incidents occurred.Loss of critical information equipment: Zero incidents/year

Target achieved

No incidents of critical information equipment loss occurred.Information security/IT service training coverage throughoutthe year: 100%

Target achieved

All personnel received information security/IT service training.Cumulative large-scale internal network (60% coverage)downtime: Less than 120 minutes/year

Target achieved

No large-scale internal network (60% coverage) downtime

exceeding 120 minutes occurred.Large-scale virus outbreaks (60% of computers infected): Nomore than 1 incident/year

Target achieved

No large-scale virus outbreaks (60% of computers infected)

occurred.Major service/information security incidents: Zero incidents/year

Target achieved

No major service or information security incidents occurred.System and equipment availability: Maintained at 99% orhigher

Target achieved

System and equipment availability remained above 99%.Con?dentiality breach incidents: Zero occurrences

Target achieved

No con?dentiality breach incidents occurred.

Indicator/Target2024 Target Achievement StatusIncidentDiscoveryand InitialResponse

Anomaly Detection: Monitor servers for anomalies such as potential hacker attacks or unusualprocesses. Conduct preliminary assessments to determine if an intrusion or information leakage hasoccurred.Emergency Plan Activation: Upon con?rmation of an intrusion or leakage, immediately initiate theemergency response plan.

Business Impact Evaluation: Assess whether a?ected servers are critical to business operations. If

operations remain una?ected, promptly take servers o?ine. In cases where business operations areimpacted, escalate to supervising leadership and implement network isolation protocols, includingdisconnecting external network access.

Investigation

and LeakCon?rmation

Log and File Examination: Inspect database operation logs, server processes, network logs,and suspicious ?les to con?rm the extent of information leakage. Upon discovery, promptlyreport ?ndings to leadership and assemble a dedicated emergency response team.

Critical Evidence Preservation: Back up all logs, malicious ?les, and attack traces. In severe

cases, escalate the matter to appropriate law enforcement authorities.

Leak Source Identi?cation: Conduct analysis of leaked data to pinpoint the source, includingattack vectors and vulnerabilities. Address and rectify identi?ed security weaknesses.

Emergency

Handlingand System

Recovery

Threat Elimination: Remove viruses, trojans, and attack files. Implement security measures on

compromised servers. Conduct thorough checks on all connected systems to prevent pivot attacksor secondary leaks.System Forti?cation: Update all vulnerability patches, implement encryption for core data, rectifyhigh-risk systems, and establish security baselines.Recovery and Enhanced Monitoring: Restore network connections after con?rming system security.Implement heightened monitoring protocols, with particular emphasis on database access logs.

Post-IncidentManagementand Compliance

Reporting

Incident Documentation and Archiving: Compile detailed incident reports, documenting leakedcontent, potential harm, mitigation measures implemented, and responsible personnel involved.Compliance Reporting: Ensure responsible departments submit written reports to the Company'sCon?dentiality O?ce and leadership group within 24 hours of leak discovery. The Company mustprovide written noti?cation to the Shanghai Secrecy Administration Bureau within 24 hours andsubmit investigation results within 3 months.Internal Leak Handling: For unintentional leaks, follow established virus handling proceduresfor equipment and intensify employee training programs. In cases of intentional leaks, restrictinvolved employees' account privileges, collect log evidence, and, in severe cases, refer the matterto relevant national authorities for further action.Continuous Improvement: Regularly conduct emergency plan drills, and critically assess andrevise operational procedures as needed. Implement encryption storage and leak preventionmeasures for all critical data.

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

4546

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Sustainable Supply ChainKoal consistently enhances its supply chain management system by developing and strictly adhering to policies such astheQualified Supplier SystemandProcurement Management Process.These policies govern the entire lifecycle of supplierrelationships, from admission to evaluation and exit, while fostering robust long-term communication mechanisms with suppliers.This e?ectively mitigates potential risks in the supply chain and promotes sustainability.

The Company has implemented the Supply Chain Continuity Assurance Measures, employing various strategies to bolster supplychain risk management.

Koal integrates sustainability requirements into supplier collaborations, guiding partners to consistently improve their sustainabilityperformance through procurement contracts, tender requirements, and other formal documents, thereby strengthening supplierESG management. We incorporate ESG criteria such as environmental considerations, business ethics, product quality, andcompliant employment practices into supplier evaluation indicators. Suppliers are required to sign documents including the

Integrity Agreement, Partner Integrity and Honesty Commitment Letter, and Supplier Product Quality Assurance Agreementtostandardize supplier ESG management practices.

Supplier Lifecycle Management

Enhancing Supply Chain Resilience

ESG Management in the Supply Chain

With reference to the TORDC Evaluation Criteria, the Company conducts annual supplier performanceevaluations based on suppliers' comprehensive performance throughout the year. The results aredocumented in the Supplier Annual Performance Assessment Form and the Supplier Evaluation RecordForm. A Preferred Supplier Evaluation Form is also completed to provide a thorough assessment ofsupplier performance.Supplier

Audit

Based on the annual supplier performance assessment forms, the Company implements a detailed tieredand categorized management approach for suppliers. This is done in strict accordance with the scoringstandards outlined in the Quali?ed Supplier Evaluation System. The assessment comprehensively considerssuppliers' performance across various aspects, including quality, delivery, and service.Tiered andCategorizedManagement

The Company implements a comprehensive supplier evaluation process based on clearly de?ned scoringcriteria. This assessment incorporates data from the annual supplier performance evaluation reports.For suppliers who do not meet speci?ed standards, we initiate a replacement procedure to ensure thecontinued stability of our supply chain and maintains the high quality of our products and services.SupplierExit

Suppliers are classi?ed into three priority levels (A, B, C) and three categories based on material importance.The selection and evaluation of project suppliers is a collaborative e?ort involving procurement personnel,project managers, and ?nancial managers, with procurement personnel taking the lead. The team assessessuppliers based on the Company's Preferred Supplier List and TORDC Evaluation Criteria, considering ?vekey dimensions: technology and technical services, quality, responsiveness, delivery performance, andmaterial cost.SupplierAdmission

Total number of suppliers

Total number of domestic suppliers

Key Performance

Conduct thorough risk assessments for criticalsuppliers and evaluate potential risks associatedwith natural disasters or political instability.Establish a robust risk management plan and aneffective emergency response system for supplychain disruptions.

Conduct monthly inventories of raw materials inwarehouses, promptly updating records after eachcount. Perform daily checks of inventory quantitiesagainst established safety stock levels, withimmediate notification to relevant procurementpersonnel if quantities fall below or exceed speci?edthresholds. Upon receiving low or high stock alertsfrom warehouse managers, swiftly liaise withsuppliers based on actual production requirements.Maintain a minimum 1.5-month safety stock foritems with extended procurement cycles or limitedproduction capacity.

Document high-frequency disruption points andissues within the supply chain. Assess suppliers'organizational scale, monitor supplier materialquality data, and regularly review response ratesto quality issues.

Regularly monitor the qualification statusand any negative information regarding keyinformation system technology service providers.If monitoring reveals adverse information thatcould impact a service provider's operations,relevant system managers should promptlyreport and assess the situation, preparingappropriate contingency measures. Incorporatecomprehensive contingency plans for suddensupplier issues into the Company's emergencymanagement framework to enhance overallsupply chain resilience.

Develop a comprehensive supply chain

risk management plan

Establish safety

stock levels

Forecast risks across supply chain stages

Implement an emergency mechanism for

supply chain disruption risks

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

4748

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

The Company places significant emphasis on supplier capacity building and supports suppliers in improving product qualitythrough targeted training and assistance, with the aim of jointly building a mutually bene?cial supply chain system. During thereporting period, Koal conducted two comprehensive training sessions for suppliers.

Empowering Suppliers

In 2024, Koal organized two supply chain ESG training sessions for suppliers. These sessions systematically sharedESG management practices, covering crucial topics such as supply chain environmental responsibility, anti-corruptionnorms, and business ethics standards, enhancing collaboration in environmental protection, social responsibility,and governance capabilities. During on-site visits, the Company conducted thorough examinations of suppliers'green factory initiatives. Through productive exchanges on green manufacturing technological innovations andenvironmental management experiences, the initiative provided bilateral empowerment for optimizing green supplychain development.

Supply Chain ESG Training and ExchangeCase

In November 2024, Koal and Huawei formalized their collaboration in the HarmonyOS ecosystem by signing a HarmonyOSMemorandum of Cooperation at the Enterprise Essential Applications HarmonyOS Forum. As a Huawei Kunpeng native

Partnering with Huawei to Build a Secure EcosystemCase

Industry Ecosystem DevelopmentKoal is acutely aware of its responsibility and obligation to promote industry development. While focusing on its core business,the Company actively contributes to building the industry ecosystem through various strategic initiatives, including enterprisecooperation, educational outreach, industry talent cultivation, and active participation in in?uential industry forums.Industry CollaborationKoal places a high value on collaborative development within the industry. The Company has forged a strategic partnershipwith Huawei to build a robust security ecosystem and joined forces with Guotai Junan Securities Co., Ltd. to promote the large-scale application of domestic cryptographic technologies, accelerating the process of replacing imported technologies withdomestically controlled alternatives. Additionally, the Company leverages its entry into the commercial cryptography industrialpark as a strategic opportunity to integrate upstream and downstream resources, fostering a powerful industry cluster e?ect. Koalis also deeply involved in Shanghai's information technology innovation initiatives, driving the leap from pilot projects to full-scaleimplementation of domestic technologies across various sectors.

At Guotai Junan Securities's 2024 Financial TechnologyCulture Festival forum, Koal entered into a comprehensivestrategic cooperation agreement with Guotai JunanSecurities Co., Ltd. Both entities are committed to deepeningcooperation in capital and technology domains, harnessingtheir respective expertise and resources to jointly advanceinnovative applications and development of commercialcryptographic technology within the securities industry.Moving forward, they will explore novel scenarios and pilotapplications of cutting-edge cryptographic technologyin the securities sector, collaboratively promoting theimplementation and evolution of high-security, domesticallycontrollable products based on national cryptographicsystems in critical areas such as ?nance.

Collaborating with Guotai Junan Securities to Promote Domestic Cryptographic ApplicationsCase

In October 2023, Koal's newly acquired headquarters, situated in the G60 Commercial Cryptography Industrial Base A2in Shanghai's Songjiang District, was completed and became operational. This industrial base represents a science andtechnology innovation and application demonstration site, implemented by Shanghai to foster the development ofthe commercial cryptography industry. It aligns with national guidelines on cryptographic application and innovativedevelopment, under the framework of the Yangtze River Delta integration strategy. By establishing its Shanghaiheadquarters in this strategic location, the Company positions itself to bene?t from industry cluster e?ects, facilitatingtechnical exchanges, fostering cooperation, and driving innovation with related enterprises, ultimately enhancing theCompany's brand recognition and market in?uence.

Joining Industrial Park to Leverage Industry Cluster E?ectsCase

development partner, Koal will leverage the Kunpenghardware infrastructure, openEuler systems, and theKunpeng DevKit development toolkit to focus on constructingrobust network security trust systems. The Company willdevelop native cryptographic applications tailored for keysectors, including government agencies, military and defenseindustries, and financial institutions. Koal aims to createcutting-edge digital asset security solutions for the Kunpengarchitecture while constantly optimizing commercial softwareperformance, thereby contributing to the development of ane?cient, stable, and innovative data security ecosystem.

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

4950

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Since 2019, Koal has proactively responded to governmental directives by establishing and operatingthe Shanghai Information Technology Application Innovation Engineering Adaptation Center,supporting Shanghai's Party and government information technology innovation reform initiatives.As the project transitioned into a normalization phase, the adaptation center evolved into theShanghai Information Technology Application Innovation Comprehensive Service Center in early2022. While maintaining core services such as innovation adaptation, engineering veri?cation, andpromotional training, the center has significantly enhanced its capabilities in after-sales support,talent cultivation, and security early warning systems. It provides comprehensive support forinformation technology innovation work across Party and government entities and has graduallyexpanded its services to industry users. In March 2022, the Shanghai Municipal Health Commission'sInformation O?ce designated the center as the sole authorized adaptation certi?cation institution forShanghai's medical industry. As of December 2024, the center has processed adaptation applicationsfor 855 products from 171 manufacturers, with 614 products from 131 manufacturers successfullycompleting adaptation certi?cation and receiving o?cial validation reports.

Promoting Shanghai's Information Technology Innovation DevelopmentCase

Koal actively engages in educational initiatives promoting cryptographic security. The Company participated in the"Cryptographic Security in Government Agencies" event, a key component of the National Security Education Day, heldat the Information Plaza in Henan Province. Organized by various government and industry bodies, the event featuredKoal alongside over 20 cryptography companies in a dedicated exhibition area. The companies showcased cutting-edgeapplications and practical outcomes of commercial cryptography in government affairs, emphasizing the critical role ofcryptographic security as a cornerstone of information security. This initiative not only enhanced government officials'understanding and proper usage of cryptographic security but also promoted the widespread adoption and development ofcommercial cryptographic technology, signi?cantly contributing to the security of government a?airs information.

Participating in National Security Education Day ActivitiesCase

Koal has developed a distinctive cryptography exhibition hall, creating an immersive educational platform with diverse zonesfocused on cryptographic technology applications and industry education. The hall is strategically divided into four primaryfunctional areas. The model solution display area systematically presents real-world implementations of cryptographictechnology in government a?airs and urban governance through various models, including the General O?ce of the CPC CentralCommittee model, the Changning model, and two Shanghai-speci?c models. The application display area visually demonstratesindustry chain collaboration results through ecosystem partner logos, adaptation scenarios (e.g., ?nancial systems, governmentplatforms), and advanced security products (e.g., root certi?cate issuance systems, key management systems). The innovativebusiness display area highlights cutting-edge technologies and products such as video conferencing equipment and cloud-based solutions. Through scenario-based presentations, ecosystem synergy, and interactive experiences, Koal's cryptographyexhibition hall comprehensively promotes understanding and awareness of cryptographic technology among visitors.

Company Cryptography Exhibition HallCase

In collaboration with industry experts, Koal has authoredLittle Crypto's Adventures in theFour Great Classical Novels.This innovative work ingeniously uses China's four great classicalnovels as a backdrop to craft engaging storylines that allow readers to enjoy the narrative whilegaining a more intuitive and profound understanding of cutting-edge developments in China'sinformation security ?eld. The book artfully showcases the information security stories behindChina's quantum cryptography, resulting in a comprehensive read that seamlessly combinestechnical knowledge, entertainment value, and educational content.

Collaborative Authorship of Little Crypto's Adventures in the Four Great Classical NovelsCase

Educational Outreach

Koal actively engages in educational outreach initiatives focused on cryptographic security knowledge, enhancing public awarenessthrough innovative online and offline popular science promotions. The Company has developed a professional cryptographictechnology exhibition hall, employing interactive and scenario-based methods to educate the public about the practical applicationsand security concepts of cryptographic technology. Furthermore, the Company has collaborated with industry experts to createLittleCrypto's Adventures in the Four Great Classical Novels, an engaging and accessible series that interprets complex cryptographicknowledge for a younger audience. This initiative aims to spark interest in cryptographic technology among young people, nurturingpotential talent for the industry's long-term development.

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

5152

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Koal actively participates in industry talent cultivation. In partnership with the Shanghai Information TechnologyApplication Innovation Comprehensive Service Center and Shanghai Technical Institute of Electronics & Information, theCompany has co-established the ?rst-of-its-kind information technology innovation training room in Shanghai's highervocational colleges. This cutting-edge facility not only serves the college's information technology innovation curriculumand research needs but also provides advanced teacher training for secondary and higher vocational colleges andindustry professionals. It o?ers a dynamic platform for deep integration of industry, academia, research, and practicalapplication. By leveraging the strengths of higher vocational colleges, the information technology innovation industry,and leading manufacturers, the Company, along with other partner enterprises, cultivates application-oriented talentsthat meet evolving industry needs, signi?cantly contributing to the high-quality development of vocational education.

Co-establishing an Information Technology Innovation Training RoomCase

Koal hosted an immersive visit for students from Shanghai Dianji University, providing a meaningful hands-on experience forstudents in the Software Engineering Excellence Program. During the visit, students gained insights into Koal's development

Hosting Student Visits from Shanghai Dianji UniversityCase

Industry Talent CultivationKoal places a strong emphasis on cultivating industry talent through systematic training and evaluations, school-enterprisecooperation, and integration of production and education to inject new vitality into the industry. During the reporting period, theCompany nurtured a total of 216 information technology innovation talents through comprehensive training and assessments,including 22 internal and 194 external participants. Additionally, the Company co-established an information technologyinnovation training room with Shanghai Technical Institute of Electronics & Information.

In June 2024, Koal, as a vanguard in the commercial cryptography industry, showcased its groundbreaking achievementsin post-quantum cryptography at the 10th CSITF. The Company unveiled the nation's first comprehensive post-quantumcryptography solution, a milestone in the ?eld. This cutting-edge solution incorporates core products such as quantum-safeVPNs and quantum-safe key management systems, featuring critical functionalities including secure networking and advancedkey management. Notably, it has pioneered in successfully passing the rigorous PQC application system upgrade veri?cationtest conducted jointly by the CAICT and VIAVI, achieving seamless transition to post-quantum cryptographic algorithms.Furthermore, the Company exhibited innovative applications that synergize cryptographic technology with frontier ?elds suchas AI, blockchain, and privacy computing. Through engaging keynote speeches at the data element sub-forum, interactivecryptography education experiences, and targeted regulatory promotion, the Company signi?cantly raised public awareness ofthe value of commercial cryptography technology and catalyzed a deeper understanding within the industry.

Participation in the 10th China (Shanghai) International Technology Fair (CSITF)Case

In July 2024, Koal, as a pioneer and leader in China's information security and digital trust domain, co-organized the InformationTechnology Innovation Application Work Exchange Meeting at the Global Digital Economy Conference 2024. This high-profileconference addressed critical issues such as deepening digital cooperation, coordinating aid to Tibet, bridging the digital divide

Co-organizing the Information Technology Innovation Application Work Exchange Meeting at the

Global Digital Economy Conference 2024Case

Industry ExchangeTo swiftly gain insights into the latest industry developments, policy changes, and market trends, Koal actively engages in a wide range ofindustry forums and academic exchanges. The Company has strategically joined multiple industry associations and academic alliancesto forge close business connections, expand collaboration opportunities, and contribute signi?cantly to industry development throughshared resources. During the reporting period, Koal participated in 37 diverse industry exchange activities. As of the end of the reportingperiod, the Company had joined a total of three national-level academic societies and industry alliances.

between eastern and western regions, and stimulating digital culturaltourism consumption. The Company's Deputy Chief Engineer,Lang Wenhua, delivered a keynote report titled "New GenerationDigital Trust System Architecture and Practice." This presentationsystematically elucidated Koal's technological advancements andpractical achievements in the digital trust ?eld, thereby contributingsignificantly to industry-wide digital transformation efforts andfostering the robust development of the digital economy.

trajectory, corporate achievements, and research directions.They also acquired in-depth knowledge of cryptographictechnology principles and their real-world applicationscenarios. Furthermore, through lectures organized by theInformation Technology Innovation Center, the Companyinspired students to focus on the development of domestictechnologies and actively support China's burgeoninginformation technology industry through practicalengagement, aiming to nurture the next generation ofinformation technology talents.

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations

5354

2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

E?cient andRobust Operations

Contributing to the UN SDGs

Corporate GovernanceRisk and Compliance ManagementBusiness Ethics and Anti-CorruptionParty Leadership

Corporate Governance

Koal adheres to a comprehensive set of laws and regulations, including theCompanyLaw of the People's Republic of China, theSecurities Law of the People's Republicof China, theCode of Corporate Governance for Listed Companies, theListingRules of the Shanghai Stock Exchange, and theGuidelines No. 1 of the ShanghaiStock Exchange for Self-regulation of Listed Companies — Standardized Operation.In alignment with itsArticles of Associationand other normative documents, theCompany has established a governance structure that ensures clear responsibilities,independent operations, and e?ective checks and balances. This structure comprisesthe General Meeting of Shareholders, the Board of Directors, and the Board ofSupervisors. The governance system delineates distinct responsibilities amongthe power organ, decision-making body, supervisory body, and executive body.This arrangement fosters coordinated operations and mutual oversight, constantlyenhancing corporate governance efficiency. The General Meeting of Shareholders,consisting of all shareholders, serves as the highest authority. The Board of Directorsoversees strategic decisions and daily operations, while the Board of Supervisorsmonitors the Board of Directors and management. Through clear division ofresponsibilities and e?cient collaboration, these bodies collectively ensure scienti?cand standardized corporate governance, safeguarding the interests of both theCompany and its shareholders. During the reporting period, Koal further re?ned itsgovernance mechanisms. The Company introduced new guidelines, including theESG Committee Implementation Rulesand thePublic Opinion Management System.Additionally, it revised existing protocols such as theBoard of Directors Rules ofProcedureand theIndependent Director System. These actions aim to enhance thescienti?c nature, standardization, and transparency of corporate governance.The nomination and selection process for governance body members, includingdirectors and supervisors, strictly adheres tothe Company Law of the People'sRepublic of China and Koal's Articles of Association. This approach ensures bothfairness and professionalism in appointments. While the Board of Directors'membership remained unchanged during the reporting period, its scope ofresponsibilities expanded with the establishment of the ESG Committee.

Organization Chart

Board of SupervisorsBoard of Directors

Remunerationand AppraisalCommitteeStrategyCommittee

ESGCommittee

AuditCommittee

NominationCommittee

As the Company's supreme authority, the General Meeting of Shareholders is responsiblefor reviewing annual budgets and financial reports, electing or replacing directors andsupervisors, approving profit distribution plans, and making critical company decisions. Itoperates in compliance with regulations such as theRules for the Shareholders' Meetings ofListed Companiesand Koal's ownRules of Procedure for General Meeting of Shareholders. Themeetings combine on-site and online voting to ensure the protection of shareholders' rights.

general meetings of shareholders were held during the year, at which resolutionswere reviewed and approved.

Accountable to the General Meeting of Shareholders, the Board of Directors' responsibilitiesinclude convening general meetings of shareholders, formulating business strategies,preparing budgets and ?nancial reports, proposing pro?t distribution plans, and structuringinternal management. The Board operates through ?ve specialized committees: the StrategyCommittee, the Audit Committee, the Nomination Committee, the Remuneration andAppraisal Committee, and the ESG Committee. These committees handle specific Board-authorized matters and provide expert advice for decision-making.Mr. Zhang Keqin, an independent director, serves as the chair of the Audit Committee. Mr.Ma Lizhuang, also an independent director, serves as the chair of both the NominationCommittee and the Remuneration and Appraisal Committee. Independent directorsconstitute the majority and serve as chairs in the Audit Committee, the NominationCommittee, and the Remuneration and Appraisal Committee, ensuring professionalism andindependence in the decision-making process.The Board of Directors convened meetings over the year, during which resolutionswere reviewed and approved, with a % attendance rate among all Board members.

Over the year, Audit Committee meetings, Nomination Committee meeting,Remuneration and Appraisal Committee meetings, and Strategy Committee meetingwere convened, contributing effectively to the advancement of the Company's strategicdevelopment goals.

Reporting to the General Meeting of Shareholders, the Board of Supervisors oversees thelegality of the Company's ?nancial and operational activities. Its duties include inspecting?nancial conditions, monitoring the conduct of directors and senior management, attendinggeneral meetings of shareholders, and ensuring legal compliance in the performance ofduties by ?nancial personnel, directors, and senior management. The Board plays a crucialrole in protecting the legal rights and interests of both the Company and its shareholders.

The Board of Supervisors convened meetings over the year, during which resolutionswere reviewed and approved.

Board ofSupervisors

GeneralMeeting ofShareholders

Board of

Directors

Corporate Governance System

General Meetingof Shareholders

5758

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Koal is committed to fostering a diverse Board of Directors. The Company places great emphasis on the backgrounds, skills, andprofessional expertise of Board members, aiming to integrate various perspectives and experiences to guarantee well-informedand efficacious Board decisions. The Board consists of nine members, comprising six non-independent directors and threeindependent directors. These Board members bring a wealth of interdisciplinary knowledge and extensive industry experience,spanning multiple fields including information technology, risk management, finance and accounting, law, and finance. Thiscomposition re?ects a balanced representation of experience, background, and professional capabilities within the Board. TheChair of the Audit Committee possesses a strong professional accounting background, while several directors have extensivepractical experience in risk management and prevention. This includes establishing comprehensive risk management systems andhandling signi?cant risk events, which e?ectively supports the Company's e?orts in risk identi?cation, assessment, response, andmitigation.The nomination process for Board members follows a rigorous selection procedure. The Nomination Committee incorporatesdiversity as a key consideration, thoroughly evaluating candidates' educational backgrounds, industry experience, professionalskills, and career histories. This approach aims to maintain a well-balanced board in terms of competencies, skills, experiences,and cultural and educational backgrounds. Moreover, the Company places high importance on the ethical conduct andleadership reputation of potential Board members. Following review and approval, independent director candidates mustundergo quali?cation and independence assessments conducted by the Shanghai Stock Exchange. They are then elected throughcumulative voting at the general meetings of shareholders, a process that constantly enhances the Company's governancestandards and decision-making capabilities.Koal actively encourages Board members to participate in professional development training and compliance education toenhance their professional competencies and performance capabilities. During the reporting period, the Company's directors,supervisors, and senior management enthusiastically responded to the China Association for Public Companies' initiativeby participating in the "Special Topic on Violations of Laws and Regulations" training. All participants successfully passed theassociated test, demonstrating a significant improvement in their regulatory awareness and compliance capabilities, therebystrengthening the foundation for the Company's stable operations.Throughout the reporting period, all directors of Koal strictly adhered to relevant laws, regulations, and the Company's articlesof association, diligently and prudently ful?lling their responsibilities. Independent directors engaged in Board activities throughvarious means, offering independent opinions on significant matters to ensure scientific decision-making. They effectivelyexercised their supervisory functions, promoting the execution of Board resolutions and ensuring the accuracy of informationdisclosure, thus safeguarding the legal rights and interests of both the Company and its shareholders. The remuneration schemefor Koal's Board members undergoes annual review by the General Meeting of Shareholders. This review takes into accountindustry salary levels, regional development conditions, and job responsibilities to determine appropriate compensation.

Doctoral DegreeMaster's DegreeBachelor's Degree and Below

NameTypeGender

Professional CapabilitiesIndustryExperience

Risk

Management

AccountingLegalYang WenshanChairman, DirectorMale

Lu HaitianDirectorMale

Ye FengDirector, General ManagerMaleXu YongkangDirectorMale

Zhu Litong

Director,Deputy General Manager

MaleCai GuanhuaDirector, Board SecretaryMaleZhang KeqinIndependent DirectorMaleXiao YongjiIndependent DirectorMaleMa LizhuangIndependent DirectorMale

Directors' Educational Background

Board Diversity and E?ectiveness

5960

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Koal rigorously adheres to theSecurities Law of the People's Republic of China, theMeasures for the Administration of InformationDisclosure of Listed Companies,and theProvisions on the Registration and Management System of Insiders Who Have Access toInsider Information of Listed Companies, among other pertinent regulations. The Company has implemented a comprehensiveInformation Disclosure Systemto ensure the authenticity, accuracy, and timeliness of disclosures, thereby enhancing transparencyand quality. During the reporting period, Koal issued 4 periodic reports and 99 ad hoc announcements, ensuring equitable accessto information for all shareholders. The Company's disclosures were free from false records, misleading statements, signi?cantomissions, or other improprieties. Concurrently, Koal vigilantly monitored public sentiment and market trading patterns tosafeguard investors' legal interests e?ectively.

Information Disclosure

Koal is dedicated to fostering a relationship of mutual trust and timely communication with investors. The Company consistentlyre?nes its internalInvestor Relations Management Systemand has established diverse communication channels. Through directphone lines, email correspondence, interactive investor relations platforms, and on-site research opportunities, the Companyaddresses investor inquiries and engages in substantive dialogues. This approach enables investors to gain comprehensiveinsights into the Company's business model, development strategies, and ?nancial position, facilitating informed investmentdecisions. On the investor relations platform, the Company's Securities Department consults with technical managers to ensureresponses are both accurate and technically sound. Koal maintains a steadfast policy against concept hype and exaggeration,prioritizing honest and responsible communication to bolster investor trust and satisfaction. In 2024, Koal disseminated 163announcements and related materials, conducted 3 performance briefings, engaged in 125 offline and 24 online investorexchanges, issued 4 investor record forms, responded to 53 investor inquiries on the sseinfo.com platform, fielded 66 directphone calls, and addressed 10 email inquiries.

Investor Communication

Koal acknowledges the critical role of investor relations management in maintaining corporate reputation and investor con?dence,diligently monitoring and responding to diverse investor concerns. The Company proactively identi?es and mitigates potentialrisks, standardizes procedures for general meetings of shareholders (convening, holding, deliberating and voting), and ensuresinvestors' rights to information and participation in major corporate decisions. This comprehensive approach e?ectively safeguardsinvestor interests and reinforces market trust.

Investor Rights Protection

In November 2024, the Company's Director andBoard Secretary took part in a high-quality dialoguehosted by Stock Star. The discussion centered on"Leveraging cryptography as a niche approach tosafeguard the broader development of data elementsecurity." The executive provided comprehensiveinsights into Koal's expertise in the cryptographydomain, the Company's current business operations,and prospective development opportunities.

In December 2024, the Company's Director andGeneral Manager engaged in an executive interviewwith Securities Daily. During the conversation, heemphasized that "Cryptographic technology o?ersfour key attributes in addressing data securitychallenges: authenticity, integrity, non-repudiation,and confidentiality. Furthermore, the Company'scryptographic solutions excel in terms of timelinessand cost-effectiveness, positioning them as theoptimal strategy for ensuring data security."

Company Executives Engage inHigh-Quality Dialogue with Stock Star

Company General Manager Participatesin Securities Daily Executive InterviewCaseCase

Guided by the annualSpecial Audit Report onthe Summary of Non-operating Fund Occupationand Other Related Fund Transactions, issued byShanghai Certified Public Accountants (SpecialGeneral Partners), and the Company'sSpecialSystem for Preventing Fund Occupation byMajor Shareholders and Related Parties, Koalexplicitly prohibits controlling shareholders,actual controllers, and their affiliates frommisappropriating company funds, therebyprotecting the legal rights of all shareholdersand creditors.

Recognizing the technical complexity of the commercialcryptography industry, Koal proactively engages withinstitutional investors through strategy meetings, site visits,and investor conferences to enhance understanding of theCompany's operations and industry dynamics.Koal upholds the principle of equal treatment for all shareholders.Small and medium shareholders can participate in general meetingsof shareholders either in person or through online voting platforms.For significant issues potentially impacting minority investors, theCompany separately tallies and discloses their votes. Shareholdermeeting agendas include dedicated Q&A sessions for small and mediuminvestors to voice their opinions and suggestions. Meeting schedulesand locations are strategically chosen to maximize participation, withmodern technology utilized to enhance shareholder engagement. Whenreviewing profit distribution proposals, independent directors andspecialized committees diligently provide thorough opinions. Relevantproposals undergo scrutiny by both the Board of Directors and the Boardof Supervisors before submission to the General Meeting of Shareholders,ensuring robust protection of minority shareholder interests.

Koal has instituted a comprehensivePublic Opinion ManagementSystemto strengthen investor communication and enhancetransparency and credibility. Additionally, the Companymaintains a 24-hour investor hotline staffed by dedicatedpersonnel to ensure prompt and effective responses toinvestor inquiries.

Investor Education

Public OpinionManagementFund Management

Protection of MinorityShareholders' Rights

Koal rigorously complies with domestic legislation such as theEnterprise Income Tax Law of the People's Republic of China, as wellas international tax regulations. The Company has implemented a comprehensive tax management system to ensure complianttax reporting and payment, upholding regulatory compliance and e?ciency in tax administration. We are committed to refrainingfrom transferring value to low-tax jurisdictions, avoiding tax structures lacking commercial substance, adhering to the arm'slength principle for transfer pricing, and eschewing the use of con?dential jurisdictions or so-called "tax havens" for tax avoidancepurposes. Throughout the reporting period, Koal reported no signi?cant tax violations.

Tax Management

Investor Relations Management

Website link: https://haokan.baidu.com/v?pd=wisenatural&vid=2494321514928199420

Website link: http://www.zqrb.cn/video/gaoduanfangtan/2024-12-20/A1734683382689.html

6162

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

6261

Comprehensively identify

internal and externalrisks across all facets ofcompany operations.

Consistently re?nerisk managementprocesses throughfeedback mechanisms,establishing a closed-loopmanagement system.

Employ quantitative toolsto analyze the probability

and impact of risks.

Constantly track risk statusto ensure risks remain within

acceptable parameters.

Develop targeted riskmitigation strategies based on

risk assessment outcomes.

Risk Identi?cationContinuous

Improvement

Risk Assessment

Risk Monitoring

Risk ResponseIn alignment with theBasic Standard for Enterprise Internal Control, theGuidelines for the Application of Enterprise InternalControl, and other pertinent regulatory requirements, Koal has formulated itsInternal Control System and Internal Audit System,customized to its specific operational context. The Company consistently enhances its risk and compliance managementframework to guarantee the legality and compliance of its business activities.

Risk and Compliance Management

Koal has established well-de?ned responsibilities and decision-making protocols for risk and compliance management throughthe collaborative e?orts of the Board of Directors, Board of Supervisors, and Management.

Koal consistently enhances its riskidenti?cation and response capabilities,streamlining business managementprocesses. The Company implementsa comprehensive approach to riskidentification, assessment, response,monitoring, and continuousimprovement across its core businesssegments. Through thoroughidentification and managementof market, operational, financial,legal compliance, and technologicalrisks, the Company ensures resilientdevelopment in a complex marketlandscape. Moreover, the Companyintegrates Environmental, Social,and Governance (ESG) risks into itscomprehensive risk managementsystem, further identifying andaddressing potential risks in quality,safety, environmental protection, andanti-corruption, thereby bolsteringcorporate resilience.

Risk Management Structure

Risk Identi?cation and Response

To enhance employee compliance awareness, the Company regularly conducts specialized training sessions encompassinghistorical compliance risk analysis, case studies, compliance reviews, risk assessment and response techniques, and internal auditoversight. Through these training initiatives, employees have signi?cantly improved their risk management pro?ciency, furthermitigating compliance risks and fostering stable corporate growth.

Risk Training

The Board of Directors andBoard of Supervisors oversee

and evaluate the e?cacy

of risk and compliancemanagement, ensuringtransparency and e?ciency inthe management mechanism.

Management is tasked withorchestrating daily internalcontrol operations, safeguardingthe compliance and e?ciency ofmanagement activities.

Given the Company'sspecialized business nature,a dedicated Con?dentialityO?ce has been establishedto oversee classi?ed projects,quali?cations, and personnelthroughout their lifecycle,ensuring the security andproper supervision ofcon?dential information.

6364

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Business Ethics and Anti-Corruption

Governance

Strategy and Approach

Impact, Risk, and Opportunity Management

Koal is dedicated to cultivating an ethical and transparent business environment. The Company rigorously adheres to pertinentlaws and regulations, including theCompany Law of the People's Republic of China, theAnti-unfair Competition Law of thePeople's Republic of China, theAnti-Monopoly Law of the People's Republic of China, theAnti-Money Laundering Law of thePeople's Republic of China, as well as industry standards. Internal policies such as the Code of Business Ethics, theAnti-briberyand Anti-corruption Policy, and theWhistleblowing and Whistleblower Protection Policy set out detailed requirements for anti-corruption and anti-bribery practices across all aspects of the Company's operations. Koal also actively promotes compliance withethical business conduct and anti-corruption standards among its employees and business partners.The implementation of business ethics and anti-corruption policies is ensured through the collaborative e?orts of the Board ofDirectors, Board of Supervisors, and Audit Committee. A dedicated supervisory body oversees the execution of these policies,while the Company's Internal Audit Department conducts regular reviews and risk assessments to ensure operational compliancewith legal requirements and internal ethical standards.

Koal has seamlessly integrated principles of integrity and ethical conduct into its corporate culture and long-term developmentstrategy. These standards extend to the supply chain, safeguarding high-quality development. The Company has institutionalizedthe cultivation of business ethics and anti-corruption culture through documents like theCode of Ethical Conduct, which clearlyde?nes mandatory business ethics standards for employees. All sta? members are required to sign theEmployee Ethical ConductCommitment. Adherence to company values, professional ethics, and behavioral standards serves as a critical criterion foremployee performance evaluations, promotions, and personnel decisions. During the reporting period, Koal reported no majorlitigation cases involving corruption or unfair competition.

Koal maintains a zero-tolerance policy towards corruption and unethical business practices. The Company has established open,transparent, and diverse reporting channels, encouraging both internal employees and external partners to disclose violations.Reporting methods include the Company's o?cial telephone line, dedicated hotline, mail, or in-person visits. Upon receiving areport, the Company forms a professional investigation team to conduct an independent inquiry in accordance with relevant lawsand regulations, collaborating with pertinent departments to ensure e?cient information ?ow. Investigation results are reporteddirectly to senior management, with appropriate accountability measures implemented for substantiated allegations.The Company is committed to maintaining strict confidentiality regarding whistleblowers' personal information and reportedmaterials. All reports are handled by designated personnel and managed according to stringent confidentiality protocols. Itis explicitly prohibited to disclose whistleblower information or report status to the accused or to unrelated personnel. Whilesafeguarding whistleblower con?dentiality, the Company also takes severe action against any retaliatory behavior. Veri?ed casesof retaliation are dealt with seriously, and in instances where whistleblowers' rights are severely compromised, the Companypromptly reports to judicial authorities and pursues criminal liability in accordance with the law.

The Company has implemented robust centralized procurement management measures and procedural mechanisms. Internally,potential con?icts of interest are scrutinized according to the procurement process system. Externally, business ethics and anti-corruption requirements are incorporated into the Company's template contracts for supplier signature. Alternatively, suppliersmay be required to separately sign anIntegrity Agreement or a Cooperation Partner Integrity Commitment. These documentsmandate compliance with national and local laws, regulations, policies, and industry standards, prohibiting any form of corruption,fraud, extortion, or embezzlement. For non-compliant suppliers, the Company reserves the right to take measures includingsuspension of cooperation or contract termination.Koal strictly adheres to theAnti-unfair Competition Law of the People'sRepublic of China, theAnti-Monopoly Law of the People's Republic ofChina, theSeveral Provisions on Prohibiting Infringements upon TradeSecrets, and relevant fair competition regulations in all operationaljurisdictions. The Company pledges to refrain from collectingcompetitors' trade secrets or con?dential information through illegalmeans and to avoid engaging in activities such as price collusion thatcould disrupt market order. Koal is committed to resisting all forms ofunfair competition and maintaining a level playing field. During thereporting period, the Company reported no violations of anti-unfaircompetition laws or regulations.

Anti-Unfair Competition

Whistleblowing and Whistleblower Protection

Koal has integrated business ethics and anti-corruption risks into its comprehensive risk management framework. To e?ectivelyaddress business ethics-related risks, the Company conducts regular business ethics risk identi?cation and assessment exercises(for detailed processes, please refer to the "Risk and Compliance Management" section of this report). Koal meticulously analyzesfactors that may trigger ethical risks, various potential conflicts of interest, improper benefit transfers, and unfair competitionpractices. The Company has formulated detailed policies and procedures to ensure all business conduct aligns with ethicalstandards and legal requirements. To facilitate timely disclosure of potential risks, the Company constantly enhances itsmonitoring system, incorporating internal audits, compliance checks, and robust whistleblowing mechanisms. The Internal AuditDepartment systematically reviews the implementation of business ethics-related systems and conducts thorough audits andinspections of business ethics risks across various operational scenarios. Audit results, signi?cant ?ndings, and matters requiringattention are regularly reported directly to the Board's Audit Committee and the Chairman, maintaining independence atorganizational, business, and individual levels.

Indicators and Targets

Indicator/Target2024 Achievement StatusZero occurrence of major corruption incidentsTarget achievedEnsure comprehensive audit coverage of allbusiness areas every three years

Target achieved100% e?ective handling rate of reportsTarget achieved

Supply Chain Integrity Management

6566

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Party LeadershipSince its establishment in 2001, the Party Branch of Koal Software Co., Ltd. has consistently adhered to Xi Jinping Thought on Socialismwith Chinese Characteristics for a New Era. The branch closely aligns with the Company's development strategy, dedicating itself tostrengthening Party organization and constantly enhancing the cohesion and e?ectiveness of the Party organization. The Party Branchhas maintained a work orientation that integrates Party building with business development, driven by both innovation and service,e?ectively shouldering the responsibility of serving the enterprise and its development.Within the Company's governance structure, Communist Party members account for 44.44% of the management team, includingdirectors, supervisors, and senior executives, demonstrating the signi?cant in?uence of the Party organization at the decision-makinglevel. As of the end of 2024, the Company's Party Branch comprised 82 Communist Party members and 1 probationary member. Thecomposition of the Party membership has been consistently optimized, with steady improvement in overall quality, providing a solidpolitical and organizational foundation for the Company's sustained and stable development. In accordance with Party requirementsand the Company's speci?c circumstances, Koal constantly re?nes its Party-building regulations, promotes the institutionalization andstandardization of Party activities, and strengthens exemplary leadership through the "Internet + Party building" model, transformingthe Party's political and organizational advantages into market advantages that drive enterprise development.

The Koal Party Branch, in collaboration with the securities company's Party branch, organized a visit to the China SecuritiesMuseum. During the tour, Party members gained an in-depth understanding of the development of China's capital marketunder the leadership of the Communist Party of China through the museum's comprehensive exhibits, including a lifelikescene of Deng Xiaoping meeting John Joseph Phelan Jr., historical photographs, and detailed archival materials. Thisexperience deepened their understanding of China's economic system reform and ?nancial market development.

Party Branch Organizes Collaborative Visit to the China Securities MuseumCase

Following the 2023 Red Tour to Jinggangshan led by Chairman Yang Wenshan and General Manager Ye Feng, Koal organizedan educational visit to Zunyi in 2024. Through these activities, the Company further encourages employees to reinforceideals and beliefs, commemorate revolutionary martyrs, adhere to Party principles in password management, and inspirepatriotic enthusiasm. After the journey, senior management personnel composed re?ections expressing their admiration forrevolutionary predecessors and demonstrating their commitment to integrating Party spirit into corporate management andpersonal work practices.

Marching Ahead Through Historic Passes to GuizhouCase

Embracing the concept of innovative development, the Company advances both online and offlineeducational resources. It has developed the "Theory Classroom" learning platform, guiding Partymembers and cadres to transform theoretical knowledge into a powerful driving force for enterprisedevelopment, achieving a synergy between theory and practice. By the end of the reporting period,Koal's "Theory Classroom" had successfully completed its third session, focusing on six core themes:

political discipline, organizational discipline, integrity discipline, mass discipline, work discipline, and lifediscipline. Through carefully designed course content and diverse teaching methods such as specializedlectures, case analyses, and interactive discussions, new vitality has been injected into the Party Branch'slearning activities.Online andO?ineEducation

The Company has invested in constructing the "Red Cryptography" exhibition hall, utilizing touch screenscombined with holographic projection technology to vividly showcase "the Party's leadership overcryptography." This initiative integrates Party culture into business areas such as the Internet of Vehiclesand video security, serving as a dedicated platform for promoting Party-building culture.CulturalDisplay

Participation in Party Course TrainingCaseIn December 2024, six Party members from the Company actively participated in a Party course training organized by theParty Committee of Shanghai Dongtan Construction Group. The theme focused on an in-depth study and implementationof General Secretary Xi Jinping's new ideas, viewpoints, and assertions on comprehensively deepening reform, as well as thespirit of the Third Plenary Session of the 20th CPC Central Committee. The training aimed to further assist Party members andcadres in thoroughly assimilating General Secretary Xi Jinping's pivotal speeches and directives, as well as the core principlesoutlined in the Third Plenary Session of the 20th CPC Central Committee. The primary objective was to strengthen thetheoretical foundation of Party members and cadres while simultaneously enhancing their political acumen.

6768

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Striving for a SharedProsperous Future

Contributing to the UN SDGs

Diverse and Inclusive WorkplaceHuman Capital DevelopmentOccupational Health and SafetyCommunity Engagement

Diverse and Inclusive Workplace

Koal consistently upholds the principle of "forward-looking planning and diverse talent acquisition." In alignment with theCompany's strategic objectives and business development trajectory, Koal proactively plans its talent deployment. Through acomprehensive series of measures, the Company ensures precise talent identification, effective recruitment, and standardizedemployment processes, attracting a wide spectrum of talents to establish a robust foundation for sustainable corporate growth.

Koal places great emphasis on attracting diverse talent, actively welcoming individuals from various backgrounds, cultures,genders, and professional skillsets. The Company is dedicated to cultivating an inclusive workplace ecosystem that offersemployees extensive opportunities for growth while constantly infusing the organization with innovation and a competitive edge.Compliant Employment

Koal advocates for equitable and fair recruitment principles, rigorously adhering to international human rights standards includingtheInternational Bill of Human Rights, theILO Conventions, theILO Declaration on Fundamental Principles

and Rights at Work,theUN Guiding Principles on Business and Human Rights, and the ten principles of the UN Global Compact. The Companymeticulously complies with pertinent domestic regulations and policies, such as theLabor Law of the People's Republic of China,and theLabor Contract Law of the People's Republic of China.Koal has implemented internal policies, including theKoal EmployeeRecruitment Management SystemandEmployee Handbook, to govern the entire talent acquisition process. The Company ?rmlyopposes discrimination based on gender, education, age, race, family status, religious beliefs, or cultural background. It strictlyprohibits child labor, forced labor, and any form of discrimination or harassment, actively promoting fair employment practices.Koal conducts regular and rigorous audits of its recruitment and employment processes. To ensure full compliance with lawsand regulations at every stage of employment, the Company actively encourages employees to report any violations of companypolicies or regulations through established channels. All reported infractions are subject to thorough investigation and addressedwith utmost seriousness. When necessary, corrective measures are implemented, ranging from warnings and public reprimands todemerits or termination of employment contracts. During the reporting period, Koal reported zero incidents involving child laboror forced labor.

Compliant Hiring

Key Performance

Total number of employees

Senior managementFrontline employees

Middle management

Number ofemployees by

hierarchicallevel

Employees aged 29 and underEmployees aged 40-49Employees aged 60 and above

Employees aged 30-39Employees aged 50-59

Employees with associatedegrees or belowEmployees with graduate/MBA degrees

Employees withbachelor's degreesEmployees with doctoraldegrees or above

Number ofemployees by

educationallevel

Number of employees recruited duringthe reporting period

Employee labor contract signing rate100%Number of newly recruitedfresh graduates

Social insurance coverage rate100%

Employee turnover rate

23.95%

Male employeesFemale employees

Number ofemployeesby gender

210153

Number ofemployees

by age

Employees from the Chinese mainland, HongKong, Macao, and TaiwanOverseas employees

Number ofemployeesby region

Contract employeesTemporary workers/

labor dispatch/interns

Number ofemployees byemployment

type

Male employeesFemale employees

Employees aged 29 and underEmployees aged 40-49Employees aged 60 and above

Employees aged 30-39Employees aged 50-59

19.75%

4.20%

10.22%

7.95%

5.33%

0.34%

0.11%

Employeeturnover rate

by gender

Employee

turnover rate

by age

7172

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Koal champions and embraces diverse, equitable, and inclusive cultures, lifestyles, and work practices. The Company profoundly respectsemployee diversity and individual di?erences, actively fostering an inclusive corporate culture. Diversity and inclusion principles are woveninto the fabric of the Company's operations, in?uencing recruitment, employment practices, training initiatives, promotion processes,and compensation and benefits structures. This ensures equal opportunities and expansive career development platforms for everyemployee. During the reporting period, Koal recorded no complaints related to discrimination or harassment.For female employees, the Company is dedicated to providing equitable career development opportunities, ensuring fair compensationand bene?ts, and e?ectively eliminating gender-based income disparities. Koal actively o?ers equal training and promotion opportunitiesfor female employees, supporting and nurturing their diverse skill sets. The Company encourages women to assume managementpositions, breaking through traditional career limitations and ensuring increased participation and growth opportunities across variousfunctions and management areas. Furthermore, the Company prioritizes female employees' reproductive health, o?ering commercialmaternity insurance and providing statutory prenatal leave, maternity check-up leave, maternity leave, breastfeeding leave, and parentalleave. Male employees are granted statutory paternity leave (care leave) to encourage shared family responsibilities, fostering a moresecure and stable work environment for female employees and supporting their long-term career development. During the reportingperiod, Koal implemented several initiatives to ensure female employees' career continuity, growth, and development:

Ongoing optimization of gender structure across various job categories and management levels;Regular organization of gynecological examinations and provision of health consultation services;Establishment of Mommy Rooms as dedicated spaces for mothers and infants, equipped with breastfeeding and rest facilities to alleviateconcerns for pregnant and breastfeeding employees;Organization of Women's Day celebration events and female leadership forums, providing platforms for female employees to showcasetheir talents and exchange experiences, thereby stimulating their potential and creativity.

Diversity and Equal Opportunity

Key Performance

Percentage offemale employees21%

Percentage of employeeswith disabilities2%

Percentage of newfemale hires19%Percentage of female employeesin middle management

17.74%

Percentage of ethnicminority employees3%Percentage of female employeesin senior management

8.3%

Human Capital Development

Koal has developed and implemented a comprehensive suite of policies, including theTalent Recruitment System, CompensationStructure System, Employee Promotion Management System, andTraining Management System. These policies effectivelyoptimize human resource planning, ensuring that employees are utilized to their full potential while mitigating organizational risksassociated with key talent turnover or shortages.The talent strategy at Koal is spearheaded by the Human Resources Department and subsequently submitted to the Board ofDirectors for approval. The Company consistently re?nes its human resource management system to ensure seamless alignmentwith overall corporate strategic objectives. Under the Board of Directors, a Remuneration and Appraisal Committee has beenestablished to formulate and oversee the implementation of remuneration policies and assessment standards for directors andsenior management. The Company's HR Director is charged with developing human resource plans that align with the overallcorporate strategy, providing critical support and recommendations for strategic decision-making from a human resourcesperspective. The Human Resources Department takes responsibility for formulating and executing the Company's human resourceplanning, goal-setting, policies, and procedures. With clearly delineated responsibilities across various levels, these structurescollectively drive the Company's human capital development initiatives.

Governance

International Women's Day event

Koal has implemented a comprehensive human rights risk management system that spans the entire employment lifecycle.This system is founded on principles derived from theInternational Bill of Human Rights, the ILO Conventions, theUN GuidingPrinciples on Business and Human Rights, and theLabor Law of the People's Republic of China. The Company has developed keypolicy documents, such as the Koal Employee Rights Code, to proactively mitigate human rights risks and ensure robust protectionof labor rights across all core business operations. This code encompasses crucial provisions including the prohibition of forcedlabor and child labor, freedom of association, diversity and inclusion, and anti-discrimination measures. Its scope extends to allregular employees, interns, and other personnel throughout the Company's direct and indirect subsidiaries and a?liated entities.During the reporting period, Koal reported no signi?cant labor or human rights risk incidents.

Labor and Human Rights Management

"We unequivocally reject all forms of forced labor and are committed to safeguardingour employees' rights to freedom and personal dignity. Our recruitment processes are?rmly rooted in the principle of voluntariness. We strictly prohibit the use of forced,bonded, indentured, or involuntary labor, including prison labor. Our Company haszero tolerance for any form of coercion, threats, or restriction of personal freedomaimed at compelling employees to work or engage in overtime. We rigorously adhereto relevant labor organization conventions and local laws and regulations applicableto our business operations, and strictly refrain from employing child labor inaccordance with legal standards."

Excerpt from theKoal Employee Rights Code

7374

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Koal has established a diverse array of open recruitment channels and a comprehensiveKoal talent pool, enabling precise identification of talent gaps in key positions. TheCompany conducts regular talent assessments, enriches its talent reserves, and fosterstalent pipeline development. Guided by corporate strategy, Koal has constructed ane?cient and equitable talent attraction system. On one hand, the Company introduceshigh-caliber human resources through external recruitment to fill critical positionsand expands its talent sources through diversi?ed channels such as social media anduniversity collaborations, thereby enhancing recruitment efficiency and improvingthe match between positions and talents. On the other hand, the Company uncoversexisting talent through internal recruitment, ensuring that recruitment plans closelyalign with strategy through internal and external synergy, thus optimizing humanresource allocation and structure. Moreover, the Company places signi?cant emphasison talent integration and development, particularly focusing on the recruitment andonboarding experience of campus hires. By consistently re?ning recruitment strategies,Koal achieves full-cycle management of talent, encompassing "precise introduction -e?cient empowerment - continuous retention."

Talent Attraction

Key PerformanceRecognized as a

"2024 Top Employer"by Lagou Recruitment.

Koal places a strong emphasis on talent cultivation and development, offering employees a robust platform for continuouslearning and growth. Through a comprehensive array of internal and external learning activities tailored for all staff members,the Company aims to enhance professional skills, broaden perspectives, and expand career development opportunities. Regularevaluations of various training and development programs are conducted to ensure they e?ectively support employees' personalcareer trajectories, thereby providing a solid foundation of talent for the Company's sustainable growth.

To further align corporate strategy with talent development, Koal has established an internal training institution - the KoalAcademy. This academy is designed to serve the Company's core business objectives and strategic goals, emphasizing anoperational philosophy of "derived from business, serving the business." It plays a crucial role in supporting Koal's strategictransformation. As a key component of the Company's talent development ecosystem, Koal Academy strengthens employeecapabilities through an integrated "training-and-practice" model while also serving as a vehicle for standardized corporate culturedissemination. In the future, it is poised to become a driving force for organizational change. During the reporting period, theCompany formulated theKoal Academy Charter, which outlines the training management framework and lays the groundwork fora strategy-driven talent cultivation ecosystem.

Employee Training

Koal prioritizes employee growth and development, o?ering comprehensive and targeted

training programs tailored to individual needs

Cultural Dissemination

Employee of the Month Recognition

Middle and JuniorManagement Leadership

Training

Koal AcademyKoal Academy Charter

E-Learning PlatformTraining Management Policies

Sales-focusedDevelopment

Implementation

ExpertiseR&D SkillEnhancement

New Employee

Onboarding

Executive-level External Training

Outstanding Employee Awards

Special ProjectAssignments

Work RoleTransitions

Culture-DrivenInitiatives

LeadershipDevelopmentPrograms

SupportSystems

BusinessSupportTraining

Koal's talent strategy is meticulously crafted to align with industry characteristics and the Company's overall business strategy.Talent review serves as a pivotal tool in realizing this strategy, and the Company has established a robust process encompassing"re?ning talent standards - talent selection methods - talent cultivation."Strategy and Approach

Conduct targeted campus recruitment talks at key universities (e.g., Shanghai University ofElectric Power, Donghua University)

Employees interested in internal job opportunities submit detailed self-recommendationreports orCompetition Application Formsto the HR Department, either in writing or viaemail. The HR Department conducts a comprehensive evaluation of all submissions andproposes a shortlist of candidates for competitive interviews. Upon selection, anInternalTransfer Noticeis issued to the relevant department, and the successful candidate formallyassumes the new role following a structured work handover process.

Set up internship bases at partner universities, providing hands-on training and project-basedlearning opportunities.Collaborate with universities to design bespoke IT innovation-related courses, integrating real-world corporate cases into the curriculum.Co-develop an IT innovation training facility with Shanghai Technical Institute of Electronics &Information, addressing teaching, research, faculty development, and industry training needs.

Establish joint training bases:

Enter into school-enterprise cooperation agreements with Shanghai University of ElectricPower, Donghua University, and Shanghai Polytechnic University.

Foster industry-academia-research collaboration:

School-EnterpriseCooperation

InternalRecommendation

and JobCompetition

Proactively expand diverse social recruitment channels, leveraging a mix of onlineprofessional recruitment platforms, o?ine talent market job fairs, social media outreach,executive search ?rms, and HR service companies. This multifaceted approach e?ectivelyreaches potential talents from varied backgrounds and professional domains, establishing acomprehensive, multi-tiered talent acquisition pipeline.

SocialRecruitment

7576

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Koal has enhanced its new employee training system, implementing a comprehensivemodel that integrates "online self-study and on-the-job guidance" with "learningand assessment." This approach is designed to accelerate the adaptation period andboost new employee performance. To further support new employee development,the Company has instituted a mentorship program that encourages mutual selectionbetween employees and mentors. Each new hire is paired with a mentor whoprovides personalized on-the-job guidance throughout their initial adjustment phase.

Koal has developed tiered leadership training plans catering to employees acrossvarious levels of the organization. The Company o?ers a diverse range of comprehensiveand systematic management and leadership courses, delivered through both onlineand o?ine platforms. These programs are tailored for current and aspiring managers,aimed at expanding their perspectives, pushing boundaries, and regularly updatingtheir knowledge and skills for practical application in business development.In an e?ort to foster youthful and innovative leadership while enhancing managementcapabilities to support steady business growth, the Company sponsors promising youngmanagers to participate in prestigious programs such as the China Europe InternationalBusiness School (CEIBS) EMBA, PBC School of Finance (PBCSF) EMBA, and AdvancedManagement Programme (AMP). Furthermore, to unlock the potential of middle-levelmanagers, Koal engages external experts to conduct empowering leadership training.These sessions, conducted in an open and trusting environment, are designed toenhance critical thinking, project planning, and re?ective skills within the talent pool,ultimately driving the precise achievement of key business objectives.

New Employee Training

Leadership Training

New employee online training session

Empowering leadership training session

To facilitate the growth anddevelopment of employeesacross various professionaltracks, Koal designs annualskill training plans tailoredto speci?c job requirements.These comprehensiveplans encompass crucialareas such as R&D, testing,implementation, and sales,ensuring that each employeeacquires all necessary skillsand professional knowledge.This ongoing enhancementof employees' professionalcapabilities aids in clarifyingtheir career trajectories anddevelopment goals.

Professional Skills Training

Koal professional skillstraining session

Key Performance

Percentage of trained employees by genderTraining coverage rate formale employees100%

Training coverage rate forfemale employees100%

Percentage of trained employees byemployee categoryTraining coverage rate forsenior employees100%

Training coverage rate for temporaryworkers/labor dispatch/interns

100%

Training coverage rate formid-level employees100%

Training coverage rate forfrontline employees

100%

Total investment inemployee training

537,000

Annual traininghours per employee

14.26

Total attendance of trainingthroughout the year7,237

Training coverage rate100%

Total employee training hours9,556.13

Average training hours per employeeby employee categoryAverage training hours per temporaryworker/labor dispatch/intern

14.42

Average training hours perfrontline employee

14.42

Average training hours persenior employee

11.76

Average training hours per mid-levelemployee and technical specialist

11.76

Koal AcademyTotal training attendanceat Koal Academy

1,068

Total training hoursat Koal Academy1,267.20

E-Learning PlatformTotal course views on onlinetraining platform

Total course viewing hourson online training platform

682.9

RMB

7778

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Koal proactively creates opportunities for employees to access high-quality external educational resources, introducingpremium, specialized training programs to help employees deepen their expertise in their respective ?elds. In 2024, the Companycollaborated with multiple external institutions to implement diverse training initiatives, including sponsoring select youngmanagers to attend prestigious programs such as the CEIBS EMBA, PBCSF EMBA, and AMP, providing robust support for employeegrowth and professional development.

Collaboration with External Institutions

Key Performance

training sessions were conducted for R&D and testing positions, with total attendances.642,084

training sessions were conducted for implementation positions, with total attendances.

251,107 training sessions were conducted for sales positions, with total attendances.22762

Koal prioritizes employee career development, having established a comprehensive promotion system. Recognizing technology as thecore of its productivity, the Company has implemented a "dual-track" promotion path, o?ering advancement opportunities in bothmanagement and technical roles. This structure creates an open, transparent, and well-de?ned career development framework.

Career DevelopmentEmployee Development

T1 Software EngineerT2 Senior EngineerT3 Principal EngineerT4 Technical ExpertT5 Domain Expert

T6 Technical Leader

M1 AssistantR&D Manager

M3 R&D Director

M2 R&D Manager

M4 Technical Director

Manag

ent

Sequenc

The Company actively encourages and supports employees in their pursuit of higher degrees, publication of academic papers,and acquisition of professional certifications. Through a system of incentive subsidies, Koal aims to enhance employees'professional qualifications. The Company has implemented theRevised Measures for Encouraging and Rewarding EmployeePaper PublicationsandMeasures for Encouraging and Rewarding Employees Obtaining Quali?cation Certi?cates, which clearlyde?ne reward standards for these achievements. Upon approval, employees can receive bene?ts such as expense reimbursementand performance bonuses, facilitating continuous professional growth. During the reporting period, 26 employees successfullyobtained relevant professional quali?cation certi?cates and were rewarded accordingly.

Education and Quali?cation Support

Koal has implemented a robust compensation structure and employee evaluation system. The Company regularly assesses employees'performance, capabilities, and attitudes, providing a solid foundation for salary adjustments, promotions, and training decisions.Compensation levels are benchmarked against industry peers, taking into account employees' job performance and positionrequirements. The Company offers competitive base salaries and performance-based pay, including annual bonuses and project-speci?c incentives. Furthermore, an employee stock ownership plan has been introduced to establish a medium to long-term incentivemechanism that promotes risk- and pro?t-sharing, enabling employees to bene?t from the Company's growth and development.The Company's compensation system consists of base salary, performance pay, allowances, and bonuses. Senior managementcompensation is determined based on factors such as position, responsibilities, capabilities, and market salary trends. Their variablecompensation is linked to the Company's operational performance and individual performance evaluation results, aligning theirinterests with the Company's development and growth. The compensation structure for general sta? includes base salary, performancepay, year-end performance bonuses, and allowances. The year-end performance bonus is closely tied to the Company's overalloperational results and a comprehensive evaluation of individual behavior and achievements. This approach ensures that bonusesare e?ectively linked to organizational and individual performance evaluation results, allowing for dynamic management of employeeincome. This system has proven e?ective in enhancing employee satisfaction and productivity while reducing turnover rates amongcore sta?. Additionally, the Company conducts regular market salary surveys to ensure its compensation levels remain competitive,attracting and retaining top talent. During the reporting period, all employees and departments underwent regular performanceevaluations, with all management personnel and general staff, particularly those in non-sales functions, receiving compensationcommensurate with their evaluation results.

Scienti?c Compensation Structure

Koal has established a comprehensive compensation structure and a scienti?cally designed remuneration system. The Companyhas developed and constantly re?nes its compensation, assessment, and incentive policies to provide employees with externallycompetitive and internally equitable compensation and bene?ts packages.Compensation and Bene?ts

The Company regularly conducts performance evaluations, adhering to the principles of "openness, equity, and fairness." Annualand long-term performance assessments are carried out for the Company, departments, and individuals. Overall performanceobjectives are cascaded and implemented across various departments, ensuring that each team and employee has clear goalsand responsibilities, leading to efficient task completion. For employees at different levels and in various roles, a combinationof qualitative and quantitative methods is used to comprehensively evaluate key performance indicators and work objectives.Individual performance achievements are directly linked to personal bonus coefficients. Through scientific guidance, timelysupervision, and objective measurement, the Company ensures a comprehensive and fair assessment of employee performance.To motivate employees to focus on both company and departmental performance, the Company links these performance resultsto the overall bonus pool, encouraging employees to recognize their value and contribution within the organization. Koal hasestablished open channels for performance communication, actively collecting employee feedback and fostering timely coachingand communication between superiors and subordinates. This approach helps both employees and the organization improveperformance and achieve their goals.

Employee Performance Evaluation and Feedback

hnical

Sequen

7980

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Koal has implemented a comprehensive, multi-faceted welfare system that encompasses all employees. Beyond the statutorybasic bene?ts, the Company o?ers an extensive range of non-monetary bene?ts to its entire workforce, covering health protectionand life support. This enhances employees' sense of belonging and well-being, fostering a warm and supportive workplaceenvironment that drives high-quality enterprise development.

Employee Bene?ts and Welfare

Statutory SocialInsurance andHousing Fund

In compliance with national regulations, the Company contributes to social pension insurance,medical insurance, unemployment insurance, work-related injury insurance, maternity insurance,and housing provident fund for eligible employees.Leave Bene?ts

The Company has established a robust leave system, including paid annual leave, marriageleave, maternity leave, and sick leave, ensuring that employees' rest and personal needs areadequately addressed.Health Care

The Company provides employees with comprehensive medical insurance and healthmanagement services, including regular physical examinations and health consultations,focusing on both physical and mental well-being.Employee Care

The Company attends to employees' personal needs and family circumstances, o?ering servicessuch as birthday wishes and support for children's education.

Work-Life Balance

The Company regularly organizes various cultural and sports activities for employees, including?tness sessions and sports competitions.

Koal consistently invests in optimizing the office environment, creating comfortable, safe, and creative workspaces equippedwith state-of-the-art o?ce facilities and ergonomic work equipment to enhance the employee experience. To promote work-lifebalance, the Company actively organizes a diverse range of engaging employee activities, such as regular team-building events,cultural and sports competitions, and holiday celebrations. These initiatives strengthen communication and interaction amongemployees, fostering a warm and harmonious corporate family atmosphere.

To support employees in achieving work-life balance and to enhance their identi?cation with and sense of belonging tothe enterprise, Koal organized a summer cryptography exploration tour for employees' children. This activity provided anopportunity for employees' children to understand corporate culture, promoting the inheritance of corporate values anddemonstrating the Company's care for future generations and commitment to social responsibility.

Koal Children's Summer Cryptography Exploration TourCase

Human Resources DepartmentAll types of complaint handling

As per company policyGeneral Manager HotlineDirect reporting of major issuesGeneral Manager Email

Submission of written suggestions

and complaints

Koal places great importance on employee communication and exchange, respects employees' opinions and suggestions, andactively builds positive employee relations. The Company strives to create an equitable, harmonious, open, and transparentcommunication environment for all employees.Koal has established a multi-dimensional communication system that transcendshierarchical barriers, providing employees with open and diverse communicationchannels. These include suggestion (complaint) boxes, on-site complaints, writtencomplaints, a general manager hotline, and a general manager email. The Companyencourages employees to freely share views and suggestions across all levels,constantly improving reporting procedures and handling processes, ensuringthat every employee concern receives a prompt response and appropriate action.Additionally, the Company respects employees' freedom of association rights to join,form, or not join unions in accordance with local laws. For employees who join legallyrecognized unions, the Company is committed to engaging in constructive dialogueand collective bargaining with unions or employee representatives.

Employee Engagement and Communication

Open Communication Channels

Channel TypeFunctional PositioningResponse Time Commitment

Key Performance

Collective bargaining agreementsigning rate in 2024:

93%

8182

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Koal has implemented an open and confidential formal grievance reportingprocedure that covers all regular employees and part-time personnel. Employeesare encouraged to promptly appeal to their superiors or the Human ResourcesDepartment when experiencing any unfair treatment. The Company has designatedpersonnel to receive and handle employee grievances and reports. The HumanResources Department serves as the grievance reception center, working inconjunction with the Internal Audit Department to manage the reception,investigation, processing, and follow-up of grievances. Based on principles ofauthenticity, confidentiality, and effectiveness, the Company ensures timelyacceptance of each reasonable report and conducts independent investigations.The Company strictly maintains the confidentiality of the complainant's personalinformation and the content of the complaint, taking necessary measures to protectthe safety and legal rights of the complainant. Any retaliation against complainantsor information leaks, once veri?ed, will be dealt with severely.

Grievance Reporting Procedure

Koal regularly conducts employee satisfaction surveys to comprehensively gatheremployee opinions and suggestions, listening to employee voices and demandsacross multiple dimensions. The Company consistently improves its managementpractices based on employee satisfaction survey data analysis and feedback.During the reporting period, in response to commuting challenges identi?ed in theemployee satisfaction survey, the Company developed a commute optimization plan,adding early peak hour services and simultaneously enhancing the station coverageof two existing commuter routes.

Satisfaction Survey

Employee satisfaction ratein 202475%

Koal places paramount importance on human capital risk management, meticulously identifying key areas of potentialvulnerability. The Company employs a continuous process of risk identi?cation, assessment, response, and monitoring of humancapital risks, guided by its strategic objectives. By integrating insights from employee satisfaction surveys, Koal consistentlyre?nes its human resource management strategies throughout the entire talent lifecycle, encompassing "attraction, development,utilization, and retention." This comprehensive approach ensures that human capital development risks remain withinmanageable parameters, enabling high-quality organizational growth through a high-caliber talent pool.

Strategic and organizationalchange risksCore technical talent attrition risksSkills and business needsmismatch risksInsu?cient international talentreserve risksPerformance incentive andcompensation competitivenessrisksDiversity and inclusion risksInsu?cient training anddevelopment risksCompliance and employment risks

Enhance human capital risk identi?cation and assessment mechanisms,maintaining an up-to-date human capital risk inventory.Implement a scienti?cally robust human resource management system,featuring demand-driven strategic talent pool planning. Conduct regulartalent and organizational assessments aligned with the Company's strategicdirection and business development trajectory, e?ectively mitigating,reducing, or transferring identi?ed risks.Prioritize the recruitment of technical talent that aligns with the Company'sevolving needs while conducting targeted, specialized training for existingemployees to enhance skill adaptability.Establish clear and measurable performance standards, foster opencommunication and feedback channels, and constantly re?ne performancemanagement tools and processes.Implement regular employee satisfaction surveys to identify potentialissues in talent management processes and develop targeted improvementinitiatives.

Impact, Risk, and Opportunity Management

Analysis of HumanCapital Risks

Response Strategies

Indicators and Targets

Human resource cost control ≤ 100%Target achievedEmployee training rate 100%Target achieved

Indicator/Target2024 Achievement Status

Occupational Health and Safety

Koal rigorously adheres to pertinent laws and regulations, including theLaw ofthe People's Republic of China on the Prevention and Control of OccupationalDiseasesand theProvisions on the Supervision and Administration of OccupationalHealth at Work Sites, while fully complying with the requirements of the ISO 45001management system. The Company consistently enhances its occupational health-related policies and regulations, establishes robust procedures for identifying andaddressing potential risks and opportunities, and implements comprehensivedaily supervision and inspection protocols. By prioritizing health and safety acrossall business operations, the Company ensures the safeguarding of employees'occupational health.

Key PerformanceKoal has obtained ISO 45001Occupational Health and SafetyManagement System certi?cation.

8384

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

The Company has appointed dedicated Management Representatives and Employee SafetyRepresentatives for the Occupational Health and Safety Management System. These individuals aretasked with establishing, implementing, and enhancing the occupational health and safety managementsystem, as well as coordinating and addressing related issues that arise during system operation.EstablishManagementStructure

The Company has formulated and constantly re?nes a comprehensive set of safety managementand occupational health-related regulations, including theFire Safety Management SystemandFireControl Procedures. Furthermore, aQuality, Environmental, and Occupational Health and SafetyManagement Manualhas been compiled to bolster workplace safety protection e?ectiveness andfoster a high-quality, healthy, and secure working environment for all employees.DevelopManagementPolicies

The Company has established speci?c occupational health and safety objectives, targeting "zeromajor safety incidents" and "zero major fire incidents." To facilitate the achievement of theseobjectives, the Company cascades them across functional departments and formulates tailoredmanagement and evaluation plans, thereby ensuring the e?ective implementation of preventivemeasures and reinforcing the foundation of its occupational health and safety management.Regular internal audits, management reviews, and external audits of the ISO 45001 managementsystem are conducted to ensure continued compliance with system standards.Set AnnualObjectives

The Company has implemented a robust Hazard Identi?cation, Risk Assessment, and Risk ControlPlanning Procedure to standardize the process of hazard identification and evaluation. Thisprocedure clearly delineates operational requirements, including risk avoidance, risk reduction,and risk acceptance measures, ensuring comprehensive coverage of safety risk managementacross all business processes and enhancing overall risk resilience.Safety Risk Management Process: Planning and organization, hazard identification, riskassessment, determination of signi?cant hazards, risk control evaluation, and implementation.Address SafetyRisks

To address potential emergencies in daily operations and workplace scenarios, the Company hasimplemented an Emergency Preparedness and Response Control Procedure alongside specificemergency plans for various safety incidents. These protocols encompass a comprehensivemanagement process, from emergency preparation and response to drill execution and post-drillanalysis, ensuring 100% implementation of plans and full coverage for all employees.The Company regularly organizes diverse safety emergency drills, simulating real-world emergencysituations to constantly refine response measures and enhance the emergency managementcapabilities of all personnel. During the reporting period, Koal conducted two safety emergency drills.Key Performance

Health and safetyinvestmentRMB 225,000

Occupational diseaseincidence rate:

Work safety accidentsthroughout the year:

Number ofwork-related fatalities:

Health and safetytraining coverage:

100%Work-related injury rate:

Workdays lost due towork-related injuries:

Community Engagement

Koal is committed to enhancing urban and rural public infrastructure and supporting the advancement of education, science andtechnology, culture, health, and sports in the public sector. The Company actively encourages its employees to participate in socialvolunteer activities, thereby giving back to society with tangible actions.

In an effort to strengthen east-westsupport collaboration between Shanghai'sChongming District and Yunnan Province'sLincang City, Koal has partnered withGuodazhai Township in Fengqing County.The Company established the QiongyingAncient Tree Tea Professional Cooperativeas a designated industry collaborationproject. This initiative invested RMB200,000 in purchasing Qiongying ancienttree tea, benefiting over 800 localhouseholds and boosting the revitalizationof rural industries.

Rural Revitalization

Koal's designated industry collaboration project - QiongyingAncient Tea Targeted Harvesting Base

Total charitabledonations and externalcontributionsRMB200,000

Rural revitalization e?orts

Koal has developed non-pro?t research and study bases for schools, focusing on key themes such as "digital economy," "cryptography,"and "information technology innovation." These centers provide teachers and students with opportunities to gain insights into thedevelopment and trends of the information technology innovation industry, as well as the role of cryptographic technology as securityfoundations through interactive learning experiences. The Company offers complimentary access to its facilities, including serverrooms, IT innovation adaptation and veri?cation practice areas, and cryptography factories. This allows visiting schools to witness?rsthand the increasing capabilities of domestically produced, independent, and controllable server systems.

Charitable Education Support

In 2024, four Koal employees demonstratedtheir commitment to social responsibility byparticipating in blood donation drives. Theiractions not only contributed to alleviatingthe shortage of medical blood supplies butalso inspired fellow employees to engage insimilar charitable activities.

Voluntary Blood Donation

Koal employees at the blood donation site

RMB

200,000

ConductEmergency Drills

8586

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield2024年环境、社会及公司治理（ESG）报告

Green andLow-Carbon Operations

Contributing to the UN SDGs

Environmental Management SystemClimate Change MitigationGreen Operations

Environmental Management System

Koal has implemented a comprehensive environmental management frameworkbased on the ISO 14001 Environmental Management System, ensuring compliancewith relevant domestic and international laws, regulations, and standards, includingtheEnvironmental Protection Law of the People's Republic of Chinaand theEnergyConservation Law of the People's Republic of China. The Company has developeda suite of policy documents, such as theEnvironmental Management Manualand

Environmental Monitoring and Measurement Procedures. Koal regularly conductsenvironmental risk assessments, organizes company-wide environmental protectiontraining, and implements awareness-raising initiatives, aiming to mitigate theenvironmental impact of its operations. During the reporting period, the Companyreported no environmental pollution incidents, received no environmentaladministrative penalties, and experienced no major environmental accidents.Koal has established a robust environmental management structure and process. The General Manager assumes overall leadershipresponsibility for environmental management, coordinating related activities across business operations. The ManagementRepresentative ensures the establishment, implementation, and maintenance of environmental management system processes.Each functional department is tasked with identifying and evaluating environmental factors and potential hazards within theirarea, setting departmental environmental objectives, and monitoring progress towards these goals.

Key Performance

ObtainedISO 14001Environmental ManagementSystem certi?cation.

The Company carries out regular on-site inspections and supervision to identify andaddress gaps in environmental management practices, ensuring the e?ective operation ofthe environmental management system.

The Company has developed and regularly updates theEmergency Preparedness andResponse Management Procedure. Annual environmental emergency drills are conductedto prepare for potential incidents and mitigate environmental impacts. During thereporting period, the Company executed 2 environmental emergency response drills.The Company actively promotes an environmental protection culture. Employeesenthusiastically participate in tree-planting activities organized by the industrial park.

Based on the environmental management targets, each operating location creates annualenvironmental management work plans that comply with relevant national and regionalregulations and align with their speci?c circumstances.

General ManagerManagement RepresentativeFunctional Departments

Oversee the establishment,implementation, and maintenanceof environmental managementsystem processes.Report to the General Manager onthe environmental managementsystem's performance andinternal audit results, includingimprovement recommendations.

Identify and assess environmentalfactors and potential hazardswithin their department.Develop departmentalenvironmental objectives andmonitor their achievement status.

Establish environmental policiesand objectives aligned with theCompany's strategic direction.Integrate environmentalmanagement system requirementsinto business operations and securenecessary resources.Ensure company-wideunderstanding and implementationof environmental policies,promoting process-basedapproaches and risk-based thinking.

EnvironmentalManagement ProcessDe?neEnvironmentalManagement

Objectives

DevelopEnvironmentalManagement

Plans

ImplementEnvironmentalManagementAudits

ConductRoutineEnvironmental

Monitoring

Foster aRobustEnvironmentalCulture

EnhanceEnvironmental

EmergencyManagement

Establish quanti?ableenvironmentalmanagement targets:

Achieve

100%

classi?eddisposal of solid waste.

Internal Audit: The Company conducts annual internalreviews of its environmental management system,following theManagement Review Control Procedureand Internal Audit Procedure. Corrective actions areproposed and monitored based on review ?ndings.

External Audit: The Company undergoes annual third-party environmental audits from external stakeholders.

In 2024,Koal conducted

internalaudit review and underwent

external audit.

8990

E?cient and Robust OperationsStriving for a Shared Prosperous FutureGreen and Low-Carbon Operations2024 Environmental, Social and Governance (ESG) ReportForging a Digital Shield

Climate Change Mitigation

In response to global climate change, Koal actively supports the national "dual carbon" goals. The Company adheres to theframework recommendations outlined in theGuidelines No. 14 of Shanghai Stock Exchange for the Self-Regulation of ListedCompanies—Sustainability Report (Trial), proactively identifying various risks that climate change poses to its business operations.By integrating four key dimensions - climate change-related governance, strategy, impact, risk and opportunity management, andindicators and targets - Koal actively develops response measures. These e?orts aim to enhance the Company's resilience in theface of climate change scenarios and constantly improve its ability to address climate risks.

Physical Risks

AcutePhysicalRisks

Severe climate events such as typhoonsand ?oods may lead to extreme weatheror natural disasters, potentially a?ectingKoal's infrastructure, servers, and otherequipment across various operationalsites. This could result in a series of director indirect economic losses, includingasset damage, increased repair costs, andhigher insurance premiums.

Short-term,medium-term

Revenuedecline, costincrease,liability rise,and assetimpairment

Implement timely forecasting andwarning systems for extreme weatherevents. Develop comprehensiveemergency response plans for extremeweather scenarios. Stockpile emergencysupplies and conduct regular emergencydrills to enhance response capabilities.Prioritize climate-resilient areaswhen selecting new operational sites,thoroughly considering local historicaldata on natural disasters.ChronicPhysicalRisks

Climate change-induced rise in averagetemperatures increases the need forventilation and cooling in o?ce spaces.This could negatively impact the normaloperation and lifespan of the Company'sservers and other hardware, while alsoleading to increased energy consumptionand operational costs.

Medium-term,long-term

Revenuedecline and costincrease

Consistently optimize energy e?ciencyand implement robust monitoringof energy use. Enhance precisionmanagement of energy consumptionthrough advanced statistics andmonitoring systems. Actively promotegreen o?ce practices among employees.

Transition Risks

Policy andRegulatoryRisks

As progress is made towards "dualcarbon" goals, stricter domestic andinternational policies and regulationsare being introduced to mitigate climatechange. The gradual advancement ofcarbon emissions trading mechanismsexposes the Company to heightenedcompliance risks.

Short-term,medium-term

Revenuedecline and costincrease

Closely monitor changes in internationaland domestic environmental and carbon-related laws, regulations, and policies.Strengthen compliance managementstrategies in alignment with theCompany's speci?c circumstances.

Market Risks

In?uenced by climate change and globalenergy transition, prices for energy(electricity, steam), water, and hardwarefacilities are likely to increase, leading tohigher operational costs.As demand for climate-friendly productsand services grows, the Company mayface operational risks such as pressure onproduct pricing, increased raw materialcosts, and potential misalignment ofproducts with evolving market demands.

Medium-term,long-term

Revenuedecline, costincrease,liability rise,and assetimpairment

Forge strategic partnerships with high-quality collaborators to bolster supplychain resilience and risk responsecapabilities.Intensify research and application e?ortsin green products and solutions to stayahead of changing market trends.

TechnologyRisks

Investment in research and applicationof new green products and technologiesmay lead to decreased product demandand revenue if customers do not acceptthese innovations.

Short-term,medium-term

Revenuedecline and costincrease

Conduct rigorous feasibility studieson the R&D and application of greenproducts and solutions. Actively engagein industry collaborations and workclosely with value chain partners topromote low-carbon technology R&Dand application.ReputationalRisks

Increasingly stringent environmentalperformance disclosure requirementsincrease compliance costs associatedwith maintaining or enhancing corporatereputation.

Short-term,medium-term

Cost increase

Monitor market regulatory and disclosurerequirements across various regions andimplement comprehensive compliancemeasures.

爱股网

格尔软件(603232)_公司公告_格尔软件：2024年环境、社会及公司治理(ESG)报告(英文版)