Implementation Summary

■ Integrity business operations and specific implementation

2024 Annual Integrity Management Implementation Report    Report to the Board of Directors 2024.11.6

 Principle

According to Article 16 (Organization and Responsibility) of the company's "Code of Integrity Management", the implementation of promoting corporate integrity management should be reported to the board of directors on a regular basis (at least once a year):

1. Help integrate integrity and moral values ​​into the company's business strategy, and cooperate with the legal system to formulate relevant anti-fraud measures to ensure honest management.
2. Regularly analyze and evaluate the risks of dishonest behavior within the business scope, and formulate plans to prevent dishonest behavior accordingly, and formulate business-related standard operating procedures and behavioral guidelines within each plan.
3. Plan the internal organization, establishment and responsibilities, and establish a mutual supervision and checks and balances mechanism for business activities with higher risks of dishonest conduct within the business scope.
4. Promotion and coordination of integrity policy publicity and training.
5. Plan the reporting system to ensure its effectiveness.
6. Assist the board of directors and management to check and evaluate whether the preventive measures established for the implementation of honest operations are operating effectively, and regularly evaluate the compliance status of relevant business processes and prepare reports.

Implementation Results

As of October 25, 2024, the Company has been audited and found no violations of integrity management, nor has it received any internal or external reporting letters or legal cases related to the Company's integrity management. Therefore, the Company has not violated corporate integrity in 2024. Relevant norms of the Integrity Business Code.

1. Established integrity management policies and plans

1.1 The company has established the "Code of Integrity Business Operations", "Integrity Business Operation Procedures and Conduct Guidelines" and "Corporate Governance Practice Code" to clearly standardize the integrity management policy and announced it to the public on May 14, 2011.

1.2 The company has stated integrity-related standards in the "Work Rules" and "Employment Contract", and has also established "Reporting Laws for Internal and External Personnel on Illegal (including Corruption) and Unethical Behavior", regarding operating procedures, The behavioral guidelines, education and training, disciplinary and complaint systems for violations, etc. all have clear and detailed regulations.

In addition, when entering the company's file system through BPM or remote connection, colleagues must first read the confidentiality clause before entering the file to ensure that each time the company's files are used, they have fulfilled their responsibility to inform colleagues.

1.3 The company's "Employment Contract" and "Working Rules" strictly regulate employees' business confidentiality and interest avoidance regulations. When employees engage in dishonest behavior, they will be punished according to the severity of the case and reward and punishment regulations.

2. Implemented honest management

2.1 The company has established an evaluation mechanism for suppliers and customers based on internal controls. The rights and obligations of both parties during the contracting process are detailed in it, and there are integrity clauses such as confidentiality clauses and non-bribery clauses.

2.2 The company designates the Operation Support Office as a dedicated unit for promoting corporate integrity management, and reports to the board of directors in the fourth quarter of each year.

2.3 The company has formulated "Reporting Regulations for Illegal (Including Corruption) and Immoral Conduct by Internal and External Personnel", provides timely and appropriate channels for statements or reports, and implements measures to prevent conflicts of interest.

2.4 The company has established an effective accounting system and internal control system. Internal auditors check the compliance with the preceding system according to the audit plan and report to the board of directors on a regular basis.

2.5 The company regularly provides promotional documents on honest management from the competent authorities to directors and supervisors, and organizes internal and external education and training including honest management content as appropriate. The company's rules and regulations and code of conduct will be explained when new members arrive or when new directors are elected. In 2011, relevant documents and teaching materials have been put into the Xiaoli Learning Machine, and online exams are conducted every year to confirm that trainees have truly understood the company's regulations and laws. If they fail, they will be given in-person education.

3. The operation of the company’s whistleblowing system

3.1 The company has "laws for reporting illegal (including corruption) and unethical behavior by internal and external personnel" and has designated responsible units to handle complaints. It also has a customer service hotline to accept feedback in accordance with the prescribed procedures.

3.2 The company's "Report Law for Internal and External Personnel on Illegal (Including Corruption) and Immoral Behavior" clearly defines the reporting process and review unit, and promises to keep the reporter and the attached evidence confidential.

3.3 The company's "Reporting Regulations on Illegal (Including Corruption) and Immoral Conduct by Internal and External Personnel" clearly stipulates that if the person being reported makes any threats or acts of retaliation against the person reporting the report, the company will also take action in accordance with relevant regulations. punish.

4. Strengthened information disclosure

The company has formulated various integrity management code systems and will disclose relevant information on the company's website for the public to review at any time.

5. If a company has its own code of integrity management in accordance with the "Code of Integrity Management for Listed Companies", please describe the differences between its operation and the stipulated code:None

6. Other important information that will help you understand the company's honest business operations:

The company complies with the Company Law, the Securities and Exchange Law, the Commercial Accounting Law and other laws and regulations related to business conduct as the basis for implementing honest operations.

Education Training

1. New employees (including part-time and work-study students): The employment contract contains provisions related to integrity management, and the newcomers sign on the day they take up the job. 100% of new recruits joining in 2024 will sign.
2. Integrity promotions are held for current employees (including senior managers, part-time and work-study students) every October, including online tests. In 2024, a total of 68 people passed the "Integrity Business Code Promotion Course", with a total of 34 people, and the training completion rate was 100%.
3. Directors: Promote the company's integrity code and ethics to directors electronically or on paper every October, and are required to sign the "Statement on Complying with Integrity Management Policies." In 2024, all directors will sign a letter of commitment.

Report on the expected implementation of the integrity management policy in 2025

1. Continue to amend the integrity management policy and other management measures in accordance with the law.
2. Continue to educate directors, supervisors, managers and relevant employees on “Insider Trading Prevention”, “Integrity Management Operating Procedures and Conduct Guidelines”, “Ethical Code of Conduct”, and “Integrity Management Code”.
3. Continuously check internal and external reporting mailboxes and investigate cases of dishonesty or immorality in accordance with the above methods and internal control systems.
4. For specific positions such as procurement and R&D personnel, sign a separate commitment letter on confidentiality and integrity.
5. In accordance with the provisions of the Code of Integrity Management, directors and senior managers are required to issue a statement of compliance with the Integrity Management Policy.

6. In 2025, we will submit our sustainability report. Under the supervision of the Sustainability Development Team and through cross-departmental collaboration, we will further strengthen the company’s internal culture of integrity and good governance. Additionally, we will extend these self-imposed standards to our suppliers and stakeholders.”

■ Developed an intellectual property management plan linked to operational goals

2024 Intellectual Property Management Plan  Report to the board of directors 2024.11.6

Policy

1. Based on the company's own product operation strategy, establish its own technology to create a niche and corporate value for the company beyond channel agency.
2. Respect the intellectual property of others and do not intentionally infringe on the rights of others.
3. Establish an intellectual property management mechanism to maintain the acquisition, protection, maintenance and utilization management of intellectual property in line with company expectations.
4. Share profits from commercialized intellectual property with developers, encourage employees to continue to maintain the spirit of innovation, and realize the company's vision and good ideas of the Communist Party of China.

Execute plan

1. Enrich R&D talents and equipment
   Since 2014, the annual compound growth rate of the R&D budget has been 6.6%, which is much higher than the overall operating expense compound growth rate of 5.3%; the number of doctoral-level talents has increased from 1 to 4, and various precision testing instruments have been purchased to enrich the R&D strength.
2. Focus on improving silver paste technology and developing related application products
   (1) Low temperature sintering silver paste
   (2) High thermal conductivity silver paste
   (3)Thermal interface material
   (4) Laser engraving/screen printing silver paste
   (5)Customized system-level assembly silver paste
3. Implement patent protection
   (1) In line with the company's operational goals, analyze technology development trends and create a patent map to establish a complete layout, which can also be used as a basis for reporting infringement by opponents or conducting avoidance designs.
   (2) In order to protect R&D results, encourage colleagues to innovate, and implement the application and utilization of intellectual property rights, patent application and reward methods will be formulated.
   (3) Continue to track and update relevant regulations from time to time, participate in relevant domestic and foreign seminars and exhibitions, etc., to enhance colleagues’ R&D capabilities and patent quality.
4. Implement trademark protection
   Adhering to the company's CIS corporate identification policy, we continue to maintain various existing trademarks and apply for trademarks in various countries according to market needs to protect our own brands.
5. Implement business secret protection
   (1) The company has established "Integrity Management Operating Procedures and Conduct Guidelines" and "Working Rules", which clearly stipulate the organization and responsibilities of employees to abide by the confidentiality mechanism.
   (2) Our company personnel are strictly required to abide by the relevant operating regulations on intellectual property in the preceding paragraph, and shall not disclose the company's business secrets, trademarks, patents, works and other intellectual property that they know to others, and shall not inquire or collect information about the company that is not related to their duties. Intellectual property such as business secrets, trademarks, patents, and works. Relevant specifications are stated in the employment contract, which must be completed when employees join the company.
   (3) Use the professional information management system DMP to classify, manage and retain business secret documents, providing safe confidentiality protection and processes.
   (4) The company has established "Laboratory Management Measures" to clearly standardize laboratory access control and protect important secrets and information from leakage. It also encrypts, manages access rights, saves and reviews access records for various research and development documents. , strictly control the flow of information.
   (5) Manufacturers who regulate their dealings should sign an NDA to fulfill their confidentiality obligations.
   (6) Sign an "Employee Confidentiality and Non-Competition Agreement" with each R&D colleague for their respective projects to protect the confidentiality of each project.
   (7) The company has established an electronic research results retention system to fully digitize important research results and manuscripts to protect the company's intellectual property.
6. Colleagues are prohibited from using other people’s intellectual property
   The company states in the employment contract that employees should declare that all creations they create during the employment period are their own creations and will not infringe on the intellectual property rights of others. They also agree to ensure that they respect the intellectual property rights of others. If there is any violation, Bear all legal responsibilities yourself.
7. Promotion of Tongren Intellectual Property Management
   Regularly conduct relevant training to enhance colleagues’ understanding of intellectual property management.
8. Intellectual Property Risks and Countermeasures
   (1) When uncontrollable intellectual property rights are infringed, or improper infringement accusations occur, and related litigation cases occur, the company has long-term cooperation lawyers and patent firms to address possible risks in patent litigation and licensing negotiations. Conduct evaluation and analysis, take safeguarding the company's interests as the highest principle, actively face litigation, and avoid litigation affecting product sales and development.
   (2) Regarding the risk management and control of confidential leakage, in accordance with the company's current information security policy and management plan, the main response measures are as follows: take immediate defensive measures and use system commands to perform reverse queries, and cooperate with relevant units to track the intruder's address , and immediately report the situation to the responsible person in charge for follow-up resolution and future improvement directions to strengthen and consolidate the protection of the company's business secrets and intellectual property rights.

Execution results

• 2015/03 Formulated "Laboratory Management Measures"
• 2016/10 Formulated "R&D Incentive Measures"
• 2017/07 Imported the document management system DMP to manage and retain confidential documents
• 2018/02 Imported D-Security original file protection system to encrypt confidential files and access records
• 2018/11 Held a training course on legal introduction and case analysis of business secrets
• 2021/06 Formulated "Integrity Business Operation Procedures and Conduct Guidelines"

■ Information security management execution report

2024 Information Security Management Implementation Report   Report to the board of directors 2024.11.6

Information security management strategy and structure:

1. Information security risk management structure: The company has established an information security team to implement information security management. Its members include senior supervisors (manager level or above), engineering staff of the information team, and auditors of the audit team. They are responsible for supervision, maintenance, and auditing.  
2. Information security team execution items:
   (1) Establishment and supervision of information security standards.
   (2) Execution and coordination of information security operations.
   (3) Information security emergency incident handling and supervision.
   (4) Review and improvement of information security incidents.
   (5) Implementation and audit of relevant information security matters.
   (6) Convene information security meetings regularly. ​
3. The company's audit team is the audit unit for information security supervision. If deficiencies are found during the audit, the company will immediately require the audited unit to propose relevant improvement plans and submit them to the board of directors, and regularly track the improvement results to reduce internal information security risks.
4. Information security work - adopt PDCA (Plan-Do-Check-Act) cycle management to ensure the achievement of reliability goals and continuous improvement.

Information security policy

In order to ensure the safe and stable operation of the company's information and communication operations, provide reliable information and communication services, and smoothly promote the company's various businesses, in line with the information and communication security management operations, the company's information and communication security policy will implement the following policy principles.
1. Take into account information security and convenience.
2. Avoid internal and external information security risks.
3. Ensure that the service is stable and available.
4. Achieve sustainable business operations. ​​

Specific management plan

In response to frequent information security incidents in recent years, the company has strengthened its management mechanism for various information systems and rules. The specific plans are as follows:
1. Formulate rules for the use of user equipment, separate and limit the use environment and Internet access permissions of personal equipment and company equipment, strictly prohibit unauthorized equipment from using the internal network, and require external storage devices such as flash drives to be tested before they can be used in the company Computer use.
2. Regularly perform virus scans and security updates on personal computers and information hosts, and perform vulnerability scans on the company's major information systems every year to patch security vulnerabilities.
3. Strengthen data backup frequency and off-site data storage.
4. Strengthen employee security concepts and regularly promote information security concepts and case sharing to colleagues through meetings, announcements, internal corporate websites, etc. If there are suspicious information and emails, please do not open them easily to avoid social engineering attacks. .
5. Join information security joint defense organizations and regularly participate in information security-related seminars. Through information security information sharing, information security information and protection knowledge can be improved at any time to avoid information silos and the development of protection loopholes. ​

Invest resources in information security management

The company continues to invest in information security, data protection, personal information protection and other related operations. The resource investment includes improving the security infrastructure of governance and technology, strengthening information security defense equipment, and education and training. The company's information security protection status is reviewed every year. , timely update information security protection equipment to optimize the protection effect. ​

Information security implementation results:

2024:

Expected promotion projects in 2025:
1. Information system disaster recovery simulation drill, once a year.
2. Quarterly information security promotion and important information security promotion, 4 times a year.
3. Information security colleagues participate in information security-related seminars or training twice a year.
4. Outsource the scanning and patching of host vulnerabilities to vendors.
5. Outsourced vendors conduct social engineering and information security protection drills.

​

■ Scope, Organizational Structure, and Operations of Risk Management

2025 Risk Management Policy and Operations Report   Report to the board of directors 2024.11.6

Risk Management Policy

The risk management policy is defined in accordance with the company's overall "operating guidelines" to identify various types of risks. Within an acceptable risk range, it aims to prevent potential losses, enhance shareholder value, and optimize resource allocation, thereby ensuring the reasonable achievement of the company's strategic objectives.

Risk Management Objectives

The goal is to implement a comprehensive risk management framework to manage all types of risks that may affect the achievement of corporate objectives. By integrating risk management into operational activities and daily management processes, the objectives are to achieve corporate goals, enhance management efficiency, provide reliable information, and allocate resources effectively.

Risk Management Procedures

In line with the "materiality principle," the company conducts risk assessments on Environmental (E), Social (S), and Corporate Governance (G) issues related to operations and formulates relevant risk management policies or strategies.
The risk management process consists of five major elements: risk identification, risk analysis, risk evaluation, risk response, and monitoring and review mechanisms, with specific procedures and methods outlined for each element.

Risk Sources and Categories

Generally classified into strategic risk, operational risk, financial risk, information risk, compliance risk, integrity risk, and other emerging risks (e.g., climate change or pandemic-related risks).
The Risk Management Team conducts comprehensive risk analyses considering company size, industry characteristics, business nature, and operational activities, with a focus on sustainability aspects (including climate change). Risk sources and types are identified, and detailed risk scenarios are developed annually for high-risk items, followed by strategy formulation, control mechanism updates, and residual risk analyses. Implementation and regular performance checks are conducted to mitigate risk levels.

Risk Reporting and Disclosure

The Risk Management Team consolidates risk information provided by various units, ensuring effective risk management oversight. Reports are submitted to the Risk Management Committee and the Board of Directors, with relevant risk management information disclosed on the company's website for external stakeholders. Continuous updates are provided.

Scope of Risk Management
The company's risk management scope covers Environmental (E), Social (S), and Corporate Governance (G) issues. In accordance with the company's risk management policies, it includes market, investment, credit, hazard, legal, information security, and other risks. Risk assessments are conducted based on materiality principles, and corresponding risk management strategies are formulated.

Risk Management Organizational Structure
Considering the company's size, business nature, risk characteristics, and operational activities, a comprehensive risk governance and management framework has been established. Through the promotion by the "Board of Directors, Risk Management Committee, and the senior management-led Risk Management Team," risk management is linked to the company's strategies and objectives. This defines major risk items, enhances the comprehensiveness and foresight of risk identification results, and ensures corresponding risk controls and responses, thereby achieving the company's strategic objectives.

2024 Annual Risk Management Operations

(1) Risk Identification, Analysis, and Evaluation

1. Risk Identification:
   In April , the Risk Management Team conducted risk assessments based on the " Annual Operational Guidelines" approved by the Board. Environmental, social, and corporate governance issues were evaluated, identifying 10 risk items from seven management units.
2. Risk Analysis:
   Risk scenarios and existing control mechanisms were analyzed using a risk matrix to assess the likelihood of occurrence and the severity of operational impact, defining risk levels and prioritizing management.
3. Risk Evaluation:
   Risks with levels above 6 were evaluated, and corresponding management strategies were developed based on risk levels.

(2) Risk Response

1. Strategies were selected based on strategic objectives, stakeholder perspectives, risk appetite, and available resources to balance goal achievement and cost-effectiveness.
2. Five critical risk management issues were identified for 113, incorporating ongoing projects from 111–112.
3. The Risk Management Team developed management strategies, introduced control mechanisms, and analyzed residual risks to lower levels below 6. Responsible units and completion timelines were defined.

(3) Monitoring and Review Mechanisms

1. Risk management strategies and measures were communicated to relevant personnel, with ongoing supervision and adjustments through operational review meetings.
2. The Audit Department conducted risk management audits to ensure effective implementation.

(4) Execution Status of Critical Risk Management Issues 

(5) Other Risk Management Operations

1. Information Security Risks: Continued strengthening and implementation of information security management. 
2. Climate Change Risks and Opportunities: The company assessed current and future risks and opportunities related to climate change, taking actions in response. This included ESG reporting, identifying environmental risks, and aligning with United Nations Sustainable Development Goals for industry-relevant sustainability indicators and climate-related measures.