Tainergy Tech Co., Ltd.

Has the Company Established Internal Policies Prohibiting Directors or Employees from Trading Securities Using Non-Public Information?

1. 1.The company revised the "Insider Trading Prevention and Management Procedures" on March 8, 2023. The updated policy is published on the company website under "Corporate Governance > Company Policies" for reference by all relevant personnel.

   • The company conducts at least one annual training session for current directors, managers, and employees on laws and regulations related to the "Handling of Material Internal Information" and "Insider Trading Prevention Operations."
   • For newly appointed directors and managers, the company provides timely education within two months of onboarding and issues the "Advocacy Handbook for Insider Trading by Listed Company Insiders." This handbook includes obligations for insider reporting, prohibitions against insider trading, restrictions on stock trading during blackout periods (30 days before the announcement of annual financial reports and 15 days before the announcement of quarterly financial reports), the scope of material internal information, confidentiality practices, disclosure procedures, and violation handling.

2. 2.This year, the company has conducted relevant educational sessions for current directors, managers, and employees. The training covered the scope of material internal information, confidentiality practices, disclosure procedures, and violation handling. Presentation materials were distributed to all directors, managers, and employees for their reference.

1. 1.To implement CSR and promote a balanced and sustainable approach to economic, social, and environmental development, the company and its subsidiaries integrate CSR into all operational activities. This ensures the management of environmental and social risks and impacts while aligning with international trends in ESG (Environmental, Social, and Governance). By acting as a responsible corporate citizen, the company aims to:

• Enhance its contribution to the national economy.
• Improve the quality of life for employees, communities, and society.
• Foster competitive advantages rooted in corporate responsibility.

1. To achieve these objectives, the company is committed to implementing CSR policies, including:

2.  

• Complying with relevant laws and regulations and promoting corporate governance.
• Encouraging harmonious labor relations and providing equal and fair working environments.
• Respecting employees' freedoms and prohibiting forced labor and discrimination.
• Offering a safe and healthy workplace to ensure employee well-being.
• Advocating environmental sustainability by promoting energy conservation, carbon reduction, and minimizing resource consumption.
• Adhering to professional ethics and ensuring transparent information disclosure.
• Respecting intellectual property rights.
• Enhancing CSR information disclosure.
• Continuously setting effective management goals to improve performance.

1. In addition to complying with government regulations and international standards, the company regularly promotes its CSR policies to employees, clients, suppliers, and contractors. Suppliers are encouraged to align with these policies, evaluate the environmental and social impacts of procurement and manufacturing activities on local communities, and strengthen collaboration to enhance CSR practices.

2. 2.CSR Implementation and Practices:

• The company’s Administration Department serves as a part-time CSR unit, led by a coordinator who organizes representatives from various departments to plan and execute CSR initiatives.
• Following the PDCA-B (Plan-Do-Check-Act-Benchmarking) cycle, the CSR team reports progress to senior management authorized by the board of directors. A comprehensive report is submitted to the board at the end of each fiscal year.

1.Information Security Strategy and Framework

1.1 Information Security Risk Management Framework
The company’s IT department oversees the formulation and implementation of information security policies. It collaborates with internal audits and external accounting audits to ensure compliance. A dedicated information security officer is appointed to regularly convene security meetings, review policies, and assess the effectiveness of information security measures. Annual reports are submitted to the board of directors.

1.2 Information Security Policies
The IT department adopts the Plan-Do-Check-Act (PDCA) management cycle to ensure the effectiveness of information security policies and protection measures, with regular progress updates provided to management.

1.3 Information Security Management Measures
To mitigate risks from malicious third-party attacks, the company implements daily on-site/off-site data backups and periodic full system backups for virtual machines.

• Regulations: Company-wide information security guidelines govern management and employee usage standards.
• Infrastructure: The company invests NTD 300,000 annually in a multi-layered defense framework, including firewalls, intrusion detection, antivirus, and vulnerability scans to enhance protection.
• Training: Regular information security notifications and company-wide meetings are conducted to strengthen employee awareness and reduce the risk of malware and attacks.
• Policy Review: Continuous improvement initiatives ensure preemptive threat detection through monitoring tools.
• Software Updates: Regular audits ensure antivirus software is updated to prevent vulnerabilities.

2. Specific Management Measures

2.1 Multi-Layered Security Protection

• Network Security: Advanced technologies are deployed for system scans, software updates, and firewall enhancements to prevent virus outbreaks.
• Device Security: Endpoint protection is enforced based on device type, with new equipment quarantined for setup and antivirus scans before deployment.
• Application Security: Strengthened code management integrated into development workflows ensures robust application security measures.
• Data Security: USB and email usage are tightly controlled to safeguard sensitive information.

2.2 Review and Continuous Improvement

• Training: Employees are educated on email phishing and social engineering risks through detection exercises and regular training sessions to enhance their awareness of cybersecurity threats.

3. Recent Incident Reports

Over the past two years, no major information security incidents have occurred. Only minor scanning and probing attempts were detected, which were mitigated through source blocking and internal malware scans.

1. Company Policy

The company has established intellectual property (IP) management regulations to improve existing management systems. These regulations are regularly optimized and implemented in accordance with the company’s operational needs.

1. 1.1 Trademark Management System

• To protect the corporate brand image and trademark rights, the company conducts an annual review of trademark validity, maintains a detailed inventory, and renews trademarks as needed to secure usage rights.
• Contracts with business partners include clauses prohibiting them from performing contract-related activities in the company’s name without authorization.

1. 1.2 Copyright Management System

• Internal Management: Employment contracts include copyright clauses stipulating that creations produced during employment belong to the company, and this obligation remains effective even after an employee leaves the company.
• External Management: Contracts with external vendors include warranty clauses requiring partners to ensure that their work does not infringe upon the patents, copyrights, trade secrets, or other rights of third parties.

1. 1.3 Trade Secret Management System

• All employees sign confidentiality agreements, requiring them to return company data and uphold confidentiality obligations upon resignation.

1. 1.4 Patent Management System

• For innovative technologies developed by R&D units with market potential, the company periodically engages external patent firms for application and subsequent protection planning. A comprehensive management framework governs the acquisition, protection, maintenance, and utilization of patents, with standardized procedures for idea evaluation, application, protection, maintenance, and implementation.

1. 1.5 Infringement Risk Management Measures

• To avoid infringing on others' IP rights, the company includes clauses in its contracts to prevent liability arising from third-party intentional or negligent actions. Employees are required to maintain work records and document the development process of IP. Only after approval by responsible units through established review and control procedures can IP be disclosed or published.

2. Implementation Status

The implementation status for 2023 (Year 112 in the Republic of China calendar) was reported to the board of directors on November 2, 2023.

1. 2.1 Intellectual Property Inventory and AchievementsAs of November 2024, the company's intellectual property inventory and achievements are as follows:

• A total of three valid patents and four registered trademarks have been obtained.
• Related educational and training achievements are maintained in the Legal Knowledge Section, Education and Training Section, and Legal Audio-Visual Lecture platforms.
• Regular inventory and management are conducted to control trade secrets documented by various units in accordance with the Trade Secret Management Guidelines.

1. 2.2 Intellectual Property ActivitiesThe Legal Department conducted intellectual property-related training sessions in 2024 as follows:

• May 21, 2024: Conducted an educational training on integrity governance and trade secret protection, followed by a test.
• July 1, 2024: Promoted awareness of trade secrets during the group’s weekly meeting.