Risk Management and Business Continuity

Supporting the SDGs Goals

Goal 9:

Industry, Innovation and Infrastructure

Stakeholders Directly Impacted

Employees

Shareholders/Investors

Goals and Performance Highlights

Goals

Measures to reduce risks

from high to low levels

Performance Highlights 2025

The risk issues that have been reduced to a medium level

amount to

The risk issues that have been reduced to a low level

amount to

ESG Performance Data

Commitment, Challenge and Opportunity

The group has defined risk management and business continuity as a critical process for addressing factors that could obstruct operations, ensuring the company can effectively achieve its business objectives. This process focuses on preparing to respond to and operate under crisis situations or emergencies promptly to maintain business stability.

Management and Operational Approach

The group assesses risks in various areas annually and monitors the results of actions to reduce risk levels to acceptable levels regularly. The results of the risk level reduction are summarized annually and reported to the risk management committee.

Sustainability Plan

1

Risk management

Each year, the group places significant emphasis on the systematic assessment and management of risks that may impact business operations, aiming to minimize their effects to acceptable levels while enhancing business stability in alignment with long-term goals. The group has established a step-by-step risk management process to cover all dimensions

Categorizing risks into four areas as follows:

1

Strategic Risks

2

Operational Risks

3

Financial Reporting and Numerical Risks

4

Risks related to compliance with regulations and laws

The risk management working group conducts an internal control system review to assess its adequacy and effectiveness in addressing the identified risks. If existing internal controls are found to be insufficient in reducing risks to acceptable levels, additional measures will be implemented to enhance risk management efficiency. Furthermore, the group continuously monitors and evaluates the risk management plan to ensure that the actions and measures taken can effectively mitigate impacts and control risks. The annual risk management plan is also updated to align with the changing circumstances and challenges. This process reflects the group’s commitment to conducting business securely and sustainably in the face of uncertainty and potential future risks.

2

Regarding business continuity management

In business continuity management, operational risks are addressed by creating plans to prevent potential events that could disrupt business operations. These risks can be controlled by following operational procedures and emergency plans. The company has prepared plans for flood prevention, fire hazard mitigation, chemical spill drills, epidemic prevention, protest response, and emergency IT system plans.

Roles and responsibilities for business continuity are clearly defined, including emergency management teams, on-site command teams, business recovery teams, and special task forces for various disaster scenarios.

The group conducts business continuity plan drills at least once a year, with the continuity management team being responsible for this task.

Operational Achievements in 2025

In 2025, the Group identified 12 risk issues that may impact its business operations. These are categorized into 8 strategic risks, 1 operational risk, 1 financial reporting and quantitative risk, and 2 compliance, regulatory, and legal risks. The risk assessment for the year indicated 6 risks at a very high level and 6 risks at a high level. Accordingly, the Risk Management Working Team has established mitigation measures and continuously monitors the implementation of risk reduction plans to ensure their effectiveness.

2025 Performance Results
Indicators	Medium	Low
There are measures to reduce risks from very high to acceptable levels (moderate level) in total.	3	3