中華資安國際
CHT Security
2025 Annual Report
Stock Code: 7765
Taiwan Stock Exchange Market Observation Post System: http://mops.twse.com.tw/
CHT Security annual report is available at https://www.chtsecurity.com/
Printed on April 30, 2026

EMPOWER YOUR SECURITY

日

I. Name, title, contact number and e-mail of the spokesperson or acting spokesperson
Spokesperson
Name: Chin-Fu Hung
Title: President (General Manager)
Tel.: (02)2343-2483
E-mail: [email protected]

Acting spokesperson
Name: Ya-Ju Wen
Title: Vice President
Tel.: (02)2343-2483
E-mail: [email protected]

II. Addresses and telephone numbers of headquarters, branches and plants
Headquarters Address: 8F., No. 88, Sec. 4, Xinyi Rd., Da'an Dist., Taipei City
8F., No. 26, Sec. 1, Hangzhou S. Rd., Zhongzheng Dist., Taipei City
Headquarters Tel.: (02)2343-1628

III. Name, address, website, and telephone number of the stock transfer agency
Name: Shareholder Service Department, Taishin Securities Co., Ltd.
Address: B1., No. 96, Sec. 1, Jianguo N. Rd., Zhongshan Dist., Taipei City
Website: https://www.tssco.com.tw/stocktransfer
Tel.: (02)2504-8125

IV. Names of CPAs and name, address, website and telephone number of the auditing firm that audited the financial statements for the most recent fiscal year
Name of CPAs: Yih-Shin Kao and Mei-Yen Chiang
Name of auditing firm: Deloitte Taiwan
Address: 20F., No. 100, Songren Rd., Xinyi Dist., Taipei City
Website: https://www.deloitte.com/tw/tc.html
Tel.: (02)2725-9988

V. Any exchanges where the Company's foreign currency securities are traded, and how to access information on said foreign currency securities
None.

VI. Company website
https://www.chtsecurity.com/

One. Report to the shareholders...1
Two. Corporate Governance Report...4
I. Information on Directors, the President, Vice Presidents, Associate Vice Presidents, and Heads of Divisions and Branches...4
II. Remuneration paid to directors, supervisors, President, and Vice Presidents in the most recent year...13
III. Corporate Governance...20
IV. Information on CPA Audit Fees...42
(I) Information on CPA Audit Fees...42
(II) If the accounting firm is changed and the audit fees for the year following the change are lower than those of the previous year, the amounts of the audit fees before and after the change and the reasons should be disclosed: N/A...42
(III) If the audit fees have decreased by more than 10% compared to the previous year, the amount, percentage, and reasons for the decrease should be disclosed: N/A...42
V. Information on changes of CPAs:...43
(I) Regarding the predecessor CPA...43
(II) Regarding the successor CPA...43
(III) Response from the predecessor CPA regarding the matters set forth in Item 3, Subparagraphs 1 and 2, Paragraph 5, Article 10 of these Regulations: None...43
VI. If the Chairman, President, or managers responsible for financial or accounting matters of the Company has held a position within the accounting firm or its affiliates in the most recent year, their name, title, and the duration of their employment with the accounting firm or its affiliates should be disclosed. Affiliated enterprises of the CPA firm to which the signing CPA belongs refer to enterprises in which the CPAs of such firm hold more than 50% of the shares or obtain a majority of the board seats, or companies or institutions listed as related enterprises in materials released or published externally by the CPA firm to which the signing CPA belongs: None...43
VII. Any transfer or pledge of shares by any director, supervisor, managers, and shareholders holding more than 10% of shares in the most recent year and up to the publication date of the annual report...44
VIII. Information on relationships among the top ten shareholders, including spouses and second degree relatives or closer, among the top ten shareholders...45
IX. The number of shares held by the Company, its directors, supervisors, managers, and entities directly or indirectly controlled by the Company in a reinvestee and the consolidated shareholding ratio: None...45
Three. Fundraising...46
I. Capital and Shares...46
II. Issuance of corporate bonds: None...49
III. Issuance of preferred shares: None...49

IV. Issuance of global depository receipts: None. 49
V. Issuance of employee stock warrants 49
VI. Issuance of restricted stock awards: None. 51
VII. Issuance of new shares in connection with mergers and acquisitions or for acquisitions of shares of other companies: None. 51
VIII. Implementation of the capital utilization plan: None. 51

Four. Operational overview 52

I. Business activities: 52
II. Market, production, sales overview 74
III. Number of employees, average years of service, average age, and the distribution ratio of educational background of employees for the past two years and up to the publication date of the annual report. 81
IV. Information on environmental protection expenditures 81
V. Labor Relations 81
VI. Cybersecurity management 83
VII. Important Contracts 86

Five. The Company shall review and analyze its financial condition and financial performance, and assess risk matters 87

I. Financial Position 87
II. Financial Performance: 87
III. Cash flow 88
IV. Impact of material capital expenditures in the most recent year on financial and business operations: The Company had no material capital expenditures in the most recent year. 89
V. Investment policy for the past year, main reasons for profit or loss, improvement plan, and investment plan for the next year 89
VI. Risk factors should include analysis and evaluation of the following matters for the most recent year and up to the publication date of the annual report. 89
VII. Other important matters: None. 94

Six. Special notes 95

I. Information related to the Company's affiliates 95
II. Private placement of securities in the most recent year and up to the publication date of the annual report. 95
III. Other necessary supplementary information: None. 95
IV. Any events specified in Subparagraph 2, Paragraph 3, Article 36 of this Act with a material impact on shareholders' rights and interests or securities prices arising during the most recent year and as of the date of the annual report to be included: None. 95

One. Report to the shareholders

Dear Shareholders:

CHT Security (stock ticker: 7765) was officially listed on September 8, 2025, marking an important milestone. We sincerely thank all shareholders for their support and trust in CHT Security. CHT Security's revenue and profitability have reached new highs for eight consecutive years, demonstrating strong market recognition of its products and services. We will continue to improve and strive to create greater value for shareholders and customers.

2025 Operating Results

In 2025, CHT Security's operating revenue was NT$2,045,570 thousand, representing a $4\%$ increase compared to 2024; profit before tax was NT$544,573 thousand, representing a $15\%$ increase compared to 2024; net profit after tax was NT$436,927 thousand, representing a $15\%$ increase compared to 2024; paid-in capital was NT$406,770,000; earnings per share after tax were NT$11.47, representing a $10\%$ increase compared to 2024, with both revenue and profitability continuing to reach historical highs.

Revenue from network security services achieved double-digit growth, primarily benefiting from strong demand for Cyber Threat Gatekeeper services, which drove a net increase of 95,000 consumer network security subscribers to a total of 1.1 million. In enterprise network security, frequent DDoS and various cyberattacks targeting government agencies and enterprises increased demand for services such as DDoS protection, WAF, and advanced network defense systems (ANDs), resulting in an increase of 3,300 enterprise customers to a total of 47,000. Revenue from cybersecurity

professional services also maintained double-digit growth, primarily driven by steady increases in revenue from services such as security testing, security monitoring and incident response, and posture assessment. Revenue from cybersecurity product sales declined due to a slowdown in customer demand for cybersecurity equipment, although revenue from self-operated projects continued to grow, certain equipment sales did not meet expectations; as the revenue structure shifted, the overall profit growth rate exceeded the revenue growth rate.

As a leading domestic cybersecurity service provider, CHT Security is committed to transforming its core technologies into proprietary SecuTex products and SaaS cloud services, steadily advancing toward internationalization. In 2025, R&D results were significant. SecuTex NP introduced multiple new features, including anomaly detection system (ADS), effectively expanding monitoring coverage to Internet of Things (IoT) devices and offering advantages in integration with various cybersecurity monitoring platforms. SecuTex ED integrated practical experience in digital forensics and added more than one thousand localized malware rules during the year, effectively strengthening endpoint threat hunting capabilities. In addition, the Company launched the "HorusEyes" exposure rating service, which helps enterprises identify unmanaged assets exposed on the internet from a hacker's perspective and continuously conduct security exposure assessments. Benefiting from the enhancement of its product and service portfolio, in 2025 revenue from proprietary products increased by 10% year over year, not only optimizing the revenue structure but also demonstrating the Company's steady growth momentum in expanding into as cybersecurity products and services company.

CHT Security actively expanded into international markets, forming strategic alliances with local partners in Southeast Asia in 2025 and bringing its cybersecurity professional services and proprietary products such as SecuTex to the global market. In 2025, overseas revenue increased by 62% compared to the previous year, with business operations spanning 15 countries across Asia, the Americas, Europe, and Africa. Although overseas markets are still in the early stages, the dual-track strategy of proprietary products and cybersecurity professional services has already demonstrated competitiveness and growth potential in expanding into international markets, laying a foundation for deeper global market expansion in the future.

In 2025, CHT Security once again received the highest A-grade ratings across all five service categories in the cybersecurity service provider evaluation conducted by the National Institute of Cyber Security under the Ministry of Digital Affairs, making it the only domestic cybersecurity service provider to achieve the highest rating for seven consecutive years. The Company was also honored with Frost & Sullivan's "2025 Taiwan Cybersecurity Services Company of the Year," marking the fifth consecutive year receiving this award. This recognition affirms the Company's technical capabilities, service quality, and customer satisfaction, further enhancing its brand visibility both domestically and internationally.

Future Outlook

In response to the rapid evolution of global cyber threats and the deepening of digital transformation, and to help enterprises address increasingly complex cyberattack patterns while

reinforcing the Company's leadership position in the industry, the Company will adopt four core strategies: developing cloud security and OT cybersecurity for new domains, leveraging AI to empower cybersecurity and develop AI-driven cybersecurity services, developing and selling proprietary products, and expanding into overseas markets, with AI as the driving force to comprehensively enhance defense capabilities and business value.

In developing cloud security and OT cybersecurity for new domains, CHT Security is extending its defense scope from traditional IT to cloud and OT environments, while actively collaborating with international partners to develop cybersecurity services and solutions for new domains such as drones, vessels, low Earth orbit satellites, and smart healthcare.

AI is a key tool for substantially enhancing the effectiveness of cybersecurity services. The Company actively promotes AI enablement and has comprehensively introduced AI technologies across four major areas, namely network security applications, R&D acceleration, security testing, security monitoring and incident response efficiency. Tangible results have been achieved, with successful applications across multiple security products and services, further enhancing service value and enabling customers to respond more promptly and effectively to increasingly complex cyber threats.

As AI applications rapidly expand across industries, the accompanying cybersecurity for AI applications has become an emerging market with strong growth potential. Leveraging its existing cybersecurity technical capabilities and industry experience, CHT Security is actively deploying cybersecurity services for AI applications. It has launched solutions such as AI application system security testing and generative AI cybersecurity posture assessment, and has successfully secured projects across diverse industries including financial services, technology manufacturing, the semiconductor industry, and government agencies. The Company will continue to deepen R&D and services in AI cybersecurity and increase the proportion of high value-added services to support midterm and long-term operational growth momentum.

Expanding international markets is also a key focus for the Company in 2026, and we will continue to seek local partners overseas to promote the localization and sales of proprietary products and cybersecurity services. At the same time, through close collaboration with Chunghwa Telecom Group and its affiliates, leveraging the Group's overseas subsidiaries and operating site resources to deepen engagement in local markets. In addition, assisting Taiwanese businesses in strengthening cybersecurity protection and monitoring mechanisms at their overseas operating sites to expand overseas sales.

Looking ahead, CHT Security has established long-term trusted partnerships with its customers. Leveraging its excellent cybersecurity technologies, high-quality services, continuous innovation in products and technologies, and ongoing expansion into new domains and markets, the Company will ensure sustained and stable growth and is expected to continue its growth momentum in 2026 and reach new operational highs.

Chairman Ming-Shih Chen

President Chin-Fu Hung

Two. Corporate Governance Report

I. Information on Directors, the President, Vice Presidents, Associate Vice Presidents, and Heads of Divisions and Branches

(I) Information on directors

March 30, 2026; shares

Title	Nationality or place of registration	Name	Gender Age	Date of election (appointment)	Term of office	Commencement date of first term	No. of shares held at time of election	No. of shares currently held	Shares currently held by spouse and minor children	Shareholding through nominees	Major education and experience	Positions held concurrently in the Company and in other companies	Other officers, directors, or supervisors with which the person has a spousal relationship or relationship within the second degree of kinship	Remarks
No. of shares	Shareholding ratio	No. of shares	Shareholding ratio	No. of shares	Shareholding ratio	No. of shares	Shareholding ratio	Title	Name	Relationship
Chairman	Republic of China	Changhwa Telecom Co., Ltd.	-	2023.12.21	3 years	2017.12.8	24,000,000	80.27%	23,058,000	56.68%	-	-	-	-
Republic of China	Representative: Ming-Shih Chen	Male 61-70	2023.12.21	3 years	2020.12.22	-	-	77,000	0.19%	10,000	0.02%	-	-	Ph.D. in Electrical Engineering, National Tsing Hua University
President, International Business Group, Northern Taiwan Business Group, and Mobile Business Group, Changhwa Telecom Co., Ltd.
Vice President, Information Technology Department, Changhwa Telecom Co., Ltd.
Chairman, Tung Hwa Telecom (Hong Kong) & Changhwa Telecom (Singapore)
Adjunct Associate Professor, Department of Information Engineering, Tung Hai University, National Taiwan Normal University, and Fong Chia University
Director, Baohwa Trust Co., Ltd.	-	-	-	The Chairman and the President are not the same person.
Director	Republic of China	Changhwa Telecom Co., Ltd.	-	2023.12.21	3 years	2017.12.8	24,000,000	80.27%	23,058,000	56.68%	-	-	-	-
Republic of China	Representative: Chin-Fu Hung	Male 51-60	2023.12.21	3 years	2017.12.8	-	-	444,500
(Note 1)	1.09%	20,000	0.05%	-	-	Doctoral Program in Information Engineering, National Central University
Master's in Information and Electronic Engineering, National Central University
Deputy Principal Engineer, Data Communication Business Group, Changhwa Telecom Co., Ltd. and Managing Director of the Cybersecurity Department and Enterprise Customer Department, Data Business Group, Changhwa Telecom Co., Ltd.
Section Chief, Information Technology Department, Changhwa Telecom Co., Ltd.
Project Leader, Research Institutes of Information Technology, Wireless Technology, Network, and Multimedia Technology, Changhwa Telecom Laboratories
Director, Baohwa Trust Co., Ltd.
Vice President, Taiwan Cyber Security Application Services Alliance	President, CHT Security Co., Ltd.	-	-	-
Director	Republic of China	Changhwa Telecom Co., Ltd.	-	2023.12.21	3 years	2017.12.8	24,000,000	80.27%	23,058,000	56.68%	-	-	-	-
Republic of China	Representative: Jung-Kun Chen	Male 61-70	2024.10.7	3 years	(Note 2)	-	-	-	-	-	-	-	-	Ph.D. in Electrical Engineering, National Taiwan University
President, Information Technology Group, Changhwa Telecom Co., Ltd.
Vice President, Telecommunication Laboratories, Changhwa Telecom Co., Ltd.
Deputy Chief Engineer, International Business Group, Changhwa Telecom Co., Ltd.	CISO and Vice President, Cyber Security Department, Changhwa Telecom Co., Ltd.
Director, Changhwa Precision Test Tech. Co., Ltd.
Director, Changhwa Telecom Global, Inc.	-	-	-

Title	Nationality or place of registration	Name	Gender Age	Date of election (appointment)	Term of office	Commencement date of first term	No. of shares held at time of election		No. of shares currently held		Shares currently held by spouse and minor children		Shareholding through nominees		Major education and experience	Positions held concurrently in the Company and in other companies	Other officers, directors, or supervisors with which the person has a spousal relationship or relationship within the second degree of kinship			Remarks
							No. of shares	Shareholding ratio	No. of shares	Shareholding ratio	No. of shares	Shareholding ratio	No. of shares	Shareholding ratio			Title	Name	Relationship
Director	Republic of China	Hahn-Ming Lee	Male 61-70	2024.10.22	3 years	2024.10.22	-	-	-	-	-	-	-	-	Ph.D. in Computer Science & Information Engineering, National Taiwan University Distinguished Professor, Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology Jointly Appointed Research Fellow at the Institute of Information Science, Academia Sinica Senior Adviser, National Security Council Chairman, Telecom Technology Center Director, Andes Technology Corporation Director, Taiwan Space Agency (TASA)	Director, AirAsia Co., Ltd. Director, Trendforce Corp. Director, Enova Technology Corp. Independent Director, GSS Co., Ltd Director, National Applied Research Laboratories Director, Joint Credit Information Center	-	-	-	-
Independent Director	Republic of China	Wen-Nan Tsun	Male 61-70	2024.10.22	3 years	2024.10.22	-	-	-	-	-	-	-	-	Ph.D. in Department of Information Management, National Central University General Director, Market Intelligence & Consulting Institute (MIC) Chairman, Asia Pacific Industrial Analysis Association (APIAA) Independent Director, Changhwa Precision Test Tech. Co., Ltd.	CEO, Center for Technology Policy and Industry Development, National Taiwan University Adjunct Professor, Department and Graduate Institute of Business Administration, National Taiwan University Adjunct Professor, EMBA Program, National Chengchi University Director, ITTS Director, Han-Tong Venture Capital Co., Ltd. Independent Director, ASolid Technology Co., Ltd. Independent Director, Partner Tech Corp. Independent Director, CTCI ASI	-	-	-	-
Independent Director	Republic of China	Shyb-Jye Chen	Male 51-60	2024.10.22	3 years	2024.10.22	-	-	-	-	-	-	-	-	Master in Law, National Taiwan University Judge, Banqiao District Court, Taiwan (later renamed New Taipei District Court)	Partner-in-Charge of the Taipei Office, Jones Day Independent Director, Trigold Holdings Limited	-	-	-	-
Independent Director	Republic of China	Chia-Ling Lee	Female 51-60	2024.10.22	3 years	2024.10.22	-	-	-	-	-	-	-	-	Ph.D. in Management, National Sun Yat-sen University Director, Office of Innovation and Entrepreneurship, College of Commerce, National Chengchi University Section Chief, Office of Research and Development, National Chung Cheng University Chair, Department of Accounting and Information Technology, National Chung Cheng University Professor, Department of Accounting and Information Technology, National Chung Cheng University Assistant Professor, Department of Accounting, National Dong Hwa University Independent Director, Taipei Biotech Co., Ltd.	Professor, Department of Accounting, National Chengchi University Independent Director, Praise Victor Industrial Co., Ltd. Director of Finance, Ditmumon Medical Foundation Chia-Yi Christian Hospital Director, Paskan Foundation Director, TSMEG	-	-	-	-

Note 1: Director Chin-Fu Hung has reserved discretionary decision-making rights and has placed 118,500 shares under trust with Taishin International Bank as trust property in a dedicated trust account.
Note 2: Chunghwa Telecom Co., Ltd. reassigned its representative on October 7, 2024.

Major shareholders of institutional shareholders

March 31, 2026

Names of corporate shareholders	Major shareholders of institutional shareholders	Shareholding ratio
Chunghwa Telecom Co., Ltd.	Ministry of Transportation and Communications	35.29%
	CTBC Bank Trust Account - CHT Employee Stock Ownership Trust Plan	3.74%
	Shin Kong Life Insurance Co., Ltd.	3.30%
	Cathay Life Insurance Co., Ltd.	2.53%
	JP Morgan Chase Bank, N.A., acting as depositary and representative of CHT ADRS	2.38%
	Chunghwa Post Co., Ltd.	2.06%
	New Labor Pension Fund	1.82%
	Old Labor Retirement Fund	1.21%
	Labor Insurance Fund	1.19%
	Taishin Bank in custody for Cathay MSCI Taiwan ESG Sustainability High Dividend Yield ETF	1.01%

For corporate shareholders, the main shareholder being corporate shareholders

Names of institutional shareholders	Major shareholders of institutional shareholders	Shareholding ratio
Ministry of Transportation and Communications	N/A	N/A
Shin Kong Life Insurance Co., Ltd.	Shin Kong Financial Holding Co., Ltd.	100.00%
Cathay Life Insurance Co., Ltd.	Cathay Financial Holdings Co., Ltd.	100.00%
Chunghwa Post Co., Ltd.	Ministry of Transportation and Communications	100.00%

Disclosure of the independence of directors and independent directors

Criteria Name	Professional qualifications and experience	Independence	No. of other public companies where the director concurrently serves as an independent director
Chunghwa Telecom Co., Ltd Representative: Ming-Shih Chen	1. Academic degree: Ph.D. in Electrical Engineering, National Tsing Hua University 2. Work experience: Chairman, CHT Security Co., Ltd. President, International Business Group, Northern Taiwan Business Group, and Mobile Business Group, Chunghwa Telecom Co., Ltd. Honored as an Outstanding Alumnus of the College of Electrical Engineering and Computer Science, National Tsing Hua University, in 2020. 3. Chairman Ming-Shih Chen served in the Chunghwa Telecom Group for nearly 40 years and achieved outstanding accomplishments in technologies and business management, including mobile communications, fixed-line broadband, MoD, IDC and cloud computing, cybersecurity, and large-scale information system integration. In 2019, he led the Chunghwa Telecom mobile team to win Frost & Sullivan's “Taiwan Telecom Company of the Year Award” award for consecutive years; in 2019, he represented the Chunghwa Telecom mobile team in once again winning first place in Next Magazine's “Service Excellence Award - Telecommunications 4G Operators”; in 2020, he presided over the official launch of Chunghwa Telecom's 5G service, making it the first telecommunications operator in Taiwan to provide 5G services, which was witnessed and affirmed by the President, ministers, and other senior political and economic leaders. During his tenure as Chairman of CHT Security, he assisted key industries including government, finance, healthcare, and high technology in strengthening cybersecurity protection mechanisms, enabling the Company to become a trusted leading brand in cybersecurity. 4. None of the circumstances of Article 30 of the Company Act.	N/A	-
Chunghwa Telecom Co., Ltd Representative: Chin-Fu Hung	1. Academic degree: Master's in Information and Electronic Engineering, National Central University; Doctoral Program in Information Engineering, National Central University 2. Work experience: President, CHT Security Co., Ltd. Deputy Principal Engineer, Data Communication Business Group, Chunghwa Telecom and Managing Director of the Cybersecurity Department and Enterprise Customer Department, Data Business Group, Chunghwa Telecom Project Leader, Research Institutes of Information Technology, Wireless Technology, Network, and Multimedia Technology, Chunghwa Telecom Laboratories Vice President, Taiwan Cyber Security Application Services Alliance 3. Led the former Chunghwa Telecom cybersecurity technical service team to establish CHT Security Co., Ltd., and served as Director and President. His extensive experience spans R&D, strategic planning, business sales, cybersecurity expertise, and consulting, covering technical, managerial, and operational domains. Through cross-disciplinary and diverse professional experience, he has developed strong industry and business insight as well as professional capabilities in corporate management. 4. None of the circumstances of Article 30 of the Company Act.	N/A	-
Chunghwa Telecom Co., Ltd Representative: Jung-Kuei Chen	1. Academic degree: Ph.D. in Electrical Engineering, National Taiwan University 2. Work experience: CISO and Vice President, Cyber Security Department, Chunghwa Telecom Co., Ltd. President, Information Technology Group, Chunghwa Telecom Co., Ltd. Vice President, Telecommunication Laboratories, Chunghwa Telecom Co., Ltd. Deputy Chief Engineer, International Business Group, Chunghwa Telecom Co., Ltd. 3. Currently serves as Chief Information Security Officer of Chunghwa Telecom Co., Ltd., possessing management and leadership decision-making capabilities in information and communications technology, cybersecurity, and the technology industry, and is able to timely provide the Company's Board of Directors with opinions and directions on corporate governance and operational management to support the management team in formulating business strategies and directions. 4. None of the circumstances of Article 30 of the Company Act.	N/A

Criteria Name	Professional qualifications and experience	Independence
Director Hahn-Ming Lee	1. Academic degree: Ph.D. in Computer Science & Information Engineering, National Taiwan University
2. Work experience:
Distinguished Professor, Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology
Director, National Applied Research Laboratories
Senior Adviser, National Security Council
Director, Taiwan Space Agency (TASA)
3. Previously served at the Preparatory Office of the Department of Computer Science & Information Engineering at National Taiwan University of Science and Technology and as the inaugural Chair of the Department. His research expertise includes cybersecurity, intelligent Internet systems, neural networks, artificial intelligence, technology policy, and digital convergence. Previously served as Deputy Executive Secretary of the Science and Technology Advisory Group of the Executive Yuan, responsible for planning and promoting the e-Taiwan Program. Subsequently, assuming office as a member of the National Security Council Advisory Committee in the capacity of an cybersecurity expert and scholar, under the national information and communications security strategic development guideline of “Cybersecurity Is National Security 2.0,” serving as a key figure responsible for formulating the development direction of Taiwan’s cybersecurity strategic policies and promoting cybersecurity as a core national strategic industry.
4. None of the circumstances of Article 30 of the Company Act.	N/A	—
Independent Director Wen-Nan Tsan	1. Academic degree: Ph.D. in Department of Information Management, National Central University
2. Work experience:
General Director, Market Intelligence & Consulting Institute (MIC)
Chairman, Asia Pacific Industrial Analysis Association (APIAA)
CEO, Center for Technology Policy and Industrial Development, National Taiwan University
3. Previously served as General Director of the Market Intelligence & Consulting Institute (MIC) and as a government think tank member for 30 years, possessing professional knowledge of the technology industry and insight into cybersecurity applications. In terms of management and operations, he is able to analyze industry trends, manage risks, and provide decision-making advice, thereby enhancing the quality of corporate governance and supervisory functions of the Board of Directors.
4. None of the circumstances of Article 30 of the Company Act.		3
Independent Director Shyb-Jye Chen	1. Academic degree: Master in Law, National Taiwan University
2. Work experience:
Judge, Banqiao District Court, Taiwan (later renamed New Taipei District Court)
Partner-in-Charge of the Taipei Office, Jones Day
3. Primary areas of practice cover commercial matters, intellectual property litigation, and arbitration. Previously served as a district court judge for nearly ten years, possessing extensive practical experience in civil and criminal trials and compulsory enforcement, and became the first intellectual property law specialist judge certified by the Judicial Yuan. Leveraging his in-depth understanding of commercial litigation and intellectual property matters, along with extensive litigation experience, he is able to provide the Board of Directors with insightful legal perspectives, thereby helping to enhance the quality of corporate governance.
4. None of the circumstances of Article 30 of the Company Act.	1. No independent director or his or her spouse or any second-degree or closer relative serves as a director, supervisor, or employee of the Company or any of its affiliates.
2. No shares are held by the independent director, his or her spouse or any second-degree or closer relative.
3. Not served as a director, supervisor, or employee of any company having a specific relationship with the Company.
4. Not provided any services such as business, legal, financial, or accounting to the Company or any affiliate thereof within the past 2 years.	1
Independent Director Chia-Ling Lee	1. Academic degree: Ph.D. in Management, National Sun Yat-sen University
2. Work experience:
Professor, Department of Accounting, National Chengchi University
Director, Office of Innovation and Entrepreneurship, College of Commerce, National Chengchi University
Chair, Department of Accounting and Information Technology, National Chung Cheng University
3. Currently serves as a full-time Professor in the Department of Accounting at National Chengchi University, specializing in management accounting and hospital management, and possesses extensive professional expertise in accounting, finance, and business, with many years of accumulated academic research and practical experience. Leveraging his professional background, he is able to provide the Board of Directors with in-depth financial analysis and precise judgment, assist in formulating financial decisions, and offer constructive recommendations on audit-related matters, ensuring greater soundness and transparency in financial operations.
4. None of the circumstances of Article 30 of the Company Act.		2

4. Diversity and independence of the Board of Directors

(1) Diversity of the Board of Directors:

A. Diversity policies:

To strengthen corporate governance and promote the balanced development of the Board of Directors' composition and structure, our Board has approved the

establishment of the Corporate Governance Guidelines of CHT Security Co., Ltd., with Article 25 stating: The composition of the Board of Directors should prioritize diversity. In addition to ensuring that the number of directors concurrently serving as company officers does not exceed one-third of the total board seats, an appropriate diversity policy should be formulated based on the company's operations, business model, and development needs. This policy should encompass, but is not limited to, fundamental attributes and values (such as gender, age, nationality, and cultural background) as well as professional knowledge and expertise (such as law, accounting, industry, finance, marketing, or technology).

B. Specific management goals:

The Board of Directors of this company steers the company's strategy, supervises the management team, and remains accountable to the company and its shareholders. All operations and arrangements within the corporate governance framework are designed to ensure that the Board exercises its authority in compliance with applicable laws, the company's Articles of Incorporation, and resolutions of the shareholders' meeting. At least half of the members of the Board possess the requisite knowledge, skills, qualities, and decision-making capabilities in industry leadership and management necessary to fulfill their duties. The company continuously provides diverse training programs for board members to enhance their decision-making effectiveness in carrying out supervisory responsibilities, thereby strengthening the Board's overall functions. Additionally, the company is committed to promoting gender equality in board composition; there shall be at least one female director on the Board.

The Company currently has one female director, which meets the current regulatory standards. However, the ratio has not yet reached one-third due to industry-specific characteristics and the challenges of recruiting talent in the short term. Prior to the next Board election upon the expiration of the current term, the Company will seek recommendations from diverse channels, including industry and academia, to enhance corporate governance effectiveness and implement the board diversity policy.

C. Implementation status:

The company's Board of Directors is composed of 7 directors, specifically 4 non-independent and 3 independent directors, with one female director among them. All directors hold citizenship in the Republic of China (Taiwan). The board as a whole exhibits proficiency in operational judgment, accounting and financial analysis, business management, crisis management, industry knowledge, international market perspective, leadership, and decision-making. The board members also bring valuable industry experience and professional expertise, which are further outlined in the following table:

Diversity Core Aspects Name	Nationality	Gender	An Employee/ Management of the Company	Age	Independent Director Tenure (years)	Industry experience							Professional ability
						Business Management	Sustainable Development (ESG)	K.T	Cybersecurity Services / Cloud Services	Arch & Risk Management	Marketing & Commerce	Human Resource Management & Development	Law	Accounting & Finance
Ming-Sluh Chen	Republic of China	Male		61-70	N/A	✓	✓	✓	✓	✓	✓	✓
Chin-Fu Hung		Male	✓	51-60		✓	✓	✓	✓	✓	✓	✓
Jung-Kuei Chen		Male		61-70		✓	✓	✓	✓	✓	✓	✓
Hahn-Ming Lee		Male		61-70		✓		✓	✓	✓	✓	✓
Wen-Nan Tsan		Male		61-70	0 to 3 years	✓	✓	✓	✓	✓	✓	✓
Shyh-Jye Chen		Male		61-70		✓	✓			✓		✓	✓
Chia-Ling Lee		Female		51-60		✓	✓			✓	✓	✓		✓

If the number of directors of any gender on the Board of Directors of a listed company does not reach one-third, the reasons shall be stated and measures to enhance gender diversity of the Board shall be planned. The Company currently has three director seats held by representatives of institutional directors, who are appointed by the parent company, Chunghwa Telecom Co., Ltd., based on the Company's required professional expertise, academic and professional background, and diversity considerations. The Company currently has one female director, which meets the statutory requirement but has not yet reached one-third, due to the nature of the industry, which makes it difficult to identify suitable candidates within a short period of time. Before the expiration of the current directors' term and the subsequent re-election, candidates will be sought through multiple channels, including industry and academic institutions, to enhance corporate governance effectiveness and implement the Board diversity policy.

(2) Independence of the Board of Directors:

The current Board of Directors of this company consists of 7 directors, of which 3 are independent directors, accounting for $42.86\%$ of the total seats. The company values the functions and independence of the board of directors, and there are no circumstances among the directors that fall under Article 26-3, Paragraph 3 of the Securities and Exchange Act: no directors are related as spouses or second-degree kinship. Additionally, there are no circumstances under Paragraph 4: the company's articles of association mandate the appointment of independent directors, with a minimum of three independent directors, and their number must not be less than one-third of the total board seats. An Audit Committee, composed entirely of independent directors, has been established to replace the functions of supervisors.

(II) Information on the President, Vice Presidents, Associate Vice Presidents, and heads of departments and branches
March 30, 2026; shares; %

Title	Nationality	Name	Gender	Date of election (appointment)	Shareholding		Shareholding of spouse or minor children		Shareholding through nominees		Major education and experience	Current concurrent employment in other companies	Spouse or relative within the second degree of kinship who is a managerial officer of the Company			Remarks
					No. of shares	Shareholding ratio	No. of shares	Shareholding ratio	No. of shares	Shareholding ratio			Title	Name	Relationship
President (General Manager)	Republic of China	Chin-Fu Hung	Male	2017.12.8	444,500 (Note 1)	1.09%	20,000	0.05%	—	—	Doctoral Program in Information Engineering, National Central University Master's in Information and Electronic Engineering, National Central University Deputy Principal Engineer, Data Communication Business Group, Chunghwa Telecom Co., Ltd. and Managing Director of the Cybersecurity Department and Enterprise Customer Department, Data Business Group, Chunghwa Telecom Co., Ltd. Section Chief, Information Technology Department, Chunghwa Telecom Co., Ltd. Project Leader, Research Institutes of Information Technology, Wireless Technology, Network, and Multimedia Technology, Chunghwa Telecom Laboratories Director, Baohwa Trust Co., Ltd. Vice President, Taiwan Cyber Security Application Services Alliance	—	—	—	—	The Chairman and the Secretary are not the same person.
Vice President	Republic of China	Hsin-Fu Wang	Male	2022.5.12	76,000 (Note 2)	0.19%	—	—	—	—	Master's in Information Management, Chinese Culture University Director, Pre-Sales & Consultant Department, CHT Security Co., Ltd. Senior Enterprise Solution Architect, Data Communication Business Group, Chunghwa Telecom Co., Ltd. HiLink MPLS VPN Technical Manager, Data Communication Business Group, Chunghwa Telecom Co., Ltd. HiNet IDC Project Engineer, Data Communication Business Group, Chunghwa Telecom Co., Ltd.	—	—	—	—
Vice President	Republic of China	Chien-Kang Tsai	Male	2023.6.1	48,750 (Note 3)	0.12%	1,000	0.002%	—	—	Master's in Institute of Business and Management, National Chiao Tung University Master's in Computer Science and Information Engineering, National Taiwan University of Science and Technology Associate Vice President, Planning Division, CHT Security Co., Ltd. Senior Director, Cybersecurity Products Section, Data Communication Business Group, Chunghwa Telecom Co., Ltd. Team Leader, SOC Technical Service Group, Data Communication Business Group, Chunghwa Telecom Co., Ltd. R&D Engineer, Data Communication Business Group, Chunghwa Telecom Co., Ltd.	—	—	—	—
Vice President (Chief Financial Officer concurrently serving as Corporate Governance Officer)	Republic of China	Ya-Ju Wen	Female	2024.2.22	— (Note 4)	—	—	—	—	—	Bachelor of Business Administration (B.B.A.), Accounting, National Taiwan University Certified Public Accountant (Taiwan) Certified Public Accountant (USA) Deputy Senior Manager, Corporate Planning Department, Chunghwa Telecom Co., Ltd. Manager, Accounting Department, Chunghwa Telecom Co., Ltd. Manager, Management Consulting Services, PwC Consulting Taiwan Senior Auditor, Audit Department, PwC Taiwan	—	—	—	—
Chief Engineer	Republic of China	Wen-Cheng Wang	Male	2023.6.1	117,000 (Note 5)	0.29%	—	—	—	—	Ph.D. in Computer Science and Information Engineering, National Central University Vice President, Planning Division, CHT Security Co., Ltd. Director and Senior Director, PKI and Identity Management Products, Data Communication Business Group, Chunghwa Telecom Co., Ltd. Senior Engineer, Data Communication Business Group, Chunghwa Telecom Co., Ltd. Associate Engineer, Data Communication Business Group, Chunghwa Telecom Co., Ltd. Deputy Research Project Leader and Associate Researcher, Telecommunications Laboratories, Chunghwa Telecom Co., Ltd.	—	—	—	—
Associate Vice President	Republic of China	Ming-Yi Wu	Female	2022.5.1	101,000 (Note 6)	0.25%	—	—	—	—	Master's in Information Management, National Sun Yat-Sen University Project Manager, Southern Business Group, Chunghwa Telecom Co., Ltd. Team Leader, Data Communication Business Group, Chunghwa Telecom Co., Ltd. Senior Engineer, Taiwan Mobile Co., Ltd. Senior Engineer, TransAsia Telecommunications Inc.	—	—	—	—

Title	Nationality	Name	Gender	Date of election (appointment)	Shareholding		Shareholding of spouse or minor children		Shareholding through nominees		Major education and experience	Current concurrent employment in other companies	Spouse or relative within the second degree of kinship who is a managerial officer of the Company
					No. of shares	Shareholding ratio	No. of shares	Shareholding ratio	No. of shares	Shareholding ratio			Title	Name	Relationship
Associate Vice President	Republic of China	Cheng-Yi Yang	Male	2022.8.1	141,000 (Note 7)	0.35%	41,000	0.10%	-	-	Ph.D. in Electrical Engineering and Computer Science, National Taiwan University of Science and TechnologyProject Manager, Southern Taiwan Business Group, Changhwa Telecom Co., Ltd.Project Manager, Data Communication Business Group, Changhwa Telecom Co., Ltd.Adjunct Lecturer, Department of Computer Science and Information Engineering, National Quemey UniversitySenior Engineer, Lestar Electronics Corp.Senior Engineer, AUD CorporationEngineering Team Leader, Chiayi-Tainan Operations Division, Digital United Telecommunications Corp.	-	-	-	-
Associate Vice President	Republic of China	Yi-Ru Chen	Female	2022.8.1	66,000 (Note 8)	0.16%	-	-	-	-	Master's in Journalism, National Taiwan UniversityProject Manager, Data Communication Business Group, Changhwa Telecom Co., Ltd.Manager of Value Added Service Department, Service Planning Division, Taiwan Star Telecom Corporation LimitedSenior Marketing Manager, Kinpo GroupManager, Ego Technology Inc. Product Manager, Corel TW Corp.	Director, Baohwa Trust Co., Ltd.	-	-	-
Associate Vice President	Republic of China	Hui-Yi Peng	Female	2024.3.1	55,000 (Note 9)	0.14%	-	-	-	-	Bachelor's in Accounting and Financial and Economic Law, Chung Yuan Christian UniversitySupervisor, Baohwa Trust Co., Ltd.Manager, Data Communication Business Group, Changhwa Telecom Co., Ltd.Manager, Changhwa Telecom Co., Ltd.Senior Auditor, PwC TaiwanManager, Wenqing CPA Firm	-	-	-	-
Associate Vice President	Republic of China	Yang-Hsing Chiu	Male	2024.3.1	10,000 (Note 10)	0.02%	-	-	-	-	Master of Computer Science and Information Technology, National Taichung Institute of TechnologyEngineer, Data Communication Business Group, Changhwa Telecom Co., Ltd.Adjunct Lecturer, Department of Computer Science and Information Engineering, National Taichung University of Science and Technology	-	-	-	-

Note 1: President Chin-Fu Hung has reserved discretionary decision-making rights and has placed 118,500 shares under trust with Taishin International Bank as trust property in a dedicated trust account.
Note 2: Vice President Hsin-Fu Wang has reserved discretionary decision-making rights and has placed 15,000 shares under trust with Taishin International Bank as trust property in a dedicated trust account.
Note 3: Vice President Chien-Kang Tsai has reserved discretionary decision-making rights and has placed 15,250 shares under trust with Taishin International Bank as trust property in a dedicated trust account.
Note 4: Vice President Ya-Ju Wen has reserved discretionary decision-making rights and has placed 15,000 shares under trust with Taishin International Bank as trust property in a dedicated trust account.
Note 5: Chief Engineer Wen-Cheng Wang has reserved discretionary decision-making rights and has placed 13,000 shares under trust with Taishin International Bank as trust property in a dedicated trust account.
Note 6: Associate Vice President Ming-Yi Wu has reserved discretionary decision-making rights and has placed 26,000 shares under trust with Taishin International Bank as trust property in a dedicated trust account.
Note 7: Associate Vice President Chung-Yi Yang has reserved discretionary decision-making rights and has placed 17,760 shares under trust with Taishin International Bank as trust property in a dedicated trust account.
Note 8: Associate Vice President Yi-Ru Chen has reserved discretionary decision-making rights and has placed 31,000 shares under trust with Taishin International Bank as trust property in a dedicated trust account.
Note 9: Associate Vice President Hui-Yi Peng has reserved discretionary decision-making rights and has placed 14,000 shares under trust with Taishin International Bank as trust property in a dedicated trust account.
Note 10: Associate Vice President Yung-Hsing Chiu has reserved discretionary decision-making rights and has placed 16,000 shares under trust with Taishin International Bank as trust property in a dedicated trust account.

(III) If the Chairman and the President or equivalent position (highest manager) are the same person, spouses, or first-degree relatives, the reasons, reasonableness, necessity, and countermeasures should be explained: No such situation.

II. Remuneration paid to directors, supervisors, President, and Vice Presidents in the most recent year

(I) Remuneration to non-independent and independent directors

Title	Name	Director remuneration							Sum of A+B+C+D and as a percentage of net profit after tax	Remuneration received for concurrently serving as an employee							Sum of A+B+C+D+E+F+G and as a percentage of net profit after tax	Remuneration from invested other than subsidiaries or from the parent company
		Remuneration (A)		Severance and pension (B)		Directors' remuneration (C)		Business execution expenses (D)			Salary, bonuses, and special allowances (E)		Severance and pension (F)		Employees' remuneration (G)
		The Company	All companies in the financial statements	The Company	All companies in the financial statements	The Company	All companies in the financial statements	The Company	All companies in the financial statements	The Company	All companies in the financial statements	The Company	All companies in the financial statements	The Company	All companies in the financial statements	The Company	All companies in the financial statements		The Company	All companies in the financial statements
Chairman	Chunghwa Telecom Co., Ltd. Representative: Ming-Shih Chen	8,974	8,974	-	-	2,881	2,881	800	800	12,655	12,655	6,969	6,969	-	-	-	-	-	19,624	19,624
Director	Chunghwa Telecom Co., Ltd. Representative: Chin-Fu Hong
Director	Chunghwa Telecom Co., Ltd. Representative: Jung-Kuei Chen
Director	Hahn-Ming Lee
Independent Director	Wen-Nan Tsan
Independent Director	Shyb-Jye Chen
Independent Director	Chia-Ling Lee
1. Please describe the policy, system, rates and structure of remuneration to independent directors, and describe the relevance to the amount of remuneration based on factors such as duties, risks, and time: In accordance with the Company's "Standards for the Payment of Directors' Remuneration," a fixed monthly remuneration is provided regardless of the Company's operating profits or losses.2. Remuneration received by directors for services in the past year other than disclosed in the above table (e.g. for serving as a non-employee consultant of the parent company/companies/investees included in the consolidated financial statements): None.

Note 1: Members of the Company's Board of Directors include 1 director (non-corporate representative) and 3 independent directors, with the remaining members being representatives of the corporate shareholder, Chunghwa Telecom Co., Ltd. The names of all directors are listed individually, and the respective payment amounts are disclosed on an aggregated basis.
Note 2: Refers to the amount of directors' remuneration for 2025 approved for distribution by the Board of Directors in the most recent year. General directors' remuneration is received by the corporate shareholder, Chunghwa Telecom Co., Ltd., and does not constitute personal income. Natural person directors and independent directors do not participate in the distribution.
Note 3: Refers to the amounts received in 2025 by directors concurrently serving as employees (including concurrently serving as President, other managers, and employees), including salaries, position allowances, and various bonuses. No salary expenses were recognized in 2025 under IFRS 2 "Share-based Payment," including the granting of employee stock options, restricted employee shares, or participation in cash capital increases for share subscriptions.
Note 4: This refers to directors who concurrently serve as employees, including those concurrently serving as President, other managers, and employees, and who received employee remuneration in 2025. The amount of employee remuneration for 2025 allocated as approved by the Board of Directors for the most recent year shall be disclosed. The allocated amount reported is based on an estimated amount. Following the report to the shareholders' meeting in 2026, the calculation and payment shall be carried out in accordance with the relevant issuance regulations.
Note 5: The net profit after tax for the current year refers to the net profit after tax for the current year as stated in the 2025 parent company only financial statements.
Note 6: a. This column clearly states the amounts of remuneration received by directors of the Company from investee companies other than subsidiaries or from the parent company.
b. Remuneration refers to salary, remuneration (including employee, director, and supervisor remuneration), and business execution expenses and other related payments received by directors of the Company in their capacity as directors, supervisors, or managers of investee companies other than subsidiaries or of the parent company.
* The remuneration disclosed in this table differs from the concept of income under the Income Tax Act. Accordingly, this table is intended solely for information disclosure purposes and is not used for taxation purposes.

Remuneration scales

Range of remuneration to the Company's directors	Name of director
	Total remuneration for the first four items (A+B+C+D)		Total remuneration for the first seven items (A+B+C+D+E+F+G)
	The Company	All companies in the financial statements	The Company	All companies in the financial statements
Less than NT$1,000,000	Representative of Chunghwa Telecom Co., Ltd.: Chin-Fu Hung, Representative of Chunghwa Telecom Co., Ltd.: Jung-Kuei Chen, Hahn-Ming Lee	Representative of Chunghwa Telecom Co., Ltd.: Chin-Fu Hung, Representative of Chunghwa Telecom Co., Ltd.: Jung-Kuei Chen, Hahn-Ming Lee	Representative of Chunghwa Telecom Co., Ltd.: Jung-Kuei Chen, Hahn-Ming Lee	Representative of Chunghwa Telecom Co., Ltd.: Jung-Kuei Chen, Hahn-Ming Lee
NT$1,000,000 (inclusive) - NT$2,000,000 (exclusive)	Chia-Ling Lee, Shyh-Jye Chen, Wen-Nan Tsan	Chia-Ling Lee, Shyh-Jye Chen, Wen-Nan Tsan	Chia-Ling Lee, Shyh-Jye Chen, Wen-Nan Tsan	Chia-Ling Lee, Shyh-Jye Chen, Wen-Nan Tsan
NT$2,000,000 (inclusive) - NT$3,500,000 (exclusive)	None	None	None	None
NT$3,500,000 (inclusive) - NT$5,000,000 (exclusive)	None	None	None
NT$5,000,000 (inclusive) - NT$10,000,000 (exclusive)	Representative of Chunghwa Telecom Co., Ltd.: Ming-Shih Chen	Representative of Chunghwa Telecom Co., Ltd.: Ming-Shih Chen	Representative of Chunghwa Telecom Co., Ltd.: Chin-Fu Hung, Representative of Chunghwa Telecom Co., Ltd.: Ming-Shih Chen	Representative of Chunghwa Telecom Co., Ltd.: Chin-Fu Hung, Representative of Chunghwa Telecom Co., Ltd.: Ming-Shih Chen
NT$10,000,000 (inclusive) - NT$15,000,000 (exclusive)	None	None	None	None
NT$15,000,000 (inclusive) - NT$30,000,000 (exclusive)	None	None	None	None
NT$30,000,000 (inclusive) - NT$50,000,000 (exclusive)	None	None	None	None
NT$50,000,000 (inclusive) - NT$100,000,000 (exclusive)	None	None	None	None
NT$100,000,000 or more	None	None	None	None
Total	7 persons	7 persons	7 persons	7 persons

Note: The above directors' information is listed in order by position and by the number of strokes in their names, from fewer to more.
* The remuneration disclosed in this table differs from the concept of income under the Income Tax Act. Accordingly, this table is intended solely for information disclosure purposes and is not used for taxation purposes.

(II) Remuneration to President and Vice Presidents

Unit: thousands of NT$; %

Title	Name	Salary (A)		Severance and pension (B)		Bonuses and special allowances (C)		Amount of remuneration to employees (D)				Sum of A+B+C+D and as a percentage of net profit after tax (%)		Remuneration from investees other than subsidiaries or from the parent company
		The Company	All companies in the financial statements	The Company	All companies in the financial statements	The Company	All companies in the financial statements	The Company		All companies in the financial statements		The Company	All companies in the financial statements
								Cash amount	Share amount	Cash amount	Share amount
President	Chin-Fu Hung	10,736	10,736	-	-	11,833	11,833	2,305	-	2,305	-	24,874	24.874	None
Vice President	Hsin-Fu Wang
Vice President	Ya-Ju Wen
Vice President	Chien-Kang Tsai
Chief Engineer	Wen-Cheng Wang

Note 1: The names of the President, Vice President, and Chief Engineer are listed separately, and the amounts of each type of payment are disclosed on an aggregated basis.
Note 2: This refers to the salaries and position allowances of the President, Vice President, and Chief Engineer for 2025.
Note 3: This refers to various bonuses of the President, Vice President, and Chief Engineer for 2025. In 2025, the salary expenses recognized under IFRS 2 "Share-based Payment" amounted to NT$24,739, including employee stock options, restricted shares for employees, and participation in capital increases through share subscriptions.
Note 4: The above table sets forth the amounts of employee remuneration for 2025 allocated to the President, Vice Presidents, and Chief Engineer as approved by the Board of Directors for the most recent year. The allocated amount reported is based on an estimated amount. Following the report to the shareholders' meeting in 2026, the calculation and payment shall be carried out in accordance with the relevant issuance regulations.
Note 5: The net profit after tax for the current year refers to the net profit after tax for the current year as stated in the 2025 parent company only financial statements.
Note 6: The names are disclosed within the applicable remuneration range corresponding to the total amounts of remuneration paid by the Company to the President, Vice President, and Chief Engineer.
Note 7: a. This column clearly states the amounts of remuneration received by directors of the Company from investee companies other than subsidiaries or from the parent company.
b. Remuneration refers to salary, remuneration (including employee, director, and supervisor remuneration), and business execution expenses and other related payments received by directors of the Company in their capacity as directors, supervisors, or managers of investee companies other than subsidiaries or of the parent company.

Remuneration scales

Range of remuneration to the Company's president and vice presidents	Name of the president and vice presidents
	The Company	All companies in the financial statements
Less than NT$1,000,000	None	None
NT$1,000,000 (inclusive) - NT$2,000,000 (exclusive)	None	None
NT$2,000,000 (inclusive) - NT$3,500,000 (exclusive)	None	None
NT$3,500,000 (inclusive) - NT$5,000,000 (exclusive)	Wen-Cheng Wang, Hsin-Fu Wang, Ya-Ju Wen, Chien-Kang Tsai	Wen-Cheng Wang, Hsin-Fu Wang,Ya-Ju Wen, Chien-Kang Tsai
NT$5,000,000 (inclusive) - NT$10,000,000 (exclusive)	Chin-Fu Hung	Chin-Fu Hung
NT$10,000,000 (inclusive) - NT$15,000,000 (exclusive)	None	None
NT$15,000,000 (inclusive) - NT$30,000,000 (exclusive)	None	None
NT$30,000,000 (inclusive) - NT$50,000,000 (exclusive)	None	None
NT$50,000,000 (inclusive) - NT$100,000,000 (exclusive)	None	None
NT$100,000,000 or more	None	None
Total	5 persons	5 persons

Note: The above information has been arranged in order by the number of strokes in the names, from fewer to more.
* The remuneration disclosed in this table differs from the concept of income under the Income Tax Act. Accordingly, this table is intended solely for information disclosure purposes and is not used for taxation purposes.

(III) Names of managerial officers who distribute compensation to employees

December 31, 2025. Unit: NTD thousands %

	Title	Name	Share amount	Cash amount	Total	As a percentage of net profit
Managerial officer	President	Chin-Fu Hung	-	3,130	3,130	0.72%
	Vice President	Hsin-Fu Wang
	Vice President	Chien-Kang Tsai
	Vice President	Ya-Ju Wen
	Chief Engineer	Wen-Cheng Wang
	Associate Vice President (Note)	Feng-Peng Yu
	Associate Vice President	Ming-Yi Wu
	Associate Vice President	Chung-Yi Yang
	Associate Vice President	Yi-Ru Chen
	Associate Vice President	Hui-Yi Peng
	Associate Vice President	Yung-Hsing Chiu

Note: Mr. Feng-Peng Yu resigned on July 31, 2025.

(IV) Compare and explain the total remuneration paid by the Company and all companies included in the consolidated financial statements to the Company's directors, supervisors, President, and Vice Presidents in the most recent two years, in terms of their ratio to the net profit after tax of the individual or separate financial reports. Also, explain the policy, standards, and composition for remuneration, the procedure for determining remuneration, and the correlation with operational performance and future risks

Ratio of the total remuneration paid to directors, supervisors, the President, and Vice Presidents to the net profit after tax in the parent company only financial statements for the most recent two years:

Title	2024 Total remuneration as a percentage of the net income after tax (%)		2025 Total remuneration as a percentage of the net income after tax (%)
	The Company	All companies in the financial statements	The Company	All companies in the financial statements
Director	4.59	4.59	4.49	4.49
Supervisors	0.08	0.08	0	0
President and vice presidents	6.32	6.32	5.69	5.69

Policies, standards, and structure of remuneration, procedures for determining remuneration, and their relationship with operating performance and future risks:

(1) Policies, standards, and structure of remuneration: Directors' remuneration of the Company is distributed based on Board of Directors resolutions and in accordance with the provisions of the Articles of Incorporation for annual earnings distribution; however, independent directors and individual directors do not participate in the distribution of annual directors' remuneration from earnings, and the fixed part-time remuneration of independent directors and individual directors has taken into account the Company's operating objectives, financial condition, and directors' responsibilities. Remuneration for managers, including the President and Vice Presidents, comprises salaries, bonuses, and employee

remuneration, and is determined based on their positions, responsibilities, and contributions to the Company, with reference to industry standards. The procedures for determining remuneration are also established in accordance with the Articles of Incorporation and the authorization hierarchy.

(2) Procedures for determining remuneration: The remuneration of directors and managers shall be regularly evaluated and determined by the Company's Compensation and Nomination Committee in accordance with relevant regulations, and shall be implemented after being submitted to and approved by the Board of Directors.

(3) Relationship with operating performance: The remuneration paid by the Company to directors, the President, and Vice Presidents has taken into consideration the operational risks the Company may face in the future and its positive correlation with operating performance. It is linked to key performance indicators such as "overall performance" (e.g., achievement rates of revenue, profit before tax, and net profit after tax), "unit performance" (e.g., sales targets and project achievement rates), and "individual performance" (e.g., individual KPI achievement rates). Other special contributions (e.g., implementation results of ESG sustainable development, GHG inventory verification, and emission reduction measures) or significant adverse events are also taken into account and included as evaluation criteria for performance assessment and remuneration determination.

(4) Policy on linking remuneration of senior managers with ESG-related performance evaluation: The remuneration of the Company's senior managers is reviewed by the Compensation and Nomination Committee in accordance with relevant regulations and submitted to the Board of Directors for approval. The Company conducts an annual review of the policies, systems, standards, and structure of managers' remuneration, and includes the implementation results of ESG sustainable development as a key evaluation criterion for the remuneration of senior managers.

In the annual performance evaluation, ESG evaluation indicators such as the promotion of sustainable development, corporate social responsibility, and ethical corporate management are included in the assessment of senior managers, with a designated weighting assigned. Relevant senior managers are required to implement specific actions in accordance with their responsibilities, and performance bonuses and employee remuneration are granted in alignment with the Company's overall profitability and individual performance. Accordingly, the remuneration of senior managers has a substantive linkage with ESG implementation outcomes.

(5) Relationship with future risks: The Company has established a Compensation and Nomination Committee to assist the Board of Directors in determining the remuneration of directors and managers and the Company's remuneration policies. In accordance with the provisions of the Articles of Incorporation and the operations of the Compensation and Nomination Committee and the Board of Directors, the Company reviews the remuneration of directors and managers based on their level of participation in operations and their contributions, and seeks to minimize the likelihood and relevance of future risks, in order to achieve a balance between sustainable operation and risk management.

III. Corporate Governance

(I) Operation of the Board of Directors

Information on the operation of the board of directors:

In the most recent year, the Board of Directors convened 7 meetings (A), and the attendance of directors and supervisors is as follows:

| Title | Name | Number of attendance in person (B) | Attendance by proxy | Actual attendance rate
[B/A] (%) | Remarks |
| --- | --- | --- | --- | --- | --- |
| Chairman | Representative of Chunghwa Telecom Co., Ltd.: Ming-Shih Chen | 7 | 0 | 100 | |
| Director | Representative of Chunghwa Telecom Co., Ltd.: Chin-Fu Hung | 7 | 0 | 100 | |
| Director | Representative of Chunghwa Telecom Co., Ltd.: Jung-Kuei Chen | 7 | 0 | 100 | |
| Director | Hahn-Ming Lee | 6 | 1 | 86 | |
| Independent Director | Wen-Nan Tsan | 7 | 0 | 100 | |
| Independent Director | Shyh-Jye Chen | 7 | 0 | 100 | |
| Independent Director | Chia-Ling Lee | 7 | 0 | 100 | |
| Additional information to be recorded:
I. In any of the circumstances below, state the date, session, proposals, opinions of all independent directors, and the Company's response to the said opinions in respect of a meeting of the Board of Directors:
(I) Matters listed under Article 14-3 of the Securities and Exchange Act:
The Company elected independent directors and established an Audit Committee at the extraordinary shareholders' meeting held on October 22, 2024. Accordingly, Article 14-3 of the Securities and Exchange Act does not apply. For matters specified in Article 14-5 of the Securities and Exchange Act, please refer to the operation of the Audit Committee.
(II) Any matters, other than those mentioned above, resolved by the Board of Directors with a dissenting or qualified opinion made by any independent Board of Directors as recorded or documented: None.
II. In the event of directors' recusal from proposals, state the name of the director, the proposal involved, the reason for recusal, and the participation in voting: | | | | | |
| Date | Name of director | Description of proposal | Reason for recusal | Participation in voting |
| --- | --- | --- | --- | --- |
| 2025/02/21
3rd term
12th meeting | Ming-Shih Chen
Chairman | Special allocation units of variable remuneration for the Chairman | Has a conflict of interest | Chairman Ming-Shih Chen recused himself from the discussion and voting due to a conflict of interest. The remaining attending directors reviewed the proposed allocation units for the Chairman's special variable remuneration as approved at the sixth meeting of the third Compensation Committee and passed the proposal without objection. |
| 2025/03/26
3rd term
13th meeting | Ming-Shih Chen
Chairman | Amendment to the “Standards for Directors’ Remuneration and Salaries Distribution Procedures” | Has a conflict of interest | Chairman Ming-Shih Chen recused himself from the discussion and voting due to a conflict of interest, and the proposal was approved with the consent of the remaining attending directors. |
| 2025/05/05
3rd term
14th meeting | Chairman Ming-Shih Chen
Director Chin-Fu Hung
Director Jung-Kuei Chen | One right-of-use asset for operational use was obtained from the parent company. | Has a conflict of interest | Chairman Ming-Shih Chen, Directors Chin-Fu Hung and Jung-Kuei Chen recused themselves from the discussion and voting due to a conflict of interest, and the proposal was approved with the consent of the remaining attending directors. |
| | Ming-Shih Chen
Chairman | Special remuneration for the Chairman in 2024 | Has a conflict of interest | Chairman Ming-Shih Chen recused himself from the discussion and voting due to a conflict of interest, and the proposal was approved with the consent of the remaining attending directors. |
| | Chin-Fu Hung
Director | Performance bonus for the President in 2024 | Has a conflict of interest | Director Chin-Fu Hung recused himself from the discussion and voting due to a conflict of interest, and the proposal was approved with the consent of the remaining attending directors. |
| 2025/08/06
3rd term
16th meeting | Chairman Ming-Shih Chen
Director Chin-Fu Hung
Director Jung-Kuei Chen | Approval of directors’ and supervisors’ remuneration for 2024 | Has a conflict of interest | Chairman Ming-Shih Chen, Directors Chin-Fu Hung and Jung-Kuei Chen recused themselves from the discussion and voting due to a conflict of interest, and the proposal was approved with the consent of the remaining attending directors. |
| | Ming-Shih Chen
Chairman | Adjustment of the Chairman’s allowance | Has a conflict of interest | Chairman Ming-Shih Chen recused himself from the discussion and voting due to a conflict of interest, and the proposal was approved with the consent of the remaining attending directors. |
| 2025/12/17
3rd term
18th meeting | Chairman Ming-Shih Chen
Director Chin-Fu Hung
Director Jung-Kuei Chen | Three right-of-use asset for operational use was obtained from the parent company. | Has a conflict of interest | Chairman Ming-Shih Chen, Directors Chin-Fu Hung and Jung-Kuei Chen recused themselves from the discussion and voting due to a conflict of interest, and the proposal was approved with the consent of the remaining attending directors. |

III. Listed companies shall disclose information on the evaluation cycle and period, scope, methods, and evaluation items of the Board of Directors' self-evaluation (or peer evaluation), and complete Table 2(2) regarding the implementation status of the Board of Directors' evaluation.

IV. Objectives of enhancing the functions of the Board of Directors in the current year and the past year (such as setting up the Audit Committee and improving information transparency) and evaluation of implementation: The Company has formulated the "Rules of Procedure for Board of Directors Meetings" to establish a sound Board of Directors governance system and strengthen supervisory functions, and has disclosed the same on MOPS in accordance with regulations to ensure full information disclosure and safeguard shareholders' rights and interests.

In addition, the Company has appointed three independent directors, and all independent directors comprise the Audit Committee and the Compensation and Nomination Committee to implement the principles of corporate governance.

2.Implementation Status of the Board of Directors' Evaluation

Evaluation cycle	Evaluation period	Evaluation scope	Evaluation method	Evaluation content
Once a year	January 1, 2025, to December 31, 2025	Board of Directors	Board of Directors' Internal Self-evaluation
Board Member's Self-evaluation	A. Participation in the Company's operations
B. Improvement of the quality of the Board of Directors' decision making
C. Composition and structure of the Board of Directors
D. Election of directors and their continuing education
E. Internal control
F. Participation in ESG initiatives
		Individual board member	Board of Directors' Internal Self-evaluation
Board Member's Self-evaluation	A. Understanding of the Company's targets and tasks
B. Awareness of the duties of a director
C. Participation in the Company's operations
D. Management of internal relationships and communication
E. Professionalism and continuing education of directors
F. Internal control
		Functional Committees	Internal self-evaluation of functional committees	A. Participation in the Company's operations
B. Awareness of the duties of the functional committees
C. Improvement of the quality of the functional committees' decision making
D. Composition of functional committees and selection of members
E. Internal control
Conducted once every three years	January 1, 2025, to December 31, 2025	Board of Directors	Commissioned an external professional independent organization, Taiwan Investor Relations Institute
Assessment conducted through questionnaires and on-site inspections	A. Composition and professional development of the Board of Directors
B. Quality of the Board of Directors' decision making
C. Performance effectiveness of the Board of Directors
D. Internal control and risk management
E. Participation in corporate social responsibility of the Board of Directors

(II) Operation of the Audit Committee or the participation of supervisors in the operation of the Board of Directors

Operation of the Audit Committee:

The Audit Committee held 7 (A) meeting during the past year. Below is the attendance of independent directors:

Title	Name	Meetings actually attended (B)	Attendance by proxy	Actual attendance rate (%) (B./A)
Independent Director (Convener)	Chia-Ling Lee	7	0	100
Independent Director	Shyh-Jye Chen	7	0	100
Independent Director	Wen-Nan Tsan	7	0	100
Additional information to be recorded:
I. If the operations of the Audit Committee fall under any of the circumstances below, the date of the Audit Committee meeting, the session, the content of the proposal, any objection, reservation, or major suggestion made by independent directors, the results of resolutions by the Audit Committee, and the Company’s response to the committee’s opinions shall be specified.
(1) Matters listed under Article 14-5 of the Securities and Exchange Act:
Audit Committee Date/Session	Description of proposal			Resolution results of the Audit Committee
2025/2/17
1st term
2nd meeting	1. 2024 business report and financial statements.
2. 2024 earnings distribution.
3. 2024 Statement of Internal Control System.
4. Prior to the initial listing (or TPEX listing), it is proposed to conduct a public underwriting through a cash capital increase by issuing new shares, and to request all existing shareholders to waive their preemptive subscription rights to the cash capital increase.
5. Assessment Form for the Company’s Financial Reporting Preparation Capability.
6. Amendment to the “Procedures for Acquisition or Disposal of Assets.”
7. Establishment of the “Procedures for Sustainability Information Management” and amendment to the “Other Management Control Operations” under internal control.			Approved without objection by all attending committee members.
2025/3/26
1st term
3rd meeting	1. Summary financial forecast for Q2 to Q3 of 2025.
2. Additional service fees for the CPAs for 2025.
3. Amendment to the “Employee Remuneration Implementation Procedures.”
4. 2025 Owl investment plan.			Approved without objection by all attending committee members.
2025/4/29
1st term
4th meeting	1. Financial statements of Q1 2025.
2. One right-of-use asset for operational use was obtained from the parent company, submitted for discussion.
3. Amendment to the “Employee Remuneration Implementation Procedures” and "Salary Cycle".			Approved without objection by all attending committee members.
2025/6/22
1st term
5th meeting	1. Approval of the number of shares to be issued, the tentative price range, and the use and benefits of the pre-listing cash capital increase.
2. Allocation of new shares issued in the pre-listing cash capital increase to non-managers.			Approved without objection by all attending committee members.
2025/8/4
1st term
6th meeting	1. Financial statements of Q2 2025.
2. Allocation ratio of employee remuneration for entry-level employees for 2024.			Approved without objection by all attending committee members.
2025/10/29
1st term
7th meeting	1. Financial statements of Q3 2025.
2. Proposed authorization for the management department to execute investments in short-term notes and sustainability bonds within a specified period and amount.			Approved without objection by all attending committee members.
2025/12/17
1st term
8th meeting	1. 2026 audit plan.
2. Change of CPA and the assessment of CPA independence and competence, and the remuneration for the 2026 engagement.
3. Three right-of-use asset for operational use was obtained from the parent company.			Approved without objection by all attending committee members.

(II) Any matters, other than those mentioned above, not approved by the Audit Committee but approved by more than two-thirds of all directors: None.
II. Any circumstance where, in the event of any independent director's recusal from a motion involving conflict of interest, the independent director, the motion, the reason for recusal, and the participation in voting shall be stated: None.
III. Communication between independent directors and internal/external CPAs (on the Company's financial and business affairs, methods, and results). Communication between independent directors and the CPA (closed-door meeting):

Date	Attendees	Communication matter
2025/2/17
1st term
2nd meeting	Independent Director Chia-Ling Lee
Independent Director Shyh-Jye Chen
Independent Director Wen-Nan Tsan
CPA Yih-Shin Kao	2024 Financial Statements	All attending independent directors had no comments.
2025/10/29
1st term
7th meeting	Independent Director Chia-Ling Lee
Independent Director Shyh-Jye Chen
Independent Director Wen-Nan Tsan
CPA Yih-Shin Kao	Review of financial statements	All attending independent directors had no comments.

Communication between independent directors and the head of internal audit (closed-door meeting):

Date	Attendees	Communication matter
2025/4/29
1st term
4th meeting	Independent Director Chia-Ling Lee
Independent Director Shyh-Jye Chen
Independent Director Wen-Nan Tsan
Chief Auditor Chi-Ming Huang	Internal Audit Report	All attending independent directors had no comments.
2025/8/4
1st term
6th meeting	Independent Director Chia-Ling Lee
Independent Director Shyh-Jye Chen
Independent Director Wen-Nan Tsan	Internal Audit Report	All attending independent directors had no comments.

		Chief Auditor Chi-Ming Huang
	2025/10/29
1st term
7th meeting	Independent Director Chia-Ling Lee
Independent Director Shyh-Jye Chen
Independent Director Wen-Nan Tsan
Chief Auditor Chi-Ming Huang	Internal Audit Report	All attending independent directors had no comments.

IV. The Company has established an Audit Committee in accordance with Article 14-4 of the Securities and Exchange Act, which is composed of all independent directors. The main areas of focus of its annual work are as follows:

(I) Formulating or amending the internal control system in accordance with Article 14-1 of the Securities and Exchange Act.
(II) Evaluation of the effectiveness of the internal control system.
(III) Stipulating or amending the procedures for the acquisition and disposal of assets, trading of derivative instruments, lending of funds, and making endorsements or guarantees for others in accordance with Article 36-1 of the Securities and Exchange Act and other material financial business activities.
(IV) Matters involving conflicts of interest of directors.
(V) Material asset or derivative transactions.
(VI) Material loans of funds, endorsements, or provision of guarantees.
(VII) Public offering, issuance, or private placement of equity-type securities.
(VIII) Appointment, removal, or remuneration of CPAs.
(IX) Appointment and dismissal of financial accounting or internal audit managers.
(X) Annual financial statements and financial statements for Q1 to Q3 signed or sealed by the Chairman, managers, and the Chief Accounting Officer.
(XI) Other material matters as required by the Company or the competent authority.

(III) Implementation of corporate governance and deviations from the Corporate Governance Best Practice Principles for TWSE/TPEx Listed Companies and reason for such deviation

Evaluation item	Implementation			Deviation from the Corporate Governance Best Practice Principles for TWSE/TPEx Listed Companies and reason for such deviation
		Yes	No	Summary
I.	Has the Company formulated and disclosed Corporate Governance Best Practice Principles in accordance with the Corporate Governance Best Practice Principles for TWSE/TPEx Listed Companies?	V		The Company has established the "Corporate Governance Best Practice Principles" and disclosed them on the Company's website and MOPIL.	No differences
II.	The Company's shareholding structure and shareholders' equity
(1)	Has the Company formulated any internal operating procedures for handling shareholders' suggestions, doubts, disputes and lawsuits and complied with such procedures?	V		The Company has established relevant provisions in its "Corporate Governance Best Practice Principles" and "Rules of Procedure for Shareholders' Meetings," and has appointed a spokesperson and an acting spokesperson in accordance with regulations to handle shareholders' suggestions, inquiries, disputes, or litigation matters.	No differences
(2)	Does the Company have a list of the major shareholders with ultimate control over the Company and a list of the ultimate controllers of the major shareholders?	V		Based on the shareholder register regularly provided by the stock affairs agent, the Company monitors the shareholdings of major shareholders, maintains good communication and interaction with them, and thereby identifies their ultimate controlling parties.	No differences
(3)	Has the Company set up and implemented risk control and firewall mechanisms between the Company and its affiliates?	V		1. The Company's internal control covers enterprise-level risk management and operational-level activities, and has established the "Procedures for Management of Investments in Other Entities" to implement risk control mechanisms over investor companies.	No differences
				2. The Company's Board of Directors has approved the "Regulations Governing Financial and Business Transactions Between Related Parties" to regulate matters such as purchase and sales transactions, acquisition and disposal of assets, endorsements and guarantees, and lending of funds among related parties.
				3. The Company's Board of Directors has approved the "Guidelines for Investment Operations," which cover the evaluation and review of investments, contract execution, closing, post-investment management, exit mechanisms, and disposal.
(4)	Has the Company formulated any internal codes to prohibit insiders from buying and selling securities using information undisclosed on the market?	V		The Company has established the "Procedures for Prevention of Insider Trading" to prohibit insiders from trading securities using non-public information available in the market.	No differences
III.	Composition and responsibilities of the Board of Directors
(1)	Has the Board of Directors established a diversity policy, specific management objectives, and implemented them effectively?	V		Details of the Company's Board diversity policy, specific management objectives, and implementation are provided in this annual report under "Two. Corporate Governance Report, I. Information on Directors, President, Vice Presidents, Associate Vice President, and Heads of Divisions and Branches (I) Information on Directors 4. Board Diversity and Independence."	No differences
(2)	Has the Company proactively set up other functional committees in addition to the compensation committee and the audit committee established by law?	V		The Company has established various functional committees, including the Nomination Committee (merged into the original Compensation Committee) and the Sustainability Committee. To further enhance corporate governance quality and support operational development, the Company will continue to evaluate the possibility of establishing additional functional committees in the future.	No differences
(3)	Does the Company have any defined measures and methods for evaluating the performance of the Board of Directors, appraise performance regularly every year, and report the results to the Board of Directors, as a reference for remuneration payable to individual directors and nomination for reappointment?	V		The Company has established the "Regulations Governing the Board Performance Evaluation" and its evaluation methods, conducts an internal performance evaluation of the Board of Directors once a year, and shall conduct an evaluation at least once every three years by an external professional independent institution or a team of external experts and scholars. The results of the performance evaluation will serve as a reference for the nomination of directors and the determination of directors' remuneration.	No differences
(4)	Does the Company assess the independence of CPAs regularly?	V		The Company's "Corporate Governance Best Practice Principles" stipulate that, at least once a year, the independence and competence of the appointed CPA shall be evaluated with reference to Audit Quality Indicators (AQIs). The evaluation of the independence and competence of the CPA for the 2026 engagement was approved by the Audit Committee on December 17, 2025, and was subsequently submitted to and approved by the Board of Directors on December 17, 2025.	No differences
				The evaluation mechanisms are as follows:1. Confirm that the Company's CPA is not a related party to the Company or its directors.2. Rotation of the CPA is conducted in compliance with the Corporate Governance Best Practice Principles.3. Independence statements issued by the CPA are obtained on a regular basis.4. Obtain information on 13 AQIs provided by the CPA firm and evaluate the audit quality of the CPA firm and the audit engagement team in accordance with the "Guidelines for Audit Committees on Interpreting Audit Quality Indicators (AQIs)" issued by the competent authority. The evaluation results are as follows:1. The independence between the CPA and the Company complies with the Certified Public Accountant Act and the Code of Professional Ethics for CPAs, and an independence statement issued by the CPA has been obtained.2. The Company has not appointed the same CPA for audit engagement for five consecutive years.3. The Company has obtained AQI indicators provided by the CPA firm and evaluated them in accordance with the "Guidelines for Interpreting Audit Quality Indicators (AQIs)" issued by the competent authority. The CPA and the audit engagement team possess sufficient experience and training, and the audit input and workload are appropriate. The

Evaluation item	Implementation	Deviation from the Corporate Governance Best Practice Principles for TWSE/TPEx Listed Companies and reason for such deviation
Yes	No	Summary

IV.	Has the Company has appointed an appropriate number of competent corporate governance personnel and designated a corporate governance officer to be responsible for corporate governance affairs (including but not limited to providing directors and supervisors with the materials required for the performance of their duties, assisting directors and supervisors with compliance, handling matters related to board meetings and shareholders' meetings, and preparing minutes of board meetings and shareholders' meetings)?	V
Serial No.	Training institution	Course title
Start	End
1	Taiwan Investor Relations Institute	Corporate Governance and Securities Laws and Regulations
2	Taiwan Investor Relations Institute	JR Globalization: Media Strategies and New Opportunities in Journalism
3	Accounting Research and Development Foundation	Preparation of Sustainability Reports and Analysis of Related Internal Controls
4	Securities & Futures Institute	Directors, Supervisors, and Corporate Governance Officers Series Course - AI Development Applications and Emerging Legal Issues
5	Securities & Futures Institute	2025 Legal Compliance Seminar on Insider Equity Transactions
V.	Has the Company has established communication channels with stakeholders (including but not limited to shareholders, employees, clients, and suppliers) and set up a section dedicated to stakeholders on the Company's website to properly respond to stakeholders' major CSR issues of concern?	V
The Company has appointed a professional stock affairs agent, "Taishin Securities Co., Ltd.," to handle shareholders' meeting affairs.	No differences
The Company has established an Investor Relations section on its website to disclose financial, business, and corporate governance information, and has linked it to MOPS for shareholders and the general public to access relevant information. The Company has established a spokesperson system to handle related matters and has designated personnel responsible for the collection and disclosure of corporate information. Materials from investor conferences are uploaded to the Company's website and MOPS in accordance with regulations.	No differences
VI.	Has the Company appointed a professional stock affairs agency to handle affairs related to shareholders' meetings?	V
VII.	Information disclosure	V
(1)	Has the Company set up a website to disclose information on financial operations and corporate governance?	V
(2)	Has the Company adopted other methods to disclose information (such as setting up an English website, designating personnel to collect and disclose company information, implementing a spokesperson system, or placing the proceedings of investor conferences on the Company website)?	V

Evaluation item	Implementation			Deviation from the Corporate Governance Best Practice Principles for TWSE/TPEx Listed Companies and reason for such deviation
		Yes	No	Summary
(3)	Does the Company announce and report the annual financial statements within two months after the end of each fiscal year, and announce and report Q1, Q2 and Q3 financial statements and monthly operations earlier than the specified deadline?	V		The Company announces and reports its annual financial statements within two months after the end of the fiscal year, and also announces and files its Q2 financial statements and monthly operating results in advance before the prescribed deadlines.	No differences
VIII.	Does the Company have other important information that facilitates the understanding of the operations of corporate governance (including but not limited to employee rights, employee care, investor relations, supplier relations, stakeholders' rights, directors' continuing education, the implementation of risk management policies and risk measurement standards, the implementation of customer policies, and the Company's purchase of liability insurance for directors and supervisors)?	V		1. Employee rights and employee care: The Company has always regarded the protection of employee rights and harmonious labor-management relations as one of its core operating philosophies. It has established various welfare policies and formed a welfare committee composed of employees. For details on employee rights, please refer to this annual report: Four. Operating overview - Labor-management relations.2. Investor relations: The Company has designated personnel responsible for promptly announcing information on financial, business, and changes in insider shareholdings on MOPS in accordance with relevant regulations.3. Supplier relations: The Company places great importance on the sound development of supplier management and cooperative relationships. It has established supplier management procedures to institutionally supply evaluation processes and conducts regular supplier assessments as an important reference for subsequent cooperation, thereby maintaining effective supply chain operations and overall corporate governance quality.4. Rights of stakeholders: The Company has established corresponding communication and response mechanisms for different stakeholders based on their topics of concern, and discloses the topics of concern, communication channels, and annual communication performance for each category of stakeholders, including shareholders and investors, government agencies, employees, suppliers, and customers, in the Stakeholder Section of its official website, to ensure transparency of information disclosure and maintain effective communication and interaction.5. Continuing education of directors: On December 23, 2026, the Company arranged for a lecturer from the Taiwan Investor Relations Institute to conduct a course titled "Practical Analysis of Insider Trading/Equity Reporting" at the Company, and subsequently assisted directors in completing continuing education courses offered by relevant professional institutions. For details on continuing education, please refer to III, (VII), "1. Continuing Education of Directors Related to Corporate Governance in the Most Recent Year and up to the Publication Date of This Annual Report."6. Implementation of risk management policies and risk measurement standards: The Company has established various internal regulations and internal control systems in accordance with laws and regulations, conducts various risk management and assessments, and the internal audit unit performs regular and ad hoc audits to evaluate the implementation of internal control systems.7. Implementation of customer policies: The Company maintains good relationships with customers, strictly complies with contracts entered into with customers, ensures the protection of customers' rights and interests, and provides high-quality services.8. Status of directors' liability insurance: The Company has purchased liability insurance for directors, supervisors, and managers from Nan Shan General Insurance Co., Ltd., regularly evaluates the coverage amount, and reports the status of directors' liability insurance to the Board of Directors.	No differences
IX. Please explain the improvements made based on the most recent corporate governance evaluation results published by the Corporate Governance Center of the Taiwan Stock Exchange Corporation, and for those not yet improved, propose priority improvement items and measures (companies not included in the evaluation are not required to fill in): Not evaluated, therefore not applicable.

(IV) If the Company has established a Compensation Committee or a Nomination Committee, it shall disclose their composition and operation status

1.Information on members of the Compensation Committee

Criteria Name Identity		Professional qualifications and experience	Independence	Number of other public companies where the individual serves as a member of the compensation committee concurrently
Independent Director (Convener)	Wen-Nan Tsan	Please refer to Section II.1.(I) 3. Disclosure of information on the professional qualifications of directors and supervisors and the independence of independent directors	3
Independent Director	Shyh-Jye Chen			1
Independent Director	Chia-Ling Lee			1

2.Information on the operation of the Compensation Committee

(1)The Compensation Committee consists of three members.
(2)Term of office of the current committee: December 22, 2024 to December 21, 2026. In the most recent year, the Compensation Committee convened 5 meetings (A), and the qualifications and attendance of the committee members are as follows:

Title	Name	Meetings actually attended (B)	Attendance by proxy	Actual attendance rate (%) (B/A)	Remarks
Convener	Wen-Nan Tsan	5	0	100%	Assumed office on July 10, 2024
Committee member	Shyh-Jye Chen	5	0	100%	Assumed office on July 10, 2024
Committee member	Chia-Ling Lee	5	0	100%	Assumed office on July 10, 2024
Additional information to be recorded: 1. If the Board of Directors did not adopt or amend the Compensation Committee's suggestions, the date of the board meeting, the session, the content of the motion, the results of the resolutions by the Board of Directors, and the Company's response to said opinions shall be specified (if the remuneration approved by the Board of Directors is better than the Compensation Committee's suggestions, the difference and the reasons therefor shall be specified): None. 2. In the event of any dissenting or qualified opinion of any member on motions resolved by the Compensation Committee as recorded or documented, state the date, session, motion, opinions of all members, and response to the said opinions in respect of a meeting of the Compensation Committee: None.

3.Duties of the Compensation Committee

The Committee shall faithfully perform the following duties with the due care of a good administrator and submit its recommendations to the Board of Directors for discussion:

I. Formulating and regularly reviewing the performance evaluation criteria, annual and long-term performance objectives, and remuneration policies, systems, standards, and structure for the Company's directors and managers, and disclosing the content of the performance evaluation criteria in the annual report.
II. Periodically evaluating and determining the achievement of performance objectives for directors and managers, and, based on the evaluation results derived from the performance evaluation criteria, determining the content and amounts of their individual remuneration.

(V) Implementation of sustainable development and deviation from the Sustainable Development Best Practice Principles for TWSE/TPEx listed Companies and the reasons therefor

Promotion items	Implementation			Deviation from the Sustainable Development Best Practice Principles for TWSE/listed Companies and reason for such deviation
	Yes	No	Summary
I. Has the Company established a governance structure for the promotion of sustainable development and set up a dedicated (or concurrent) department to promote sustainable development that is implemented by the senior management as authorized by the Board of Directors, and how is it supervised by the Board of Directors? (Listed companies shall complete the disclosure of implementation status and are not required to provide “comply or explain.”)	V		The Company has established the "Sustainable Development Best Practice Principles" and the "Procedures for Sustainable Information Management," which have been approved by the Board of Directors to strengthen the governance foundation for sustainable development. Implementation: The "Sustainable Development Promotion Committee" was established in 2025, with the President serving as the convener, and three Vice Presidents respectively responsible for advancing environmental, social, and corporate governance aspects, conducting risk assessments, and formulating action plans. The Committee reports regularly to the Board of Directors each year to strengthen the implementation of sustainability objectives, policies, and strategies, as well as the Board's oversight mechanisms.	No differences
II. Does the Company conduct risk assessments in respect of environmental, social and corporate governance (ESG) issues related to the Company's operations based on the materiality principle, and set risk management policies or strategies? (Listed companies shall complete the disclosure of implementation status and are not required to provide “comply or explain.”)	V	I. Environmental risk issues(I) Climate risk assessment1. To ensure compliance with environmental regulations and international standards (such as ISO 14001), the Company actively conducts environmental risk assessments and formulates response strategies to reduce its impact on the ecological environment. Implementation status: ISO 14001 Environmental Management System certification and D&B ESG Sustainability Badge have been obtained.2. GHG inventory: Implementation of a GHG inventory mechanism to address climate change risks and enhance the Company's sustainability competitiveness. Implementation status: Completed the inventory and assurance of Scope 1, Scope 2, and Scope 3 GHG emissions for 2025.3. Setting carbon reduction targets: Based on the results of the GHG inventory, specific carbon reduction targets are set, and energy-saving and emission reduction measures are promoted to reduce the impact of operations on climate change. Implementation status: Carbon reduction targets are set with 2024 as the base year, aiming for a 5% reduction by 2030 and a 100% reduction by 2050.(II) Resource and efficiency management1. Resource efficiency management: Through electricity-saving records and energy conservation advocacy, reduce the risk of energy waste and improve energy use efficiency, and optimize and promote the electronic approval system to reduce paper usage and environmental pollution risks.2. Waste: Implement waste classification and recycling management to ensure lawful disposal and reduce environmental impact, implement the 5R principles of "Refuse, Reduce, Reuse, Repair, Recycle" and waste sorting, and continue to collaborate with qualified cleaning companies to enhance the quality of waste management. Implementation status: In 2025, waste generated per capita decreased by approximately 6.4% compared to the previous year.(III) Supply chain managementRequire suppliers to complete a supplier commitment letter to ensure compliance with the Company's policies and reduce compliance risks. Implementation status: In 2025, green procurement training was completed, green supply policies were communicated to suppliers, and commitment letters covering human rights policies and environmental sustainability standards were newly introduced.II. Social risk issues(I) Employee care and employee rights1. Human rights policy: The Company supports and voluntarily complies with internationally recognized human rights conventions, including the "Universal Declaration of Human Rights," the "United Nations Global Compact," the "United Nations Guiding Principles on Business and Human Rights," and the conventions of the ILO, and incorporates its human rights policy into daily operations and management processes for implementation. The Company is committed to respecting and safeguarding human rights and integrates human rights principles into its corporate culture and value chain. Based on the nature and characteristics of its operations, the Company adopts specific strategies and actions to ensure internal implementation and promote sustainable development. Through training for new employees and managerial education programs, it strengthens human rights awareness, continuously monitors risks related to equal treatment, non-discrimination, and the absence of forced labor in the workplace, and fosters a respectful and safe workplace culture.2. Talent training and development: The Company has established the "Procedures for Employee Training and Development," allocates an annual training budget, and provides diverse courses for new and existing employees, including management, professional competencies, and general education training. It also participates in international seminars and provides cloud-based learning resources and vendor training programs to strengthen employees' professional capabilities and career development. In addition, it evaluates the risks of talent attrition and skill gaps and continuously promotes training mechanisms to enhance employees' competencies and competitiveness.Implementation: (1) Objectives of the cybersecurity professional training program: Strengthen cybersecurity awareness and practicesApplicable to: All employeesTotal hours: 1,692 hoursNumber of participants: 376Program description: Employees will gain a comprehensive understanding of cybersecurity management, privacy protection, and information service management standards, and be able to implement and apply them in their daily work.(2) Objectives of the managerial competency training program: Enhance leadership capabilities, organizational development, and communication skills		No differences

Promotion items	Implementation										Deviation from the Sustainable Development Best Practice Principles for TWSE/listed Companies and reason for such deviation
	Yes	No	Summary
			Training participants: Middle and senior management and management trainees
Total hours: 648 hours
Program description: This program focuses on leadership communication capabilities and management thinking, integrates the enhancement of managerial capabilities and the cultivation of teamwork, and assists managers in effectively leading teams to achieve the Company's operating objectives.
(3) Objectives of workplace misconduct prevention training: Promote gender equality awareness and workplace safety, prevent discrimination, and emphasize human rights
Applicable to: All employees
Total hours: 285 hours
Program description: Through online courses, employees will gain an in-depth understanding of regulations related to the prevention of sexual harassment, workplace discrimination, and violence, and learn how to uphold respect and inclusiveness in the workplace to foster a friendly and safe working environment.
3. Employee benefits and retirement system: To motivate employees, retain outstanding talent, and promote harmonious labor-management relations, profit sharing, and sustainable operations, the Company has established various employee welfare and incentive measures. We regard employees as valuable assets of the Company, provide salary levels above the requirements of the Labor Standards Act and competitive remuneration, and offer diverse and comprehensive benefits and incentives, sharing the Company's operating performance with employees. Provide diverse welfare measures, including group insurance, annual health checkups, festival gifts, employee activities, departmental gatherings, an annual family day, and the establishment of an Employee Welfare Committee to handle related welfare matters, with the aim of creating a friendly workplace and enhancing employees' sense of belonging. Regarding the retirement system, the Company adopts the new system in accordance with the "Labor Pension Act," makes monthly contributions to employees' individual pension accounts, and has established the "Guidelines for Labor Retirement, Severance, and Compensation," which clearly stipulate retirement conditions, calculation standards, and application procedures, assisting employees in planning their retirement and safeguarding their retirement rights.
4. Health and safety management: The Company places great importance on the protection of employees' personal safety and working environment, and provides professional training for different categories of employees, including fire safety, emergency response, first aid, and general occupational safety and health education, to ensure that employers possess the necessary safety knowledge and response capabilities in various working environments. The total number of training participants in 2025 was 407. The workplace is equipped with basic fire safety equipment and clearly marked evacuation routes, and regular workplace safety inspections and fire safety awareness communications are conducted. Potential risk items are evaluated and improved accordingly. In addition, through measures such as annual health checkups and health seminars, the Company safeguards employees' physical and mental well-being and creates a safe and secure working environment. In addition, through measures such as annual health checkups and health seminars, the Company safeguards employees' physical and mental well-being and creates a safe and secure working environment.
(II) Workplace equality and diversity
The Company promotes workplace diversity, gender equality, and inclusion, and is committed to providing employees with a workplace that ensures dignity and safety, as well as diversity in employment, fairness in remuneration, and equal opportunities for promotion. Since 2022, the male-to-female ratio at different job levels is as follows:
Job Level	Year			2022		2023		2024		2025
	Female	Male	Total	Female	Male	Female	Male	Female	Male	Female	Total
1. Senior management	0%	100%	100%	0%	100%	100%	20%	80%	100%	20%	80%	100%
2. Mid-level managers	27%	73%	100%	33%	67%	100%	40%	60%	100%	40%	60%	100%
3. Entry-level managers	15%	85%	100%	15%	85%	100%	17%	83%	100%	15%	85%	100%
4. Regular employees	31%	69%	100%	30%	70%	100%	30%	70%	100%	29%	71%	100%
Total	30%	70%	100%	29%	71%	100%	29%	71%	100%	28%	72%	100%

The Company also strictly prohibits any discrimination, harassment, or unequal treatment based on factors such as race, gender, religion, age, or political affiliation, respects individual differences, and fosters a harmonious and inclusive workplace culture. At the same time, to ensure fair opportunities in the workplace for different genders and reduce operational risks arising from gender disparities, the Company actively welcomes diverse groups, including persons with disabilities and indigenous peoples, to join, thereby promoting diversity and inclusion and creating a diverse and friendly workplace environment.

(III) Cybersecurity public welfare and social participation

Continue to provide preferential "Porn Gatekeeper" programs for low-income households and rural areas, committed to narrowing the digital divide.
In collaboration with Chunghwa Telecom, assist senior citizens in enhancing digital literacy and cybersecurity awareness, and teach them to use the information verification service provided by the "CHT Security - Scam-Fighter" LINE chatbot to assess the

30
| Promotion items | Implementation | | | Deviation from the Sustainable Development Best Practice Principles for TWSE/listed Companies and reason for such deviation |
| --- | --- | --- | --- | --- |
| | Yes | No | Summary | |
| | | | credibility of messages in real time and identify fraudulent text messages.
3. Sponsor the Taiping Mountain “Walking in the Clouds” Charity Run in Yilan.
4. Proactively contacted 20 charitable organizations to offer free external attack surface management (EASM) SaaS service (HorusEyes) and, upon receiving responses, provided services based on their needs.
5. Provided 26 SME accounts with free social engineering simulation exercises to help enhance cybersecurity awareness.
6. To safeguard and promote employment for persons with disabilities, the Company continues to employ visually impaired massage therapists, not only providing stable employment opportunities for visually impaired individuals but also helping to protect the labor rights of persons with disabilities.

III. Corporate governance risk issues
(I) Ethical corporate management
1. Establish codes and operating procedures related to ethics and ethical corporate management to reduce operational risks and ensure compliant operations.
2. Education and training: Provide directors, employees, and entrusted persons with training on the Code of Ethical Conduct and ethical corporate management to reduce integrity-related operational risks; provide directors and managers with training on the prevention of insider trading to reduce regulatory violations and operational risks.
3. Establish a whistleblowing case handling mechanism to ensure effective responses to improper conduct and reduce non-compliance risks.

Implementation:
1. Annual training and assessments on ethical corporate management are conducted, with a completion rate of 100% in 2025.
2. Establish an anonymous reporting system to protect whistleblowers’ rights and prevent retaliatory actions.

(II) Responsibilities of the Board of Directors
1. Board composition: Ensure a diverse composition of Board members to enhance decision-making quality and reduce governance risks arising from gender imbalance.
2. Board composition: Ensure a diverse composition of Board members to enhance decision-making quality and reduce governance risks arising from gender imbalance.
3. Risk management mechanisms: Through risk assessments and internal oversight mechanisms, strengthen the Board of Directors’ understanding of operational risks, and establish sound internal control systems to ensure stable operations and reduce potential financial and compliance risks. In addition, the Company has purchased directors’ liability insurance to reduce potential legal and compensation risks that directors may face in the performance of their duties and to ensure the stable operation of the Board of Directors.

Implementation:
Report changes in insider shareholdings on a monthly basis; forward guidance documents issued by the competent authority on a quarterly basis; notify insiders each quarter of blackout periods during which trading is prohibited, and regularly review whether there are any instances of illegal trading, bribery, fraud, or corruption.

(III) Cybersecurity and privacy protection
The Company has implemented the ISO/IEC 27001 Cybersecurity Management System, ISO/IEC 27701 Privacy Information Management System, and ISO/IEC 20000 IT Service Management System. Through comprehensive cybersecurity and service management mechanisms, the Company ensures the confidentiality, integrity, and availability of its information assets, reduces the risks of data leakage, cyberattacks, and service disruptions, and strengthens personal data protection and regulatory compliance capabilities.

Implementation:
1. Establish SOC/MDR cybersecurity monitoring and anomaly reporting processes to proactively detect anomalies and respond and handle them at an early stage.
2. Conduct internal and external audits, business continuity exercises, personal data inventory, risk assessments, deletion of expired personal data, and personal data breach response drills.
3. Conduct cybersecurity education and training:
ISO27001 education and training:
Target audience: The whole company
Total number of participants: 376
Total course hours (including tests): 564
ISO27701 education and training:
Target audience: The whole company
Total number of participants: 376
Total course hours (including tests): 564
ISO20000 education and training:
Target audience: The whole company
Total number of participants: 376
Total course hours (including tests): 564 | |
| III. Environmental issues
(I) Has the Company established an appropriate environmental | V | | The Company has implemented and promoted the ISO 14001 Environmental Management System (certificate validity period from January | No differences |

Promotion items	Implementation			Deviation from the Sustainable Development Best Practice Principles for TWSE/listed Companies and reason for such deviation
	Yes	No	Summary
management system based on its industrial characteristics?			24, 2025 to January 24, 2028) to ensure that operational activities comply with environmental regulations and international standards. Through mechanisms such as identification of environmental aspects, regulatory compliance assessments, internal audits, and management reviews, the Company regularly reviews environmental management performance and continuously improves related measures. Considering the Company’s operating model, its environmental impact mainly arises from daily electricity consumption and resource use. The Company reduces the environmental burden of its operations through measures such as energy conservation advocacy (e.g., turning off lighting when leaving workstations), implementing resource recycling and classification, and promoting digital operations to reduce paper usage. It also selects data center resources with energy-saving and environmental management measures to reduce the environmental impact of indirect energy use (e.g., leasing Chunghwa Telecom IDC data centers, etc.). In the future, the Company will continue to promote objective management, education and training, and internal audit mechanisms in accordance with the ISO 14001 framework to ensure the effective operation of the environmental management system and contribute to sustainable corporate operations and environmental protection.
(2) Has the Company been committed to improving energy use efficiency and using renewable materials with lower environmental impact?	V		As an cybersecurity service provider, the Company does not engage in manufacturing operations and therefore has relatively limited use of renewable raw materials with lower environmental impact. Nevertheless, the Company remains committed to improving the efficiency of energy use, such as promoting digital operations to reduce paper consumption, implementing waste classification and recycling to achieve waste reduction, and controlling air conditioning temperatures.	No differences
(3) Has the Company assessed the potential risks and opportunities from climate change for its business now and in the future, and adopted relevant countermeasures?	V		The Company has established the “Sustainable Development Best Practice Principles” and has also implemented ISO 14001 to promote and raise awareness of the importance of environmental protection and to assess the potential impacts of climate change. It promotes energy-saving and carbon reduction measures such as turning off lights when leaving workstations and controlling air conditioning temperatures, as well as advocating proper waste classification. To achieve the objective of strengthening environmental protection.	No differences
(4) Does the company collect data for the past two years on greenhouse gas emissions, volume of water consumption, and the total weight of waste, and establish policies for greenhouse gas reduction, reduction of water consumption, or management of other wastes?	V		The Company primarily operates in an office-based model, with very low water consumption, which is assessed as not material to its operations; nevertheless, the Company still places importance on resource use efficiency and waste management. Since 2022, waste statistics have been incorporated into the GHG inventory process. Going forward, the Company will continue to establish relevant tracking mechanisms and gradually strengthen management standards. The Company has also implemented the ISO 14001 Environmental Management System and promotes measures such as office resource classification and air conditioning management. With waste reduction as an annual objective, it continuously reviews implementation performance and carries out improvements, steadily advancing toward sustainable operations.	In the future, actions will be carried out in accordance with laws and regulations as required by operations.
IV. Social issues
(1) Has the Company established related management policies and procedures in accordance with applicable laws and the International Bill of Human Rights?	V		The Company has established personnel management regulations in accordance with labor laws, the Act of Gender Equality in Employment, and related regulations to protect employees’ legal rights, make retirement contributions in accordance with the law, and ensure smooth labor-management communication channels. In addition, the Company’s employment policies follow the principle of equality, with no gender discrimination or other unequal treatment, and in accordance with internationally recognized human rights conventions, it has established an international human rights policy and related management mechanisms to implement the protection of human rights.	No differences
(2) Has the Company developed and implemented reasonable employee benefits measures (including compensation, leave of absence, and other benefits), and appropriately reflected operating performance or results in the employee's compensation?	V		The Company has established and implemented reasonable employee welfare measures, including remuneration, leave, and other benefits, and appropriately reflects operating performance in employee remuneration: 1. The Board of Directors has established a Compensation Committee to formulate and periodically review the policies, systems, standards, and structure for the performance evaluation and remuneration of directors and managers, and to regularly evaluate and determine the remuneration of directors and managers. 2. Performance evaluation: Use evaluation results as the basis for salary adjustments and the granting of bonuses and remuneration. 3. Bonus distribution: In addition to a basic 14 months of salary including monthly salary and year-end bonuses, there are various bonuses and remuneration linked to the Company’s operating performance and employee evaluations. 4. The Company provides leave benefits exceeding statutory requirements, such as granting proportional annual leave upon onboarding, providing 10 days of marriage leave, 2 days of fully paid ordinary sick leave, 7 days of half-paid family care leave, and an additional 1 day of birthday leave, fully demonstrating the Company’s emphasis on employee family care and workplace equality and implementing a high-quality and friendly working environment. 5. In addition to providing comprehensive onboarding training, the Company also encourages each department to arrange for employees to participate in external training courses based on job requirements to enhance professional competencies. In addition, the Company conducts internal training sessions on an occasional basis to ensure employees continuously enhance their skills and strengthen overall competitiveness. 6. Contribute employee welfare funds in accordance with regulations for the Welfare Committee to provide various employee subsidies (such as marriage, childbirth, and bereavement benefits), holiday allowances, birthday gifts, and various activities. 7. Other measures to enhance employee welfare: (1) Provide free annual health checkups (2) Hold annual appreciation banquets and employee family day events (3) Occasionally organize health promotion activities (4) Quarterly departmental gatherings (5) Two massage sessions from the visually impaired per month (6) On-site health consultation services once a month (7) Provide Employee Assistance Programs (EAPs) (8) Ample snack supply

Promotion items	Implementation			Deviation from the Sustainable Development Best Practice Principles for TWSE/listed Companies and reason for such deviation
	Yes	No	Summary
(3) Does the Company provide employees with a safe and healthy work environment and offer safety and health education to employees regularly?	V		(9) Employee group insurance(10) Group telecom and related device purchase discountsThe Company is committed to providing a safe and healthy work environment, ensuring workplace safety and employee well-being. To this end, the Company provides new employees with environmental safety training and occasionally conducts occupational safety training and fire safety education for current employees. In addition, the Company has established an Employee Assistance Program (EAP) to provide mental health support and related counseling services, safeguarding employees' physical and mental well-being. Regarding employee health management, the Company regularly conducts health check-ups and, to ensure the safety of office premises, performs inspections of fire and sanitary equipment in accordance with regulations to maintain workplace safety. To date, the Company has not experienced any occupational accidents or fire incidents.	No differences
(4) Has the Company offered effective career development training for employees?	V		The Company systematically promotes employee skill and competency development through its performance management system and annual training plans. Occasionally conduct internal training and provide subsidies to support employees in attending external courses, continuously enhancing professional skills, strengthening career development, and improving individual competitiveness.	No differences
(5) Does the Company comply with applicable laws and international standards with respect to customer health and safety, customer privacy, marketing, and labeling of products and services and implement consumer protection policies and complaint procedures?	V		The Company strictly complies with relevant regulations and international standards, and has established a "Personal Data Protection and Management Policy." It has implemented the ISO/IEC 27701 Privacy Information Management System to ensure that the collection, processing, and use of customer personal data are properly managed.To enhance customers' understanding of products and services, the Company provides detailed descriptions of each product and service on its official website. Customers can also make inquiries through the customer service hotline or e-mail, with dedicated staff responding to ensure transparency and timely feedback.In addition, the Company has a dedicated customer service department responsible for handling customer complaints and grievances, ensuring effective resolution of issues and service inquiries to enhance customer satisfaction. The Company has also established a stakeholder section on its official website to fully understand stakeholders' concerns and perspectives and respond appropriately, thereby creating a transparent and effective communication channel.	No differences
(6) Has the Company formulated a supplier management policy requiring suppliers to comply with applicable regulations on issues such as environmental protection, occupational safety and health, or labor rights, and how is it implemented?	V		The Company has established the "Supplier Management Procedures," requiring suppliers to comply with relevant regulations and the Company's policies regarding environmental protection, occupational safety and health, labor rights, ethical corporate management, cybersecurity, and personal data protection.New suppliers are required to sign the "Supplier Commitment Letter" when submitting qualification review documents, pledging to comply with the Company's Human Rights Policy, Environmental Management Policy, Ethical Corporate Management Best Practice Principles, and cybersecurity-related regulations.After receiving the documents, the Company conducts a document review process and excludes suppliers listed on the government e-procurement system's blacklist.The relevant policy contents are all disclosed on the Company's official website for suppliers to reference and comply with. Regarding cybersecurity management, the following types of suppliers are required to conduct a cybersecurity self-assessment:I. Suppliers and their partners that provide software and hardware product development, implementation, maintenance, or information services for the Company's information systems.II. Suppliers whose annual procurement amount accounts for 2% or more of the Company's total annual procurement.III. Suppliers collaborating with the Company's Cybersecurity Department.Based on the self-assessment results, the Company will, as appropriate, implement follow-up improvements or strengthen management measures to mitigate cybersecurity risks from the supply chain.	No differences
V. Has the Company prepared its sustainability report or other reports disclosing non-financial information by referring to international standards or guidance for preparing reports? Has the Company obtained third-party assurance or certification for the reports above?	V		The Company plans to prepare sustainability reports and other reports disclosing non-financial information for the year 2025. The aforementioned reports are expected to obtain assurance from a third-party verification body.	No differences
VI. If the Company has formulated its own Sustainable Development Best Practice Principles in accordance with the "Sustainable Development Best Practice Principles for TWSE/TPEX Listed Companies," state any deviation from the established principles: The Company has established the "Sustainable Development Best Practice Principles," which will serve as the basis for promoting sustainable development. There are no material differences from the principles.
1 · Other important information that helps understand the implementation of sustainability initiatives:(1) In 2025, the Company continued to maintain the validity of ISO 14001 Environmental Management System certification, strengthened environmental management mechanisms, and implemented and promoted the importance of environmental protection as well as the assessment of potential impacts of climate change.(2) The Company is gradually replacing leased company vehicles with hybrid cars to promote energy conservation and carbon reduction.(3) In 2025, the Company actively promoted public awareness of the enterprise and proactively participated in the following activities:• Ministry of Education Cybersecurity Incubation Program• Advanced Cybersecurity Summer School (AIS3) Industry Supply Chain Networking Conference, continuously assisting in the joint cultivation of Taiwan's cybersecurity talent and conducting recruitment activities to attract more outstanding students to join the team.• Completed the 5th GICS - Girls in CyberSecurity Event.• Completed 16 presentations, including the Hack the Tainan Red Team vs. Blue Team Cybersecurity Offensive and Defensive Competition.• Completed 17 events, including the HITCON CMT sponsor booth.(4) The Company integrates cybersecurity risk management into corporate governance and sustainability strategies to ensure the security of customer data and business operations. These efforts have been recognized by international authorities, with the Company receiving the Frost & Sullivan Taiwan Cybersecurity Services Company of the Year Award and the Best Cybersecurity Company Award of the Cybersecurity Excellence Awards. This demonstrates the Company's leadership in the field of cybersecurity and reflects its commitment to sound governance and sustainable development, working together with customers to create a secure and sustainable digital future.

Climate-related information of TWSE/TPEx Listed Companies

Item	Implementation
1. Implementation status of climate-related information
(1) State the Directors' and management's supervision and governance of climate-related risks and opportunities.	The Company has established the "Sustainable Development Best Practice Principles" and the "Sustainability Information Management Procedures," which are approved and overseen by the Board of Directors. Since 2022, the Company has conducted annual GHG inventories, planned progress, and reported to the Board.
(2) State how the identified climate risks and opportunities impact the Company's operations, strategy and finance (in the short, medium and long term).	The Company continuously adjusts its business, strategies, and financial planning in response to climate-related risks and opportunities.Short-term: Business operations may be affected by extreme weather events (such as typhoons or floods), leading to power outages, network disruptions, or employees being unable to go out to serve customers, which could impact service stability and customer satisfaction.Mid-term: As customer demands for sustainability increase, the Company needs to strengthen the sustainability of its services and the stability of cybersecurity to enhance competitive advantage and meet customer requirements.Long-term: Gradual adjustments in climate-related regulations and updates to international standards may create compliance management requirements. The Company will continue to monitor these developments and adjust strategies as needed to align with market trends and customer expectations.
(3) State the financial impact of extreme climate events and transition actions.	Extreme weather events: Extreme weather, such as typhoons and floods, may cause power outages, network disruptions, or employee absenteeism, affecting the stability of business operations and potentially incurring emergency response or operational adjustment costs.Transition actions: Global emphasis on sustainability and changes in market demand may affect the Company's adjustments in technology applications, service offerings, and market strategies, potentially leading to financial costs and fluctuations in revenue.
(4) State how climate the risk identification, assessment and management process is integrated into the overall risk management system.	The Company regularly identifies potential risk events related to environmental, social, and governance (ESG) issues, assesses the likelihood and impact of each risk event, and develops appropriate risk responses and controls, formulating action plans to ensure their implementation.
(5) If scenario analysis is used to assess resilience to climate change risks, state the scenarios used, and their parameters, assumptions, analysis factors and main financial impact.	The Company currently assesses climate change risk resilience by referring to commonly used industry scenario analysis methods, considering the potential impacts of extreme weather events (such as typhoons and floods) on business operations, service stability, and customer demand. The assumed analysis factors include service disruption risk, emergency response capability, and changes in market demand, with continuous review of potential financial impacts to ensure the Company has the capacity to adapt and respond.
(6)If there is a transition plan to manage climate-related risks, state the content of the plan, and the indicators and targets used to identify and manage physical and transition risks.	The Company operates in the information services sector and currently does not have any major climate risk transition plans. However, to mitigate potential climate risk impacts, the Company continuously promotes energy-saving measures to meet sustainability requirements and reduce environmental impact risks.
(7) If internal carbon pricing is used as a planning tool, state the basis for pricing.	The Company has not yet adopted internal carbon pricing as a planning tool.
(8) If there are climate-related targets, state the activities covered, the scope of greenhouse gas emissions, the schedule, and annual progress; if carbon offsets or renewable energy certificates (RECs) are used to achieve such targets, state the source and quantity of carbon reduction credits or the quantity of renewable energy certificates (RECs) to be offset.	The Company has implemented various energy-saving measures and will, in the future, follow government net-zero emission policies to set carbon reduction targets and plan timelines.
(9) GHG inventory and assurance, reduction targets, strategy and action plan (to be provided in 1-1 and 1-2 separately).	The Company's inventory and assurance status are detailed in Table 1-1.
1-1 The Company's GHG inventory and assurance status for the past two years

| 1-1-1 GHG Inventory Information
Specify the GHG emissions for the most recent two years, including emissions (metric tons of CO2e), intensity (metric tons of CO2e per NT$ million), and the scope of data coverage. | Year | Scope 1 | | Scope 2 | | Scope 3 | | Assurance Institutions/
Verification Body | Description of Assurance
(Note 1) |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| | | Total Emissions
(metric tons of CO2e) | Density
(metric tons of CO2e/NT$ 1 million) | Total Emissions
(metric tons of CO2e) | Density
(metric tons of CO2e/NT$ 1 million) | Total Emissions
(metric tons of CO2e) | Density
(metric tons of CO2e/NT$ 1 million) | | |
| | 114 years | 9.4373 | 0.00461 | 261.2672 | 0.12772 | 1626.2322 | 0.79500 | Crowe (TW) CPA^{s}
(Note 2) | Scopes 1, 2 and 3: limited assurance |
| | 113 years | 10.0717 | 0.00510 | 223.4830
(Note 3) | 0.11323
(Note 3) | 1267.7847 | 0.64235 | Crowe (TW) CPA^{s}
(Note 2) | Scopes 1, 2 and 3: limited assurance |
| | 112 years | 35.0132 | 0.02064 | 217.739 | 0.12835 | 1497.5487 | 0.88275 | TUV SUD
(Note 3) | Scopes 1 and 2: reasonable assurance; Scope 3: limited assurance |
| | Note 1: 100% of the Company’s disclosed total emissions were ultimately assured by the assurance institutions/ verification body.
Note 2: GHG assurance standard: Assurance Standard 3410 / ISAE 3410.
Note 3: GHG verification standard: ISO 14064-3 issued by the International Organization for Standardization (ISO). | | | | | | | | |
| 1-1-2 GHG Assurance Information
Specify the assurance status for the most recent two years as of the publication date of the annual report, including the scope of assurance, the assurance institution, the assurance standards, and the assurance opinion. | | | | | | | | | |
| 1-2 GHG reduction targets, strategies, and specific action plans | | | | | | | | | |
| Specify the GHG reduction base year and its data, reduction targets, strategies, and specific action plans, as well as the status of achieving the reduction targets. | The Company has completed its GHG emissions inventory, setting 2024 as the base year, with a target to reduce GHG emissions by 5% by 2030 and achieve a 100% reduction by 2050. Currently, the Company has implemented the ISO 14001 Environmental Management System; promoted digitization of operational processes; prioritized the procurement of energy-efficient equipment and implemented green procurement; optimized the air conditioning system; upgraded mainframe equipment and migrated to the cloud; and replaced company vehicles, among other measures. | | | | | | | | |

(VI) Implementation status of ethical corporate management and deviation from the Ethical Corporate Management Best Practice Principles for TWSE/TPEx Listed Companies and the reasons therefor

Evaluation item	Implementation			Deviation from the Ethical Corporate Management Best Practice Principles for TWSE/TPEx Listed Companies and reason for such deviation
		Yes	No		Summary
I.	Establishment of an ethical corporate management policy and plan(1) Does the Company have an ethical corporate management policy approved by its Board of Directors, and bylaws and publicly available documents addressing its corporate conduct and ethics policy and measures, and the commitment regarding implementation of such policy from the Board of Directors and the top management team?(2) Has the Company established an assessment mechanism for the risk of unethical conduct; does it regularly analyze and evaluate, within the business context, the business activities with a higher risk of unethical conduct; has it formulated a program to prevent unethical conduct with a scope no less than the activities prescribed in Article 7, paragraph 2 of the Ethical Corporate Management Best Practice Principles for TWSE/TPE Listed Companies?(3) Does the Company clearly set out the operating procedures, behavior guidelines, and punishment and appeal system for violations in the unethical conduct prevention program, implement it, and regularly review and revise the plan?	V		The Company, through a resolution of the Board of Directors, has approved the "Ethical Corporate Management Best Practice Principles" and the "Procedures for Ethical Management and Guidelines for Conduct" as the framework for implementing ethical corporate management. These documents stipulate that directors, managers, employees, appointees, or individuals with substantial control must adhere to the principles of honesty and integrity, refrain from engaging in dishonest conduct, and actively fulfill commitments to the Company's ethical management policies.The Company has established a risk assessment mechanism for unethical conduct in accordance with the "Ethical Corporate Management Best Practice Principles" and the "Procedures for Ethical Management and Guidelines for Conduct." It monitors potential risks in business activities, covering the types of conduct listed in Article 7, Paragraph 2 of the "Ethical Corporate Management Best Practice Principles for Listed Companies," and has set up a dedicated contact point to handle internal and external reports of dishonest or improper behavior.The Company has established the "Ethical Corporate Management Best Practice Principles" and the "Code of Ethical Conduct," which specify operational procedures, codes of conduct, and systems for disciplinary action and appeals. These serve as the basis for preventing dishonest conduct and ensure that relevant regulations are followed and implemented.	No differencesNo differencesNo differences
	Ethical management practices(1) Has the Company assessed the integrity record of its counterparties and explicitly stated integrity clauses in the contracts signed with these counterparties?(2) Has the Company set up a dedicated unit to promote ethical corporate management under the Board of Directors, and does it regularly (at least once a year) report to the Board of Directors on its ethical corporate management policy and program to prevent unethical conduct and monitor their implementation?	V		The Company has established the "Ethical Corporate Management Best Practice Principles" and the "Procedures for Ethical Management and Guidelines for Conduct" to thoroughly assess the integrity records of transaction counterparts. In addition, the majority of the Company's customers are government agencies and financial institutions, resulting in relatively low overall integrity risk. At the same time, the Company requires all transaction suppliers to agree to comply with the provisions of the "Supplier Commitment Letter," which cover ethical conduct, protection of business secrets, prohibition of providing improper benefits, and other clauses, ensuring that partners adhere to principles of integrity.To strengthen the management of ethical corporate governance, the Company revised the "Ethical Corporate Management Best Practice Principles" and the "Procedures for Ethical Management and Guidelines for Conduct" by resolution of the Board of Directors on September 2, 2024. The Company's General Administration Office serves as the dedicated unit responsible for establishing and overseeing the implementation of the Procedures for Ethical Management and Guidelines for Conduct, and regularly reports its execution status to the Board of Directors.To implement its ethical corporate management policies, the Company's General Administration Office is responsible for promoting and executing related systems, assisting the Board of Directors and management in supervising the enforcement of the Ethical Corporate Management Best Practice Principles. The implementation status for 2025 is as follows (reported to the Board of Directors on February 11, 2026):1. Director's Statement of CommitmentAll directors and independent directors have signed statements of commitment to ethical corporate management, pledging to comply with corporate governance regulations and the Ethical Corporate Management Best Practice Principles, to faithfully perform their duties, and to uphold the integrity and transparency of the Company's operations.2. Education and TrainingTo strengthen employees' awareness of ethical corporate management and legal compliance, the Company has conducted multiple training sessions, including the Code of Ethical Conduct and annual promotion of ethical corporate management.Course dates: 2025/11/11-2025/12/31Target audience: All employeesTotal number of participants: 419Total course hours: 1257Courses on the prevention of insider trading:Course dates: 2025/12/23Target audience: Directors and managersTotal number of participants: 10Total course hours: 303.1. Grievance and whistleblowing mechanismThe Company has established a complaint and whistleblowing mechanism and provides contact channels in the stakeholder section to receive reports of violations such as corruption, fraud, and workplace misconduct, and has implemented a whistleblower protection system. In 2025, there were 0 reported cases involving corruption, asset misappropriation, or fraud, and 0 cases involving sexual harassment, workplace misconduct consultations, or workplace violence, none of which involved ethical corporate management violations.	No differencesNo differences

Evaluation item	Implementation			Deviation from the Ethical Corporate Management Best Practice Principles for TWSE/TPEx Listed Companies and reason for such deviation
		Yes	No		Summary
(3)	Has the Company established policies to prevent conflicts of interest, provided appropriate communication and complaint channels, and properly implemented such policies?	V		In accordance with the "Ethical Corporate Management Best Practice Principles," the Company implements conflict of interest management and provides appropriate reporting channels to ensure that the relevant mechanisms are followed and executed.	No differences
(4)	Does the Company have effective accounting and internal control systems in place to enforce ethical corporate management? Does the internal audit unit follow the results of unethical conduct risk assessments and devise audit plans to audit compliance with the systems to prevent unethical conduct or hire outside accountants to perform the audits?	V		The Company has established accounting and internal control systems in compliance with regulations, and the internal audit unit performs various audit procedures, conducts necessary audits on risks of unethical conduct, and may arrange special audits when specific circumstances arise. In addition, CPAs conduct annual audits of the internal control system in accordance with regulations to ensure its effectiveness.	No differences
(5)	Does the Company provide internal and external ethical corporate management training regularly?	V		The Company has posted the "Ethical Corporate Management Best Practice Principles" and the "Procedures for Ethical Management and Guidelines for Conduct" on its official website, clearly specifying the codes of conduct that employees must follow and the related reward and disciplinary systems, and regularly conducts company-wide training and examinations.	No differences
III.	Operation of the Company's whistleblowing system
	(1) Has the Company established specific whistleblowing and reward procedures, set up conveniently accessible whistleblowing channels, and appointed appropriate personnel specifically responsible for handling complaints received from whistleblowers?	V		The Company stipulates whistleblowing and reward provisions in the "Ethical Corporate Management Best Practice Principles" and has established specific procedures in the "Procedures for Handling Reports of Violations Involving Corruption, Asset Misappropriation, and Fraud." It also maintains an independent whistleblowing mailbox, with the internal audit unit and legal unit jointly serving as the contact point for receiving reports of integrity violations and handling related reporting and complaint matters.	No differences
	(2) Has the Company established any SOP for accepting reported misconducts, any tracking measures or confidentiality measures to be taken after an investigation is completed?	V		In accordance with the "Procedures for Handling Reports of Violations Involving Corruption, Asset Misappropriation, and Fraud," the Company has established standard investigation procedures and related confidentiality mechanisms.	No differences
(3)	Has the Company adopted proper measures to protect whistleblowers from retaliation for filing complaints?	V		In accordance with Article 23 of the "Ethical Corporate Management Best Practice Principles," the Company has clearly stipulated that whistleblowers shall not be subject to improper treatment due to their reporting.	No differences
IV.	Enhanced information disclosure
	(1) Does the company disclose its ethical corporate management policies and the results of their implementation on its website and the Market Observation Post System (MOPS)?	V		The Company has disclosed the "Ethical Corporate Management Best Practice Principles" and the "Procedures for Ethical Management and Guidelines for Conduct" on MOPS and has also published the relevant information on its official website.	No differences
V.	If the company has adopted its own ethical corporate management best practice principles based on the Ethical Corporate Management Best Practice Principles for TWSE/TPEx Listed Companies, please describe any deviations between the principles and their implementation: The Company has formulated the "Ethical Corporate Management Best Practice Principles" and the "Procedures for Ethical Management and Guidelines for Conduct" in accordance with the "Ethical Corporate Management Best Practice Principles for TWSE/TPEx Listed Companies." The Company's current operations and implementation are not materially different from the prescribed principles. The Company will continue to actively implement the ethical corporate management policy in accordance with the aforementioned regulations to ensure that its operations comply with the principles of integrity.
VI.	Other important information that helps to understand the operation of the Company's ethical corporate management (such as review or amendment of the Ethical Corporate Management Best Practice Principles) In addition to formulating the "Ethical Corporate Management Best Practice Principles," the Company has also established other internal regulations, such as the "Code of Ethical Conduct," the "Corporate Governance Best Practice Principles," the "Procedures for the Prevention of Insider Trading," and the "Regulations Governing Financial and Business Transactions Between Related Parties."

(VII) Other important information that may enhance the understanding of the Company's governance operations may be disclosed:

The participation of the Company's directors in training related to corporate governance during the most recent year and up to the publication date of the annual report.

Title	Name	Date of course	Organizer	Course title	Hours of continuing education
Chairman	Ming-Shih Chen	2025.2.21	Taiwan Investor Relations Institute	Corporate Governance and Securities Laws and Regulations	3
Director	Chin-Fu Hung
Director	Jung-Kuei Chen
Director	Hahn-Ming Lee
Independent Director	Wen-Nan Tsan
Independent Director	Shyh-Jye Chen
Independent Director	Chia-Ling Lee

The participation of the Company's managers, including the President, Vice Presidents, and the heads of accounting, finance, and internal audit, in training related to corporate governance during the most recent year and up to the publication date of the annual report.

Title	Name	Date of course	Organizer	Course title	Hours of continuing education
President	Chin-Fu Hung	2025.2.21	Taiwan Investor Relations Institute	Corporate Governance and Securities Laws and Regulations	3
Vice President Accounting Officer Corporate Governance Officer	Ya-Ju Wen
Head of Audit	Chi-Ming Huang
Associate Vice President	Yi-Ru Chen
Associate Vice President	Hui-Yi Peng
Vice President Accounting Officer Corporate Governance Officer	Ya-Ju Wen	2025.12.23	Taiwan Investor Relations Institute	Practical Analysis of Insider Trading and Shareholding Reporting	3
Vice Chief Engineer	Wen-Cheng Wang
Associate Vice President	Hui-Yi Peng
Associate Vice President	Yung-Hsing Chiu

(VIII) Follow matters to be disclosed for the implementation of the Company's internal control system

Statement of Internal Control

The Company has disclosed relevant information on the Internal Control Statement on MOPS in accordance with applicable laws and regulations. Please refer to the Internal Control Statement announcement section on MOPS.

MOPS website: https://mops.twse.com.tw/mops/web/index

If a CPA is commissioned to review the internal control system, disclose the CPA's review report.

The Company has disclosed relevant information on the CPA's special review report on the internal control system on MOPS in accordance with applicable laws and regulations. Please refer to the Special Review Report on Internal Control System section on MOPS.

MOPS website: https://mops.twse.com.tw/mops/web/index

(IX) Important resolutions made at shareholders' meetings and meetings of the board of directors in the most recent year as of the date of this annual report

Major resolutions of the shareholders' meeting

Date	Meeting	Key resolutions	Implementation
2025/05/26	Annual General Shareholders' Meeting	The Company's 2024 business report and financial statements	Approved and ratified the Board of Directors' proposal by voting
		The Company's 2024 earnings distribution	Approved and ratified the Board of Directors' proposal by voting
		Amendment to the "Articles of Incorporation"	Approved the Board of Directors' proposal by voting
		Amendment to the "Procedures for Acquisition or Disposal of Assets"	Approved the Board of Directors' proposal by voting
		Prior to the initial listing (or TPEx listing), it is proposed to conduct a public underwriting through a cash capital increase by issuing new shares, and to request all existing shareholders to waive their preemptive subscription rights to the cash capital increase	Approved the Board of Directors' proposal by voting
		Proposal to lift the non-compete restrictions on current directors	Approved the Board of Directors' proposal by voting

Major resolutions of the Board of Directors

Date	Meeting	Key resolutions
2025/02/21	3rd term 12th meeting	1. Total amount of performance bonuses for 2024, submitted for discussion.
2. Total amount of remuneration for directors, supervisors, and employees for 2024, submitted for discussion.
3. Special allocation units of variable remuneration for the Chairman, submitted for discussion.
4. The 2024 business report and financial statements, submitted for discussion.
5. The 2024 earnings distribution, submitted for discussion.
6. The 2024 Statement of Internal Control System, submitted for discussion.
7. To set the capital increase record date for the issuance of common shares upon exercise of employee stock options, submitted for discussion.

Date	Meeting	Key resolutions
		8. Application for stock listing, submitted for discussion.
9. Prior to the initial listing (or TPEx listing), it is proposed to conduct a public underwriting through a cash capital increase by issuing new shares, and to request all existing shareholders to waive their preemptive subscription rights to the cash capital increase, submitted for discussion.
10. To enter into an over-allotment and lock-up agreement with Yuanta Securities, submitted for discussion.
11. Assessment Form for the Company’s Financial Reporting Preparation Capability, submitted for discussion.
12. Appointment of the Company’s Corporate Governance Officer, submitted for discussion.
13. Amendments to the "Articles of Incorporation" and the "Procedures for Acquisition or Disposal of Assets," submitted for discussion.
14. Amendments to the "Table of Authority Allocation Between the Board of Directors and Management," submitted for discussion.
15. Amendment to the "Financial Instruments Management Procedures," submitted for discussion.
16. Establishment of the "Standard Operating Procedures for Handling Directors' Requests" and amend the "Procedures for Prevention of Insider Trading," submitted for discussion.
17. Establishment of the “Procedures for Sustainability Information Management” and amendment to the “Other Management Control Operations” under internal control, submitted for discussion.
18. Amendment to the "Guidelines for Investment Operations," submitted for discussion.
19. Proposal to lift the non-compete restrictions on current directors, submitted for discussion.
20. Convening the 2025 annual shareholders' meeting and related matters, submitted for discussion.
2025/03/26	3rd term
13th meeting	1. Summary financial forecast for Q2 to Q3 of 2025, submitted for discussion.
2. Additional service fees for the CPAs for 2025, submitted for discussion.
3. Amendment to the “Employee Remuneration Implementation Procedures”, submitted for discussion.
4. Amendment to the "Guidelines for Investment Operations," submitted for discussion.
5. Amendment to the “Standards for Directors’ Remuneration and Salaries Distribution Procedures”, submitted for discussion.
6. 2025 Owl investment plan, submitted for discussion.
2025/05/05	3rd term
14th meeting	1.Financial statements of Q1 2025, submitted for discussion.
2.To set the capital increase record date for the issuance of common shares upon exercise of employee stock options, submitted for discussion.
3.One right-of-use asset for operational use was obtained from the parent company, submitted for discussion.
4.Amendment to the “Employee Remuneration Implementation Procedures” and "Salary Cycle", submitted for discussion.
5.Special remuneration for the Chairman in 2024, submitted for discussion.
6.Allocation ratio of performance bonuses for senior managers for 2024, submitted for discussion.
7.Total amount of performance bonuses for the President for 2024, submitted for discussion.
8.Remuneration of managers for 2024, submitted for discussion.
2025/06/25	3rd term
15th meeting	1.To set the record date and payment date for the distribution of cash dividends for 2024 and related matters, submitted for discussion.
2.Approval of the number of shares to be issued, the tentative price range, and the use and benefits of the pre-listing cash capital increase, submitted for discussion.

Date	Meeting	Key resolutions
		3.Allocation of new shares issued in the pre-listing cash capital increase to non-managers, submitted for discussion.
4.Allocation of new shares issued in the pre-listing cash capital increase to non-managers, submitted for discussion.
5.Amendments to the "Salary Structure Table" and the "Employee Remuneration Implementation Procedures," submitted for discussion.
2025/08/06	3rd term
16th meeting	1.Financial statements of Q2 2025, submitted for discussion.
2.Approval of directors’ and supervisors’ remuneration for 2024, submitted for discussion.
3.Allocation ratio of employee remuneration for entry-level employees for 2024, submitted for discussion.
4.Allocation ratio of employee remuneration for senior managers for 2024, submitted for discussion.
5.Employee remuneration of managers for 2024, submitted for discussion.
6.Adjustment of the Chairman’s allowance, submitted for discussion.
7.To set the capital increase record date for the issuance of common shares upon exercise of employee stock options, submitted for discussion.
2025/10/29	3rd term
17th meeting	1.Financial statements of Q3 2025, submitted for discussion.
2.Proposed the Board of Directors to authorize for the management department to execute investments in short-term notes and sustainability bonds within a specified period and amount, submitted for discussion.
2025/12/17	3rd term
18th meeting	1.The 2026 business plan, submitted for discussion.
2.The 2026 audit plan, submitted for discussion.
3.Change of CPA and the assessment of CPA independence and competence, and the remuneration for the 2026 engagement, submitted for discussion.
4.Three right-of-use asset for operational use was obtained from the parent company, submitted for discussion.
2026.2.11	3rd term
19th meeting	1.Total amount of performance bonuses for 2025, submitted for discussion.
2.Total amount of remuneration for directors and employees for 2025 and the allocation ratio for entry-level employees, submitted for discussion.
3.The 2025 business report and financial statements, submitted for discussion.
4.The 2025 earnings distribution, submitted for discussion.
5.The 2025 Statement of Internal Control System, submitted for discussion.
6.To set the capital increase record date for the issuance of common shares upon exercise of employee stock options, submitted for discussion.
7.Convening the 2026 annual shareholders' meeting and related matters, submitted for discussion.
2026.4.29	3rd term
20th meeting	1.Financial statements of Q1 2026, submitted for discussion.
2.Allocation ratio of performance bonuses for senior managers for 2025, submitted for discussion.
3.Total amount of performance bonuses for the President for 2025, submitted for discussion.
4.Remuneration of managers for 2025, submitted for discussion.
5.Adjustment to the remuneration of the President, submitted for discussion.
6.Adjustment to the Chairman’s remuneration, submitted for discussion.
7.Personnel appointments and dismissals of the Company, submitted for discussion.
8.Amendments to the "Salary Management Procedures" and the "Company Salary Structure Table", submitted for discussion.
9.Additional audit and service fees for the CPAs for 2025, submitted for discussion.
10.Proposal to authorize the Management to invest in short-term notes within a specified period and credit limit, submitted for discussion.
11.The "Compensation Committee" is to be renamed the "Compensation and Nomination Committee," and the "Compensation Committee Organizational Charter" is to be amended; the matter is submitted for discussion.

Date	Meeting	Key resolutions
		12. The establishment of the "Sustainability Committee" and the appointment of a Chief Sustainability Officer, submitted for discussion.

(X) In the most recent year and up to the publication date of the annual report, if any director or supervisor had dissenting opinions on important resolutions passed by the Board of Directors and had recorded or written statements: None.

IV. Information on CPA Audit Fees

(I) Information on CPA Audit Fees

Amount Unit: NT$ thousand

Name of accounting firm	Names of CPAs	Period covered by the CPA audit	Audit fees	Non-audit fees	Total	Remarks
Deloitte Taiwan	Yih-Shin Kao
Mei-Yen Chiang	2025	2,358	350	2,708	-

Note: Audit fees refer to the fees paid by the Company to the CPA for financial statement audits, reviews, re-audits, and tax certifications; non-audit services include transfer pricing reports and related services.

(II) If the accounting firm is changed and the audit fees for the year following the change are lower than those of the previous year, the amounts of the audit fees before and after the change and the reasons should be disclosed: N/A.

(III) If the audit fees have decreased by more than 10% compared to the previous year, the amount, percentage, and reasons for the decrease should be disclosed: N/A.

V. Information on changes of CPAs:

(I) Regarding the predecessor CPA

Change date	Approved by the Board of Directors on December 17, 2025
Reason and description for the change	In alignment with the Company’s future operational development and group management needs, the Company will change its accounting firm and CPAs starting from Q1 2026.
Description of whether the termination or non-acceptance of engagement was initiated by the Company or the CPA	Country Condition		CPA	Appointer
	Voluntary termination of appointment
	No longer accepts (continues) the appointment			V
Opinions other than unqualified opinions issued in audit reports over the past two years and the reasons thereof	None
Whether there were any disagreements with the Company	Yes	-	Accounting principles or practices
		-	Disclosures in the financial statements
		-	Audit scope or procedures
		-	Others
	None	V
	Description
Other disclosures (Matters required to be disclosed under Item 4, Subparagraph 1, Paragraph 5, Article 10 of these Regulations)	None

(II) Regarding the successor CPA

Name of firm	PwC Taiwan
Names of CPAs	CPAs Fu-Ming Liao and Ming-Yi Wang
Date of appointment	Approved by the Board of Directors on December 17, 2025
Consultations prior to appointment regarding accounting treatments or accounting principles for specific transactions and the potential opinions to be issued on the financial statements, and the results thereof	None
Written opinion of the successor CPA regarding matters on which there were disagreements with the predecessor CPA	None

(III) Response from the predecessor CPA regarding the matters set forth in Item 3, Subparagraphs 1 and 2, Paragraph 5, Article 10 of these Regulations: None.

VI. If the Chairman, President, or managers responsible for financial or accounting matters of the Company has held a position within the accounting firm or its affiliates in the most recent year, their name, title, and the duration of their employment with the accounting firm or its affiliates should be disclosed.

Affiliated enterprises of the CPA firm to which the signing CPA belongs refer to enterprises in which the CPAs of such firm hold more than 50% of the shares or obtain a majority of the board seats, or companies or institutions listed as related enterprises in materials released or published externally by the CPA firm to which the signing CPA belongs: None.

VII. Any transfer or pledge of shares by any director, supervisor, managers, and shareholders holding more than 10% of shares in the most recent year and up to the publication date of the annual report

(I) Changes in shares held by directors, supervisors, managers, and major shareholders: The Company has disclosed information on shareholding changes of directors, supervisors, managers, and major shareholders in accordance with applicable laws and regulations on MOPS. Please refer to the section on shareholding changes of directors, supervisors, managers, and shareholders holding 10% or more on MOPS. MOPS website: https://mops.twse.com.tw/mops/web/index

(II) Share transfer information: None.

(III) Where the counterparty to the pledge of shares is a related party, the name of the counterparty, the relationship with the Company, directors, supervisors, managers, and shareholders holding more than 10% of the shares, and the number of shares acquired or pledged shall be disclosed.

VIII. Information on relationships among the top ten shareholders, including spouses and second degree relatives or closer, among the top ten shareholders

Information on the relationships among the top ten shareholders by shareholding ratio

Unit: shares; %

Name	Shareholding of the individual		Shareholding of spouse or minor children		Total shareholding by nominee arrangement		Information on the relationships between the top 10 shareholders if anyone is a related party, a spouse, or a second-degree or closer relative of another and their names		Remarks
	No. of shares	Shareholding ratio	No. of shares	Shareholding ratio	No. of shares	Shareholding ratio	Name	Relationship
Chunghwa Telecom Co., Ltd.	23,058,000	56.68%	-	-	-	-	-	-	-
Taishin Bank Trust Property Account of CHT Security Co., Ltd.	759,996	1.87%	-	-	-	-	-	-	-
Yuanta Securities Co., Ltd.	493,633	1.21%	-	-	-	-	-	-	-
Taishin International Bank Trust Property Account	488,636	1.20%	-	-	-	-	-	-	-
Chin-Fu Hung	444,500	1.09%	20,000	0.05	-	-	-	-	-
Taishin Bank Trust Property Account of CHT Security Co., Ltd.	425,618	1.05%	-	-	-	-	-	-	-
Jiayuan Investment Ltd.	363,000	0.89%	-	-	-	-	-	-	-
Tran-Fei Development Co., Ltd	295,000	0.73%	-	-	-	-	-	-	-
Fong Jheng Lin	245,000	0.60%	-	-	-	-	-	-	-
Ruei Liu	212,000	0.52%	-	-	-	-	-	-	-

IX. The number of shares held by the Company, its directors, supervisors, managers, and entities directly or indirectly controlled by the Company in a reinvestee and the consolidated shareholding ratio: None.

Three. Fundraising

I. Capital and Shares

(I) Sources of capital
Unit: thousands of shares; thousands of NT$

Month/Year	Issued price (NT$)	Authorized share capital		Paid-in capital		Remarks
		No. of shares	Amount	No. of shares	Amount	Sources of capital	Subscription of shares with non-cash assets	Others
2017.12	10	100,000	1,000,000	29,900	299,000	Founding capital: NT$299,000 thousand	None	Note 1
2021.3	19.085	100,000	1,000,000	30,982	309,820	Capital increase from employee stock subscription: NT$10,820 thousand	None	Note 2
2022.3	19.085	100,000	1,000,000	32,035	320,350	Capital increase from employee stock subscription: NT$10,530 thousand	None	Note 3
2022.6	19.085	100,000	1,000,000	32,837	328,370	Capital increase from employee stock subscription: NT$8,020 thousand	None	Note 4
2023.3	19.085	100,000	1,000,000	33,846	338,460	Capital increase from employee stock subscription: NT$10,090 thousand	None	Note 5
2023.6	19.085	100,000	1,000,000	34,641	346,410	Capital increase from employee stock subscription: NT$7,950 thousand	None	Note 6
2024.2	19.085	100,000	1,000,000	35,626	356,260	Capital increase from employee stock subscription: NT$9,850 thousand	None	Note 7
2024.4	19.085	100,000	1,000,000	36,320	363,200	Capital increase from employee stock subscription: NT$6,940 thousand	None	Note 8
2025.1	19.085	100,000	1,000,000	36,340	363,400	Capital increase from employee stock subscription: NT$200 thousand	None	Note 9
2025.3	19.085	100,000	1,000,000	36,345	363,450	Capital increase from employee stock subscription: NT$50 thousand	None	Note 10
2025.5	19.085	100,000	1,000,000	36,985	369,850	Capital increase from employee stock subscription: NT$6,400 thousand	None	Note 11
2025.8	19.085	100,000	1,000,000	36,994	369,940	Capital increase from employee stock subscription: NT$90 thousand	None	Note 12
2025.9	238	100,000	1,000,000	40,677	406,770	Cash capital increase: NT$36,830 thousand	None	Note 13
2026.3	19.085	100,000	1,000,000	40,681	406,810	Capital increase from employee stock subscription: NT$40 thousand	None	Note 13

Note 1: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 10661474600 dated December 14, 2017.
Note 2: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11046989110 dated March 17, 2021.
Note 3: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11146661610 dated March 17, 2022.
Note 4: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11149680510 dated June 6, 2022.
Note 5: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11246582710 dated March 10, 2023.
Note 6: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11249562520 dated June 28, 2023.
Note 7: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11346045900 dated February 5, 2024.
Note 8: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11348007810 dated April 9, 2024.
Note 9: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11356665830 dated January 20, 2025.
Note 10: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11446706920 dated March 11, 2025.
Note 11: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11449153100 dated May 20, 2025.
Note 12: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11452331620 dated August 26, 2025.
Note 13: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11453191320 dated September 23, 2025.
Note 14: Taipei City Government approval letter Ri-Fu-Chan-Yeh-Shang-Zi No. 11546469700 dated March 3, 2026.

If approval has been obtained to offer and issue securities under a shelf registration system, the approved amount and relevant information on the securities planned to be issued and already issued shall also be disclosed: No such situation.

(II) List of major shareholders

Unit: shares; %

Names of major shareholders	No. of shares held	Shareholding ratio
Chunghwa Telecom Co., Ltd.	23,058,000	56.68%
Taishin Bank Trust Property Account of CHT Security Co., Ltd.	759,996	1.87%
Yuanta Securities Co., Ltd.	493,633	1.21%
Taishin International Bank Trust Property Account	488,636	1.20%
Chin-Fu Hung	444,500	1.09%
Taishin Bank Trust Property Account of CHT Security Co., Ltd.	425,618	1.05%
Jiayuan Investment Ltd.	363,000	0.89%
Tran-Fei Development Co., Ltd.	295,000	0.73%
Fong Jheng Lin	245,000	0.60%
Ruei Liu	212,000	0.52%

(III) Dividend policy and implementation:

Dividend policy defined in the Articles of Incorporation

If the Company has profits in its annual final accounts, taxes shall first be paid, accumulated losses shall be offset, and then 10% shall be appropriated as legal reserve. This requirement does not apply if the legal reserve has reached the total capital. Any remaining balance, after the payment of dividends, shall be distributed as shareholders' bonuses as resolved by the shareholders' meeting.

The Company's dividend policy is formulated in consideration of current and future development plans, the investment environment, funding requirements, domestic and international competitive conditions, and shareholders' interests. Of the distributable earnings, no less than 50% shall be appropriated for distribution as shareholders' dividends, which may be distributed in cash or stock, provided that the ratio of cash dividends shall not be less than 50% of the total dividends.

The distribution ratio of earnings provided in the preceding paragraph may be adjusted based on relevant factors such as the actual profitability of the year, capital budget, and funding conditions. The Board of Directors shall prepare a distribution proposal in accordance with applicable laws and submit it to the shareholders' meeting for resolution.

Dividend distribution proposed at the current shareholders' meeting

The Company's earnings distribution proposal for 2025 was resolved by the Board of Directors on February 11, 2026. It is proposed to distribute cash dividends of NT$9.66 per share, totaling NT$393,234,555, which will be submitted to the 2026 shareholders' meeting for approval.

If significant changes to the dividend policy are anticipated, they should be explained: No such situation.

(IV) The impact of the distribution of bonus shares proposed at the current shareholders' meeting on the Company's business performance and earnings per share: N/A.

(V) Remuneration to employees, directors, and supervisors

The percentage or range of employee, director, and supervisor remuneration as stipulated in the Articles of Incorporation:

If the Company has profits for the year, no less than 5% of the profits for that year shall be appropriated as employee remuneration, of which the portion allocated to entry-level employees shall not be less than 5% of the total employee remuneration appropriated for that year. No more than 0.5% shall be appropriated as remuneration for directors and supervisors. However, if the Company still has accumulated losses, it shall first reserve an amount for compensation.

The basis for estimating employee, director, and supervisor remuneration amounts for this period, the calculation basis for stock-based employee remuneration, and the accounting treatment when there are discrepancies between the actual distribution amount and the estimated amount:

If there is a material difference between the estimated amounts and the amounts paid for employee, director, and supervisor remuneration as resolved by the Board of Directors prior to the approval and issuance of the financial statements, such difference shall be adjusted against the expenses of the year originally accrued. If the amounts continue to change after the approval and issuance date of the financial statements, such changes shall be accounted for as changes in accounting estimates and adjusted and recognized in the subsequent year.

Distribution of remuneration approved by the Board of Directors

(1) Amount of remuneration to employees, directors and supervisors distributed in cash or in shares. If there is a discrepancy between the estimated amount and recognized expense for the year, the difference, the reason, and the treatment should be disclosed:

The Company's distribution proposal for employee remuneration and director remuneration for 2025 was approved by the Board of Directors on February 11, 2026. Employee remuneration totaled NT$28,813 thousand, and director remuneration

totaled NT$2,881 thousand. Both were paid in cash and were the same as the estimated amounts. Accordingly, there was no difference in expense recognition.

(2) The amount of any employee remuneration distributed in stocks, and the size of that amount as a percentage of the sum of the after-tax net income stated in the parent company only financial reports or individual financial reports for the current period and total employee remuneration: The Company did not distribute employee remuneration in stocks in 2025. Accordingly, this item is not applicable.

The actual distribution of employee, director, and supervisor remuneration for the previous year (including the number of shares, amounts, and stock price), and any discrepancies with the recognized employee, director, and supervisor remuneration, should be explained, including the difference, reason, and treatment:

At the shareholders' meeting for 2025, the distribution of employee remuneration of NT$25,056 thousand and director and supervisor remuneration of NT$2,506 thousand from the distributable earnings for 2023 was approved, both of which were paid in cash. The actual distribution was the same as the originally recognized amounts, with no differences.

(VI) Repurchase of the Company's shares: None.

II. Issuance of corporate bonds: None.

III. Issuance of preferred shares: None.

IV. Issuance of global depository receipts: None.

V. Issuance of employee stock warrants

(I) Issuance of employee stock warrants

April 30, 2026

Type of employee stock warrants	1st employee stock warrants	2nd employee stock warrants
Effective filing date and total number of units	Effective filing date: N/A
Total units: 4,500 units	Effective filing date: N/A
Total units: 3,500 units
Issue (transaction) date	December 20, 2019	February 20, 2021
Number of units issued	4,500 units	3,500 units
Remaining issuable units	0 units	0 units
Ratio of total subscription rights issued to the total number of issued shares	12.38%	9.63%
Subscription period	5 years	5 years
Exercising method	Issuance of new shares	Issuance of new shares

Type of employee stock warrants	1st employee stock warrants	2nd employee stock warrants
Effective filing date and total number of units	Effective filing date: N/A Total units: 4,500 units	Effective filing date: N/A Total units: 3,500 units
Issue (transaction) date	December 20, 2019	February 20, 2021
Restriction period and ratio (%)	Completion of 1 year of service: 25% Completion of 2 year of service: 50% Completion of 3 year of service: 75% Completion of 4 year of service: 100%	Completion of 1 year of service: 25% Completion of 2 year of service: 50% Completion of 3 year of service: 75% Completion of 4 year of service: 100%
Number of shares acquired upon exercise	4,153,000	2,945,000
Amount of shares subscribed upon exercise	79,260,005	56,205,325
Number of unexercised subscription rights	0	0
Subscription price per share for unexercised subscription rights	NT$19.085	NT$19.085
Ratio of unexercised subscription rights to the total number of issued shares (%)	0%	0%
Impact on shareholders' equity	The dilution impact on the equity of existing common shareholders is not significant.	The dilution impact on the equity of existing common shareholders is not significant.

(II) The names of managers who obtained employee stock options and the top ten employees by the number of shares subscribable under the stock options, and details of their acquisition and subscription status.

April 30, 2026

	Title	Name	Number of shares obtainable through subscription (Thousand shares)	Ratio of shares obtainable through subscription to the total number of issued shares	Exercised				Unexercised
					Number of shares subscribed (Thousand shares)	Subscription price (NT$)	Subscription amount (NT$ thousands)	Ratio of subscribed shares to the total number of issued shares	Number of shares subscribed (Thousand shares)	Subscription price (NT$)	Subscription amount (NT$ thousands)	Ratio of subscribed shares to the total number of issued shares
Managerial officer	Chief Strategy Officer	Ming-Shih Chen (Note 1)	2,092	5.76%	1,990	19.085	37,979	5.48%	2	19.085	38.17	0.01%
	President	Chin-Fu Hung
	Vice President	Hsin-Fu Wang
	Vice President	Chien-Kang Tsai
	Chief Engineer	Wen-Cheng Wang
	Associate Vice President	Feng-Peng Yu (Note 2)
	Associate Vice President	Ming-Yi Wu
	Associate Vice President	Chung-Yi Yang
	Associate Vice President	Yi-Ru Chen
	Associate Vice President	Hui-Yi Peng
Employee	Manager	Ruei Liu	1,248	3.43%	1,225	19.085	23,380	3.37%	-	19.085	-	-

Title	Name	Exercised				Unexercised
		Number of shares subscribed (Thousand shares)	Subscription price (NT$)	Subscription amount (NT$ thousands)	Ratio of subscribed shares to the total number of issued shares	Number of shares subscribed (Thousand shares)	Subscription price (NT$)	Subscription amount (NT$ thousands)	Ratio of subscribed shares to the total number of issued shares
Manager	Pin-Jen Chiu (Note 3)
Manager	Feng-Cheng Lin
Manager	Cheng-Han Yu (Note 4)
Assistant Manager	Kai-Ching Wang (Note 5)
Assistant Manager	Chih-Chuan Chien
Chief Engineer	Chen-Hua Tsai
Chief Engineer	Pu Li
Chief Engineer	Chun-Hao Yang
Senior Management Specialist	Wen-Han Chan

Note 1: The Chief Strategy Officer resigned from the position on December 21, 2023.
Note 2: Resigned on July 31, 2025.
Note 3: Resigned on September 30, 2024.
Note 4: Resigned on May 31, 2024.
Note 5: Resigned on December 31, 2025.

VI. Issuance of restricted stock awards: None.

VII. Issuance of new shares in connection with mergers and acquisitions or for acquisitions of shares of other companies: None.

VIII. Implementation of the capital utilization plan: None.

Four. Operational overview

I. Business activities:

(I) Scope of business:

The Company mainly engages in the following activities:

E605010 Computer Equipment Installation
F113050 Wholesale of Computers and Office Machinery and Equipment
F118010 Wholesale of Information Software
F218010 Retail Sale of Information Software
I199990 Other Consulting Services
I301010 Information Software Services
I301020 Data Processing Services
I301030 Electronic Information Supply Services
IZ13010 Internet Authentication Service
F213030 Retail Sale of Computers and Office Machinery and Equipment
F601010 Intellectual Property Services
I103060 Management Consulting Services
ZZ99999 Any business not prohibited or restricted by law, except those requiring special approval

The Company primarily provides cybersecurity professional services. Leveraging professional cybersecurity technical capabilities and experiences, together with security software and hardware tools and equipment, the Company provides security consulting and services to customers, including network security services, cybersecurity professional services, and cybersecurity product sales.

Proportion:

Unit: NT$ thousand; %

| Year
Item | 2024 | | 2025 | |
| --- | --- | --- | --- | --- |
| | Amount | Operation weight (%) | Amount | Operation weight (%) |
| Network security services | 507,868 | 25.73 | 579,089 | 28.31 |
| Cybersecurity professional services | 1,011,284 | 51.24 | 1,125,073 | 55.00 |
| Cybersecurity product sales | 454,507 | 23.03 | 341,408 | 16.69 |
| Total | 1,973,659 | 100.00 | 2,045,570 | 100.00 |

Current products (services):

The products and services operated by the Company can be categorized into network security services, cybersecurity professional services, and cybersecurity product sales. The

following provides descriptions of these three categories of products and services.

Products and services	Description
Network security services	Security zones are deployed at the broadband and mobile network cores of Chunghwa Telecom to provide internet security services to residential customers, mobile internet users, and enterprise customers. The service details are as follows. Customers can enjoy security protection provided by flagship-grade security equipment without making any changes to their network architecture or settings. Long-term security services are provided to customers on a monthly or annual subscription basis. >Consumer internet security: Services provided to consumer broadband and mobile internet users include pornography filtering (Porn Gatekeeper), anti-hacking protection (Cyber Threat Gatekeeper), internet usage time management (Parental Control (Time Management)), and antivirus and anti-hacking protection (HiNet Anti-Virus). These services help customers safeguard smart home cybersecurity and manage children's internet usage, preventing inadvertent access to inappropriate websites. >Enterprise internet security: Internet security services provided to enterprise internet customers include intrusion prevention, distributed denial-of-service (DDoS) protection, Cyber Threat Gatekeeper for Enterprises, the Advanced Network Defense System (ANDs), and Web Application Firewall (WAF) services. These services assist customers in blocking cyber threats at the network core, provide a secure internet environment, and complement customers' internal cybersecurity defensive measures to achieve coordinated defense.
Cybersecurity professional services	Cybersecurity services are provided to customers by cybersecurity technical experts, including security testing such as red teaming, vulnerability assessment, penetration testing, social engineering simulation, source code analysis, mobile APP security assessment, and computer system cybersecurity assessments; cybersecurity services such as Security Operations Center (SOC) services, Managed Detection and Response (MDR) threat detection and response services, incident response, digital forensics, and ISMS consulting; as well as cybersecurity services for emerging technology application fields, including AI security, drone security testing, IoT security testing, operation technology (OT) security, low-Earth-orbit satellite security, and critical infrastructure security.
Cybersecurity product sales	Assisting customers in planning and implementing cybersecurity software and hardware deployment and installation in accordance with cybersecurity architecture or selling cybersecurity software and hardware to customers. Developing proprietary cybersecurity products to assist government agencies and enterprises in addressing continuously evolving cyber threats and challenges.

4. Planned development of new products (services):

The Company is a cybersecurity service provider that relies heavily on cybersecurity experts to deliver services to customers and is actively developing proprietary products and cybersecurity SaaS services to establish core competitive advantages distinct from other cybersecurity service providers, which will not only enhance revenue and profitability but also serve as a key foundation for expanding into international markets. The proprietary products currently under development address cybersecurity needs across cloud, network, endpoint, and encrypted communications, and have already been adopted by multiple domestic government agencies, military organizations, and financial institutions, as well as overseas customers in the United States, Eswatini, Thailand, Vietnam, Malaysia, Japan, Mongolia, Mexico, and Ukraine. The cybersecurity products and services under development are as follows:

A. SecuTex ED (Endpoint Detection): Assists customers in conducting security scanning of

endpoint (computers or servers) to quickly identify signs of malicious activity, and, combined with device compliance checks (configuration baseline checks, system update checks, and software update checks), enables customers to promptly understand the system and software update status of endpoint (computers) and whether they comply with configuration baseline settings, thereby enhancing endpoint visibility and system management. In 2025, 1,700 malicious activity detection rules identified by the forensics team were added, and an internet security version and bundled internet security services were developed.

B. SecuTex NP (Network Protection): Functions like a dashcam for networks, deployed at the network gateway to continuously capture and record packet traffic across the enterprise network. When a cyber incident occurs within the organization, it assists forensics experts in understanding the full sequence of events, performing root cause analysis, reconstructing the incident, and determining the scope of impact. The system includes a built-in threat detection (intrusion detection system, IDS) module that simultaneously detects suspicious malicious activities while preserving network traffic. SecuTex NP has been integrated with the Company's security monitoring services (SOC), transmitting event traces to the security operations center to enable deeper insight into malicious activities occurring within the enterprise. In 2025, support for continuous recording of 10 Gbps traffic was added, an ADS function was introduced to detect and monitor IoT devices, and event-driven recording and external high-capacity storage were added to meet more diverse deployment requirements.

C. CypherCom (End-to-End Encrypted Communication System): CypherCom is a hardware-based end-to-end encrypted communication system that prevents potential eavesdroppers from intercepting communication content. This includes telecommunications providers, internet service providers, and platform service providers, none of whom can decrypt, intercept, or tamper with the communication content, thereby providing a highly secure and confidential communication service. The system utilizes a hardware secure element (Slim SIM) validated under FIPS 140-2 Level 3 to ensure that encryption keys are not exposed. A dedicated app applies high-strength 256-bit encryption to communication content, ensuring that it cannot be recovered or eavesdropped. It also supports encrypted protection for VoIP and Instant Messaging (IM), enabling the secure transmission of text, images, videos, and files. In addition, the system supports clear communication in low-bandwidth environments (below 10K), such as satellite communications, and has been validated through practical implementation.

D. Cybersecurity Risk Rating Service (HorusEyes): Launched in October 2024, this service continuously detects risks and vulnerabilities of enterprise domains exposed to the internet in a non-intrusive manner. From a hacker's perspective, it helps enterprises understand their external exposure by providing domain boundary inventory, risk scores,

lists of vulnerabilities, and recommendations for potential risk remediation. Customers only need to provide externally accessible domain names to gain visibility into all digital assets within their domains, along with exposure assessment reports and risk rating scores. The risk rating scores help enterprises understand their cybersecurity posture and can also serve as a benchmark for subsequent improvements.

(II) Industry Overview

1. Industry status and development:

According to market research by IEK Consulting of ITRI, Taiwan’s cybersecurity market reached NT$91.24 billion in 2025, representing a growth rate of 11.5%, and is expected to exceed NT$100 billion in 2026. Taiwan’s cybersecurity industry is transitioning from an exploratory phase to a stage of steady growth, with the overall industry showing key changes such as improved profitability and more specialized business models. In the past, product and equipment distributors primarily sold network security protection products; however, in 2025, cybersecurity testing and analysis services and security consulting services have become the primary business focus of domestic vendors, indicating that market demand has shifted from merely purchasing equipment to seeking comprehensive solutions and consulting services. On the demand side, the average cybersecurity budget of large enterprises in Taiwan has exceeded NT$20 million, reaching a new high, with an annual growth rate of 23%. The proportion of overall cybersecurity budgets to total IT budgets has increased to 8.9%, with the high-tech manufacturing sector accounting for the highest share (14%) and the healthcare sector showing the highest growth rate. In terms of investment amounts, the financial sector ranks highest at approximately NT$76 million (growth of 26%), followed by the government sector at approximately NT$24 million (growth of 10%). This indicates that the growth rate of cybersecurity investment continues to rise steadily and reflects the increasing importance placed on such investments by large enterprises in Taiwan, showing a year-by-year upward trend over the past three years.

Source: IEK

The key factors driving the growth of Taiwan’s cybersecurity market include:

(1) Mandatory regulatory requirements on cybersecurity imposed by policies and

regulations

A. Regulations such as the Cyber Security Management Act have driven government agencies, specified non-government agencies, and critical infrastructure entities to continuously establish comprehensive cybersecurity management mechanisms. In addition, the government announced amendments to the Cyber Security Management Act in 2025 to strengthen cybersecurity governance for government agencies and specified non-government agencies, as well as to enhance digital resilience.

B. The Ministry of Digital Affairs is promoting the "Seventh National Cybersecurity Development Program," driving government demand for cybersecurity and strengthening the cybersecurity industry.

C. In recent years, the Financial Supervisory Commission (FSC) has promoted multiple financial cybersecurity regulations, such as the "Financial Cybersecurity Action Plan 2.0," to strengthen cybersecurity practices in the domestic financial industry, leading to increased cybersecurity budgets and driving demand for the establishment of cybersecurity monitoring mechanisms (SOC), cybersecurity offensive and defensive exercises, red teaming and blue teaming exercises, business continuity operations, zero trust architecture (ZTA), and offsite backup and drills.

(2) Rapid increase in cyber threats faced by enterprises

Government agencies, critical infrastructure, and enterprises continue to face threats from cyberattacks. State-sponsored hacker groups continue to launch cyberattacks worldwide, and in recent years, their methods have become more aggressive. They not only target enterprises directly but also frequently infiltrate through supply chains, exploit zero-day vulnerabilities, and even leverage the open-source software ecosystem. In recent years, hackers have increasingly leveraged generative AI technologies to launch more diverse and sophisticated cyberattacks. The rise of AI has also enabled individuals without professional cybersecurity expertise to easily create malware for harmful purposes.

Cyberattacks have occurred frequently in Taiwan in recent years, with ransomware posing the most severe threat, while DDoS attacks, APT attacks, and data breaches continue to occur. As enterprises face increasing cyber threats, they continue to strengthen their cybersecurity resilience. According to the iThome "2025 CIO & CISO Survey Report - Cybersecurity Edition," Taiwanese enterprises have prioritized investments in penetration testing, vulnerability assessment, and EDR, followed by remote access protection and security information and event management (SIEM, SOC), as shown in the figure below.

Source: iThome

In the coming year, the primary cybersecurity risks faced by enterprises will include data breaches, ransomware incidents, social engineering tactics, and hacker threats, while secondary risks will include phishing websites and attacks exploiting cybersecurity vulnerabilities (zero-day vulnerabilities). These are the key issues on which enterprises must prioritize their cybersecurity resources in the coming year. This indicates that, in addition to continuously strengthening internal cybersecurity protection, enterprises must also enhance employees' cybersecurity awareness to prevent hackers from infiltrating employee computers through social engineering and e-mail fraud and subsequently moving laterally into critical internal systems. At the same time, enterprises need to validate the effectiveness of their cybersecurity defenses, as well as their incident response and reporting capabilities, through services such as vulnerability assessment, penetration testing, red teaming, and cybersecurity offensive and defensive exercises.

(3)Enterprises are imposing increasingly stringent cybersecurity requirements on their supply chains

The supply chain is an extension of government and enterprises, but it may also be the most vulnerable link. Many enterprises invest substantial resources in their own cybersecurity protection but overlook potential risks within the supply chain. Once a supplier experiences cybersecurity vulnerabilities, it can trigger a chain reaction, allowing hackers to infiltrate enterprises through third-party channels and potentially attack the entire supply chain, resulting in immeasurable losses. The National Security Bureau, in its "2024 Analysis of PRC Cyberattack Techniques," noted that PRC state-sponsored cyber forces employ diverse methods to infiltrate and steal data from Taiwan's defense supply chain and information service providers, with particular focus on suppliers of e-mail systems, official document systems, password generation systems, and attendance systems, while also expanding the scope of attacks.

Therefore, an increasing number of enterprises are placing greater emphasis

on supply chain cybersecurity management and incorporating it into procurement and partnership evaluation criteria. This also compels suppliers to enhance their own cybersecurity protection capabilities and obtain security certifications or security testing reports from cybersecurity service providers in order to meet customer requirements, thereby driving the development of the overall cybersecurity market.

(4) The rapid development of the digital economy and the adoption of digital transformation by enterprises are creating new cybersecurity challenges

As enterprises actively promote digital transformation and adopt Industry 4.0, integrating intelligent digital technologies such as industrial IoT networks, artificial intelligence, big data, robotics, and automated management into industrial manufacturing and processes to achieve smart manufacturing and build smart factories, this not only drives the convergence of IT and OT but also increases risks to systems and equipment within OT network environments. Since enterprises must ensure normal production line operations and uninterrupted business continuity, OT equipment and systems are often older and difficult to update, making them more vulnerable to cybersecurity risks compared to IT environments. In addition, the diverse communication protocols used by OT equipment make it more challenging to deploy sensors for detecting malicious activities or to patch assets and equipment. Enterprises have recognized that digital transformation and the adoption of Industry 4.0 also introduce new cyber threats and challenges, thereby increasing the demand for OT cybersecurity.

To respond to the active adoption of emerging technologies such as cloud computing and cloud storage by financial institutions, the FSC has significantly relaxed regulations related to cloud adoption by financial institutions. At the same time, the government's approval for electronic medical records to be stored on the cloud and the rapid growth in enterprise demand for cloud services have led to the integrated use of public cloud, private cloud, or hybrid cloud with on-premises network infrastructure. However, existing internal cybersecurity protection measures are insufficient to protect and monitor cloud systems, prevent data leakage or loss in cloud storage, and ensure uninterrupted operations. To comprehensively manage cybersecurity risks, enterprises are increasingly seeking integrated cloud and on-premises cybersecurity solutions, incorporating cloud environments into their protection and monitoring scope, which also creates new cybersecurity demands and business opportunities.

The rapid rise of AI technologies has prompted enterprises to accelerate the integration of generative AI into operations and corporate governance to enhance operational efficiency and decision-making quality, while corresponding

cybersecurity risks have also emerged. First, AI systems rely heavily on large volumes of data for training and inference. If data sources or access controls are insufficient, it may lead to the leakage of sensitive information and even violate personal data protection and regulatory requirements. Second, AI models themselves may become targets of attacks, such as model theft, reverse engineering, or data poisoning, which can affect the accuracy of model outputs and consequently have a tangible impact on business operations. In addition, when enterprises adopt third-party AI platforms or cloud services, supply chain risks cannot be overlooked; once a service provider experiences a cybersecurity incident, enterprises may be adversely affected. Furthermore, generative AI may be misused for social engineering, phishing e-mails, or deepfake content, exacerbating both internal and external fraud and trust risks. Finally, the decision-making processes of AI systems often lack transparency. Without proper management of access controls and audit mechanisms, abnormal behavior may be difficult to detect in a timely manner. In summary, as enterprises adopt AI applications, they must simultaneously strengthen data governance, model security, supply chain management, and cybersecurity monitoring to balance innovation and risk, which also drives enterprises to seek external cybersecurity solutions for AI applications.

2. Upstream, midstream, and downstream industry connections:

The cybersecurity industry value chain can be divided into upstream: cybersecurity hardware and software vendors; midstream: distributors/resellers, system integrators, cybersecurity service providers, and telecommunications operators; downstream: government, enterprises, household customers, and overseas markets:

A. Cybersecurity hardware and software vendors: Focus on developing cybersecurity hardware and software products or system platforms, such as UTM, NGFW, antivirus

and anti-hacking software, and identity authentication, supplying them to cybersecurity providers or end customers.

B. Distributors/resellers: Establish partnerships with cybersecurity hardware and software vendors, act as agents for their products and obtain sales authorization. Through market research, analysis of potential customer needs, and the development of marketing strategies, they promote products in conjunction with sales activities, expand markets through diverse channels and alliances with sales partners, and are responsible for promoting and selling cybersecurity products in designated regions or markets. They also provide technical support and after-sales maintenance services to ensure that channels and customers receive the necessary technical support for product use.

C. System integrators: Responsible for integrating hardware and software products from different distributors/resellers to build cybersecurity solutions that meet customer needs. They also possess development capabilities to integrate cross-domain hardware, software, and systems, provide customized function development based on customer requirements, and offer the necessary training.

D. Cybersecurity professional service providers: The Company is a cybersecurity professional service provider that delivers cybersecurity-related professional services to customers through its team of cybersecurity experts. It assists customers in assessing cyber threats, vulnerabilities, and potential attack vectors, and provides corresponding solutions. The Company also supports customers in evaluating their cybersecurity needs, formulating strategies and policies, and planning and building comprehensive cybersecurity architectures. Some cybersecurity service providers also establish cybersecurity monitoring centers to offer monitoring and alert services, as well as real-time incident response and handling to help customers address various cyber threats. As a leading cybersecurity service provider in Taiwan, the Company offers end-to-end cybersecurity services, including pre-incident cyber security testing, mid-incident monitoring and response, and post-incident investigation and forensics.

Product development trends and competitive landscape:

A. Network security services

Network security services establish a security zone at the network edge, providing connection security, website security, child protection, and device security from the network side to endpoint devices. Customers can enjoy flagship-level cybersecurity protection without changing their network architecture or configurations, and receive long-term cybersecurity services through monthly or annual subscription models. The service offerings include two main categories: consumer internet security and enterprise internet security. Domestic competitors mainly include Taiwan Mobile's Parental Control Guard, Internet Manager, and Network Guardian, as well as Far EasTone

Telecommunications' Child Protection and Anti-Hacking Protection services, all of which provide cybersecurity services to internet users. Chunghwa Telecom, as the leading telecommunications provider in Taiwan, ranks first nationwide among both broadband and mobile internet subscribers. The Company has long partnered with Chunghwa Telecom to provide internet cybersecurity services, serving over 1.1 million consumer internet security customers and more than 47,000 enterprise internet security customers.

(A). Consumer internet security

In an era where the internet is increasingly widespread and prevalent, consumers are becoming more reliant on it. However, while the internet brings convenience, it also introduces numerous risks, such as continuous cyberattacks, rampant fraudulent messages, personal data breaches, children accessing inappropriate websites, and even excessive internet addiction. To help consumers avoid these risks, CHT Security and Chunghwa Telecom have designed protection and management services for families and to safeguard children's healthy internet usage, creating a secure and safe online environment for consumers. The development trends of this service include the following aspects:

Porn Gatekeeper and Parental Control (Time Management): Provides harmful content filtering and internet usage time management services for both home and mobile networks. The parental control function blocks six categories of harmful websites, including pornography, violence, suicide, weapons, drugs, and gambling, and also offers blocking settings for various types such as video streaming, social media, shopping websites, and gaming platforms across both web pages and apps. Additionally, it includes newly added customizable blocking categories for social networking sites and communication services, helping parents easily manage children's internet content and social media usage. In addition, internet usage time management services are provided for both home and mobile networks, offering detailed and flexible scheduling options. Once the designated control period begins, all devices connected through the network are unable to access the internet, effectively preventing children from excessive internet use. At the same time, a parental account feature is provided, allowing parents to continue using the internet even during the controlled period.
Cyber Threat Gatekeeper and HiNet Anti-Virus: Hackers today often exploit current events and market demand topics, using communication channels and social media to spread harmful content, causing consumers with limited information literacy or lack of caution to fall into traps and become victims. Cyber Threat Gatekeeper and HiNet Anti-Virus, anti-hacking protection and antivirus/anti-hacking services, help consumers mitigate cyber threats such as

phishing websites, ransomware, and cyberattacks, and provide real-time blocking of harmful web pages and links originating from channels such as e-mail, social media, fraudulent messages, and scam advertisements, thereby preventing personal data leakage and protecting consumers' computers and mobile devices from viruses and hacking.

Overall, consumer internet security services provide protection from the network side to endpoint devices to help consumers defend against increasingly complex and diverse cyber threats.

(B). Enterprise internet security

Block cyberattacks at the network edge to prevent malicious activities from affecting internal enterprise networks and provide a secure and stable internet environment. The development trends of this service include the following aspects:

Intrusion Prevention System (IPS): Provides an industry-first IPS by deploying high-performance, stable, and feature-rich intrusion prevention devices at Chunghwa Telecom's network edge. It offers frontline blocking of various cyberattacks from the internet for HiNet fixed-line enterprise customers, reducing malicious traffic entering enterprise networks and lowering the risk of cyberattacks. It can also be integrated with internal enterprise cybersecurity defenses to form a layered defense-in-depth architecture, providing an additional layer of protection.
Cyber Anti-Threat Gatekeeper for Enterprises: Blocks access to Botnets, command and control (C&C) servers, ransomware, and other malicious sources, including URLs, domains, and IP addresses, at Chunghwa Telecom's data center, thereby reducing the risk of cyberattacks. It also provides enterprise customers with SecuTex ED for endpoint detection, which can be installed on endpoints (computers) or servers to quickly identify potential compromises, further enhancing enterprise cybersecurity effectiveness.
Advanced DDoS Protection: Deploys DDoS defense equipment at Chunghwa Telecom's data centers and develops a multi-layered DDoS protection mechanism. Through traffic analysis and proactive detection and defense mechanisms, it effectively blocks large volumes of DDoS attack packets (such as ICMP Flood, UDP Flood, SYN Flood, etc.), preventing attack traffic from saturating enterprise bandwidth and helping enterprises mitigate network congestion caused by DDoS attacks.
Advanced Network Defense System (ANDs): A high-end cybersecurity protection service deployed at Chunghwa Telecom's network edge, offering advantages such as high performance, high stability, and strong defense capabilities. It adopts next-generation firewall (NGFW) technologies from

leading international cybersecurity vendors and global threat intelligence engines, combined with an SDN-based network defense architecture, to provide Chunghwa Telecom's fixed-line enterprise customers with real-time blocking of malicious attacks, prevention of network viruses, blocking of malicious connections, and internet content filtering. It also offers advanced control features such as application control, file transfer control, and country-based traffic control to help enterprises manage internet usage and enhance overall network security.

Web Application Firewall (WAF): Utilizes telecom-grade website protection equipment to analyze website traffic content (HTTP and HTTPS). Combined with machine learning and fine-tuning by the Company's cybersecurity consultants, it effectively blocks website intrusion attacks from the internet, providing customers with website security solutions and ensuring normal operation of enterprise websites.

B. Cybersecurity professional services

Assist customers in conducting cybersecurity testing, providing cyber threat detection and management services (SOC, MDR, and SOAR), incident investigation and digital forensics services, and cybersecurity management system consulting, among more than 20 types of cybersecurity professional services. Major domestic competitors include Acer Cyber Security, Cybersecurity Service Digital United, and Trade-Van Information Services. According to publicly available procurement statistics from the Executive Yuan's Government e-Procurement System, CHT Security ranks first in both number of projects and share of contract value. It is also the only domestic cybersecurity service provider to have received the highest A rating across all five service categories in the government's cybersecurity service provider evaluation for seven consecutive years. This demonstrates CHT Security's outstanding cybersecurity expertise, as well as the highest level of customer satisfaction with its service quality, indicating strong competitiveness. The following provides an overview of high-demand services, including cybersecurity testing services, cybersecurity threat detection and management (SOC) services, and cybersecurity incident response and forensics services:

(A). Cybersecurity Testing

In addition to possessing the capability to help customers strengthen cybersecurity protection, the Company has cultivated a team of professional ethical hackers, or white-hat hackers, who simulate the latest attack methods from a hacker's perspective. Leveraging AI technologies and cybersecurity testing tools, the Company has developed a diverse range of cybersecurity testing services, including white-box and black-box source code analysis, vulnerability assessment, penetration testing, red teaming, social engineering simulation, and IoT device testing. The scope of testing covers websites, systems, applications, mobile apps,

IoT, and industrial control systems across various domains. The Company also continues to develop and introduce new types of cybersecurity testing services, such as external attack surface management (EASM) and breach and attack simulation (BAS), and adopts emerging technologies, including the use of generative AI for social engineering e-mail generation and enterprise perimeter asset discovery. Through continuous innovation and advanced research, the Company aims to build leading technical capabilities and a strong reputation.

The Company's cybersecurity testing team possesses multiple competitive advantages as follows:

Possession of advanced ethical hacker certifications: including various international certifications such as OSCE3, OSEP, OSED, OSWE, OSCP, LPT, ECSA, CRTP, CPSA, and CRT.
Capability to develop cybersecurity platforms and tools: Possesses R&D capabilities for platforms such as red teaming platforms, vulnerability assessment systems, and penetration testing systems, with functions to integrate results from commonly used cybersecurity tools and automatically generate reports. It also develops various application tools based on testing needs, such as threat intelligence collection modules and deserialization tools, and has contributed to internationally renowned open-source projects (such as SQLmap).
Capability for zero-day vulnerability discovery: The team specializes in identifying unknown vulnerabilities, helping customers prevent risks before they occur. In addition to long-term reporting through platforms such as HITCON ZeroDay and bug bounty programs, the team has identified more than 130 vulnerabilities assigned international CVE identifiers, of which over $70\%$ are classified as High or Critical severity.
Extensive execution experience: The testing team has strong service capacity, conducting penetration testing on more than a thousand systems annually, and has accumulated over ten years of experience, covering diverse domains and enabling more comprehensive testing and risk management.
Self-developed knowledge base (KB) and practical offensive and defensive platform: The team has transformed its extensive experience into a practical knowledge base and has developed its own training platform to ensure consistent personnel quality and capability. The platform is also applied in training programs for government, financial, and high-tech manufacturing sectors, where hands-on exercises have proven to be practical and effective and have received positive feedback from various users.
Sharing technical expertise at domestic and international cybersecurity conferences: The team regularly shares research on hacking techniques and

vulnerabilities to cultivate cybersecurity talent and exchange expertise. For example, it serves as sponsored lecturers and mentors in programs such as AIS3 and Taiwan Holy High, presents research findings at conferences such as HITCON and CYBERSEC, has served for many years as a problem setter for international skills competitions, and has coached national representatives to achieve international silver medal results.

Cybersecurity testing processes comply with laboratory standard specifications: The Company’s cybersecurity forensics and IoT testing laboratories have obtained Taiwan Accreditation Foundation (TAF) accreditation. The "Remote-Controlled Unmanned Aerial Vehicle Cybersecurity Testing Laboratory" is a professional testing institution recognized by the Ministry of Digital Affairs. In December 2025, it obtained accreditation from TAF and is qualified to conduct cybersecurity testing for UAV manufacturers and issue conformity test reports.
A cybersecurity service provider that has received the highest A-grade rating in government evaluations for consecutive years: the team is the only one to have achieved an A-grade rating for more than seven consecutive years, reflecting high recognition from both expert review committees and user satisfaction, and is also the most frequently designated cybersecurity service team by government agencies.
In 2024, the Company received the "Top Penetration Testing Service Provider in APAC 2024" award from Cyber Security Review, and its red teaming service was honored with the "2024 Cybersecurity Excellence Award," demonstrating that the Company is a leading penetration testing team in the Asia-Pacific region.
Awarded Frost & Sullivan’s "Taiwan Cybersecurity Services Company of the Year" for five consecutive years.

(B). Cybersecurity Threat Detection and Management (SOC) Service

SOC services must continuously enhance coverage and visibility to provide customers with more comprehensive services, and, through technological innovation, high-quality services, and customized solutions, ensure effective responses to current and future cyber threats. The development trends of SOC services are as follows:

Threat intelligence integration and sharing: This service will place greater emphasis on cross-analyzing threat intelligence from multiple sources to gain a more comprehensive understanding of the current threat landscape. At the same time, it will further promote intelligence sharing with other security institutions and organizations to enhance the overall level of security protection.
Machine learning and behavioral analytics: This service will more extensively apply AI technologies, machine learning, and behavioral analytics to rapidly

identify anomalous activities and emerging threats, thereby improving detection accuracy while reducing reliance on human resources.

Cloud security monitoring and protection: As the proportion of customer systems migrating to the cloud increases, SOC services will strengthen security monitoring and threat response for cloud environments, including integrated cloud and on-premises monitoring, addressing cloud-specific security challenges, and reinforcing cloud security policies.
IoT and Industrial Control System (ICS) security: SOC services will place greater emphasis on security monitoring of IoT devices and industrial control systems to address the growing number of IoT-related threats and attacks.
Compliance and regulatory adherence: Continuously assist customers in complying with various regulations and security standards, ensuring that their security operations conform to relevant laws and requirements.
Automated incident response: Continuously integrate automated tools to enhance rapid response to cybersecurity incidents; automated incident response procedures will help shorten response time and reduce the burden on human resources.
Threat hunting and vulnerability discovery: Strengthen threat hunting to proactively identify potential threats on the client side, while conducting more vulnerability discovery to identify cybersecurity vulnerabilities exposed to external networks.
Data analytics and reporting: Provide refined, customized security reports, and present security incidents and trends to customers through data analysis, enabling them to better understand their own risks and strengthen their defenses.

Overall, SOC services will continue to expand their capabilities to address increasingly complex and diverse threats, while placing greater emphasis on integrating new technologies, enhancing the level of automation, and providing more comprehensive cybersecurity solutions.

The competitive advantages of the Company's SOC services are as follows:

Consistent award recognition and a broad customer base: this service has achieved the highest A-grade rating in the government's cybersecurity service provider evaluations for seven consecutive years and has received the COMPUTEX Best Choice Award. It serves hundreds of customers across industries including government, finance, healthcare, aviation, electronics, technology manufacturing, shipping, manufacturing, e-commerce, and critical infrastructure.
System development and integration capabilities: Independently developed a Risk Control Center system responsible for integrating and interfacing with SIEM platform event data, automated notification dispatch, incident ticket

inquiry and handling, storage and download of various audit records, approval workflow configuration and processing, and automated tracking of incident handling. It also features a client-specific dashboard with visualized presentation, enabling the overall cybersecurity risk status to be displayed on a single interface.

MDR and SOAR integration capabilities: In addition to basic SOC monitoring functions, this service further integrates MDR services and SOAR capabilities to perform integrated correlation analysis across endpoints and networks, and can automatically block anomalous IP addresses on cybersecurity equipment based on alert information, or isolate endpoint devices through network platform configurations to immediately minimize risk.
Threat intelligence integration and automated joint defense deployment capabilities: Independently developed a threat intelligence joint defense system that can automatically interface with, integrate, and distribute threat intelligence, and can automatically deliver such intelligence to cybersecurity equipment for blocking, thereby establishing a joint defense network across different entities and enabling customers to block anomalous IP addresses in advance before being subjected to larger-scale attacks.

(C). Digital forensics and incident response (DFIR) services

This service covers multiple aspects, including cybersecurity incident response, digital forensics, cybersecurity incident response capability development (IR Playbook), and cybersecurity education and training. After a cybersecurity incident occurs, this service provides rapid and effective cybersecurity incident response, including professional capabilities in investigating various cybersecurity attacks such as ransomware, data breaches, and APT attacks, preserving evidence, and performing malware reverse engineering. For most enterprises and organizations, recruiting such specialized talent independently is costly and challenging; therefore, the Company leverages its professional cybersecurity forensics team to assist enterprises in strengthening their incident response capabilities, with the aim of enhancing both proactive and reactive incident response maturity and ensuring that they can respond rapidly and effectively when facing various cybersecurity challenges.

The competitive advantages of the Company's digital forensics and incident response services are as follows:

Members of the forensics team possess extensive cybersecurity certifications and diverse professional capabilities, including expertise in cybersecurity incident response, reverse engineering, and vulnerability analysis.
The Digital Forensics and Security Testing Center has obtained IEC 62443 CBTL certification, a highly specialized and internationally recognized certification that highlights our excellence in industrial control system

cybersecurity. In addition, we are a founding member of the UAV Cybersecurity Joint Testing Laboratory, demonstrating our active involvement in emerging technology fields.

Possesses malware reverse engineering capabilities and integrates the latest intelligence to feed back into the Company's cybersecurity products and services.
Provides 24/7 cybersecurity incident response services, handling more than 200 cases annually, with professional capabilities in managing large-scale cybersecurity incidents and responding to advanced persistent threat (APT) attacks, with analysis targets including cloud environments, networking equipment, and IoT devices.
Develops methodologies for building cybersecurity incident response capabilities, including assisting customers in establishing such capabilities based on the cybersecurity incident response lifecycle defined in NIST SP 800-61r2. For example, drafting IR Playbooks (cybersecurity incident response playbooks) and conducting cybersecurity incident response exercises.
Independently develops targeted analysis sandboxes to enhance analysis efficiency.

C. Cybersecurity product sales

The Company's cybersecurity product sales business is mainly divided into two categories. The first involves introducing software and hardware from domestic and international cybersecurity vendors to assist customers in cybersecurity defense, detection, and response management, in order to withstand increasingly severe cyber threats. The second involves developing proprietary cybersecurity products, which also serve as tools for cybersecurity professional services, such as cybersecurity posture assessment tools, incident investigation tools, and rapid malicious activity scanning tools, helping government agencies and enterprises strengthen cybersecurity to address continuously evolving threats and challenges.

The Company's self-developed cybersecurity products include:

(A). SecuTex ED (Endpoint Detection)

As enterprises expand their business scope, the number of internal devices also increases, making it a significant challenge to effectively manage daily office assets such as personal computers and server systems. Devices exposed to internal enterprise networks and the internet often require inventorying, asset classification, and protection measures to assist IT or cybersecurity personnel in implementing asset management and protection. Through years of practical experience assisting government agencies, the financial sector, and enterprises in conducting cybersecurity posture assessment, the Company has identified that helping customers implement enterprise security configuration baseline management is a critical component in safeguarding endpoint security. Accordingly, it developed

the SecuTex ED product, which provides management functions such as host security posture assessment, Government Configuration Baseline (GCB) compliance checks, and verification of common software update status. Subsequent enhancements include Financial Configuration Baseline (FCB) checks, advanced memory analysis, and YARA rule-based detection, along with the development of rapid endpoint malicious activity scanning and anomalous activity detection capabilities. These enable the completion of cybersecurity posture assessment within a short period, covering multiple aspects such as file systems, system processes, and network behavior, thereby achieving visibility into endpoint compliance status and cybersecurity posture. Leveraging extensive threat intelligence and scanning technologies, the product can quickly detect potential indicators of compromise.

The Company's professional cybersecurity team also utilizes SecuTex ED to conduct cybersecurity posture assessment on tens of thousands of computers annually for domestic government agencies, financial institutions, and enterprises, thereby validating the product's detection functions and capabilities. Through years of technological accumulation and continuous refinement based on endpoint detection applications, the product's functionality has been steadily enhanced, helping enterprises effectively protect their assets from potential threats.

(B). SecuTex NP (Network Protection)

Organized cyberattacks are increasingly evolving toward diverse and highly customized advanced persistent threat (APT) attacks, ransomware attacks, and zero-day vulnerability attacks, targeting system weaknesses to steal sensitive data. After successfully carrying out an attack, attackers often deliberately employ technical methods to erase traces of intrusion, such as modifying system logs, deleting registry records, and using encryption techniques, making their activities difficult to detect; these trace-elimination methods significantly increase the difficulty of attack detection. Therefore, in addition to strengthening cybersecurity protection, enterprises must also consider how to accelerate incident recovery, clarify the scope of compromise, and reconstruct intrusion traces when cybersecurity incidents occur, so as to minimize losses and remediate vulnerabilities to prevent recurrence.

SecuTex NP features high-efficiency packet capture, threat detection, high scalability, flexible data processing, and comprehensive trace retention and visualization. Through the packet traces preserved by SecuTex NP and advanced functions such as correlated network communication topology mapping, it assists enterprise cybersecurity management personnel in quickly retrieving records through a centralized console interface, thereby shortening incident investigation and trace retrieval time. In addition, its cyber threat detection mechanisms help

identify any anomalous activities, aiming to detect attack incidents early and promptly initiate incident response capabilities. Subsequent integration of AI technologies enables full-time packet capture and event-triggered capture, and provides multiple functions such as intrusion detection systems (IDS) and anomaly detection systems (ADS). It can effectively monitor the cybersecurity of networking equipment and IoT devices, and can be integrated with various cybersecurity monitoring platforms for comprehensive use.

(C). CypherCom (End-to-End Encrypted Communication System)

With the diversification of work styles and the widespread adoption of cross-border operations, enterprises need to establish environments that enable personnel to communicate securely and transmit sensitive data remotely at any time and from any location, in order to prevent eavesdropping or data theft. In recent years, the trend of digital transformation has further intensified the need for a dedicated digital communication environment to ensure digital resilience and to allow safe daily work discussions and information exchange, which may involve trade secrets. As a result, enterprises have increasingly recognized the need to encrypt communication content to prevent data leakage, making the adoption of end-to-end encryption (E2EE) essential to ensure the confidentiality of communication data throughout the entire transmission process.

End-to-end encryption is considered more secure, but it is also relatively more complex to implement. This technology prevents potential intermediaries, including malicious eavesdroppers, telecommunications service providers, communication equipment vendors, communication system providers, and even an enterprise's own communication system administrators, from accessing the plaintext of communications between both parties.

However, the security of an encryption system cannot rely solely on the strength of the encryption algorithms and keys for assurance. Ensuring the security of keys through effective key management is even more critical; if keys are compromised, malicious actors can use publicly known cryptographic algorithms to decrypt the encrypted data.

In response to the above market demands and customer challenges, the Company has invested in the development of the CypherCom product. CypherCom is a communication system that supports end-to-end encryption, providing functions including VoIP calls, instant messaging (IM) for transmitting text, images, videos, and files, one-on-one and group chatrooms, as well as newly added encrypted video calls and chatroom deletion functions in 2024. All communication content is protected throughout by end-to-end encryption with a 256-bit encryption strength, preventing interception by intermediaries and providing customers with a highly secure and confidential communication

environment.

To address the most critical aspect of secure encrypted communication, namely key management, CypherCom adopts a hardware secure element validated by FIPS 140-2 Level 3 as the carrier for users' private keys, ensuring that the keys will not be exposed.

Another feature of the CypherCom product is its support for low-bandwidth communication environments. Through specially tuned voice encoding and decoding formats (CODEC) and packet compression technologies, it can maintain communication quality and stability even under low-bandwidth conditions, such as satellite-based internet access where the average bandwidth is only 10 Kbps. CypherCom's support for low-bandwidth environments has been validated and proven to operate stably in satellite communication scenarios.

Product functions are described as follows:

End-to-end encryption: Communication content remains encrypted throughout the transmission process, and only the communicating parties can decrypt it; even if intermediaries intercept the communication content, they are unable to decrypt it.
High-strength encryption: Encryption strength reaches the 256-bit level, which is beyond the capability of current computing power to break. Even with a brute force attack, a supercomputer would require billions of years to complete all the computations needed to break the encryption.
Hardware secure element: utilizes a hardware secure element validated by FIPS 140-2 Level 3 as the carrier for users' private keys. On Android smartphones, the hardware secure element adopts the form of a SIM card overlay (Slim SIM). The chip is manufactured using special technology into an ultra-thin film that can be attached to the original SIM card and inserted into the device's existing SIM card slot without affecting the original SIM's communication functions. The CypherCom App developed by the Company can access the Slim SIM chip and use it as the carrier for users' private keys. On iPhone devices, the built-in Secure Enclave security chip is used, providing hardware-level key protection and 256-bit encryption strength. By adopting Slim SIM overlay chips and the built-in Secure Enclave security chip in iPhones, users can achieve hardware-level key protection without the need to carry external devices such as card readers.
Support for low-bandwidth environments: Through specially tuned voice encoding and decoding formats (CODEC) and packet compression technologies, communication can remain stable even under low-bandwidth conditions.

(D).HorusEyes

In October 2024, the Company launched the HorusEyes service, which helps enterprises quickly identify potential threats exposed on the internet and perform exposure rating of their network assets. Enterprises can use this service to gain visibility into the security status of digital assets on the internet, such as websites and cloud services, and formulate corresponding mitigation strategies based on risk levels to ensure business continuity and cybersecurity.

This service incorporates AI technologies for automated processing. The system can rapidly analyze large volumes of network traffic, vulnerability data, and various attack patterns, generating more precise and detailed cybersecurity reports, including specific risk assessments, digital asset health analysis, and protection recommendations, helping customers more intuitively understand current network security threats.

(III) Technology and R&D overview

R&D expenses incurred in the most recent year and up to the publication date of the annual report, as well as successfully developed technologies or products:

R&D expenses invested in each of the most recent two years

Unit: NT$ thousand; %

Item\Year	2024	2025
R&D expenses	108,695	132,754
Net operating revenue	1,973,659	2,045,570
Percentage of net revenue (%)	5.51	6.49

(IV) Short-term and long-term business development plans

The key factors driving the development of Taiwan's cybersecurity market include regulatory requirements, the increasing severity of cyber threats faced by government agencies and enterprises, stricter cybersecurity requirements imposed by enterprises on their supply chains, and new cybersecurity challenges encountered during digital transformation. The Company formulates its short-term and long-term development plans by observing market dynamics and analyzing its competitive strengths and weaknesses.

(1) Short-term development plan

A. Launch of new products and services: in response to the continuous escalation of cyber threats, the increase in encrypted malicious traffic, and the new cyber threats and challenges faced by enterprises adopting AI technologies, in 2026 the Company will launch a DNS-based enterprise anti-intrusion service, new cloud cybersecurity services, and AI application cybersecurity services to help enterprises mitigate the cybersecurity risks arising from adopting AI applications and developing in-house LLM models.
B. Enhance the quality and capacity of internet security services: In response to the

continuous growth in the number of customers, expand hardware in the security zone, increase network bandwidth, and refine monitoring mechanisms to improve service quality and stability.

C. Accelerate the development of proprietary products and pursue continuous enhancement: continuously develop proprietary products and improve the functions and performance of existing products to meet the cybersecurity needs of customers across different industries, domains, and countries.

D. Develop cybersecurity platforms and tools to reduce labor costs and improve efficiency: Incorporate AI technologies to develop automated cybersecurity platforms and tools, thereby reducing labor costs for cybersecurity specialists and enhancing operational efficiency and service quality.

E. Cultivate and recruit cybersecurity talent: Participate in cybersecurity community activities (such as AIS3, HITCON, and Taiwan Holy High) and job fairs to engage with and recruit outstanding cybersecurity professionals, collaborate with academic institutions to offer cybersecurity training programs, directly recruit top-performing participants to join the Company, and also cultivate internal talent.

F. Continue to deepen presence in emerging fields to expand the customer base: in response to industry development and the evolution of information technologies, expand into new areas cybersecurity such as AI, ICS, IoT, cloud, drone, and low Earth orbit satellite.

G. Increase product and service exposure and strengthen marketing efforts: Actively participate in domestic and international cybersecurity forums and seminars, serve as speakers, join industry associations, increase exposure through news and magazine media, and host cybersecurity Solution Day events to enhance customer engagement opportunities and strengthen the sales capabilities of distribution channels.

H. Expand into international markets: Actively seek local partners overseas to promote the localized sales of proprietary products and cybersecurity services. At the same time, through close collaboration with Chunghwa Telecom Group and its affiliates, leveraging the Group's overseas subsidiaries and operating site resources to deepen engagement in local markets. In addition, assisting Taiwanese businesses in strengthening cybersecurity protection and monitoring mechanisms at their overseas operating sites to expand overseas sales.

(2) Long-term development plan

A. Strengthen R&D and adopt new cybersecurity technologies: Develop and introduce innovative cybersecurity technologies through industry-academia collaboration, technology licensing, and investment or mergers and acquisitions, in order to enhance product innovation, differentiation, and competitive advantages, and expand the scope of product applications.

B. Strategic positioning in emerging fields: Including potential new cybersecurity

market opportunities such as CMMC and AI cybersecurity, with continuous monitoring of market trends.

C. Expand sales channels: Establish diversified sales channels for proprietary products and services, including expanding distributors and conducting sales through information service providers.
D. Strengthen expansion into overseas markets: Continue to seek local overseas distributors or partners with international sales presence to promote proprietary products and services, recruit international cybersecurity sales talent to support market expansion abroad, and evaluate the feasibility of establishing overseas sales offices.
E. Enhance operational efficiency: Continuously optimize operating costs, introduce automated information workflow systems to streamline internal operations, improve operational efficiency, strengthen management of suppliers and distributors, and control enterprise operational risks.

II. Market, production, sales overview

(I) Market analysis

Primary regions for the sale (provision) of major products (services):

Unit: NT$ thousand

Year Item	2024		2025
	Amount	%	Amount	%
Domestic sales	1,964,514	99.54	2,030,748	99.28
Exports	9,145	0.46	14,822	0.72
Total	1,973,659	100.00	2,045,570	100.00

2. Market share:

The Company is a professional cybersecurity service provider, offering a wide range of services including network security services, cybersecurity testing services, cyber threat detection and management services (SOC), and digital forensics and incident response (DFIR) services. It provides customers with comprehensive cybersecurity services and solutions covering cloud, network, and endpoints. According to a research report by IEK of the ITRI, the total output value of Taiwan's cybersecurity market in 2024 and 2025 was NT$83.41 billion and NT$91.08 billion, respectively, of which the output value of Taiwan's cybersecurity operations services market was NT$18.42 billion and NT$20.41 billion. The Company's revenue in 2024 and 2025 was NT$1.974 billion and NT$2.046 billion, representing market shares of 10.7% and 10.0%, respectively, in Taiwan's cybersecurity operations services market.

Unit: NT$100 million

Year Item	2024		2025
	Production value	Growth rate	Production value	Growth rate
Domestic sales	1,964,514	99.54	2,030,748	99.28
Exports	9,145	0.46	14,822	0.72
Total	1,973,659	100.00	2,045,570	100.00

Taiwan's cybersecurity operations services market	184.2	11.1%	204.1	10.8%
CHT Security revenue	19.74	16.4%	20.46	3.6%
Market share	10.7%		10.0%

Future supply-demand conditions and growth prospects of the market:

A. Supply:

Driven by regulatory policies, supervisory authority requirements, increased emphasis on supply chain security, and geopolitical influences, government agencies and enterprises are using cybersecurity services and exercises to test the strength of their security defenses and personnel awareness. This has led to growing demand for professional cybersecurity services, prompting companies from other sectors, such as telecommunications operators, system integrators, accounting firms, IT software and hardware providers, and cloud service providers, to enter the cybersecurity services market. According to the ITRI's "2023 Report on the Current Status and Outlook of Taiwan's Cybersecurity Industry," domestic cybersecurity service providers primarily offer "cybersecurity consulting services" (38%), "cybersecurity architecture planning or system integration services" (38%), "cybersecurity testing and analysis services" (32%), and "cybersecurity operations management services" (25%), which account for relatively higher proportions.

B. Demand:

The government has placed strong emphasis on cybersecurity by launching the "Cybersecurity is National Security 2.0" strategy, establishing the Ministry of Digital Affairs, and setting up dedicated agencies such as the Administration for Cyber Security and the National Institute of Cyber Security, thereby further strengthening government cybersecurity and supporting the development of the domestic cybersecurity industry. The FSC has issued the Financial Cyber Security Action Plan 2.0, requiring the financial industry to strengthen core data protection and business continuity exercises, encourage the deployment of zero trust architecture, establish cybersecurity monitoring mechanisms, and promote effectiveness evaluations of monitoring and protection capabilities. It has also announced a revised version of the "Regulations Governing Establishment of Internal Control Systems by Public Companies," requiring primary and secondary listed companies to appoint a Chief Cybersecurity Officer and dedicated cybersecurity personnel or units. In addition, with the high-tech manufacturing sector placing greater emphasis on supply chain security, and under the influence of geopolitical factors, Taiwan has become not only one of the world's most active hotspots for cyber offense and defense but also a frontline training ground, resulting in severe cyber threats domestically while also raising awareness among individuals, households, and enterprises and driving increased demand. According to the iThome 2025 Enterprise Cybersecurity Survey, the average cybersecurity budget of large enterprises in Taiwan

has exceeded NT$20 million, reaching a new high with an annual growth rate of 23%, and the proportion of cybersecurity budgets relative to total IT budgets has risen to 8.9%, which is expected to continue growing.

4. Competitive advantage

The Company's overall competitive advantages are as follows:

A. Possesses a large pool of cybersecurity professionals: More than 260 experts in

cybersecurity technology and R&D, with strong employee cohesion and stability.

B. Possesses more than 600 professional technical certifications: Covering cybersecurity, networking, IT, and consulting, enabling the provision of comprehensive cybersecurity services as well as architecture planning and implementation for customers.
C. Possesses white-hat hacking expertise and vulnerability discovery capabilities: Has identified more than 135 CVE vulnerabilities and has won multiple cybersecurity offensive and defensive competition championships.
D. Consistent award recognition: the only cybersecurity service provider to have received an A-grade rating in all five cybersecurity service categories under the Executive Yuan's joint procurement contract vendor evaluation for seven consecutive years, and has also received multiple domestic and international cybersecurity awards.
E. Provides end-to-end cybersecurity services: Including pre-incident testing, mid-incident monitoring and response, and post-incident forensics and recovery services.
F. Possesses capabilities in developing cybersecurity products and services: Develops cybersecurity services, proprietary products, and tools, which helps expand into overseas markets.

Competitive advantages of internet security services:

A. Block threats outside connected devices: Establish a security zone at the ISP network edge to block network attacks, malicious websites, phishing sites, fraud, pornography, and other harmful content, safeguarding the internet usage of individuals, households, and enterprises.

B. Broadest network customer coverage: collaborates with Chunghwa Telecom, which has the largest number of broadband and mobile internet users in Taiwan, to provide internet security services, offering economies of scale.

C. Possesses the most comprehensive local threat intelligence: Through deployment at network nodes, it can collect the most timely and complete local attack intelligence in Taiwan, including real-time and precise blacklist intelligence, thereby enhancing product competitiveness.

D. Comprehensive deployment of consumer internet security across mobile and fixed networks: Implements full coverage across mobile internet and broadband networks, ensuring protection whether users are accessing the internet at home via broadband or on the go via mobile networks.

E. Customers can enjoy flagship 24/7 cybersecurity protection services without needing to modify their internal network architecture, install software, or change configurations.

F. The Company's cybersecurity team analyzes attack patterns and, leveraging years of offensive and defensive experience, continuously updates and fine-tunes protection rules to address the latest cyber threats.

G. Comprehensive depth planning of enterprise internet security products: Covers high-, mid-, and entry-level cybersecurity protection services, maintaining a leading position in both breadth and depth within the market.

Competitive advantages of professional cybersecurity services:

A. The "Digital Forensics and Security Testing Center" has obtained TAF ISO 17025 accreditation and is an IEC 62443 CBTL-recognized testing laboratory.

B. Provides end-to-end cybersecurity services, including pre-incident testing (such as vulnerability assessment, penetration testing, red teaming, and source code analysis), mid-incident monitoring and response (SOC, MDR), and post-incident forensics and recovery services, as well as ISMS consulting to enhance enterprise cybersecurity resilience, social engineering simulation, and enterprise cybersecurity risk rating services.

C. In 2024, the Company received the "Top Penetration Testing Service Provider in APAC 2024" award from Cyber Security Review, and its red teaming service was honored with the "2024 Cybersecurity Excellence Award," demonstrating that the Company's cybersecurity team is a leading penetration testing team in the Asia-Pacific region.

D. Possesses the capability to develop cybersecurity platforms and tools: Capable of developing platforms such as a red teaming platform, vulnerability assessment systems, and penetration testing systems.

E. The only red teaming service in Taiwan to have obtained ISO 20000 certification, ensuring quality assurance.

F. Possession of advanced ethical hacker certifications: including various international certifications such as OSCE3, OSEP, OSED, OSWE, OSCP, LPT, ECSA, CRTP,

CPSA, and CRT, demonstrating advanced cybersecurity technical capabilities.

G. MDR and SOAR integration capabilities: In addition to basic SOC monitoring functions, this service further integrates MDR services and SOAR capabilities.

H. Threat intelligence integration and automated joint defense deployment capabilities: Independently developed a threat intelligence joint defense system that can interface with, integrate, and distribute threat intelligence, and can automatically deliver it to cybersecurity equipment for blocking, thereby establishing a cross-organizational joint defense network.

I. Cloud security monitoring and protection: As the proportion of customer systems migrating to the cloud increases, SOC services have strengthened security monitoring and threat response for cloud environments.

J. IoT and ICS: Has the capability to provide cybersecurity testing, monitoring, and IEC 62443 consulting services for industrial control system environments and internet of things devices of critical infrastructure operators.

K. The forensics team possesses malware reverse engineering capabilities and integrates the latest intelligence to feed back into the Company's cybersecurity products and services.

L. Has established capabilities and proven records in providing AI application cybersecurity services for enterprises adopting emerging AI technologies, including AI application system security testing and generative AI cybersecurity posture assessment.

Competitive advantages of cybersecurity product sales:

A. Independently develops the SecuTex series of cybersecurity products, including network protection products, endpoint rapid scanning software, and end-to-end encrypted communication systems, as well as a cybersecurity posture assessment platform, a red teaming collaborative platform, an ISAC platform, a vulnerability management platform, and a cybersecurity incident tracking platform.

B. Provides an cybersecurity technical consulting team to assist customers in planning, designing, and implementing comprehensive cybersecurity defense architectures, and offers complete cybersecurity software, hardware, and service solutions.

Favorable and unfavorable factors affecting future development prospects and corresponding strategies:

(II) Key applications and production processes of major products

Favorable factors 1. The government places strong emphasis on cybersecurity and has promulgated relevant regulations such as the Cybersecurity Management Act and the Personal Data Protection Act, prompting government agencies, specified non-government entities, and critical infrastructure operators to continuously establish robust cybersecurity management mechanisms, advance digital transformation,

Unfavorable factors 1. Original equipment manufacturers of systems and software and hardware, system integrators, and startups are actively entering the cybersecurity market, with the number of vendors exceeding 350. This has intensified competition and led to pricing disorder. 2. Government agencies and various industries

2. The government is not aware of the potential risks of cybersecurity, and the government is not aware of the potential risks of cybersecurity, and the government is aware of the potential risks of cybersecurity, and the government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity, and the government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the potential risks of cybersecurity. The government is aware of the --- 79 | strengthen cybersecurity resilience across various sectors, cultivate cybersecurity talent, and promote the development of the cybersecurity industry, thereby driving its overall growth. 2. The FSC has promoted multiple financial cybersecurity regulations, including the "Financial Cyber Security Action Plan 2.0," to further strengthen the cybersecurity protection capabilities of the domestic financial industry. These measures require financial institutions to implement robust cybersecurity management, thereby driving increased demand for cybersecurity testing, monitoring, and offensive and defensive exercises. 3. The FSC has imposed increasingly stringent cybersecurity requirements on listed companies. Primary and secondary listed companies are required to appoint a Chief Information Security Officer or establish dedicated cybersecurity units to strengthen internal cybersecurity controls. In 2024, the "Cybersecurity Management Guidelines for Listed Companies" and the "Reference Q&A on Matters to Note for the Release of Material Information" explicitly stipulate that listed companies must disclose their cybersecurity management plans, resources, and response measures for significant cyber incidents. 4. Enterprises are facing increasingly severe cyber threats. In 2024, multiple listed companies experienced cybers incidents such as cyberattacks, data breaches, and ransomware attacks and issued material information disclosures, prompting enterprises to place greater emphasis on cybersecurity protection. 5. Enterprises are strengthening cybersecurity requirements for their supply chains to prevent attackers from infiltrating internal systems through third-party vendors. To meet enterprise cybersecurity standards, suppliers are also actively seeking support from professional cybersecurity services. 6. According to the iThome 2025 Enterprise Cybersecurity Survey, the average cybersecurity budget of large enterprises in Taiwan has exceeded NT$20 million, representing a significant increase of 23%. The financial sector has the highest budget levels, followed by the government sector, and further growth is expected in 2026. 7. The Company has obtained multiple cybersecurity certifications and received numerous domestic and international cybersecurity awards. It has also been rated at the highest A-grade level in the Executive Yuan's cybersecurity service provider evaluations for consecutive years, with both its technical capabilities and service quality recognized by customers. 8. Possesses more than 600 IT and cybersecurity-related technical certifications and over a hundred cybersecurity experts, providing a strong competitive advantage. 9. Possesses a cybersecurity R&D team with the capability to productize cybersecurity technologies and experience, which is advantageous for developing proprietary cybersecurity products and expanding into overseas markets. | are competing for cybersecurity talent, making recruitment and retention challenging. 3. International cloud cybersecurity providers are entering the domestic market with integrated solutions combining DDoS mitigation, WAF, and CDN services. 4. Expanding and operating in overseas markets is challenging. | | --- | --- | --- # Corresponding strategies 1. Develop cybersecurity products and cloud-based cybersecurity SaaS services, providing flexible payment or subscription models to reduce customers' budget burden while increasing customer retention. 2. Collaborate with academia to provide internship opportunities and participate in cybersecurity communities to increase engagement with cybersecurity talent, thereby attracting, recruiting, and retaining outstanding professionals. 3. Collaborate with domestic and international cybersecurity companies to address gaps in technical capabilities, integrate vendor products to develop comprehensive cybersecurity solutions, and jointly enter the market. 4. Seek local partners overseas to promote the localized sales of proprietary products and cybersecurity services; leverage close collaboration with the Chunghwa Telecom Group and its affiliates, utilizing the Group's overseas subsidiaries and operating site resources to penetrate local markets; and assist Taiwanese enterprises in strengthening cybersecurity protection and monitoring mechanisms at their overseas operating sites. # (III) Supply of main raw materials The Company provides cybersecurity professional services to customers through cybersecurity technical experts supported by cybersecurity software and hardware tools. It procures cybersecurity tools or threat intelligence from domestic and international software and hardware vendors to provide customers with internet security, security testing, security monitoring, cybersecurity posture assessment, and digital forensics services, and has established stable cooperative relationships with suppliers. (IV) Suppliers and customers contributing to $10\%$ or more of the Company's total purchase (sales) amount in either of the two past fiscal years, their shares, and reasons for changes. # 1. Information on major suppliers for the past two years Unit: NT$ thousand | | 2024 | | | | 2025 | | | | | --- | --- | --- | --- | --- | --- | --- | --- | --- | | Item | Name | Amount | As a percentage of annual net purchases (%) | Relationship with the issuer | Name | Amount | As a percentage of annual net purchases (%) | Relationship with the issuer | | 1 | Supplier A | 217,181 | 25.43 | None | Supplier A | 181,421 | 22.36 | None | | 2 | Supplier B | 140,346 | 16.43 | None | Supplier B | 161,501 | 19.91 | None | | | Others | 496,629 | 58.14 | - | Others | 468,338 | 57.73 | - | | | Net purchases | 854,156 | 100.00 | | Net purchases | 811,260 | 100.00 | | # 2. Information on major customers for the past two years Unit: NT$ thousand | | 2024 | | | | 2025 | | | | | --- | --- | --- | --- | --- | --- | --- | --- | --- | | Item | Name | Amount | As a percentage of annual net sales (%) | Relationship with the issuer | Name | Amount | As a percentage of annual net sales (%) | Relationship with the issuer | | 1 | Chunghwa Telecom Co., Ltd. | 502,683 | 25.47 | Parent company | Chunghwa Telecom Co., Ltd. | 353,749 | 17.29 | Parent company | | | Others | 1,470,976 | 74.53 | - | Others | 1,691,821 | 82.71 | - | | | Net sales | 1,973,659 | 100.00 | | Net sales | 2,045,570 | 100.00 | | --- III. Number of employees, average years of service, average age, and the distribution ratio of educational background of employees for the past two years and up to the publication date of the annual report Information on employees for the most recent two years and as of the date of the annual report April 30, 2026 | Year | | 2024 | 2025 | Current fiscal year as of _ (date) April 30, 2026 | | --- | --- | --- | --- | --- | | Number of employees | | 351 | 376 | 380 | | Average age | | 34 | 34 | 35 | | Average years of service (years) | | 3.06 | 3.57 | 3.76 | | Distribution of education attainment | PhD | 1.42% | 0.80% | 0.79% | | | Master | 47.01% | 50.53% | 51.32% | | | College/University | 50.14% | 48.14% | 47.63% | | | Senior high school | 1.42% | 0.53% | 0.26% | | | Under senior high school | 0% | 0% | 0% | IV. Information on environmental protection expenditures Losses incurred due to environmental pollution during the most recent year and up to the publication date of the annual report, including compensation and violations of environmental protection laws identified through environmental protection inspections, with disclosure of the disposition date, disposition reference number, violated statutory provisions, details of the violation, and disposition content, as well as disclosure of the estimated amounts that may occur currently and in the future and corresponding countermeasures. If such amounts cannot be reasonably estimated, the facts rendering reasonable estimation impossible shall be explained: None. V. Labor Relations (I) List the Company's various employee benefit measures, continuing education, training, retirement system, and implementation thereof, as well as labor-management agreements and various employee rights protection measures 1. Employee benefits measures The Company places importance on employee well-being and is committed to providing comprehensive welfare programs to enhance employee job satisfaction and cohesion. The Company currently provides a range of welfare measures, including group insurance, regular health check-ups, travel expense subsidies, year-end appreciation banquets, regular employee gatherings, birthday leave, family day activities, and subsidies for marriage, bereavement, and childbirth, comprehensively supporting employees' personal and family needs. 2. Employee continuing education and training The Company has established relevant policies for education and training and, based on operational development needs and the nature of employees' roles, plans and conducts various training programs, including managerial competency training, communication and --- coordination skills training, professional competency training, and on-the-job training. Continuously enhance employees' professional capabilities and work efficiency to ensure operational quality and support the Company's sustainable development. 3. Retirement system and its implementation The Company implements its employee retirement system in accordance with the Labor Pension Act and contributes 6% of employees' monthly salaries to their individual labor pension accounts as required by law. In addition, employees may voluntarily contribute between 0% and 6% of their monthly salaries to their pension accounts based on individual preference. All related retirement matters are handled in accordance with applicable laws and regulations. 4. Status of labor-management agreements All personnel management systems and regulations of the Company are established in accordance with the Labor Standards Act and relevant labor laws and regulations. The Company values harmonious labor-management relations and, through open internal communication channels and two-way communication mechanisms, listens to and responds to employee feedback in a timely manner, promoting positive interaction between labor and management. 5. Various measures for safeguarding employees' rights and interests The Company has established comprehensive personnel and document management systems, clearly stipulating various management policies and explicitly defining employees' rights, obligations, and benefits. These systems are regularly reviewed and revised in accordance with actual operational conditions and changes in laws and regulations to ensure that employees' rights and interests are properly protected. (II) Specify the losses incurred due to labor-management disputes during the most recent year and up to the publication date of the annual report, including violations of Labor Standards Act identified through labor inspections, with disclosure of the disposition date, disposition reference number, violated statutory provisions, details of the violation, and disposition content, as well as disclosure of the estimated amounts that may occur currently and in the future and corresponding countermeasures. If such amounts cannot be reasonably estimated, the facts rendering reasonable estimation impossible shall be explained. In the most recent two years and up to the date of publication of the annual report, the Company has not experienced any material labor disputes, nor has it been penalized for violations of the Labor Standards Act identified through labor inspections; therefore, no related losses have been incurred. 82 --- VI. Cybersecurity management (I) Describe the cybersecurity risk management framework, cybersecurity policies, specific management programs, and resources invested in cybersecurity management. 1. Cybersecurity risk management framework (1) The Company has established a cybersecurity risk management framework and has set up a dedicated Cybersecurity unit to coordinate various cybersecurity initiatives across the Company, and to regularly review cybersecurity policies and privacy information protection management policies. (2) Dedicated cybersecurity unit: The highest-level organization for the Company's cybersecurity management and personal data management is the "Cybersecurity and Information Service Management Guidance Committee," convened by the Vice President of Technology, with Vice Presidents from various divisions serving as committee members. Under this committee, the "ISO Team" is responsible for the formulation and implementation of management policies, while the "Cybersecurity Dedicated Unit," consisting of a Chief Cybersecurity Officer and several dedicated personnel, is responsible for technical protection and control, as well as monitoring and incident response. Regular meetings are convened to drive implementation and conduct reviews, ensuring the effective execution of the Company's cybersecurity and privacy protection policies from both management and technical perspectives. ![img-3.jpeg](img-3.jpeg) 2. Cybersecurity policies (1) An organization responsible for planning and promoting cybersecurity management-related activities has been established, along with the "Cybersecurity and Information Service Management Guidance Committee," which is responsible for managing, coordinating, and supervising the implementation of various cybersecurity operational policies and the allocation of resources. (2) The Company's cybersecurity management regulations must comply with the Company's policies and relevant government laws and regulations, reference international standards, incorporate the security requirements of various operational 83 --- activities and contractual agreements, and align with the Company’s strategies and objectives. (3) This policy applies to all information, personnel, software and hardware equipment, physical environments, and related services involved in the Company’s information operations. (4) Partners and customers involved in the Company’s related operations shall also understand the Company’s cybersecurity management requirements, and their respective cybersecurity responsibilities and obligations shall be clearly defined in all contracts and agreements. (5) The security management of all information processing equipment and information operations of the Company shall comply with the provisions set forth in the Company’s ISMS cybersecurity management regulations. 3. Specific management programs and invested resources (1) The Company has established its cybersecurity and personal data protection management systems in accordance with international standards ISO 27001 and ISO 27701. It implemented the ISO 27001 Cybersecurity Management System in 2018 and the ISO 27701 Privacy Information Management System in 2021, and continues to maintain the validity of these certifications. Through the implementation of the Cybersecurity Management System and the Privacy Information Management System, the Company protects the security of assets and privacy information of both the Company and its customers, enhances its incident response capabilities for cybersecurity and privacy information events, and ensures service security and quality. (2) The Company has established and disclosed its "Cybersecurity Policy" and "Privacy Information Protection and Management Policy," as well as specific management programs such as the "Cybersecurity Policy and Procedures Manual" and the "Privacy Information Protection and Management Policy and Procedures Manual," and has implemented them across all employees. (3) Implements specific and effective security protection and personal data privacy measures, and continuously enhances cybersecurity and personal data protection management through the PDCA management cycle. (4) The Company regularly reviews its cybersecurity policies and enhances its cybersecurity practices to ensure the effective implementation of cybersecurity systems and personal data protection measures: - Hold monthly cybersecurity meetings - Hold quarterly cybersecurity implementation meetings - Hold annual management review meetings - Regularly conduct social engineering simulation, vulnerability assessment, endpoint cybersecurity testing, and SOC/MDR cybersecurity monitoring (5) In May 2024, joined the Forum of Incident Response and Security Teams (FIRST), 84 --- an international cybersecurity incident response organization, to regularly share and exchange threat intelligence with global cybersecurity experts. (6) Cybersecurity protection practices - Regularly conduct vulnerability assessment for computers and servers. - Regularly conduct external exposure assessments. - Regularly conduct social engineering simulation for all employees to enhance their awareness of various cyberattack methods. - Conduct penetration testing and source code analysis prior to system deployment. - Regularly conduct endpoint anti-intrusion assessments. - Establish security protection systems and mechanisms, including firewalls, web application firewalls, antivirus systems, access control for jump servers, computer configuration management, as well as network segmentation and internal and external threat intelligence blocking mechanisms. - Establish a cybersecurity monitoring mechanism (SOC) and collect global threat intelligence to gain real-time visibility into internal and external cyber threats and respond rapidly. - Implement Managed Detection and Response (MDR) services to proactively hunt for suspicious endpoint threats and strengthen endpoint protection capabilities. - Conduct annual cybersecurity incident reporting and response drills to ensure clear division of responsibilities and enhance response proficiency. (7) Education and Training Practices - Regularly conduct education and training for all employees on cybersecurity policies, security awareness, and the ISO 27001 and ISO 27701 cybersecurity and privacy information management systems, to enhance employees' understanding of and compliance with information management systems, equip them with necessary cybersecurity knowledge, and strengthen the overall operation of the cybersecurity management framework. - Regularly provide security awareness and vigilance training for employees who fail social engineering simulation, along with required assessments, to enhance their awareness of various cyberattack methods. - Allocate an annual budget to subsidize employees in obtaining various external international cybersecurity and personal data protection certifications, covering areas such as networking, systems, cloud, cybersecurity offense and defense, and cybersecurity management, in order to enhance employees' cybersecurity management and offensive and defensive capabilities. (II) Specify the losses incurred, potential impacts, and response measures resulting from major cybersecurity incidents in the most recent year and up to the date of publication of 85 --- the annual report; if such impacts cannot be reasonably estimated, the reasons for the inability to make a reasonable estimate shall be explained. Under the effective implementation and monitoring of the Company's cybersecurity policies, no losses have been incurred due to cybersecurity incidents in the most recent two years and up to the date of publication of the annual report. ## VII. Important Contracts Important Contracts | Nature of contract | Party | Commencement and termination dates | Major content | Restrictive covenants | | --- | --- | --- | --- | --- | | Lease contract | Chunghwa Telecom Co., Ltd. | 2026.1.1 - 2026.12.31 | Leasing of Floors 1, 2, and 11 of the Telecommunications Building | None | | Lease contract | Chunghwa Telecom Co., Ltd. | 2026.1.1 - 2028.12.31 | Leasing of the 8th Floor of the Ren’ai Complex | None | | Lease contract | Chunghwa Telecom Co., Ltd. | 2025.6.1 - 2026.12.31 | Leasing of the 7th Floor of the Zhisheng Building | None | | Lease contract | Chunghwa Telecom Co., Ltd. | 2026.1.1 - 2028.12.31 | Leasing of the 2nd Floor of the Wenxin Building | None | | Lease contract | Chunghwa Telecom Co., Ltd. | 2025.1.1 - 2028.12.31 | Leasing of the 8th Floor of the Da’an Building | None | | Sales contract | Enterprise Business Group of Chunghwa Telecom Co., Ltd. | 2024.1.1 - 2026.12.31 | Collaboration on enterprise internet security services | Confidentiality Agreement | | Sales contract | Consumer Business Group of Chunghwa Telecom Co., Ltd. | 2023.1.1 - 2024.12.31 (One-year renewal, up to two renewals) | Collaboration on consumer internet security services | Confidentiality Agreement | | Sales contract | Information Technology Group of Chunghwa Telecom Co., Ltd. | 2026.2.14 - 2027.2.13 | 2026 Fortinet firewall joint supply contract procurement | Confidentiality Agreement and Restriction on Assignment | | Credit contract | E.SUN Bank | 2024.11.15 - 2026.11.15 | Master Credit Agreement | None | --- # Five. The Company shall review and analyze its financial condition and financial performance, and assess risk matters # I. Financial Position (I) Main reasons for any material changes in the Company's assets, liabilities and equity for the past two years and the effects thereof: Unit: NT$ thousand | Year Item | 2024 | 2025 | Difference | | | --- | --- | --- | --- | --- | | | | | Amount | % | | Current assets | 1,402,661 | 2,481,143 | 1,078,482 | 76.89 | | Property, plant and equipment | 88,210 | 63,409 | (24,801) | (28.12) | | Intangible assets | 894 | 112 | (782) | (87.47) | | Other assets | 200,015 | 288,008 | 87,993 | 43.99 | | Total assets | 1,691,780 | 2,832,672 | 1,140,892 | 67.44 | | Current liabilities | 745,468 | 746,544 | 1,076 | 0.14 | | Non-current liabilities | 33,214 | 34,282 | 1,068 | 3.22 | | Total liabilities | 778,682 | 780,826 | 2,144 | 0.28 | | Common share capital | 363,495 | 406,808 | 43,313 | 11.92 | | Capital reserve | 83,920 | 1,082,526 | 998,606 | 1,189.95 | | Retained earnings | 465,683 | 561,342 | 95,659 | 20.54 | | Other Equity | - | 1,170 | 1,170 | 100.00 | | Total Shareholders' Equity | 913,098 | 2,051,846 | 1,138,748 | 124.71 | | 1. Major changes (with a change of more than 20% and a monetary change of over NT$10 million) and their main causes and impacts: (1) Current assets, total assets, capital reserve, and total shareholders' equity: primarily due to the cash capital increase in 2025, resulting in an increase in cash and capital reserve. (2) Property, plant, and equipment: Primarily due to ongoing depreciation expenses, with no significant capital expenditures added in 2025. (3) Other assets: Primarily due to an increase in other financial assets. (4) Retained earnings: Primarily due to increased operating profits in 2025. 2. Future response plan: The above changes have no material adverse impact on the Company. | | | | | # II. Financial Performance: (I) Main reasons for any material changes in revenue, net operating profit, and net profit before tax for the past two years Unit: NT$ thousand | Year Item | 2024 | 2025 | Difference | | | --- | --- | --- | --- | --- | | | | | Amount | % | | Operating revenue | 1,973,659 | 2,045,570 | 71,911 | 3.64 | | Operating costs | 1,108,104 | 1,085,220 | (22,884) | (2.07) | --- # III. Cash flow (I) Analysis and description of changes in cash flows in the most recent year Unit: NT$ thousand | Year Item | 2024 | 2025 | Difference | | | --- | --- | --- | --- | --- | | | | | Amount | % | | Cash inflow from operating activities | 367,388 | 416,698 | 49,310 | 13.42 | | Cash outflow from investment activities | (51,617) | (532,460) | (480,843) | 931.56 | | Cash inflow (outflow) from financing activities | (251,554) | 674,450 | 926,004 | (368.11) | | Net cash inflow (outflow) | 64,217 | 558,688 | 494,471 | 770.00 | | 1. Increase in cash inflows from operating activities: Mainly due to operating profits in 2025. 2. Increase in cash outflows from investing activities: Primarily due to the addition of other financial assets in 2025. 3. Increase in cash inflows from financing activities: Primarily due to the cash capital increase in 2025. | | | | | (II) Plan to improve insufficient liquidity: As of the end of 2025, the Company had a cash balance of NT$1,198,460 thousand, and there is no issue of insufficient cash flow liquidity. (III) Liquidity analysis for the coming year Unit: NT$ thousand | Balance of cash at the beginning of the period | Estimated net cash flow from operating activities for the year | Estimated net cash flow from investing activities for the year | Estimated net cash flow from financing activities for the year | Cash surplus (deficit) | Remedies for cash deficit | | | --- | --- | --- | --- | --- | --- | --- | | | | | | | Investment plans | Financing plans | | 1,198,460 | 536,681 | 279,509 | (462,712) | 1,551,938 | - | - | | 1,198,460 | 536,681 | 279,509 | (462,712) | 1,551,938 | - | - | --- 89 1. Analysis of changes in cash flows for the next year: (1) Operating activities: Cash inflows from principal operating activities. (2) Investing activities: Acquisition of equipment required for operations. (3) Financing activities: Primarily include the payment of cash dividends and the repayment of lease liabilities. 2. Remedies for estimated cash deficit: Based on the foregoing impacts, operating funds are expected to be sufficient throughout the year, and there will be no cash shortfall. IV. Impact of material capital expenditures in the most recent year on financial and business operations: The Company had no material capital expenditures in the most recent year. V. Investment policy for the past year, main reasons for profit or loss, improvement plan, and investment plan for the next year 1. Company reinvestment policy: The Company has formulated the "Procedures for Acquisition or Disposal of Assets" and the "Guidelines for Investments" in accordance with the "Regulations Governing the Acquisition and Disposal of Assets by Public Companies" prescribed by the competent authority, which serve as the basis for the Company's investment policy. 2. Main reasons for the profit or loss from investments for the past year and improvement plan: | Reinvestee | Shareholding ratio | Investment gains recognized in 2025 | Main business activities | Main reason for profit/loss | Improvement plans | | --- | --- | --- | --- | --- | --- | | Baohwa Trust Co., Ltd. | 25% | NT$ 6,302 thousand | Computer Equipment Installation Services, Computer and Office Machinery and Equipment Industry, Information Software Industry, Computer Information Supply Services and Internet Authentication Services | Operations have gradually improved. | - | 3. Investment plans for the following year: The selection of future investment targets will focus on strategic investments related to the cybersecurity industry, with emphasis on market demand and future trends in cybersecurity. Taking risk appetite into consideration, the Company will seek appropriate targets in domestic and international markets that offer complementary benefits in terms of technology, products, or markets with the Company. VI. Risk factors should include analysis and evaluation of the following matters for the most recent year and up to the publication date of the annual report. (I) The impact of interest rate, exchange rate fluctuations, and inflation on the Company's profit and loss, as well as future countermeasures 1. The effect upon the Company's profits (losses) of interest rate fluctuations, and response measures to be taken in the future --- The Company’s operations are primarily funded by internal funds, and it currently has no bank borrowings. Interest income is not a major source of the Company’s profits, and changes in interest rates have not had a material impact on the Company’s operations. The Company’s interest income for 2024 and 2025 amounted to NT$6,185 thousand and NT$10,274 thousand, respectively, accounting for 1.31% and 1.89% of the Company’s profit before tax. Such income primarily comprised interest income from bank deposits and had no material impact on profitability. The Company adopts a prudent and conservative approach to fund utilization, with priority given to the safe management of funds. The Company maintains good relationships and close communication with its banking partners, monitors information such as interest rate movements to assess future interest rate trends, and appropriately adjusts the use of funds to mitigate the impact of interest rate fluctuations on the Company’s profit and loss. 2. The effect upon the Company's profits (losses) of exchange rate fluctuations, and response measures to be taken in the future The Company’s exchange (losses) gains for 2024 and 2025 amounted to NT$14 thousand and NT$31 thousand, respectively, accounting for 0.003% and 0.006% of the Company’s profit before tax. The impact of exchange rate fluctuations on the Company’s future revenue and profitability is relatively limited. Nevertheless, the Company will continue to strengthen the management of exchange rate fluctuation risks. In addition to continuously collecting information on exchange rate movements and closely monitoring exchange rate trends, the Company will, at appropriate times, implement foreign currency conversion measures to address risks arising from exchange rate fluctuations. The Company will also enhance its cooperative relationships with financial institutions and, when appropriate, undertake hedging measures for foreign currency assets or liabilities to mitigate the impact of exchange rate volatility. 3. Impact of inflation on the Company's profit and loss and future response measures The Company has not been materially affected by inflation, and the impact of inflation on the Company's profit and loss is expected to remain limited. The Company will continue to monitor changes in relevant market price fluctuations and, when necessary, take appropriate stabilization measures to reduce their impact on the Company's operations. (II) The policy on engaging in high-risk, high-leverage investments, lending funds to others, endorsement and guarantees, and derivative transactions, the main reasons for profits or losses, and future countermeasures. During the most recent year and up to the publication date of the annual report, the Company has not engaged in high-risk or high-leverage investments, derivative transactions, endorsements or guarantees, or the lending of funds to others. 90 --- (III) Future R&D plans and the estimated expenses to be invested 1. Future R&D plans The Company provides network security services, cybersecurity professional services, and cybersecurity product sales, and will continue to optimize these offerings to address rapidly evolving cyber threats, while enhancing product and service functionality and efficiency to deliver solutions that better meet market demands. Internet security services will continue to introduce new offerings and enhance the functionality of existing services. Future plans include launching WAAP all-in-one web application and API protection services, strengthening the Cyber Threat Gatekeeper functionality, and adding fraud category blocking and web content sanitization. Cybersecurity professional services will incorporate AI technologies to improve vulnerability detection accuracy, enhance the application of deep learning models to more precisely capture APT attack behavior patterns, introduce new cybersecurity monitoring technologies such as generative AI, automated response mechanisms (SOAR), and cloud security monitoring solutions, develop cybersecurity testing platforms, offer AI application security testing services, and provide integrated cloud and on-premises security monitoring services. At the same time, as enterprises advance in digital transformation, new cybersecurity threats and challenges arising from the adoption of emerging technologies will be addressed, with continued expansion into new cybersecurity services and solutions, including industrial control system security, cloud security, unmanned aerial vehicle security, low Earth orbit satellite security, and AI cybersecurity. Cybersecurity product sales will continue to focus on developing proprietary products by productizing the accumulated technologies and expertise of cybersecurity specialists. Proprietary products covering cloud, network, endpoints, and encrypted communications include: SecuTex ED (Endpoint Detection), SecuTex NP (Network Protection), CypherCom (End-to-End Encrypted Communication System), and the cybersecurity risk rating service (HorusEyes). The Company's vision is to "build secure and trusted information and communication services, becoming a guardian of digital economy and digital life," shaping a corporate culture of "integrity," "professionalism," "altruism," and "global perspective." Its goal is to become the most trusted international brand for cybersecurity products and services, expanding from a professional cybersecurity service company into an international cybersecurity products and services company. To achieve this goal, the Company continues to invest in R&D resources for the development of proprietary products, new cybersecurity services, and technological enhancement. 2. Estimated R&D expenses to be invested The Company's R&D expenditures for 2024 and 2025 amounted to NT$108,695 thousand and NT$132,754 thousand, respectively, and NT$155,322 thousand will be 91 --- invested in 2026. R&D expenditures have increased year by year to enhance R&D capabilities and the Company's core competitiveness. (IV) The impact of significant domestic and international policy and legal changes on the Company's financial operations and countermeasures The daily operations of the Company complies with the relevant domestic and foreign laws and regulations, and the domestic and foreign policy development trends and changes in regulations are monitored all the time; the relevant information is collected as references for decision-making at the management level, to adjust the Company's relevant operating strategies. In the past year and as of the publication date of the annual report, the Company has not been subject to changes in any important policies and laws at home and abroad that affected the Company's financial operations. (V) The impact of technological changes (including cybersecurity risks) and industry changes on the Company's financial operations and countermeasures The Company closely monitors industry dynamics, industry changes, and the latest cyber threats and hacking techniques, and appropriately adjusts its business strategies. It has long been committed to the management of cybersecurity and personal data protection, has established a cybersecurity risk management framework, and has set up an Cybersecurity Dedicated Unit to coordinate the Company's cybersecurity initiatives. The Company regularly reviews the effectiveness of its cybersecurity policies and the implementation of specific cybersecurity management measures. At the same time, the Company has implemented and obtained certification for the international standards ISO 27001 (Cybersecurity Management System) and ISO 27701 (Privacy Information Management System), and has established operating procedures in accordance with the relevant standards. During the most recent year and up to the date of printing of the annual report, there have been no instances in which technological changes, including cybersecurity risks, or industry changes have had a material impact on the Company's financial or business operations. (VI) The impact of changes in corporate image on crisis management and countermeasures Since its establishment, the Company has focused on its core business operations, complied with applicable laws and regulations, and actively strengthened internal management while enhancing management quality and performance, in order to continuously maintain a positive corporate image and increase customers' trust in the Company. Accordingly, during the most recent year and up to the publication date of the annual report, there have been no instances in which changes in corporate image resulted in an operational crisis. Nevertheless, the occurrence of a corporate crisis could cause significant damage to an enterprise. Therefore, the Company will continue to implement all corporate governance requirements to reduce the occurrence of corporate risks and their impact on the Company. 92 --- (VII) The expected benefits, potential risks, and countermeasures for mergers and acquisitions In the most recent year and up to the publication date of the annual report, the Company has no plans for mergers and acquisitions. If there are any future merger or acquisition plans, the Company will adopt a prudent evaluation approach to effectively safeguard the Company's interests and shareholders' rights and interests. (VIII) The expected benefits, possible risks, and countermeasures for the expansion of the plant In the most recent year and up to the publication date of the annual report, the Company has no plan to expand its factory. (IX) Risks associated with sales or purchase concentration and countermeasures 1. Risks associated with purchase concentration and countermeasures The Company takes cybersecurity professional services and products as its core business and provides comprehensive cybersecurity solutions. To meet customers' project implementation and product needs, the Company has established long-term and stable cooperative relationships with multiple software and hardware suppliers. Procurement sources are diversified and not concentrated on a single or a few suppliers, ensuring stable supply with no material risk of procurement concentration. 2. Risks associated with sales concentration and countermeasures The Company cooperates with Chunghwa Telecom, the largest telecommunications operator in Taiwan, to assist enterprises in jointly enhancing cybersecurity protection capabilities and defending against cyberattacks. For the Company's major customers in 2025, Chunghwa Telecom accounted for approximately 17% of net sales revenue, while the remaining customers each accounted for less than 10% of net sales revenue. The Company will continue to expand into international markets and increase penetration in the domestic market in the future, and the individual proportion of sales to each customer is expected to gradually decrease. Overall, the Company does not face any material risk arising from sales concentration. (X) The impact, risks, and countermeasures concerning significant transfer or change in shareholding by directors, supervisors, or major shareholders holding more than 10% of shares No material impact on the Company's operations due to no significant transfer or replacement of shares by any director, supervisor, or major shareholder holding more than 10% of the shares for the most recent year and as of the date of the annual report. (XI) The impact, risks, and countermeasures concerning changes in operational control over the Company In the most recent year and up to the publication date of the annual report, the Company has not experienced any changes in operational control. 93 --- (XII) Litigious and non-litigious matters 1. Litigation, non-litigation, or administrative dispute cases that have been finally adjudicated or are currently pending during the most recent two years and up to the publication date of the prospectus, and that may have a material impact on shareholders' rights and interests or the price of the Company's securities, including disclosure of the underlying facts, the amount in dispute, the litigation commencement date, the principal parties involved, and the current status: None. 2. Litigation cases involving the Company's directors, supervisors, President, actual responsible persons, shareholders holding more than 10% of the shares, and subsidiaries, whether concluded or pending judgment for the most recent two years and as of the publication date of the prospectus, non-litigious, or administrative litigations that may have a material impact on the Company's shareholders' equity or security prices: None. 3. During the most recent two years and up to the publication date of the annual report, there have been no occurrences involving directors, supervisors, managers, or major shareholders holding more than 10% of the shares that fall under the circumstances prescribed in Article 157 of the Securities and Exchange Act, nor are there any related matters currently being handled by the Company: None. (XIII) Other important risks and countermeasures: None. VII. Other important matters: None. --- Six. Special notes I. Information related to the Company's affiliates The Company has disclosed relevant information on affiliates on MOPS in accordance with applicable laws and regulations. Please refer to the Affiliates Three Statements section on MOPS. MOPS website: https://mops.twse.com.tw/mops/web/index II. Private placement of securities in the most recent year and up to the publication date of the annual report The following information shall be disclosed: The dates and amounts approved by the shareholders' meeting or the Board of Directors, the basis and reasonableness of price determination, the method for selecting specific persons, the necessity for conducting a private placement, the private placement recipients, eligibility criteria, subscription quantities, relationships with the Company, participation in the Company's operations, actual subscription (or conversion) prices, differences between the actual subscription (or conversion) prices and the reference prices, the impact of the private placement on shareholders' rights and interests, and the status of fund utilization of the privately placed securities from receipt of subscription payments or proceeds through completion of the fund utilization plan, including implementation progress and effectiveness: N/A. III. Other necessary supplementary information: None. IV. Any events specified in Subparagraph 2, Paragraph 3, Article 36 of this Act with a material impact on shareholders' rights and interests or securities prices arising during the most recent year and as of the date of the annual report to be included: None. 95 --- 96 CHT Security Co., Ltd. Chairman: Ming-Shih Chen President: Chin-Fu Hung --- ![img-0.jpeg](img-0.jpeg) 中華資安國際 CHT Security # EMPOWER YOUR SECURITY Address (Taipei) : 8F, No. 26, Sec. 1, Hangzhou S. Rd., Taipei 100019, Taiwan (R.O.C.) Address (Taichung) : 2F., No. 351, Sec. 1, Wenxin Rd., Nantun Dist., Taichung City 408030, Taiwan (R.O.C.) Address (Tainan) : Rm. B326, 3F., No. 6, Sec. 1, Guiren 13th Rd., Guiren Dist., Tainan City 711010, Taiwan (R.O.C.) Address (Kaohsiung) : 7F., No. 200, Zhisheng Rd., Zuoying Dist., Kaohsiung City 813310, Taiwan (R.O.C.) www.chtsecurity.com

AI assistant

CHT Security Annual Report 2025

52695_rns_2026-06-03_bc53bebf-a02a-4048-a5fe-2bc5334ca567.pdf

EMPOWER YOUR SECURITY

Table of Contents

One. Report to the shareholders

Dear Shareholders:

2025 Operating Results

Future Outlook

4. Diversity and independence of the Board of Directors

(1) Diversity of the Board of Directors:

A. Diversity policies:

(2) Independence of the Board of Directors:

II. Remuneration paid to directors, supervisors, President, and Vice Presidents in the most recent year

(II) Remuneration to President and Vice Presidents

Remuneration scales

III. Corporate Governance

IV. Information on CPA Audit Fees

Three. Fundraising

I. Capital and Shares

4. Planned development of new products (services):

(II) Industry Overview

1. Industry status and development:

2. Upstream, midstream, and downstream industry connections:

B. Cybersecurity professional services

(A). Cybersecurity Testing

C. Cybersecurity product sales

(A). SecuTex ED (Endpoint Detection)

(B). SecuTex NP (Network Protection)

(III) Technology and R&D overview

(IV) Short-term and long-term business development plans

(1) Short-term development plan

II. Market, production, sales overview

(I) Market analysis

2. Market share:

4. Competitive advantage

AI assistant

CHT Security — Annual Report 2025

52695_rns_2026-06-03_bc53bebf-a02a-4048-a5fe-2bc5334ca567.pdf

EMPOWER YOUR SECURITY

Table of Contents

One. Report to the shareholders

Dear Shareholders:

2025 Operating Results

Future Outlook

4. Diversity and independence of the Board of Directors

(1) Diversity of the Board of Directors:

A. Diversity policies:

(2) Independence of the Board of Directors:

II. Remuneration paid to directors, supervisors, President, and Vice Presidents in the most recent year

(II) Remuneration to President and Vice Presidents

Remuneration scales

III. Corporate Governance

IV. Information on CPA Audit Fees

Three. Fundraising

I. Capital and Shares

4. Planned development of new products (services):

(II) Industry Overview

1. Industry status and development:

2. Upstream, midstream, and downstream industry connections:

B. Cybersecurity professional services

(A). Cybersecurity Testing

C. Cybersecurity product sales

(A). SecuTex ED (Endpoint Detection)

(B). SecuTex NP (Network Protection)

(III) Technology and R&D overview

(IV) Short-term and long-term business development plans

(1) Short-term development plan

II. Market, production, sales overview

(I) Market analysis

2. Market share:

4. Competitive advantage

More from CHT Security

CHT Security Annual Report 2025