Corporate Policies and Guidelines

Internal audit organization and practices

The purpose of an internal audit：

To examine and assess the adequateness and efficiency of the company’s internal controls system through an independent and objective verification/inquiry process to increase the added value of CyberPower and improve its operation. Internal audits shall facilitate company supervision and assist the board of directors and the management to accomplish the set objectives.

Internal Audit Organization：

CyberPower internal audit organization exists as an independent division. It consists of 3 personnel and the audit division answers directly to the board of directors. The performance assessment, salary and compensation of the chief audit executive are reviewed and approved by the Remuneration Committee and the Board of Directors. Appointment, dismissal, performance review, salary and compensation of internal auditor are submitted by the chief audit executive to the Chairman for approval. The organizational chart of the audit division is shown as follows:

Internal Audit Operation：

I. Establishment of “International Audit Regulation”: auditors, auditing targets, auditing plans, audit implementations, limits of authorities, duties, obligations and methods of communication (with the board’s supervisor and the units being audited) shall be bound by the internal audit regulation.

• Auditors: ensure the effective implementation of internal control and improve upon the existing internal controls system. With regards to risk prevention, auditors are responsible for detecting potential problems in advance and for offering suggestions for improvement.
• Auditing targets: all divisions and subsidiaries of the company that are majority owned by CyberPower's investment businesses.
• Auditing plans: establish middle- to long-term plans, annual plans and monthly plans for auditing operations.
• Implementation, limits of authorities, duties and obligations of internal audits: auditors have the authority to request relevant information and reports from the units being audited, and they are obligated to keep the process confidential. Auditors are to perform internal audits within the scope of their duties.
• Methods of communication: auditors are to communicate with members of the supervisory committee/accountants regarding work plans and audit contents on a regular basis. In addition, auditors shall ensure effective communication with the units being audited to facilitate the auditing process.

II. Types of internal audit operations: Compliance audit, Risk audit and Consultation services

III. Implementation of internal audit:

Ethics Implementation

With reference to the Ethical Corporate Management Best Practice Principles of Listed Companies, CyberPower has established Ethical Corporate Management Best Practice Principles, which are implemented after being approved by the board of directors and published on the company's website. The board of directors and management actively implement their commitments to policies, designates the Financial Department (Financial & Accounting Division) as the responsible unit for ethical policy management and conduct, and it reports to the board once a year.

Ethical Corporate Management Principles

Fulfillment of Ethical Corporate Management

Reporting system for internal and external personnel for illegal (including corruption) and immoral behavior

CyberPower does not allow any fraud and corruption behavior. Shall anyone notice any behavior against laws or ethical conducts, please provide sufficient information to any of below channels. CyberPower will investigate and set up auditing office depends on the cases. The investigation process and information related to a whistleblower are confidential, and the process status will report to the chairman.

• Department supervisor
• Chief internal audit executives, chief human resource officer, or general counsel
• Corporate internal reporting system
• Email for investor relations

Internal opinions from employees can be appealed via either auditing office or employee appeal mailbox and hotline for sexual harassment in charged by Human Resource Department. External channels include email box for investor relations on the official website. Every reported case will be investigated as soon as possible and report the process status to the chairperson.

Employee appeals and report information will be investigated by appealing internal procedures and will set up auditing office. The investigation and whistleblowers' personal and reporting information remain confidential to protect whistleblowers unless the laws require providing the personal and reporting information. CyberPower will take appropriate measures by the laws to ensure the whistleblowers and information are protected.

Shall there reveal with reasonable proof any illegal (including corruption) and immoral behavior, CyberPower consider it a serious breach of company policy and regulations, and will handle the case in accordance with company regulations and local laws.

Sustainability Governance

Sustainability Governance Framework

To strengthen sustainability development management and establish a robust governance framework, CyberPower adopted its own "Sustainable Development Best Practice Principles" in early 2022, in accordance with the "Sustainable Development Best Practice Principles for TWSE/TPEx Listed Companies."The Global Brand Marketing Division was tasked with forming a Sustainability Task Force, composed of dedicated personnel, responsible for planning, evaluating, and executing sustainability initiatives. The company's efforts focus on five key areas: Corporate Governance, Employee Care, Environmental Sustainability, Responsible Supply Chain, and Social Contribution.

The Sustainability Task Force, in accordance with the "Sustainable Development Roadmap for TWSE/TPEx Listed Companies," formulates short-term, mid-term, and long-term goals, completes sustainability planning within the statutory timeline, and reports at least once a year to the Board of Directors on the establishment and operation of the sustainability plan. The progress of greenhouse gas (GHG) inventory and verification is reported quarterly to the Board, while the Sustainability Report is submitted to the Board for review and approval annually in August.

The Board of Directors regularly monitors the implementation and results of sustainability projects. When necessary, it urges the Sustainability Task Force to make adjustments to ensure that sustainability strategies and measures are fully integrated into daily operations, thereby achieving corporate governance and sustainable development goals.

In 2024, CyberPower published its second Sustainability Report, further enhance information transparency. To strengthen climate action management, the company has progressively expanded the boundaries of its GHG inventory. In addition to operations in Taiwan, certain subsidiaries in China and the Philippines obtained ISO 14064-1 certification, and selected product lines completed ISO 14067 certification, demonstrating CyberPower’s commitment to sustainable development through concrete actions.

Sustainability Governance Structure

Materiality Assessment Process

CyberPower follows the GRI Sustainability Reporting Standards 2021 and adopts GRI 3: Material Topics 2021 as the core framework for identifying and managing material topics. Additionally, the company references the AA1000 AccountAbility Principles 2018, applying the four key principles of Inclusivity, Materiality, Responsiveness, and Impact to guide the identification and communication of material issues. In line with these standards, CyberPower discloses the impacts, management approaches, and practices related to each material topic. These results serve as a foundation for aligning the company’s sustainability goals and strategies, while enhancing transparency and the eectiveness of communication with stakeholders.

Stakeholder Engagement

Based on the five principles of the AA1000 Stakeholder Engagement Standard 2015 (SES), CyberPower conducted a comprehensive assessment of stakeholders based on Dependency, Responsibility, Tension, Influence, and Diverse Perspectives. Six key stakeholder groups were identified: (1) Employees, (2) Shareholders / Investors, (3) Government Agencies, (4) Customers, (5) Suppliers, and (6) Communities / Non-profit Organizations. To fully understand stakeholder priorities and the actual or potential impacts on them, the company maintains diverse and two-way communication channels to actively collect and respond to stakeholder concerns on sustainability topics.

Materiality Assessment Results

Following stakeholder engagement, CyberPower promptly conducted a systematic assessment of operational impacts, leading to the identification, review, and confirmation of material topics. The Company utilized the “Sustainability Impact Assessment Questionnaire” and the “Sustainability Concern Questionnaire” to implement a standardized and quantifiable evaluation process. Based on the scoring results, material sustainability topics to be disclosed in this report were prioritized and selected accordingly.

After a comprehensive evaluation and review, a total of nine material topics were confirmed for 2024, including one environmental topic, two social topics, and six economic topics. The Sustainability Task Force convened relevant departments to jointly review the assessment process and the appropriateness of the evaluation criteria. Upon ensuring there were no omissions, the results served as the basis for compiling the content of this Sustainability Report.

Intellectual Property Management

CyberPower has continuously pursued progress and product innovation since its establishment. The company has a dedicated R&D engineering team of more than 350 employees worldwide and has accumulated a total of 304 granted patents. Patent deployment is primarily focused in the Asia-Pacific and North American regions, while also extending to European countries.

Management Plan

The Intellectual Property Management Plan is linked to operational objectives and is led by the heads of research and development units for execution, with the results reported to the board of directors annually in the fourth quarter.

All of the company's patents and technical documents are managed and stored in a digitalized document management system. Regular inventory checks and reviews are arranged to closely track the progress of the company's patent applications. In addition, training sessions are conducted to enhance employees’ awareness and understanding of intellectual property.

Development Program

We have implemented various institutional mechanisms, such as R&D incentive program, to encourage our skilled personnel to pursue game-changing product innovations, along with rigorous technical review meetings. Additionally, we have set up an independent legal unit dedicated to maintaining our patent portfolio. We have developed detailed guidelines for the application and maintenance of patents and have implemented an online management system accessible to all R&D personnel and senior managers.

In 2024, our R&D expenses reached NT$395,626,000, accounting for 5.23% of the company’s revenue, reflecting the company's strong innovation momentum and ambition. These efforts have also translated into positive market feedback.

Patent Statistics

CyberPower places great importance on brand value and is committed to the development of products and long-term investment in core technological capabilities, to launch products that meet consumers’ needs. The company continues to develop new products and improve existing ones to establish a technological foundation for sustainable development. In 2024, we obtained 5 new patents, bringing the total number of valid patents to 304.

Human Resources Management

CyberPower values talent development and the protection of compensation and benefits. Through a comprehensive training system and incentive mechanisms, we support employees in continuous learning and professional advancement, thereby strengthening overall organizational eeffectiveness. CyberPower encourages employees to grow together with the company and work hand in hand to create sustainable performance and long-term value.

Workforce Distribution

CyberPower operates global offices across multiple countries and regions, including the United States, mainland China, Southeast Asia, Australia, Europe, and South America, with the main operational headquarters located in Taiwan. With a global workforce of approximately 3,000 employees, the company employs around 381 personnel in the corporate headquarters in Taiwan.

Compensation and Remuneration Standards

CyberPower offers competitive compensation, actively adhering to the “Articles of Incorporation” and labor laws. We also participate in salary surveys conducted by corporate management consulting firms to evaluate the reasonableness and competitiveness of our salary levels, serving as a reference for establishing or improving our compensation systems. To attract, retain, and motivate outstanding talent, each employee’s salary and bonuses are determined based on the company’s profitability, the achievement of organizational goals, and individual performance, ensuring a strong positive correlation between each person’s efforts and results. Since the company’s establishment, there has been an annual salary adjustment. Depending on individual performance evaluation results, the average salary increase over the past three years has been above 5%.

Welfare Activities

To protect the rights and interests of employees and enhance team cohesion, CyberPower provides a comprehensive benefits package for full-time employees and establishes an Employee Welfare Committee (Welfare Committee) elected by employees to manage various welfare matters. In addition to statutory benefits such as labor and national health insurance, annual leave, maternity leave, and parental leave, we also offer a wide range of employee benefits.

Pension System

CyberPower has established the “Employee Retirement Management Policy”; for employees covered under the old system of the “Labor Standards Act,” the company allocates 2% of employees’ monthly total salaries to their pension fund, which is deposited into a dedicated account at the Bank of Taiwan under the name of the Supervisory Committee of Business Entities’ Labor Retirement Reserve; before the end of each year, if the account balance is estimated to be insufficient to cover payments for employees expected to meet retirement conditions in the following year, the company will make a one-time contribution by the end of March of the following year to cover the shortfall; for employees covered under the new system of the “Labor Pension Act,” the company contributes 6% of each employee’s monthly salary to their individual labor pension account, following the “Monthly Contribution Classification of Labor Pension” approved by the Executive Yuan.

Safe and Secure Workplace Environment

CyberPower is committed to creating a safe, healthy, and inclusive workplace environment. Centered on prevention, the company proactively identifies and assesses potential risks in the work environment, implements health promotion and safety improvement measures, and ensures the physical and mental well-being of employees. Through a well-established occupational safety and health management system, CyberPower safeguards workplace safety while promoting a culture of work-life balance to enhance productivity and employee well-being. In 2024, CyberPower maintained zero occupational injuries, with no occupational diseases or major workplace accidents reported. The voluntary participation rate in health promotion programs reached 68%, exceeding expectations.

Occupational Safety and Health Management System

To ensure the safety and well-being of all staff members, we strictly adhere to all relevant laws and regulations, regularly conduct environmental safety and health inspections, and consistently evaluate their efficiency. Since 2016, we have insured our offices and business premises with a public liability insurance coverage of US$10 million, further bolstering the protection of workplaces. We implement occupational safety management plans and initiatives in accordance with the “Occupational Safety and Health Act” and other relevant regulations.

6 Key Aspects:

• Safety and Health Education and Training, and Disaster Prevention Drill
• Work Environment Improvement
• Occupational Safety and Health Regulations Updates and Compliance
• Accident and Disaster Response
• Occupational Health Monitoring and Assessment
• Health Protection Measures for Specific Groups

Occupational Safety and Health Committee

CyberPower has established the Occupational Safety and Health Committee in compliance with the Occupational Safety and Health Management Regulations. The committee consists of 11 members, including 4 labor representatives, with labor representation exceeding one-third of the total members. The committee is responsible for reviewing company regulations, rules, and plans related to occupational safety and health, and convenes quarterly meetings. Through the planning, implementation, evaluation, and improvement of workplace safety and health measures, the committee aims to enhance the company’s safety management standards and achieve its safety objectives.

Occupational Hazard Risk Control and Management

CyberPower conducts hazard identification and analysis, as well as risk classification based on occupational accident records. Common occupational hazards include highly repetitive movements, poor posture, or maintaining fixed positions for extended periods. To address these risks, the company provides targeted safety procedures, accident prevention training, and emergency fire drills for operators. Workplace safety measures and work systems are continuously improved.