CONTENTS
Message from the Chairman 01 Sustainable development management 11
About this Report 03 Special Topic:Forging the "Koal Shield" for 15
About Koal 04 the Digital Age
Excellence in Innovation leads
governance 01 the way 02
efficient digital technology
operations as our shield
Corporate governance 19 Product technology innovation 35
Risk and compliance management 26 Product quality and safety 45
Business ethics 28 Customer relationship management 51
Party leadership 30 Information security and privacy protection 55
Sustainable supply chain 66
People-oriented Green operations
collaborative and 03 low-carbon 04
win-win outcomes future
Employee rights and benefits 71 Environmental management system 93
Human capital development 75 Climate change mitigation 95
Occupational health and safety 84 Green products and solutions 99
Industry ecosystem development 85 Green operations 101
Community engagement 89
Key performance table 105
Indicator index table 108Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Message from the Chairman
Message from the Chairman
Building on Cryptography Empowering Through Govern-
ance Embarking Together on a New Journey Towards Sus-
tainable Development
In 2025 Koal continued to deepen its ESG strategy contin- digital authentication and trusted identity systems launched industries. In the field of domestic computing security
uously optimized its governance structure with the Board comprehensive quantum-safe solutions tailored to key sectors we deepened collaboration with mainstream domestic
of Directors at the core and the ESG Committee as the such as E-Government finance and energy and took the lead in chip and operating system vendors to advance the large-
execution hub and further strengthened its team of social completing pilot applications on digital government platforms in scale application of built-in cryptographic capabilities. By
responsibility and environmental experts. Through these certain cities effectively countering the potential threats posed adopting a green technology solution of "ready-to-use
measures we ensured that the "hard constraints" of gov- by quantum computing and building a secure barrier for urban upon startup enabled on demand" we are continuously
ernance were effectively transformed into the "soft power" information networks in the quantum era. reducing industry deployment costs and energy con-
driving corporate development. In our daily operations sumption thereby creating a replicable and scalable ESG
paperless office practices have achieved full-scenario In the field of data governance we uphold the principle of path for domestic computing security practices.coverage. The green operations of six major R&D centers placing equal emphasis on security and low carbon and fos-
ten delivery centers and all marketing service outlets tering the coexistence of compliance and value integrating Looking ahead Koal will continue to focus on core areas
delivered remarkable results and energy consumption data governance throughout the entire business process. such as post-quantum cryptography and data govern-
per unit of output value further decreased compared with On the one hand with "identity + cryptography" as our core ance increase investment in green technology R&D and
the previous year. Koal Academy continued to upgrade its capability we built a security protection system covering the explore more environmentally friendly secure and effi-
training system effectively putting into practice employ- entire lifecycle of data collection transmission storage and cient software solutions. We will remain steadfast in our
ee career development and care for physical and mental use. Leveraging technical measures such as refined access corporate mission to "make connectivity more trustwor-
health and conducted over 100 various specialized train- management and real-time data monitoring we prevented thy and data more secure." We will integrate ESG princi-
ing sessions throughout the year. The rural revitalization the risks of data leakage and misuse providing customers with ples into every aspect of technology innovation business
plan progressed steadily and our cooperation with Guo- reliable data security protection. On the other hand we deeply management and social responsibility. Working hand in
dazhai Township Fengqing County Lincang City Yunnan integrated low-carbon principles into the process of data fac- hand with all like-minded partners we will build a solid
Province continued to deepen. By leveraging digital mar- torization optimized our cryptographic service architecture foundation with cryptography and empower develop-
keting to empower the brand upgrade of "Qiongying An- and reduced energy consumption losses during data process- ment through governance amid the tide of the digital era.cient Tree Tea" we truly transformed lucid waters and lush ing. Meanwhile we actively promoted the standardization of Together we will write a new chapter in the synergistic de-
mountains into invaluable assets for rural revitalization. supply chain data governance assisted core suppliers in estab- velopment of ESG and digital security injecting stronger
Dear colleagues and partnersand friends who follow and sup- lishing carbon accounting and data disclosure systems and momentum for security into the sustainable development
port Koal: During the year we consistently centered on technology fostered an industrial ecosystem of "data security + low-car- of the digital economy and society.As time passes and the seasons change our original aspiration innovation prioritizing post-quantum cryptography and bon development" making the development philosophy of
remains as steadfast as a rock. As the year 2026 unfolds we data governance as the top priorities of our ESG practices Once again we extend our sincerest gratitude to friends "innovation coordination green openness and sharing" the
present this annual ESG report to review Koal's meticulous and deeply integrating security capabilities with sustaina- from all sectors who have shown concern and support underlying logic of the digital era.efforts towards sustainable development and to further convey bility concepts. In the field of post-quantum cryptography for Koal's development! May you all lead the way gallop
our unwavering commitment to addressing the challenges of we have never ceased our exploration in the face of the Additionally we continued to expand the breadth and depth ahead like fine steeds and charge forward with unstop-
the times with technology innovation. Since the United Nations disruptive challenges that quantum computing technolo- of ESG application scenarios. In the low-altitude economy pable momentum!
Global Compact proposed the concept of ESG this philosophy gy poses to traditional cryptographic systems. In 2025 the sector we further improved the trust service system for low-al-
has evolved from an industry consensus into a core driving Company increased its investment in research and devel- titude aircraft upgraded drone identity sensing and signal
force for high-quality corporate development and Koal has al- opment established a dedicated technical task force and monitoring equipment and combined with AI computing
ways firmly believed that the deep integration of ESG and digi- achieved key breakthroughs in the optimization of PQC Al- power infrastructure achieved precise prediction and rapid re- Chairman of Koal Software Co. Ltd.tal security is the key for us to gain a firm foothold and achieve gorithms and their engineering applications. We success- sponse to the abnormal behavior of illegal drones safeguarding Kong Lingang
steady and sustainable growth in an era of transformation. fully deeply integrated post-quantum cryptography with the sustainable development of the country's strategic emerging
01 02Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report 关A于b格ou尔t K软o件al
About this Report About Koal
This Report is the third Environmental Social and Governance (ESG) Report publicly released by Koal Software Co. Ltd. (hereinaf- Company profile
ter referred to as "Koal") to the public (hereinafter referred to as "this Report"). This Report based on the principles of objectivity
openness and transparency discloses to stakeholders Koal Software Co. Ltd.'s sustainability philosophy management practices Koal Software Co. Ltd. (stock code: 603232) is a pioneer and leader in China's information security digital trust sector and serves as
and key performance in 2025. the president unit of the Shanghai Commercial Cryptography Industry Association. In April 2017 Koal was listed on the main board
of the Shanghai Stock Exchange. The Company operates six major R&D centers and ten major delivery centers with a network of
marketing and service outlets spanning major provincial capital cities across the country providing end-to-end fully compatible
Reporting scopeq Organizational Scope: The scope of this Report aligns with that of the annual consolidated financial and comprehensive security solutions and specialized services to more than 30 national ministries and commissions over 100
statements of the Company. state-owned enterprises and central state-owned enterprises and more than 200 commercial banks. In 2023 Koal was recognized
Reporting Period: This Report covers the period from January 1 2025 to December 31 2025. Some con- as one of the Top Ten Leading Enterprises in Digital Economy Innovation of 2023 and was ranked by IDC among the top three com-
tent may be extended beyond this timeframe as deemed appropriate. This Report is an annual report. panies in China's Identity and Access Management Software Market Share and among top 10 for security in the "Top 100 Digital
Government Rankings." In 2024 the Company was recognized by CCID as top 2 in China's Identity Authentication Market Vendor
Definition of terms For ease of expression and reading Koal Software Co. Ltd. is referred to as "Koal" "the Company" Structure and was named one of the 2024 Top 50 Competitive Enterprises in China's Cybersecurity Industry by the China Cyber-
security Industry Alliance (CCIA). In 2025 the Company received the Second Prize for Scientific and Technological Progress from
or "we" in this Report. Shaanxi Province and the "Pioneer Award" in the commercial market category at the HarmonyOS Office Industry Summit.Basis for preparation Guidelines No. 1 of Shanghai Stock Exchange for Self-Regulation of Listed Companies - Standard-
ized Operation (Revised in May 2025); Guidelines No. 14 of Shanghai Stock Exchange for Self-Regu-
lation of Listed Companies - Sustainability Report (Trial) (Effective on May 1 2024); Guidelines No.
4 of Shanghai Stock Exchange for the Self-Regulation of Listed Companies - Preparation of Sustain- Corporate Culture
ability Reports (Revised in January 2026); the Ministry of Finance's Sustainability Disclosure Stand- Unity dedication
ards for Business Enterprises - Basic Standard (Trial) (Issued on November 20 2024); the Ministry of innovation security
Finance's Application Guide for the Corporate Sustainability Disclosure Standards - Basic Standard efficiency sharing
(Trial) (Issued on September 15 2025); the Ministry of Finance's Corporate Sustainability Disclosure
Standards No. 1 - Climate (Trial) (Issued on December 25 2025); IFRS S1: General Requirements for Vision
Disclosure of Sustainability-related Financial Information; IFRS S2: Climate-related Disclosures; GRI
(Global Reporting Initiative) Sustainability Reporting Standards (2021); United Nations Sustainable To be a leader in cy-Mission berspace and digital
Development Goals (SDGs).To defend digital asset security
Source of information All information and data in the Report are sourced from the Company's official documents statistical sovereignty and
reports and financial statements as well as information on sustainable development practices of each safeguard the
that have been gathered and reviewed by the relevant functional departments of the Company. Unless digital world
otherwise specified all monetary amounts mentioned in this Report are measured in RMB.Assurance of accuracy The Company assures that this Report contains no false records misleading statements or signifi-
cant omissions and is accountable for the authenticity and accuracy of its content. This Report has
been reviewed by the Company's Board of Directors and is being publicly released.Report access & contact The electronic version of this Report is available on the Shanghai Stock Exchange website (www.sse.com.cn) and the Cninfo website (www.cninfo.com.cn). If you have any questions regarding this
Report please feel free to contact us through the following channels:
Address: Building A2 G60 Commercial Cryptography Industry Base No. 1-7 Lane 58
Muchuan Road Sijing Town Songjiang District Shanghai
Tel/Fax: 021-62327028/021-62327015
Email: stock@koal.com
Website: www.koal.com
03 04Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report About Koal
URUIMGIO
Service Presence SHENYANG
BEIJING
2 Headquarters
Shanghai Beijing
6 ZHENGZHOU R&D Centers XI'AN NANJING
SHANGHA
Beijing Shanghai Xi'an Chengdu Zhengzhou Nanjing Algeria LHASA WUHANO
CHENGDUO
Diaoyu Island
10Marketing/Delivery Centers
QUANZHOU
Dongsha Islands
Beijing Shanghai Zhengzhou Xi'an Chengdu Guangzhou
Urumqi Lhasa Wuhan Shenyang GUANGZHIOU
South China Sea
Xisha Islands
Nationwide coverage across all provinces municipalities auton- Zhongsha Islands
omous regions and SARs in China Thailand Nansha Islands
Business Presence
Gambia
8Wholly-owned 12Controlled 16 Equity-Participated
Subsidiaries Subsidiaries Companies
Productization Verticalization Platformization Operationalization Servitization
Identity security Cryptographic security Data security
IoT security product series
product series product series product series
Company The identity security product series encompasses Public Key Infrastructure The cryptographic security product se- The data security product series in- The IoT security product series is underpinned by com-
(PKI) and trusted identity control platforms. The PKI serves as a security ries includes foundational cryptograph- cludes products such as data access mercial cryptography guided by national standards and
Product Series foundation integrating digital certificate authentication systems certificate ic components such as key manage- control gateways database encryp- aims to achieve authentic identity protocol integrity and
registration systems and collaborative signature services. It ensures confi- ment systems cryptographic machines tion systems storage encryption data encryption across multi-dimensional spaces includ-
dentiality integrity authenticity and non-repudiation across various digital and signature verification servers as gateways data asset discovery and ing sky ground sea air network people and objects. By
scenarios forming the cornerstone for building digital trust systems. The well as products such as SSL VPN IPSEC data security management as well as implementing authentication authorization and encryp-
trusted identity control platform amalgamates PKI with other identity tech- VPN and integrated application security full-scenario solutions for data securi- tion technologies in intelligent IoT scenarios it establishes
nologies broadening the scope of identity management. Beyond digital gateways. It also features a cryptographic ty built on the basis of these products a scalable security foundation. This enables secure and ef-
certificate-based identities it offers unified lifecycle management for diverse service platform that enables centralized and trusted data space solutions for ficient interconnection in smart IoT applications prevents
digital entities along with multi-factor authentication access policy man- management and service-oriented exten- the field of data circulation. unauthorized access to critical information safeguards
agement and identity risk analysis functionalities providing platform-level sion of these components and products sensitive data from breaches protects individual privacy
support for constructing robust digital trust systems. serving as the foundational base for cy- and bolsters the overall security of smart networks.bersecurity and data security.
05 06Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report About Koal
2025 in review
Key Performance
Total assets:RMB Annual R&D investment for the year: RMB Total number of employees Energy consumption intensity
1559 million 95.60 million 585 0.32 tce/person
Operating revenue:RMB Test software re-confirmation rate: Percentage of female employees GHG emissions intensity:
358 million 100 % 20.85 % 1.36 tCO2e/person
Total tax payment: RMB Customer satisfaction rate for customer service: Total employee training hours Water consumption intensity
40.19 million 98.6 % 12079.98 hours 37.01 tons/person
Proportion of independent directors Non-hazardous waste discharge intensity
33.33% 0 major service/information security incident 0 safety incidents in the year 2.53 kg/person
Total expenditure on public wel-
Major corruption and bribery incidents Acceptance rate for procured materials fare and external donations: RMB
0100%200000
07 08Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report About Koal
Responsibilities and Honors
Award Association name
Second Prize for Scientific and Technological
2025 Shanghai Software Enterprise with Core Progress from Shaanxi Province - Key Cryp-
Competitiveness - Large-Scale tographic Technologies and Applications for
Shanghai Software Industry Association Data Security Protection on Cloud Platforms Shanghai Commercial Cryptog- Shanghai Secrets Pro- Journal of Information Security
People's Government of Shaanxi Province raphy Industry Association tection Association and Communications Privacy
President Unit Vice President Unit Vice President Unit
Exemplary Case of Innovation in Information
Technology Applications - Koal Cloud Cryp- Top 10 Projects of the China (Shanghai) Interna-
tographic Service Platform tional Technology Fair (CSITF): Koal Quantum
Cryptography Security Solution
Specialized Committee on Information Technolo- China State Secrets Shanghai Software Industry Shanghai Information Security China (Shanghai) International Technology Fair (CSITF)
gy Innovation China Institute of Communications Protection Association Association Trade Association
Council Member Unit Council Member Unit Council Member Unit
ESG New Benchmark Enterprise Award Outstanding Investor Relations Team
Stock Star Stock Star
Chinese Association for Cryp- WG3 and WG4 Working Groups of Big Data Working Group of the
tologic Research the Information Security Stand- Information Security Standardi-
ardization Technical Committee zation Technical Committee
Golden Intelligence Award in China's Network Golden Intelligence Award in China's Net- Council Member Unit Member Unit Member Unit
Security and Information Industry - Innovation work Security and Information Industry -
Leading Enterprise of the Year Innovative Solution of the Year
The Journal of Information Security and Communi- The Journal of Information Security and Communi-
cations Privacy Magazine and other organizations cations Privacy Magazine and other organizations
China Cybersecurity In- Shanghai Industrial Technology Yulin Municipal Commercial
dustry Alliance and Innovation Association Cryptography Association
Outstanding Enterprise in the Commercial Member Unit Council Member Unit Board Member
Commercial Market "Pioneer Award" Cryptography Industry for 2024-2025
2025 HarmonyOS Office Industry Summit Cryptography Summit 2025 and the First Party Building
Forum of the Commercial Cryptography Industry
09 10Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Sustainable development management
Sustainable development management Stakeholder engagement
Koal highly values the opinions and demands of stakeholders continuously improves stakeholder engagement mechanisms and communication
Sustainable development governance structure methods and maintains regular communication with stakeholders enabling stakeholders to effectively participate in our ESG governance work.Koal places great emphasis on sustainable development management and is committed to embedding sustainability principles across all
aspects of its operations. The Company has established and continuously improved its ESG governance framework and management system Stakeholders Issues of concern Communication channels and methods
formulated ESG-related policies and developed an efficient ESG management mechanism. ESG strategies are effectively integrated into various Risk and Compliance Management General Meeting of Shareholders
departments and core business processes which consistently enhances top-down ESG engagement and management capabilities.Business Ethics and Anti-corruption Roadshows and results briefings
The Company has established a comprehensive and systematic ESG governance structure covering the "decision-making body management R&D Innovation Investor hotline and email
body and execution body." As the leading and decision-making body for ESG management the Board of Directors is responsible for reviewing
and approving the Company's ESG strategic plans and targets ESG governance structure and important policies major ESG matters and re- Shareholders Product Quality and Safety Communication with minority shareholders
sponse plans for major ESG-related risks. Under the supervision and guidance of the Board of Directors the ESG Committee was established or investors Sustainable Supply Chain Regular information disclosure (annual fi-
with the General Manager serving as the Chair of the ESG Committee responsible for establishing and continuously optimizing the Company's nancial reports ESG reports official WeChat
ESG governance structure formulating key ESG strategic objectives and strategic plans reviewing annual ESG plans and supervising and guid- account company website etc.)
ing their implementation among other related tasks. An ESG Executive Committee was established under the ESG Committee responsible for Risk and Compliance Management Special reception day
the day-to-day management promotion implementation and execution of ESG work.Business Ethics and Anti-corruption Information disclosure platforms
In 2025 Koal newly revised the Implementation Rules of the ESG Committee of Koal Software Co. Ltd. The ESG Committee continued to active- Information Security and Privacy Protection Government meetings and government visits
ly perform its duties identifying and discussing important ESG-related issues of the Company and reviewing and approving the Koal Software
Co. Ltd. 2024 Environmental Social and Governance (ESG) Report while clarifying specific work directions in areas such as the utilization of Government Climate Change Mitigation Regular information disclosure (annual fi-
green energy and the development of green applications. At the same time the Company actively participated in ESG training covering the and regulatory Emissions and Waste Management nancial reports ESG reports official WeChat
latest ESG trends and compliance requirements as well as the enhancement of ESG management capabilities laying a solid governance foun- authorities account company website etc.)Product Quality and Safety
dation for achieving sustainable development. Communication with industry associations
and other organizations
Koal's ESG Governance Structure
Product Quality and Safety Customer satisfaction surveys
Customer Relationship Management Pre-sales mid-sales and after-sales custom-
Board of Directors R&D Innovation er communication
Deci- Review and approve the Company's ESG strategic plans and goals ESG governance structure and important policies Information Security and Privacy Protection Customer visits
sion-making
body Review and approve the Company's major ESG matters and response plans for major ESG-related risks etc.Customers
Climate Change Mitigation Customer audits
Review the Company's ESG-related disclosure documents including but not limited to the annual ESG report Clean Technology Opportunities (Green Prod- Third-party training
ucts and Solutions)
Human Capital Development Employee activities and communication
ESG Committee Labor and Human Rights Management Employee performance communication
Establish and continuously optimize the Company's ESG governance structure Diversity and Equal Opportunities Internal information communication platform
Employees
In conjunction with the corporate development strategy formulate key ESG strategic goals and strategic Talent Training and Development Employee satisfaction surveys
Management plans review annual ESG plans and supervise and guide their implementation Occupational Health and Safety Employee complaint channels
body
Supervise guide and optimize the Company's key work related to environmental protection social re- Product Quality and Safety Supplier training
sponsibility and corporate governance and promote the Company's sustainable development Sustainable Supply Chain On-site audits and communication
Review other major ESG-related matters Partners/Suppliers Climate Change Mitigation Regular visits
Other matters authorized by the Board of Directors
Product Quality and Safety Face-to-face communication
Information Security and Privacy Protection Complaint hotline
Climate Change Mitigation Public welfare activities
ESG Executive Committee Emissions and Waste Management Public channels such as the Company's offi-
Execution Conduct centralized management and implementation of various issues Community and Resource Utilization and Circular Economy cial website and official account
body Monitor and report project progress and target achievement the public Community Engagement Regular information disclosure (annual fi-
Collect and consolidate ESG information and data nancial reports ESG reports official WeChat
account company website etc.)
11 12Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Sustainable development management
Material issue management 2025 Materiality Issues Matrix of Koal
Material issue management is the foundation for enterprises to advance sustainable development planning risk and opportunity management and High Social
information disclosure. Koal based on the GRI Sustainability Reporting Standards (GRI Standards) Guidelines No. 14 of Shanghai Stock Exchange for 01 01 Product Quality 02 R&D Innovation
the Sel—Regulation of Listed Companies — Sustainability Report (Trial) and IFRS Sustainability Disclosure Standard No. 1 —General Requirements 02 and Safety
for Disclosure of Sustainability—related Financial Information (IFRS S1) as well as other latest information disclosure standards and in light of the 03 05 Human Capital 06 Customer Relation-
Company's business characteristics conducted a double materiality analysis for all stakeholders from two dimensions: "impact materiality" (i.e. the 08 Development ship Management
significance of impacts on economic environmental and social sustainability) and "financial materiality" (i.e. the significance of impacts on the Com- 0911 08 Occupational Health 11 Sustainable Supply 10 04 and Safety Chain
pany's finances). Through assessment and analysis we identified and screened material issues as the focus of sustainable development management 07
and ESG information disclosure so as to better respond to stakeholders' expectations and concerns. 05 12 Diversity and Equal 13 Labor and Human
Opportunities Rights Management
1206
13 16 Community Engagement (Including Public Wel-
fare Volunteering and Rural Revitalization)
Governance
Identification of ESG issues 03 Information Security 04 Business Ethics and
14 and Privacy Protection Anti-corruption
15 09 Industry Ecosystem 14 Risk and Compli-
In line with the macro policies of the regions where we operate as well as the specific policies or standards of 16 Development ance Management
the industries in which we operate we compiled an ESG issues list based on an analysis of internal and external
Environmental
development trends and identified 17 material general issues and industry-specific issues by: a) referencing 17 07 Climate Change 10 Clean Technology
authoritative domestic and international sustainability reporting guidelines and standards; b) referencing main- Mitigation Opportunities (Green
stream domestic and international ESG rating systems and sustainability issues of concern within the same Products and Solutions)
industry; c) selecting issues of common concern to internal and external stakeholders combined with the char-
15 Resource Utilization 17 Emissions and Waste
acteristics of the industry in which we operate the stage of industry development our business model the value
Low Significance of Impact on the Company's Financial Performance High and Circular Economy Management
chain in which we participate and other factors to identify other issues with financial materiality or impact ma-
teriality; d) consulting expert opinions etc. Analysis of risks and opportunities related to material issues
For material issues the Company comprehensively reviewed risks and opportunities and their impact periods and formulated corresponding response strate-
gies to strictly control relevant risks actively seize relevant opportunities and achieve the Company's sustainable development.Material issues Impact period Risks and opportunities Impact level
Research and assessment
Inconsistent code quality and frequent security vulnerabilities may lead to insufficient system sta- Negative impact:
Product Short-term
bility undermining user trust. Very significant
Quality and medium-term
Following the principle of double materiality we regularly conducted research and assessment on the "impact High-quality products can increase customer trust enhance market share and secure a competi- Positive impact: Safety long-term
materiality" and "financial materiality" of issues forming the Company's double materiality issue matrix. In 2025 tive advantage. Very significant
the stakeholders participating in the materiality issue research of Koal included directors senior management Information Negative impact:Short-term Data breaches cyberattacks and rising compliance requirements may trigger compliance risks or reputa-
Security and Very significant
employees customers suppliers investors regulatory authorities media and the public. medium-term tional damage.Privacy Positive impact:
long-term Strengthening the Company's internal information security protection helps enhance customer trust.Impact materiality: We determined the assessment factors and scoring ranges for impact materiality and had Protection Very significant
stakeholders assess the Company's material issues based on factors such as the scale scope irremediability High R&D investment may face the risk of failure and accelerated technological iteration may Negative impact: Short-term
and likelihood of occurrence of impacts; R&D cause products and services to become obsolete rapidly. Moderately signifi-medium-term
Innovation Emerging technologies such as AI and cloud computing drive business growth and policy support cantPositive impact:
long-term
Financial materiality: We determined the assessment factors and thresholds for financial materiality and accelerates the commercialization of technological achievements. Very significant
assessed financial materiality based on factors such as whether the issues were expected to have significant Insufficient employee training and development will lead to risks such as strategic and organization- Negative impact:
impacts in the short medium and long term on the Company's business model business operations develop- Short-term al transformation risks and employee turnover risks.Human Capital Moderately significant
medium-term A sound employee learning and development and talent cultivation system will strongly support
ment strategy financial position operating results cash flow financing methods and costs. Development Positive impact: long-term the achievement of the Company's strategic objectives enhance the Company's brand and market
Very significant
competitiveness and bring potential business opportunities to the Company.Incidents of commercial bribery and corruption may bring significant economic costs legal consequenc-
es operational risks and reputational impacts to the Company. Negative impact:
Business Ethics Short-term
Anti-bribery and anti-corruption efforts help enterprises establish and improve sound internal manage- Significant
Issue confirmation and reporting and Anti- medium-term ment systems and processes optimize internal management and enhance management efficiency and Positive impact: corruption long-term
transparency. Moderately significant
Customized services can accurately match customers' business models and enhance user loyalty.We integrated the results of impact and financial materiality and reviewed the screening and analysis results Negative impact:
through two channels internal management team and external experts which were then reviewed and con- Customer Short-term Standardized services may find it difficult to meet personalized needs potentially leading to a decline in Significant
Relationship medium-term customer satisfaction.firmed by the ESG Committee. For material issues the report focuses on disclosures related to governance Positive impact: Management long-term Customized services can accurately match customers' business models and enhance user satisfaction.strategy risk and opportunity management indicators and targets. Moderately significant
As demand for climate-friendly products and services increases the Company may face operational risks
Negative impact:
Climate such as lower product prices rising raw material prices and products failing to meet market demand.Medium-term Significant
Change By developing and innovating climate-friendly products and technologies and providing services to cus-
long-term Positive impact:
Mitigation tomers with green needs such as environmental protection and energy conservation we can help open
Signifcant
Koal's Double Materiality Assessment Process for 2025 up new growth opportunities for the Company.
1314
Significance of Impact on Economic Environmental and Social SustainabilityKoal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Forging the "Koal Shield" for the Digital Age - Koal's NGPKI Post-Quantum Cryptography Innovation and Sustainable Practices
NGPKI Implementation Practice: Empowering Security Transforma-
Special Forging the "Koal Shield" for the Digital Age tion in Key Areas
Koal adheres to the integration of technology innovation and practical implementation applies NGPKI technology across multiple fields demon-
Topic —Koal's NGPKI Post-Quantum Cryptography strates corporate responsibility in practice and strives to achieve the unity of technological value commercial value and social value promoting the
sustainable development concept to take root through concrete actions.Innovation and Sustainable Practices
Empowering the financial industry Overseas benchmark implementation Empowering multi-sector scenarios
NGPKI has engaged in in-depth cooper- Koal in collaboration with CETCI applied NGPKI has served multiple critical
Quantum computing is posing a severe challenge to traditional cryptographic sys- ation with China Galaxy Securities and NGPKI to a digital trust project in countries sectors such as government energy
tems and digital security has become a critical pillar supporting the sustainable jointly participated in a research project along the Belt and Road achieving the first and healthcare providing customized
development of the cryptography industry. Koal independently developed the on the application of post-quantum cryp- overseas implementation of domestically post-quantum digital trust solutions
next-generation public key infrastructure (NGPKI) deeply integrating cutting-edge tography. This project was rated as an developed post-quantum PKI and mark- for various customers. By building fu-
technologies such as post-quantum cryptography automated management and AI Outstanding Research Project of the Se- ing a milestone in the global expansion of ture-oriented quantum-safe protection
to build an autonomous and controllable intelligent and efficient post-quantum dig- curities Association of China for 2023 and China's post-quantum cryptography tech- systems for customers it has helped
ital trust solution effectively strengthening the cybersecurity barrier in cyberspace the engineering implementation of its nology. This project applied the full chain them implement security governance
and empowering all industries to achieve secure digital transformation. research results is currently progressing of domestically developed software and requirements reduce digital security
Schematic Diagram of the Next-Generation Public Key steadily. The Company has applied NG- hardware to local critical infrastructure risks and promote the upgrading of
Infrastructure (NGPKI) Architecture PKI technology to core scenarios such as providing countries along the route with the industry's digital security ecosys-
financial transactions and electronic bills replicable and scalable quantum-secure tem achieving mutual empowerment
NGPKI Technology Innovation: Building a Solid Technological Founda- helping safeguard financial data security solutions supporting them in building the between technology innovation and
tion for Digital Security and transaction trustworthiness prevent foundation for digital trust demonstrating sustainable industrial development and financial risks in the quantum era and the international responsibility and eco- demonstrating Koal's corporate mission
Koal has deeply engaged in the field of cryptographic technology. Relying on its solid independent R&D capabilities it has built the NGPKI core fulfill our responsibility to ensure security system co-building philosophy of Chinese to empower the security transformation
technology system and integrated the concept of sustainable development into every technology innovation. This has not only strengthened auton- in the financial sector and maintain social enterprises and providing support for the of all industries.omous and controllable technological advantages but also empowered security assurance O&M efficiency and ecosystem collaboration through and economic stability. coordinated development of the global
technology demonstrating its corporate governance responsibility and social value. digital security ecosystem.Deeply cultivating innova- Innovative hybrid 2025
tion in algorithm systems migration model
NGPKI builds a self-controlled fully compatible architecture To address the pain points faced by traditional cryptographic systems in the course 1.Performance improvements in NGPKI compared with the previous version
deeply integrating domestic post-quantum cryptography of post-quantum migration such as extensive retrofitting difficulties and high risks of
(PQC) algorithms such as AIGIS-SIG/ENC CTRU/CNTR and business interruption the Company innovatively developed a hybrid security migration RA certificate issuance perfor- and latency CA certificate issuance perfor- and latency
LMS-SM3/HSS-SM3 while also being compatible with inter- architecture and independently developed a seamless collaboration model for classical mance increased by decreased by mance increased by decreased by
national FIPS series algorithms such as ML-KEM ML-DSA and cryptography and post-quantum cryptography. Through a dual-public-key mecha-
SLH-DSA strictly aligning with the compliance requirements of nism embedded in a single certificate parallel verification of traditional cryptographic %
the Cryptography Law of the People's Republic of China. This algorithms such as SM2 and RSA and post-quantum cryptography algorithms can be 130 70 % 120 % 65 %
design helps break external dependence on core technolo- achieved. This solution requires no disruptive transformation of existing systems and en-
gies demonstrates Koal's clear commitment to independent ables a secure and smooth transition effectively reducing customer migration costs and
innovation in cryptography technology provides important the risk of business interruption minimizing resource input and waste and aligning with
technical support for the independent and controllable de- the concept of sustainable development; meanwhile it ensures the continuous and KM key distribution perfor- and KM key distribution SM2 certificate status query per- and SM2 certificate status
velopment of national cybersecurity and fulfills important stable operation of customer business and achieves a coordinated balance between mance increased by latency decreased by formance increased by query latency decreased by
responsibilities at the corporate governance level. cybersecurity and operational efficiency through technology innovation.
310%60%250%61%
Improving ecosystem Build an intelligent
adaptation support management engine
NGPKI is fully compatible with the domestic software and To meet the management needs of the IoT era we independently built a pol-
hardware ecosystem supports disaster recovery deployment icy-driven intelligent automated management engine to achieve automated
across "two sites and three centers" and strictly meets the full lifecycle management of the application issuance deployment renewal The minimum operating power consumption of the IoT-side PKI SDK has been reduced to approximately 160 mW (STM32F103
cybersecurity graded protection and cryptography assess- and revocation of certificates for diverse entities such as personnel devices device 3.3 V 30–50 mA current)
ment requirements. It can adapt to the digital innovation services and AI Agents and it is compatible with internationally adopted
transformation needs of critical sectors such as government protocols such as ACME and EST. This engine helps address the pain points
finance energy and healthcare. By deeply integrating into of low efficiency and high O&M risks in the management of massive volumes
the domestic ecosystem and advancing the development of certificates in IoT and cloud environments effectively reducing customers' By leveraging its independent innovation in NGPKI technology Koal deeply integrates digital security with sustainable development thereby
of a trusted digital space it helps key industries strengthen O&M labor costs and security risks. By improving efficiency through technolo- strengthening the Company's core technological barriers and demonstrating governance responsibility through independent innovation while also
the foundation of digital security and puts into practice the gy it supports the implementation of sustainable development management earnestly fulfilling its social responsibilities in safeguarding cyberspace security empowering industries and promoting international collaboration.corporate social value of safeguarding public security and for customers and the industry and provides support for the efficient digital In the future Koal will continue to optimize NGPKI technologies and solutions further cultivate the digital security field fulfill its sustainable develop-
empowering industrial development. transformation of the industry. ment mission through technology innovation and contribute to building a trusted secure and efficient digital world.
15 16Excellence in governance
efficient operations
Corporate governance
Risk and compliance management
Business ethics
Party leadership
Contributing to the UN 2030 SDGsKoal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Corporate governance Board of Directors
Accountable to the General Meeting of Shareholders the Board of Directors' responsibilities include convening general
Corporate governance system meetings of shareholders formulating business strategies preparing budgets and financial reports proposing profit distri-
bution plans and structuring internal management. The Board operates through five specialized committees: The Strategy
Koal complies with the requirements of relevant laws regulations and normative documents such as Company Law of the Peo- Committee the Audit Committee the Nomination Committee the Remuneration and Appraisal Committee and the ESG
ple's Republic of China Securities Law of the People's Republic of China Code of Corporate Governance for Listed Companies Committee. These committees handle specific Board authorized matters and provide expert advice for decision-making.Shanghai Stock Exchange Stock Listing Rules Guidelines No. 1 of the Shanghai Stock Exchange for Self-regulation of Listed Com-
panies - Standardized Operation and Articles of Association. We have established a governance structure composed of the General
Meeting of Shareholders and the Board of Directors with clearly defined powers and responsibilities independent operation and The Board of Directors During which With a
mutual checks and balances. We also established an independent and complete business and management structure that aligns
with its development needs and actual circumstances continuously improving corporate governance effectiveness to provide a
solid foundation for the Company's sustained and healthy development. During the Reporting Period in accordance with relevant convened 8 meetings 65 proposals were reviewed 100% attendance
laws regulations and regulatory requirements Koal streamlined and optimized the corporate governance structure legally abol- throughout the year and approved rate among all Board members
ished the Board of Supervisors and transferred the supervisory functions to the Audit Committee of the Board of Directors. A new
employee representative director was appointed to further optimize the composition of the Board of Directors and reinforce the
solid foundation for the Company's standardized operations. Throughout the year The Remuneration and Appraisal
The Company has formulated a series of management systems including Articles of Association Rules of Procedure for the Gen- The Audit Committee The Strategy Committee convened Committee convened
eral Meeting of Shareholders Board of Directors Rules of Procedure Working System for Independent Directors and continuously
revised and improved them based on development conditions laws and regulations and regulatory requirements. In 2025 the convened 5 meetings 1 meeting 2 meetings
Company revised more than 20 corporate governance systems in total added systems such as the Rules for the Work of the Com-
pany's General Manager and Other Senior Management Personnel and Management System for the Resignation of the Company's
Directors and Senior Management Personnel and abolished internal systems and relevant provisions related to supervisors or the The Nomination Committee the ESG Committee convened
Board of Supervisors such as Rules of Procedure for Board of Supervisors Meetings further enhancing the standardization and ef-
fectiveness of governance work. convened 2 meetings 1 meeting
General Meeting of Shareholders Board diversity and effectiveness
Board of Directors Board diversity
Koal is committed to building a diversified Board of Directors placing strong emphasis on members' backgrounds skills and areas of
expertise to ensure the integration of diverse perspectives and experiences thereby safeguarding the scientific and effective nature of
Remuneration the Board of Directors' decision-making. Members of the Company's Board of Directors possess interdisciplinary expertise and exten-Strategy ESG Committee Audit Committee Nomination and Appraisal sive industry experience covering multiple fields such as information technology risk management financial accounting law and Committee Committee Committee finance demonstrating the Board of Directors' balance in terms of experience background and professional capabilities. The Chair of
the Audit Committee has a professional background in accounting and several directors possess extensive practical experience in risk
management and control including establishing and improving risk management systems and handling major risk events thereby
Organization Chart effectively supporting the Company's risk identification risk assessment response and mitigation.The nomination of members of the Board of Directors is subject to a rigorous selection process. The Nomination Committee incor-
General Meeting of Shareholders porates diversity into its considerations taking into account candidates' educational background industry experience professional
skills and credentials and explicitly identifies gender diversity as a key dimension in candidate evaluation in the Terms of Reference
of the Nomination Committee of the Board of Directors so as to maintain a balance on the Board of Directors in terms of capabilities
As the Company's supreme authority the General Meeting of Shareholders is responsible for reviewing annual budgets and gender skills experience and cultural and educational background. In addition we established a systematic training and nomination
financial reports electing or replacing directors and supervisors approving profit distribution plans and making critical mechanism. The Human Resources Department and the Nomination Committee collaboratively reviewed and established a reserve
company decisions. It operates in compliance with regulations such as the Rules for the Shareholders' Meetings of Listed pool of female talent for key positions formulated targeted development plans and actively searched externally for suitable female
Companies and Koal's own Rules of Procedure for General Meeting of Shareholders. The meetings combine on-site and on- director candidates enabling members of the Board of Directors to bring different perspectives and complementary experience and
line voting to ensure the protection of shareholders' rights. enhancing the effectiveness of oversight and decision-making by the Board of Directors and senior management.Koal actively promoted members of the Board of Directors and the Board Secretary to participate in professional development train-
3 21 ing and compliance education so as to strengthen their professional competence and ability to perform their duties. During the general meetings of shareholders At which proposals were Reporting Period the Company actively organized members of the Board of Directors and senior management to participate in spe-
were held during the year reviewed and approved cialized training held by the Shanghai Stock Exchange the Association for Listed Companies and other organizations effectively en-
hancing their compliance awareness performance of duties and strategic vision. The Board Secretary actively participated in profes-
sional competency training organized by external regulatory authorities covering topics such as market capitalization management
and mergers and acquisitions as well as restructuring thereby providing solid support for the Company's steady operations.
19 20Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Directors' educational background Directors by gender Directors by age Effectiveness of the Board of Directors
The Company strictly complies with laws regulations and regulatory requirements such as the Company Law of the People's Republic of China
1 1 8 22 and Measures for the Administration of Independent Directors of Listed Companies and has formulated and actively implemented Working 4 System for Independent Directors and Working System for Special Meetings of Independent Directors clarified the roles and responsibilities of
independent directors in corporate governance and ensured that they diligently performed their duties and responsibilities. During the Reporting
Period the Company's Board of Directors comprised a total of nine members of whom three were independent directors accounting for 33.33%.The Chair of the Audit Committee under the Board of Directors of the Company was Mr. Yu Jiming an independent director; the Chair of the Nom-
ination Committee was Mr. Zheng Xianyi an independent director; and the Chair of the Remuneration and Appraisal Committee was Mr. Wang Ya-
pei an independent director. Independent directors accounted for a majority on the Audit Committee Nomination Committee and Remuneration
and Appraisal Committee and served as the chairs of these committees ensuring the professionalism and independence of decision-making.
2
4 3 The Company attaches great importance to the development and practical exploration of the independent director system actively promotes
the deep integration of independent directors into corporate governance and gives full play to their role in professional oversight and deci-
PhD Male Aged under 40 sion-making support. In 2025 the Company revised the Working System for Independent Directors Working System for Special Meetings of
Independent Directors clarifying the qualifications for independent directors nomination and election procedures duties and authorities
Master's degree Female Aged 40 to 49 methods of performing duties and performance guarantees. They played an important role in providing professional judgment and independ-
Bachelor's degree ent oversight in matters such as the re-election of the Board of Directors the elimination of the Board of Supervisors related-party transactions Aged 50 to 59
and below and periodic reports effectively safeguarding independent directors' exercise of rights and performance of duties and effectively protecting the
Aged 60 and above overall interests of the Company and the legitimate rights and interests of minority shareholders.At the same time we conduct a comprehensive annual assessment of the Board of Directors' standardized operations and effectiveness so as to pro-
mote its efficient performance of duties strengthen its core governance role and effectively safeguard the interests of the Company and all sharehold-
ers. In 2025 the Company disclosed the annual performance of duties by directors including the meetings of the Board of Directors and the content of
its resolutions directors' attendance at meetings of the Board of Directors and general meetings of shareholders and the performance of duties by the
committees under the Board of Directors. For details please refer to Koal Software Co. Ltd. 2025 Annual Report.Professional Knowledge and Skills
Case Thematic Learning for Independent Directors
Name Position Gender Technology Environment Strategic Industry Risk
Accounting Legal research and and
planning experience management
development sustainability In November 2025 the ninth-term independent directors of the Company participated in training on the performance
of duties by independent directors. The training was conducted around the core theme of "Strengthening Compliance
Kong
Lingang Chairman Male
Through the Implementation of New Regulations and Promoting Governance Through Professional Performance of Duties
- Standardized Performance of Duties and Value Enhancement for Independent Directors Under the New System. Against
the regulatory backdrop of the implementation of the new Company Law in 2025 the reform of the independent director
Ye Feng Director General system and the rollout of the new Code of Corporate Governance for Listed Companies it focused on compliance require-Manager Male ments professional capabilities and risk prevention and control in the performance of duties by independent directors
helping them accurately grasp the boundaries of their duties improve the quality and effectiveness of duty performance
Zhu Director Deputy
Litong General Manager Male and promote the modernization of the governance system and governance capacity of listed companies.Huang Non-executive Key PerformanceZhen-
dong Director
Male
Number of independent Number of independent directors on the Number of independent Number of independent
Non-executive directors on the Audit Remuneration and Appraisal directors on the Nomination directors on the ESG Wu Wei Director Male
Committee 2 Committee 2 Committee 2 Committee 1
Pu Qian Employee Director Female
Independent Remuneration and appraisalYu Jiming Director Male The Company has established a remuneration management system and incentive and restraint mechanism for directors and sen-
ior management and has specified that the Remuneration and Appraisal Committee of the Board of Directors is responsible for
Zheng Independent Male formulating and reviewing the remuneration policies and proposals for directors and senior management. The annual salary sys-Xianyi Director tem applies to the remuneration of the Company's directors and senior management comprising fixed salary and year-end bonus-
es. The year-end bonuses were linked to the performance of both the Company and individuals and were assessed based on the
Wang Independent established appraisal indicator system. If the relevant requirements were not met corresponding deductions were made further
Yapei Director Male enhancing the initiative and creativity of the Company's operators and managers and promoting the sustained growth of the Com-
pany's performance.
21 22Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Protection of investors' rights and interests Investor communication
Koal strictly complied with relevant laws and regulations such as the Company Law of the People's Republic of China the Securities Koal is committed to establishing a timely communication mechanism of mutual trust with investors continuously improving our
Law of the People's Republic of China the Guidelines for the Management of Investor Relations of Listed Companies as well as rel- Investor Relations Management System and building diversified investor communication channels. Through performance brief-
evant provisions such as the Articles of Association and established and improved mechanisms for protecting investors' rights and ings the investor hotline the investor email mailbox the sseinfo.com platform and institutional investor surveys we strengthen
interests. The Company upholds the investor relations management philosophy of "respecting investors serving investors and em- interactive communication with investors answer their questions enable them to gain a deeper understanding of our business
powering investors" regards investor relations management as an important component of the Company's strategic development is model development strategy and financial position help them make informed investment decisions and ensure that their re-
committed to building a long-term relationship of trust between the Company and investors and fully safeguards all investors' right quests receive prompt responses and efficient feedback.to know the right to participate and other lawful rights and interests right to know and other lawful rights and interests.Case The Company's Board Secretary Participated in High-Quality Dialogue on Securities Daily
Respect investors Empower investors
We fully respect investors' right to know and right We create value for investors through high-qual-
to participate carefully listen to investors' opin- ity development. Through continuous technol- In August 2025 the Company's Board Secretary
ions and suggestions respond promptly to inves- ogy innovation market expansion and man- Cai Guanhua participated in the high-quality
tors' concerns and protect investors' legitimate agement optimization enhance the Company's dialogue of the "Inside Listed Companies" series
rights and interests. core competitiveness and deliver long-term hosted by Securities Daily. During the dialogue he
returns to investors. comprehensively investors with a comprehensive
overview of the Company's business and future
development opportunities from multiple dimen-
sions including quantum science popularization
quantum security quantum encryption and
Serve investors Transparent communication quantum application scenarios.We serve investors with sincerity professionalism We adhere to the principles of truthfulness ac-
and efficiency; communicate and engage with curacy completeness timeliness and fairness
investors through various channels; and help in- in information disclosure communicate with
vestors gain a comprehensive understanding of investors in an open and transparent manner
the Company's operating performance and devel- and build a relationship of trust between the
opment strategy. Company and investors.Information disclosure Case Koal Won Two Awards from Stock Star
Koal strictly follows the Administrative Measures for Information Disclosure of Listed Companies the Guidelines No. 2 of the
In November 2025 Koal participated in the 13th
Shanghai Stock Exchange for Self-regulation of Listed Companies — Management of Information Disclosure and other regulatory
"Capital Power" Annual Brand Event hosted by
documents. It has revised and strictly implemented the Information Disclosure System and improved the basic principles content
Stock Star. With its outstanding performance in
standards review procedures and accountability mechanisms for information disclosure. Guided by investor needs we properly
investor relations and corporate governance the
prepared submitted for review and disclosed the Company's interim announcements and periodic reports ensuring that the
Company won the "Outstanding Investor Relations
Company's information disclosure was truthful accurate timely and complete. The Company has strengthened insider informa-
Team Award"; Mr. Cai Guanhua the Company's
tion management revised the Management System for Persons with Knowledge of Insider Information standardized the manage-
Board Secretary won the "Outstanding Board
ment of persons with knowledge of insider information and enhanced the confidentiality of insider information. In addition the
Secretary Award" for his professional competence
Company attaches importance to the standardized management of related-party transactions and external guarantees and has re-
in performing his duties. The two honors demon-
vised the Decision-Making System for Related-Party Transactions and the Management System for External Guarantees improving
strate the capital market's high recognition of
the criteria for identifying related-party transactions decision-making authority review procedures disclosure requirements as Stock Star's "Outstanding Investor Board Secretary Cai Guanhua
Koal's standardized governance efficient commu-
well as the approval authority decision-making procedures and risk control measures for external guarantees thereby safeguard- Relations Team Award" Won the "Outstanding Board
nication and overall value. Secretary Award"
ing the interests of the Company and shareholders. During the Reporting Period the Company's information disclosure did not
contain any false records misleading statements material omissions or other improper disclosures.
23 24Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Risk and compliance management
Key Performance
Risk management
Disclosed 135 16 Risk management structure4 offline investor online investor periodic reports engagement sessions engagement sessions Through the division of labor and collaboration among the Board of Directors the Audit Committee and the Management Koal
has clarified the allocation of responsibilities and the decision-making mechanism for risk and compliance management:
Responded to investors Answered Replied to
31 times on the sseinfo.com platform 40 investor hotline calls 6 investor emails
The Board of Directors and the The Management is responsible Due to the special nature of its
Audit Committee supervise and for organizing the day-to-day business the Company has estab-
evaluate the effectiveness of risk operation of internal control to lished a dedicated Confidentiality
Protection of the rights and interests of minority shareholders and compliance management ensure the compliance and effi- Office to manage confidential pro-
ensuring the transparency and ciency of management activities. jects confidential qualifications
The Company treated all shareholders equally. Small and medium shareholders could attend general meetings of shareholders in efficiency of the management and personnel with access to con-
person or vote on resolutions of the General Meeting of Shareholders through online channels. For major matters that might affect mechanism. fidential information throughout
the interests of small and medium investors the Company separately counted and disclosed the votes of small and medium inves- the entire process so as to ensure
tors. A question session for small and medium investors was included in the agenda of general meetings of shareholders and we the security and supervision of
actively listened to their opinions and suggestions. The selection of the time and venue of general meetings of shareholders was confidential information.conducive to enabling as many shareholders as possible to attend the meetings and we made full use of modern information tech-
nology to increase the proportion of shareholders participating in general meetings of shareholders. When the profit distribution
proposal was reviewed and decided upon the Independent Directors Committee diligently fulfilled its responsibilities and issued
clear opinions. After the relevant proposal was reviewed and approved by the Board of Directors of the Company it was submitted Risk identification and response
to the Company's General Meeting of Shareholders for deliberation effectively safeguarding the legitimate rights and interests of
small and medium shareholders. Koal formulated the Risk Management System continuously strengthening risk identification and response capabilities standard-
izing business management processes and achieving risk identification risk assessment risk response risk monitoring and con-
tinuous improvement for core business segments. Through the comprehensive identification and management of market opera-
tional financial legal and compliance and technological risks the Company ensures its steady development in a complex market
environment. At the same time the Company integrates environmental social and governance (ESG) risks into the comprehensive
risk management system further identifying and managing potential risks related to quality safety environmental protection and
anti-corruption and improving its risk resilience.Risk identification Risk assessment Risk response
Comprehensively identify inter-
nal and external risks covering Analyze the likelihood and Based on the risk assessment
all aspects of the Company's impact of risks. results formulate targeted risk
operations. response strategies.Continuous improvement Risk monitoring
Continuously optimize risk management pro- Continuously track risk status to ensure risks
cesses through feedback mechanisms to form remain under control.closed-loop management.
25 26Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Risk training Business ethics
To enhance employees' compliance awareness the Company regularly carried out special training covering analysis of historical
compliance risks case discussions compliance reviews risk assessment and response and internal audit supervision. Through
the training employees improved their risk management capabilities further reduced compliance risks and safeguarded the Com- Governance
pany's stable development.Koal is committed to building an ethical and transparent business environment and strictly complies with laws regulations and
Internal control and compliance industry standards such as the Company Law of the People's Republic of China the Anti-unfair Competition Law of the People's Re-public of China the Anti-Monopoly Law of the People's Republic of China and Anti-Money Laundering Law of the People's Republic
Guidelines for the Application of Enterprise Internal Control Guidelines for of China. We have formulated policies and systems such as the Code of Business Ethics the Anti-bribery and Anti-corruption Policy Koal strictly complies with such institutional norms as
the Evaluation of Enterprise Internal Control Guidelines for the Audit of Enterprise Internal Control and the Whistleblowing and Whistleblower Protection Management Policy established detailed standards for anti-corruption and an- and and formulated and con-
Internal Control System Internal Audit System ti-bribery conduct across all aspects of our operations and promoted compliance with business ethics and anti-corruption standards tinuously improved the and . We systematically implement standardized review and
by both the Company and our partners.audit workflows that encompass audit preparation risk assessment test procedure design review procedure implementation
approval and rectification as well as report supervision thereby fully leveraging the effectiveness of internal audit supervision. In To ensure the implementation of the business ethics and anti-corruption policies and to monitor their enforcement the Company has
2025 the Company continuously strengthened the development of the audit system focused on key business areas and critical established three lines of defense to strengthen business ethics and anti-corruption management. The business departments serve
risk links and intensified audit efforts. In accordance with the annual plan we carried out special audit work in an orderly manner as the first line of defense embedding business ethics and anti-corruption requirements into compliance processes and conducting
promptly rectified issues identified during audits and incorporated them into performance assessments thereby forming a positive regular self-inspections. The Legal Department serves as the second line of defense responsible for overseeing implementation. The
cycle of using rectification to enhance management ensuring the compliant operation of all our businesses as well as the effective Internal Audit Department serves as the third line of defense responsible for developing business ethics and anti-corruption policies
operation and continuous optimization of internal control. conducting independent audits investigating whistleblower reports and enforcing accountability. It also performs regular reviews
and risk assessments to ensure that the Company's operations comply with business ethics laws regulations and internal policies.Tax management
Strategy and management approach
Koal strictly complies with Law of the People's Republic of China on the Administration of Tax Collection and Enterprise Income Tax Law of
the People's Republic of China as well as other relevant tax laws and regulations. It has formulated and continuously improved its Tax Man- Koal has embedded the principles of integrity and probity into the core of its corporate culture incorporated them into the Company's
agement System and standardized tax operation procedures. The Company has established and improved its tax management system im- long-term development strategy and extended this requirement to its supply chain to ensure high-quality development.plementing a tax management structure featuring "headquarters coordination + business unit execution" while clearly defining the respon-
sibilities of each level to coordinate and manage all tax-related matters and effectively prevent tax-related violations and non-compliance. Development of a culture of integrity
Specifically the Company's Finance Department as the core management department is responsible for coordinating the formulation of The Company normalizes the development of a business ethics
tax policies risk control and compliance management across the Group. Each subsidiary appoints a tax specialist responsible for daily tax and anti-corruption culture. By formulating policy documents Conduct Specialized Training on Business Ethics
filing invoice management and liaising on local tax matters. During the Reporting Period the Company did not commit any major tax viola- such as Code of Conduct for Integrity the Company clarified Case and Anti-Corruption for Directors and Senior
tions and was not involved in any major tax-related litigation or arbitration. the business ethics standards that employees must comply Management
with. All employees are required to sign the Employee Integrity
Commitment Letter and Employee Integrity Agreement. Em- In December 2025 to continuously strengthen corporate
During the Reporting Period ployees' compliance with the Company's values professional governance and enhance the compliance awareness and
ethics and code of conduct is taken as an important basis for
their performance appraisal promotion appointment and ethical standards of directors and senior management
removal. Business ethics and anti-corruption training and case the Company organized special business ethics and an-
The Company did not commit any major tax violations and was not involved in any warning education activities have been carried out to popularize ti-corruption training focusing on the three dimensions of
major tax-related litigation or arbitration. business ethics and anti-corruption knowledge among directors laws and regulations case practice and judicial standards
and all employees to enhance employees' professional ethics to help the core management team gain a deeper under-
standards and to foster a clean and upright internal atmosphere
within the Company. During the Reporting Period Koal was not standing of compliance boundaries and build a solid barri-
involved in any major litigation cases related to corruption brib- er for risk prevention.ery or unfair competition.The Company regularly conducted tax risk inspections checked the tax filing status of each Key Performance
unit on a monthly basis and used the tax filing control checklist to avoid missed filings late
filings and delayed tax withholding ensuring that no tax risks occurred during the Reporting Supplier chain integrity managementthe Company paid a total of
Period. The Company regularly organized tax management training accurately identified the The Company has formulated centralized procurement management measures and process mechanisms. Internally we review
orientation and key priorities of policy support promptly shared new government policies 40.19 potential conflicts of interest in accordance with the procurement process system. Externally we incorporate business ethics and million in
and new industry developments guided all departments and units to correctly understand various taxes and fees anti-corruption requirements into the Company's standard contracts and require suppliers to sign them or require suppliers to
and apply relevant policies provided guidance on carrying out related business activities separately sign Integrity Agreement and Cooperation Partner Integrity Commitment requiring suppliers or partners to comply with
mitigated tax risks and continuously improved the professional competence and practical op- national laws and regulations policies and industry standards in their places of operation and prohibiting them from engaging in
erational capabilities of tax personnel. During the reporting period the Company paid a total or tolerating any form of corruption fraud extortion or embezzlement. For suppliers that violate the policy the Company will take
of RMB ( )00 million in various taxes and fees. measures including suspension of cooperation and contract termination
27 28Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Anti-unfair competition Party leadership
The Company strictly complies with the Anti-unfair Competition Law of the People's Republic of China the Anti-monopoly Law of the
People's Republic of China Several Provisions on Prohibiting Acts of Infringing Trade Secrets and the anti-monopoly and fair competition
laws and regulations of the countries and regions where it operates. We pledge not to collect competitors' trade secrets or other confi- Koal guided by Xi Jinping Thought on Socialism with Chinese Characteristics for a New Era fully implements the guiding principles of
dential information through illegal means nor to engage in illegal activities such as colluding with competitors to fix prices and disrupt the 20th CPC National Congress and the Third and Fourth Plenary Sessions of the 20th CPC Central Committee thoroughly puts into
market order. We reject all forms of unfair competition and are committed to maintaining a fair and competitive market environment. practice the general requirements for Party building in the new era and the Party's organizational line for the new era closely adheres to
During the Reporting Period Koal did not experience any violations of laws and regulations against unfair competition. the overall requirements of "Studying the Ideology Strengthening Party Spirit Emphasizing Practice and Achieving New Feats" focuses
on enhancing organizational capacity uses the deep integration of Party building and business operations as the key lever and solidly
Whistleblowing and whistleblower protection advances political development ideological development organizational development conduct development and discipline develop-
ment thereby providing strong political and organizational support for the Company's high-quality development.Koal maintains zero tolerance for acts such as corruption and bribery that violate business ethics. We have established open trans-
parent and diverse reporting channels and encourage internal employees and external partners to report non-compliant conduct.Whistleblowing channels include the Company's official telephone number hotline whistleblowing mailbox mailed correspond- Strengthen the foundation of governance
ence or in-person visits. After receiving a report the Company will establish a professional investigation team to conduct an inde-
pendent investigation in accordance with laws and regulations and will cooperate with relevant departments to ensure smooth The Company's Party Committee effectively fulfills its primary responsibility for exercising full and rigorous Party self-governance incor-
information flow. The investigation results will be reported directly to senior management. Once verified the Company will adopt porating Party building into the overall annual work plan and ensuring that it is planned deployed advanced and assessed in tandem
corresponding accountability mechanisms. with business operations. At the same time based on adjustments to Party members' positions and work needs the Company promptly
by-elects members of the branch committee optimizes the structure of the branch leadership team clarifies the division of responsibil-
The Company undertakes to keep whistleblowers' personal information and whistleblowing materials strictly confidential. Whis- ities among branch committee members and has established a working pattern in which the branch secretary assumes overall respon-
tleblowing leads and materials are handled by designated personnel and managed strictly in accordance with confidentiality clas- sibility branch committee members collaborate based on their respective duties and all Party members participate. In 2025 we strictly
sifications. It is expressly stipulated that whistleblowers' personal information the handling of whistleblowing cases and other re- implemented the organizational life systems including "Three Meetings and One Lecture" themed Party Day activities organizational
lated information must not be disclosed to the reported person or to personnel unrelated to the handling of whistleblowing work. life meetings and democratic appraisal of Party members. Throughout the year we convened four Party branch member meetings 12
While keeping whistleblowers' information confidential the Company strictly cracks down on any retaliatory acts. Once verified branch committee meetings and 24 Party group meetings. Organizational life meetings and democratic appraisal of Party members
the Company will deal with them seriously. For acts that have indeed seriously endangered whistleblowers' rights and interests we were carried out in an orderly manner with a 100% participation rate among Party members.will promptly report them to the judicial authorities and pursue criminal liability in accordance with the law.To ensure the standardization and long-term effectiveness of Party building work the Company has established and continuously im-
Impact risk and opportunity management proved Party building policies and systems formulated a joint conference system for Party building work under the leadership of the Par-
ty Committee and regularly organized coordination meetings among various departments to promote information exchange resource
Koal incorporates business ethics and anti-corruption risks into the Company's comprehensive risk management system. To prop- sharing and coordinated action thereby forming a strong working synergy. At the same time the Company strictly implements the
erly address business ethics-related risks the Company regularly conducts the identification and assessment of business ethics procedures for Party member development and actively promotes the building of the Party affairs cadre team. It selects cadres who are
risks (for specific procedures please refer to the "Risk and Compliance Management" section of this report) thoroughly analyzes politically strong professionally competent and have good work conduct to fill Party affairs positions and has improved the "dual culti-
factors that may trigger ethical risks as well as various potential conflicts of interest improper benefit transfers and unfair com- vation" mechanism cultivating Party members from key operational personnel and cultivating management talent and technical experts
petition and has formulated detailed policies and procedures to ensure that all business conduct complies with ethical standards from Party members thereby forming a multidisciplinary team structure in which "Party affairs cadres understand business operations
and legal and regulatory requirements. To ensure the timely disclosure of potential risks the Company continuously improves its and key operational personnel are competent in Party building." During the Reporting Period the Party Committee of the Company culti-
monitoring system including but not limited to internal audits compliance inspections and whistleblowing mechanisms. The vated three Party membership applicants admitted one probationary Party member and confirmed one full Party member.Company's Internal Audit Department conducts orderly audits and inspections of the implementation of business ethics-related
systems and the risks of business ethics across various business scenarios. Audit results major findings and matters requiring at-
tention are regularly reported directly to the Audit Committee of the Board of Directors and the Chairman while maintaining inde-
pendence at the organizational business and individual levels.Indicators and targets
Indicators and targets 2025 achievement status
Zero occurrence of major corruption incidents Target achieved
Ensure comprehensive audit coverage of all business areas
Target achieved
every three years
100% effective whistleblowing handling rate Target achieved
Convene the 2025 Special Organizational Life Meeting and Democratic Appraisal of Party Members Meeting
29 30Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Strengthen the ideological foundation Deepen the improvement of work conduct Key Performance
The Company consistently placed political development first continuously strength- The Company remains unwavering in its commitment to strict standards continuously Integrity talks with more than
ened theoretical grounding and steadily enhanced Party members' and cadres' politi- strengthening the improvement of work conduct and the promotion of integrity within
cal judgment political comprehension and political execution capabilities. the Party and fostering a political environment characterized by integrity and fairness. 20 individuals were conducted
Normalize and deepen theoretical study Strengthen efforts to improve Improve supervision mechanisms
We strictly implemented the First Agenda system organizing Party branch members work conduct Strengthen integrity education
to focus on studying Xi Jinping Thought on Socialism with Chinese Characteristics
for a New Era the guiding principles of the 20th CPC National Congress and the We deepened special rectification We organized Party members and We established and improved the
efforts against formalism and bu- cadres to study intra-Party regulations Party branch supervision mecha-
Third and Fourth Plenary Sessions of the 20th CPC Central Committee as well as the reaucracy focusing on issues such such as Regulations of the Communist nism with branch committee mem-
essence of General Secretary Xi Jinping's series of important speeches instructions as shirking responsibility buck-pass- Party of China on Disciplinary Actions bers assigned responsibilities by
and directives and to conduct in-depth study of important works such as Xi Jinping: ing perfunctory performance of and Code of Integrity and Self-Disci- division of labor to conduct routine
the Governance of China (Volumes I to IV) and Excerpts on Xi Jinping Thought on duties and low efficiency in work. pline of the Communist Party of China supervision over Party members and
Socialism with Chinese Characteristics for a New Era. We conducted self-inspection and and carried out four integrity warning cadres in the performance of their
self-correction established issue education activities. Through watching duties fulfillment of responsibilities
By combining study sessions led by the Party branch secretary guided learning by lists responsibility lists and rectifi- warning education films visiting integ- and integrity and self-discipline.branch committee members and self-study by Party members theoretical learning was cation lists and ensured rectification rity education bases and circulating
promoted to be truly understood and internalized ensuring that Party members and was implemented within prescribed typical corruption cases we guided
We kept supervision channels open
time limits. Party members and cadres to respect by setting up suggestion boxes and
cadres consistently maintained a high degree of alignment with the Party Central Com- the law remain vigilant and uphold reporting hotlines encouraging Par-
mittee with Comrade Xi Jinping at its core in terms of ideology politics and action. Party members and cadres were ty members and the public to partic-
organized to carry out heart-to-heart the bottom line. ipate in supervision and promptly
talks. The branch secretary and We strictly implemented the spirit of identifying and correcting problems
branch committee members and the Central Committee's Eight-Point in work.Conduct thematic education in a thorough and effective manner Party members branch committee Decision and its implementation
In accordance with the unified deployment of the higher-level Party committee members among themselves and rules resolutely opposed the "four Party members among themselves forms of misconduct" strengthened
a leading group was established to organize and carry out thematic education regularly conducted heart-to-heart supervision and inspection of con-
formulate an implementation plan and advance thematic education in depth talks to promptly understand ideo- duct building during holidays and fes-
and with solid results through such steps as centralized study discussion and logical trends and work conditions tivals and prevented the occurrence
exchange and rectification and implementation. help resolve practical difficulties and of violations of rules and discipline.defuse conflicts and disputes.We organized Party members and cadres to visit revolutionary education bases
for on-site study sessions on two occasions where they reviewed the oath of ad- Promoting the integration of party building and business operations
mission to the Party and carried forward the revolutionary legacy.The Company actively promotes the deep integration of Party building and business operations adheres to the principle of grasping
Special seminars were conducted around "Studying the Ideology Strengthening Party building through business operations and grasping business operations through Party building and regularly organizes thematic
Party Spirit Emphasizing Practice and Achieving New Feats." Party members and discussions experience-sharing sessions and learning reviews around the key priorities and difficulties in business work. The Company
cadres shared their insights reflections and proposed measures in light of their has established a "full-chain" accountability system defining the primary responsibility of the Party Committee the secretary's role as
specific job responsibilities thereby forming a consensus in thinking. the principal responsible party the "dual responsibilities" of leadership team members and the responsibilities of Party branches. By
implementing supervision inspection and assessment throughout the entire process of Party building including monthly Party-build-
ing work meetings specialized inspections and the incorporation of Party building into performance assessments the Company strictly
Key Performance conducted work reporting appraisal and assessment. At the same time we hold those responsible for inadequate implementation
strictly accountable using "Party building to guide labor union building and Youth League building" to ensure that all aspects of Party
government labor union and Youth League work are fully advanced.
48 centralized 12 thematic seminars Case "Party Building + Project" Model for Tackling Tough Challenges
study sessions
and Guided by the principles of "Party leadership unified standards phased replacement and safety and controllability" the Com-
2 12 pany deeply integrated the localization transformation of computer terminals with grassroots Party-building initiatives estab-field study visits themed Party Day lishing a "district committee coordination - subdistrict leadership" advancement mechanism. This achieved independent and
activities were organized controllable software and hardware for office terminals in subdistricts across the entire district adapted to application scenari-
os empowered grassroots governance and E-Government and simultaneously enhanced the information innovation literacy of
Party members and cadres as well as the effectiveness of grassroots governance.
31 32Innovation leads the way
digital technology as our shield
Product technology innovation
Product quality and safety
Customer relationship management
Information security and privacy protection
Sustainable supply chain
Contributing to the UN 2030 SDGsKoal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Product technology innovation Building innovation platform
The Company has established six major R&D centers in Beijing Shanghai Xi'an Chengdu Nanjing and Zhengzhou and has part-
nered with multiple domestic research institutes and universities to establish five joint laboratories building a high-level open
Governance technology innovation platform and integrated innovation system accelerating technology innovation promoting industrial up-
grading and continuously contributing to the development of the industry.The Company has established a comprehensive R&D management system. Innovation and R&D work are centrally coordinated and man-
aged by the Product and Technology Committee which is responsible for formulating R&D strategies and allocating resources. We have R&D platform Positioning and functions
established specialized support departments such as the Product and Ecosystem Management Department and the Infrastructure Depart-
ment to strengthen coordination and linkage between the front and back ends of R&D creating a working pattern of efficient collaboration
and joint management across all departments and promoting the efficient implementation of product technology R&D. * The Company has established six R&D centers located in Beijing Shanghai Xi'an Chengdu
The Company has established a standardized policy system around the entire R&D innovation process formulating the Information Man- Six R&D Nanjing and Zhengzhou to address both the staffing needs of its production lines and the
agement System to clarify the management requirements for each stage of R&D projects. Concurrently it has established mechanisms centers distribution of education and research resources.for R&D reviews and innovation incentives standardized the commercialization of R&D outcomes and the confidentiality management of
core technologies and comprehensively ensured that R&D activities are conducted in a standardized orderly and efficient manner there- * Shanghai Jiao Tong University: The Cyberspace Security Key Laboratory was established
by laying a solid policy foundation for technology innovation. to carry out comprehensive cooperation in cybersecurity by leveraging the resources of local
universities in Shanghai.Strategy and management approach * Fudan University: A Joint Laboratory for Post-Quantum Cryptography was established.Koal adheres to the innovation-driven development strategy coordinating three key initiatives: building an innovation R&D system Leveraging Fudan University's deep expertise in mathematics and cryptography we will jointly
upgrading data security products and services and providing full-process intellectual property protection. The Company continues build a "Shanghai flagship" for the integrated development of next-generation post-quantum
to focus on advancing core technologies and strengthening its security technology barriers. cryptography technologies across industry academia and research.* Shaanxi Normal University: The Cryptography Application Research Key Laboratory was
R&D innovation management established. In collaboration with the Xi'an R&D Center and local universities in Xi'an we will
Koal adheres to dual-driven innovation and development strategy centered on "technology and products." With talent cultivation conduct in-depth joint research focusing on new cryptographic algorithms participation in
and recruitment as its foundation the Company leverages AI technology to empower internal R&D operations prioritizes the re- Five joint the development of national standards and specifications and the research and design of laboratories
search development and implementation of core security technologies and relies on collaborative partnerships with external industry-specific cryptographic application solutions.technology innovation platforms for support. Concurrently the Company strengthens end-to-end intellectual property protection * Jiangsu University of Science and Technology: The Network Security Technology
continuously fortifies its core technological barriers promotes the deep integration of technology innovation and industrial appli- Laboratory was established. Building on partnerships with the Nanjing R&D Center and
cations and drives high-quality development in the digital security industry through independent innovation. local universities in Jiangsu we will focus on applied innovation and engage in in-depth
collaboration in the field of network security.Awards & Recognitions * Jinan University: The Guangzhou Network Security Joint Laboratory was established to
conduct research on distributed identity and self-sovereign identity technologies.Recognized as a National-level Specialized Refined Designated as a "Shanghai Pilot Unit * Xidian University and Liaoning University: The two institutions have already carried out
Unique and Innovative "Little Giant" Enterprise for Patent Work" certain technical cooperation and plan to expand their collaboration toward comprehensive
industry-academia-research cooperation in cryptography technology.Recognized as a "National-level Received the "Outstanding Enterprise" in the
High-Tech Enterprise" Commercial Cryptography Industry for 2024
Case Koal Collaborates with Xidian University on Industry-Academia-Research Collaborative Innovation
In 2025 Koal and Xidian University carried out collaborative industry-university-research innovation around the core technical direc-
tion of integrated empowerment through cryptography and AI. The two parties conducted multiple rounds of technical discussions
and jointly carried out related technical research working together to provide technical support for the research on topics related
to integrated empowerment through cryptography and AI planned by the Shanghai Municipal Cryptography Administration. Both
parties simultaneously advanced the co-establishment of a joint cryptography laboratory promoting the implementation and
application of Xidian University's "Xuanzhi Large Model" in areas such as security evaluation of cryptography applications security
Won the "Golden Intelligence Award" in China's Won the "Golden Intelligence Award" in China's Network transformation of cryptography applications and security assessment of commercial cryptographic products. This fully leveraged
Network Security and Information Industry - Inno- Security and Information Industry - Innovation Leading the empowering effect of artificial intelligence technology in the field of cryptography and promoted technology innovation and
vative Solution of the Year 2025 Enterprise of the Year 2025 the commercialization of research outcomes through deep integration of industry academia and research.
35 36Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Introduction and development of innovative talent AI-Powered technology innovation
The Company continued to increase efforts to attract high-end technology talent improve management mechanisms that support the In 2025 Koal focused on the dual-engine drive of an "information-based foundation + AI application layer " closely aligning with the
development of research talent steadily advance long-term incentive plans for core talent provide R&D personnel with various types of strategic goal of "All In AI." We prioritized deepening the integration of AI with our three core businesses of cryptography security and
online and offline professional skills training and build a product technology R&D team with outstanding professional expertise exten- products and clearly advanced the evolution of AI applications from tool introduction to paradigm transformation achieving the dual
sive industry experience and strong innovation capabilities. During the Reporting Period the Company conducted a total of five spe- goals of "AI-empowered efficiency and innovation-driven upgrading" and building AI-driven sustainable competitiveness.cialized product technology training sessions including courses on AI-assisted coding frontier technologies in cryptography and data
security (lightweight cryptographic algorithms block ciphers and data security for low-altitude IoT) among other topics.Strengthen information infrastructure and build an AI + business knowledge support system
Innovation and R&D achievements
In 2025 the Company continued to deepen its efforts in cutting-edge digital security technologies steadily advancing technolog- In 2025 the Company completed the integration of the Company-level information platform implemented the Information Management System
ical breakthroughs and scenario-based implementation around core areas such as code security post-quantum technologies completed the full integration of legacy system data and imported core materials such as password security cryptographic compliance assessment
trusted data spaces and privacy computing. We deeply integrated technology innovation with sustainable development empow- standards and API interface documentation providing standardized knowledge support for the implementation of AI + cryptography and AI + security.ered the secure development of industries through technology and effectively fulfilled our corporate social responsibilities. In addition the Company launched an information platform integrating AI platform and knowledge base functions. Its core components were aligned
with business needs to enable efficient retrieval of core business data. It served both as an internal "intelligent resource browser" and as the "knowl-
Case Building a Secure-by-Design Code Security System Through Technology edge foundation" for the implementation of AI + business realizing transparent management and innovative reuse of knowledge assets.In 2025 Koal built a DevSecOps system combining shift-left security and defense in depth embedding security capabil- Build an AI efficiency platform and realize the deployment of intelligent applications across multiple scenarios
ities into the CI/CD pipeline to enable real-time code auditing and risk blocking. Concurrently we established a pano-
ramic SBOM view and introduced externally sourced threat intelligence updated daily to proactively identify newly dis- The platform covered three major dimensions: office operations business and R&D. We built an internal AI assistant matrix
closed vulnerabilities in open-source components strengthening security management and control over open-source achieving a breakthrough from point-based empowerment to multi-scenario coverage.components and the supply chain. We also released code security standards and testing tools to promote the forward
shift of security checkpoints. For key products we implemented dual penetrating verification through static tool scan-
ning + expert manual auditing comprehensively improving code security quality internalizing security capabilities as
Knowl- Based on document vectorization technology the Knowledge AI Assistant delivers intelligent Q&A for internal
core DNA of our products and solidifying the foundation of digital security. edge AI knowledge integrates core knowledge such as cryptography and security and is integrated into DingTalk and
Assistant the knowledge base to provide employees with convenient knowledge query services.Case Research Development and Implementation of PQC Technology
Pre-sales It achieves automatic matching between bidding document parameters and products such as cryptogra-
Koal regarded PQC Technology as a core strategy. In 2024 we launched a series of post-quantum products. In 2025 AI Assis- phy and data security assists in bidding document preparation verifies the value of AI-driven efficiency
we carried out pilot applications in the financial sector promoting the smooth transition of business systems to a tant improvement and accumulates practical data.post-quantum security architecture while also enabling our post-quantum PKI products to expand overseas and pro-
vide digital trust solutions for countries along the Belt and Road. By building full-scenario quantum security solutions
Cryptog- A cryptographic compliance assessment knowledge assistant is built based on RAG technology which is inte-and integrating various cryptographic and key technologies the Company addressed potential quantum computing
raphy AI grated into the cryptographic service platform. It interprets cryptographic assessment standards and answers
threats through continuous technology innovation and supported the security upgrade of the industry. Assistant cryptography-related questions with an accuracy rate of over 90% thereby supporting technology R&D.Trusted Data Space Architecture and Imple- Application of Privacy-Preserving Computing
Case Case
mentation Technologies and Ecosystem Development AI Securi- Solutions such as large model security protection are implemented achieving unified identity authentication
ty Assis-
tant encrypted transmission and risk identification which have been validated in joint demonstration with Hygon.In 2025 Koal made in-depth deployments in trusted In 2025 Koal continued to deepen its presence in the
data spaces participated in research on the national field of privacy-preserving computing and built an infor-
data circulation and communication system and mation-sharing platform based on oblivious query for Covering five core product lines it enables functions such as automated certificate management and AI
took the lead in drafting reports related to cross-bor- China UnionPay. By integrating secure multi-party com- Product AI data classification and grading among which AI data classification and grading is already capable of pro-
der data joined the National Data Standards Com- putation and oblivious query technologies we enabled Assistant viding services. The platform has completed multiple technical validations accumulating experience for
mittee and the Trusted Data Space Development the secure sharing of blacklist and graylist information subsequent implementation across all scenarios.Alliance participated in formulating the group among financial institutions with data available but
standard Capability Requirements for Trusted Data invisible effectively improving the risk prevention and
Spaces and actively advanced the R&D and industri- control of financial transactions as well as operational
al deployment of trusted data space platforms. The efficiency. We also made angel investments in priva- Strengthen the AI talent pipeline to support innovation in core businesses
Company also applied for national pilot projects for cy-preserving computing enterprises to build an indus-
data infrastructure forming a complete practical sys- trial ecosystem featuring complementary technologies In 2025 the Company conducted 15 AI-themed training sessions introducing new modules on AI and cryptography as well as AI
tem in technological R&D standard development and collaborative advancement thereby strengthening and security covering core fields including the eight major directions of AI cryptography proposed by Academician Feng Dengguo.and ecosystem implementation. product responsibility and social trust through technolo- The Company developed an AI Competency Assessment Form to incorporate AI application capabilities in cryptography security
gy implementation and ecosystem development. and other areas into the assessment process established a four-level competency matrix and preliminarily formed specialized tal-
ent teams for AI + cryptography and AI + security thereby consolidating the talent foundation.
37 38Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Technology ethics The cryptographic service platform supports modular flexible
Koal has consistently integrated technology ethics into the entire process of innovation and implementation across its core businesses tailoring and combination and can be adapted to diverse delivery
including digital security cryptographic technology and AI applications. We uphold our original commitment to technology for good and forms such as stand-alone machines all-in-one machines data
secure controllable development and use ethical principles to regulate technology research and development as well as business practic- centers cloud platforms and cryptography clouds. It comprehen-
es. Based on the industry characteristics the Company regards data security and privacy protection technological transparency and tracea- sively empowers multiple business scenarios including cloud envi-
bility fairness and inclusiveness and compliance and self-discipline as core principles. It integrates ethical considerations into every stage of ronments big data the IoT and AI enabling full-chain cryptograph-
product design and project R&D and incorporates designs such as granular control and behavior traceability into products including NGPKI ic integration operations maintenance and supervision.and AI security solutions so as to avoid ethical risks such as technology abuse and algorithmic bias. In addition we promoted the integra-
tion of technology ethics into employee-wide training and institutional development built ethical consensus with ecosystem partners and
guided the standardized application of technology. In the future the Company will continue to fulfill its technology ethics responsibilities Single-unit Single-package
through compliance and self-discipline balance technology innovation commercial value and social value and contribute corporate Easy and flexible deployment at low cost suitable for small
strength to building a trustworthy and orderly digital ecosystem. enterprises and individual users;
Data Security products and services Plug-and-play rapid start-up and simple maintenance re-
ducing the burden of IT management.Koal has deeply cultivated the core field of digital security. Grounded in independently controllable cryptographic technology we have built a
complete product and service system covering comprehensive cryptographic services full life cycle data security products and one-stop secu-
rity services providing all-dimensional and highly reliable security support for the digital transformation of thousands of industries. All-in-One Delivery
Comprehensive cryptographic service capability system Integrated software and hardware ready to use out of the box
The Company has established and continues to refine a comprehensive cryptographic service capability system. With the cryp- reducing deployment time;
tographic service platform as the core we have built a "1+3" product system consisting of three major platforms: Cryptographic Suitable for enterprise applications that require rapid launch
supervision operations and maintenance management and the cryptographic laboratory. The platform is capable of uniformly have limited budgets and involve many small-scale business
managing various types of heterogeneous cryptographic devices and integrating diversified cryptographic services providing up- applications.per-layer applications with rich and diversified cryptographic service support.Data Center Delivery
Provide powerful computing and storage resources to sup-
port large-scale data processing;
Feature high availability and fault tolerance to ensure busi-
ness continuity with easy scalability and management.Cloud Platform Delivery
Integrate the advantages of cloud platforms to provide flexi-
ble resource management and elastic scalability;
Optimize costs and performance and enhance business agil-
ity and security.Cryptography Cloud Delivery
Specialize in encryption services adopting advanced tech-
nologies and stringent access controls to ensure the securi-
ty of data transmission and storage;
Simplify cryptographic management with cryptographic
services ready for immediate use.
39 40Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Data security product system Safety service system
Koal deeply integrates cutting-edge technologies with customers' actual needs to tailor data security solutions that fit their re- Koal has built a one-stop comprehensive data security service system. Based on in-depth consulting we assisted customers in comprehensively reviewing data assets
quirements. The Company has assembled a cross-disciplinary R&D team composed of data security experts software engineers identifying security risks and provided security integration and product implementation services to ensure the efficient execution of solutions. In addition the Company
and AI algorithm professionals and continuously carried out technology innovation and key technology research building a mul- provides operational services such as security system operations routine security operation and maintenance and emergency response. Through continuous assessment
ti-level integrated data security product system covering the entire data lifecycle to provide customers with robust data security and optimization we are constantly enhancing our data security protection capabilities to provide security support for enterprises undergoing digital transformation.protection.Data Security Data Security Implementa- Data Security
Consulting Services tion Services Operation Services
Service Content Service Content Service Content
Asset Review Service Security Construction Security System Operation
Data Lifecycle Risk Assessment Service Integration Service Daily Security Maintenance
Security System Construction Emergency Response Service
Service Value Service Value Service Value
Clarify Current Data Security Status Customized Solutions Strong Data Security Assurance
Identify Risks and Issues Address Protection Capability Gaps Continuous Evolution and Optimi-
Meet Regulatory Compliance
Collection Transmission Storage Usage Exchange Destruction zation Around Business NeedsRequirements
Product Implementation/ Ongoing Evaluation/
Data Collection Data Transmis- Data Storage Data Process- Data Exchange Data Destruc- Inventory Assets/Assess Risks
Security sion Security Security ing Security Security tion Security System Construction Continuous Optimization
Case China Mobile's Project to Develop Regulatory Standard Formulation for Commercial Cryptography
Integrated Data Security Platform
Koal took the lead in drafting China Mobile Group's Requirements Specification for the Operational Security Assurance System of Commercial
Security Situation Security Threat De- Security Capability Cryptography. Leveraging the Company's technical expertise and industry practice in the field of commercial cryptography we supported Chi-
Awareness System tection System Assessment System na Mobile in building a full-process security assurance system covering the application of cryptographic algorithms full lifecycle key manage-
ment and security and compliance assessment. This standard aligns with the security requirements of scenarios such as 5G private networks
and cloud-network convergence and can be applied to the construction of China Mobile's nationwide information security systems effectively
enhancing our brand influence and core competitiveness in the telecommunications operator sector.Identity Management
Cryptographic Basic Cryptographic Identity Infra-
Authentication and
Infrastructure Service Capabilities structure Case Ministry-level Unified Identity Authentication Case Smart Customs Cryptographic Service Project Authorization Project (Phase I) of the General Administration of Customs
The Company deeply participated in the construction of the Unified Koal relied on the cryptographic service platform to provide data
Cryptographic Service Platform Identity Authentication Project (Phase I) of the Ministry of Civil Affairs. encryption and decryption support for the Smart Customs supervi-Public Key Infrastructure (PKI)
As an important component of the Golden Civil Affairs Project this sion platform of the General Administration of Customs successfully
HSM Key Management project adopts a "four horizontal and four vertical" architecture to sup- completed the assessment topic on encryption capabilities and
System (KMS) Identity and Access Management port the secure operation of multiple business systems including so- verified the platform's outstanding capabilities in key management
Digital Signature and TSA Server (IAM) System cial assistance elderly care services and child welfare and realizes the high-performance encryption and decryption and other aspects.Verification interconnection sharing and utilization of civil affairs data nationwide. At the same time the Company provided an identity authentication
In the future the project will cover five levels of administrative units and secure login solution based on Chinese commercial cryp-
and more than 300 types of public service scenarios continuously tographic algorithms for Customs mobile office scenarios providing
enhancing the Company's demonstration effect in the fields of digital reliable cryptographic support for the digitalized and intelligent
government and public welfare security. supervision of Customs.
4142
Reliable Data Content Supervised Cross-border Data
Trustworthy Data Circulation Traceable Data ComplianceKoal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Intellectual property protection Risk scenario Risk identification Mitigation measures
Koal continuously strengthened full-process intellectual property management improved the protection and compliance system and
built a dedicated protection barrier for R&D innovation achievements. The Company adheres to an intellectual property management
policy of "innovation-driven implementation-focused standardized management risk prevention and legal compliance." It strictly Use of unaudited third-party AI tools results Issue a List of Recommended AI Tools; the guidelines
complies with laws and regulations such as Patent Law of the People's Republic of China Trademark Law of the People's Republic of Use of inter- in code/data being retained for training; required that the sensitive information be replaced with
China and Copyright Law of People's Republic of China. The Company has established a policy system covering the entire life cycle of nal AI tools Core algorithms and sensitive data are mis- placeholders;
intellectual property and formulated systems such as Intellectual Property Management Manual Compliance Management System and takenly entered into public network AI AI-generated code is incorporated into Code Review
Patent Work Management System to clarify management standards for core aspects including intellectual property rights confirmation
application and protection improve the mechanisms for identifying and controlling infringement risks and effectively prevent the loss
of intangible assets. While strictly protecting our own intellectual property we also adhere to the bottom line of compliance to ensure Integrate SCA tools into the CI/CD pipeline to block high-
that we do not infringe upon third parties' intellectual property rights such as trademarks patents and copyrights. The introduction of copyleft licenses forces Use of ex- risk components;core code to be open-sourced;
We have established an enterprise-wide coordinated intellectual property management framework with clearly defined respon- ternal open- Issue the Catalog of Recommended Open Source Software;
source tools Open-source components contain malicious
sibilities. The General Manager serves as the primary responsible person while the Strategic Planning and Marketing Department backdoors or high-risk vulnerabilities (CVE) Components outside the whitelist require dual manual
acts as the centralized management unit coordinating the full lifecycle of intellectual property management. Functional depart- approval
ments such as Human Resources Department Finance Department and Product R&D Department implement IP management
according to their respective responsibilities forming a collaborative and efficient management structure.Core code is accidentally pushed to a The development network segment is isolated from the
During the Reporting Period the Company conducted a total of three special intellectual property training sessions covering core topics General col- personal repository; external network. Exclusive keys are dynamically gener-laboration and
such as the intellectual property management system regulatory standards and patent mining clarifying the boundaries of responsibilities ated and writing them into the code repository is strictly data leakage Hard-coded credentials in code lead to
of each department and effectively enhancing employees' awareness of intellectual property protection and professional capabilities. prevention prohibited;leakage Establish a CI/CD inspection mechanism
Key Performance
A total of with a total training duration of Delivered product dependency compo-
Operation of nents expose newly disclosed high-severity
Monitor vulnerabilities in SBOM components and trigger
148 participants received 888 vulnerabilities; emergency response;current network hours version Compatibility/security risks encountered on Advance the replacement plan for high-risk or discontin-
intellectual property training the customer site ued components
In 2025
4 22 2 Indicators and targets
new patents software copy- trademarks
were granted rights were added were registered Indicators and targets 2025 achievement status
A cumulative total of R&D product release rate ≥ 98% Actual release rate: 100%
88 219 16 Koal passed the GB / T29490-2023 Average productivity of R&D projects ≥ 100 lines of code/per- Actual average productivity:
patents were granted software copyrights trademarks were Intellectual Property Compliance son-day 151.33 lines of code/person-day
were obtained registered Management System Certification
Two new intellectual property applications filed in 2025 19 applications filed
Impact risk and opportunity management Target
10 intellectual property rights achieved
The Company has built a five-stage risk management process covering the entire lifecycle--"identification assessment response At least one intellectual property right is implemented each year implemented
monitoring and improvement" and strictly follows risk management systems such as ISO/IEC 27005. Based on core R&D innovation
scenarios and focusing on four core risk scenarios namely the use of internal AI tools the introduction of external open-source re-
sources general collaboration and data leakage prevention and the operation of live network versions we have established a risk At least three IP training sessions conducted annually for employees 3 sessions conducted in practice
management process and mechanism of "identification-assessment-treatment-monitoring-improvement." By leveraging targeted
measures such as tool management checklist guidelines and security access controls we will advance technology innovation safely Conduct at least one follow-up investigation per year into intellectu- 12 intellectual property tracking
while ensuring full compliance with laws and regulations thereby achieving a virtuous cycle of development characterized by man- al property infringement involving the Company's main products investigations were conducted
ageable risks seized opportunities and orderly innovation.
43 44Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Strategy and management approach
Product quality management
Key Performance Koal based on ISO 9001 Quality Management System and CMMI 5 Capability Maturity Model Integration Certification has formulated
institutional documents such as R&D Project Quality Assessment Measures (Draft) and Quality Management Manual. In 2025 in line
Annual R&D investment representing a year-on-year with our operational development and business process needs we revised and improved the Quality Management Manual optimized
amounted to RMB accounting for increase of procedures and the document structure further enhanced the efficiency of system operation supplemented weak links in manage-
95.60 ment and refined key control requirements to ensure that all quality activities were carried out in a standardized and orderly manner.million 26.74 % of revenue 8.25percentage points
The Company conducted internal audits and management reviews of the quality management system according to the annual
plan continuously improving the effectiveness and efficiency of management system operations and deeply integrating quality
control requirements into the entire business process. During the Reporting Period Koal experienced one quality liability incident
Number of R&D personnel Participated in the formulation of and related to products and services. In response to the user rights infringement incident involving NSAGClientSDK version 1.0.0 noti-
198 4 7 fied by the Ministry of Industry and Information Technology the Company swiftly completed emergency response actions such as national standards and seven industry standards in 2025
industry standards in 2025 removing the problematic SDK related to the HarmonyOS platform communicating and coordinating with the competent author-
ities and submitting a rectification application to the China Academy of Information and Communications Technology. Internally
Cumulatively participated in the the Company revised its R&D self-inspection red line checklist and the quality evaluation measures for R&D projects and designat-
accounting for formulation of and ed the primary responsible person for reviews. Externally the Company engaged with third-party compliance certification bodies
33.85 24 47 plans to join the SDK Security Ecosystem Alliance and is working with the Legal Department to improve product compliance legal % national standards industry standards statements thereby comprehensively implementing rectification and long-term compliance improvements.
Cumulatively participated in
the construction of more than Cumulatively won Qualifications and Certifications
20 systems for the China's 2 National Science and Technology
third-party digital certification centers Progress Awards
Obtained the ISO 9001 Quality Obtained the ISO 20000 Information Technol-
Management System Certification ogy Service Management System Certification
Product quality and safety
Obtained the CCRC Information Obtained the CMMI 5 Capability Maturity
Governance Security Service Level 2 Certification Model Integration Certification
Koal has established a sound product quality and safety governance system covering a full-dimensional governance framework of
policy development process standardization and organizational support effectively strengthening the defense line for product qual-
ity and safety. The Company established a Safety Leadership Group responsible for coordinating the formulation of the Company's Level 1 Assessment of Information Level 1 Assessment of Information Technology
safety strategic plans and annual safety work objectives and for reviewing and approving major safety investments safety systems Technology Innovation and Digital Innovation and Digital Intelligence Service
and emergency response plans thereby ensuring the security and compliance of delivered products. Intelligence Service Capabilities - Data Capabilities - Information Technology Innova-
Service Capability tion Project Implementation Capability
In 2025 the Company focused on deeply aligning the quality management system with the current state of operations and business
processes revised core systems such as the Quality Management Manual optimized the content structure reduced the subsequent
maintenance costs of the manual improved the operational efficiency of the system refined the closed-loop institutional system and
ensured that all quality and safety management activities were governed by rules and based on established regulations. Certified under the ISO 10015
Training Management System
45 46Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Full Lifecycle quality management
Koal focuses on customer needs key areas and Quality Management System for the Entire Product Lifecycle
core processes. Relying on the ERP system the
Company has established a quality manage-
ment system covering the entire product lifecy- Requirements Design Production Coding
cle including requirements design production
coding testing delivery and maintenance to Product requirements shall be reasonable Design shall ensure efficiency and During the production process products must be The code must comply with specifications
achieve standardized control throughout the stable and accurate prepared in accord- maintainability and high-level de- manufactured in accordance with guiding docu- emphasize secure design and pass unit test-
full project lifecycle and continuously provide ance with the CMMI model and templates sign shall be prepared in accordance ments such as Product Assembly and Production ing with test cases and results documented;
customers with high-quality products and and run throughout the product lifecycle; with CMMI templates; Manual Product Inspection Specifications Prod- Unit testing must cover key elements such as
services. The Company has strengthened the For projects related to system testing test- For Class A/B projects a separate uct Factory Release Inspection Checklist Product
Protection Operation Instructions the test object inputs and results.management of reviews at all project stages fully ing personnel shall participate in require- high-level design shall be prepared so as to ensure
recording review comments clearly defining ments reviews to ensure the testability of and reviewed through a "formal in- the delivery of conforming products.responsibilities corrective actions and deadlines requirements. spection."
for identified issues and implementing full-pro-
cess tracking and closed-loop management. The
Company strictly enforces standardized project Maintenance Delivery Test 测试
change management procedures ensuring full
control over application approval implemen- Management and control are carried out After the product arrives at the user For integration testing tests are performed after functional acceptance. For Class A/B projects separate test cases
tation and verification processes. It routinely in accordance with Monitoring and Meas- site product shelving installation and defect lists must be created; configuration administrators review delivery compliance.conducts deviation analyses regarding progress uring Equipment Control Procedures and adaptation commissioning and
Equipment Maintenance Regulations with other work are required to be carried For system testing test cases must cover requirements and test reports must be reviewed; QA checks the com-quality and cost promptly tracing the root caus-
es to correct deviations and prevent the spread regular product maintenance conducted. out in accordance with guidance
pleteness of testing documentation.of risks thereby comprehensively ensuring that documents such as Product Delivery Integration testing execution requirements are emphasized to verify functionality of modules interfaces and data
projects proceed with high quality and according Process and Implementation Plan transmission accuracy ensuring compliance with system design specifications and enabling more efficient issue
to schedule throughout their entire lifecycle. and user satisfaction is collected. detection and localization.Product testing and recall Dimension Measures
The Company has established policy documents such as Testing Operation Manual and Quality and Safety Requirements for Com-
pany Products and Software Deliverables which clearly stipulate all aspects of our software testing including test classification We implemented the DevSecOps agile security process breaking down barriers between
test objectives test design test procedures test acceptance criteria and main evaluation methods. These documents require Process development and security atomizing security capabilities and embedding them into the
testing be conducted on different types of objects according to the various stages of the software lifecycle. Before a product is re- optimization CI/CD pipeline achieving "code as inspection commit as audit" and enabling real-time
leased it must meet the "Level 1" requirements of internal security testing before it can be delivered. interception of security risks without compromising R&D efficiency.In 2025 Koal focused on enhancing the efficiency of quality inspection and full-process control advancing two key initiatives
namely testing personnel involvement at an earlier stage and automated testing and driving a shift in quality inspection from
ex post remediation to ex ante prevention and process control. Testing personnel are embedded into the R&D production line to We built a dynamic sensing and holistic monitoring system established a panoramic SBOM
participate early in all development stages and conduct synchronized testing empowering R&D from a customer perspective and view introduced externally sourced threat intelligence updated daily proactively identified Monitoring
identifying product optimization opportunities; automated testing is developed in parallel to improve testing efficiency and accu- newly disclosed vulnerabilities in open-source components cut off supply chain risk trans-system
racy. The successful advancement of testing personnel involvement at an earlier stage and automated testing effectively reduced mission paths and ensured that the introduction of third-party components was secure
product costs improved testing efficiency and product qualification rates shortened the R&D cycle and laid a solid foundation for and controllable.the high-quality development of products.Meanwhile the Company formulated Control Procedure for Nonconforming Products to guide the identification and control of We established standardized security baselines and self-inspection mechanisms issued
nonconforming products generated at each stage. For nonconforming products discovered after delivery to customers or after use Employee enterprise-level secure coding standards and inspection baselines and provided self-test
has commenced we verify the specific circumstances and determine whether to notify customers for a recall so as to prevent the empower- toolkits to shift security gates left to developers' desktops empowering all employees to
unintended use or delivery of nonconforming products. During the Reporting Period the Company did not experience any product ment help developers strengthen the first line of defense for code security reduce rework costs
recall incidents. and improve intrinsic code quality.Code security enhancement
We strengthened security verification of core assets and implemented dual penetrating
In 2025 Koal focused on enhancing product code security by comprehensively implementing a new DevSecOps system that placed Core inspections for key products through static tool scanning + expert manual auditing con-
equal emphasis on "shifting security left and defense in depth." Through multidimensional control measures we achieved full-pro- protection ducting in-depth investigation of underlying architecture and algorithm logic to identify
cess control of code security strengthened the intrinsic security of product code fulfilled our product security responsibilities and deep-seated hidden risks and ensure the absolute security of business assets.practiced the concept of sustainable development in the field of digital security through technology innovation.
47 48Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Develop a quality culture * Establish and improve the review procedures and audit oversight mechanisms for quality-related
The Company attaches great importance to fostering and building a quality culture. It integrates quality concepts into every aspect of marketing materials and specify that all marketing materials involving product quality may only be
corporate operations continuously improves the quality training system and works to enhance quality awareness among all employees Quality-relat- released after approval by authorized company management personnel;
thereby empowering improvements in management effectiveness and product quality optimization through quality control. During the ed marketing
Reporting Period the Company incorporated quality training into the core modules of new employee onboarding training systematically compliance * Regularly conduct special audits on responsible marketing covering the entire process of quality-
explaining content such as quality control standards position-specific quality requirements and quality compliance standards to new risks related promotion as well as relevant departments and partner service providers and seriously pursue
employees thereby achieving comprehensive cultivation and foundational integration of quality concepts among new employees. accountability for non-compliant promotional conduct in accordance with laws and regulations.Supply chain quality management and control
Koal attaches great importance to supply chain quality control. We require suppliers to obtain ISO9001 Quality Management System * Increase investment in technology R&D to address shortcomings in core technologies;
certification establish a sound quality management system and by signing the Supplier Product Quality Assurance Agreement with
suppliers clarify the specific requirements of both parties in terms of quality responsibilities issue handling and implementation of recti- Internal quality * Improve the quality management system to eliminate control blind spots;
fication so as to ensure consistency in quality throughout the entire chain from source to end terminal. The Company regularly conducts control risk
supplier quality-related training and exchanges to promote suppliers' accurate understanding of product quality requirements and con- * Promote information-based and standardized operations to enhance the precision of quality control.tinuously improve the overall quality level of the supply chain.Case Advancing the ESG Collaboration Project for the Network Equipment Supply Chain * Dynamically track updates to quality-related system standards and regulations and promptly
External quali- optimize quality management processes;
ty compliance
In 2025 Koal worked with a certain cloud service provider to advance a network equipment supply chain collaboration pro- * Strengthen quality compliance training for all employees to ensure that the quality management
ject. Focusing on the three dimensions of environmental quality and safety and compliance governance we carried out risk system remains continuously aligned with compliance requirements.targeted special self-inspections covering key stages such as the development of environmental protection systems material
safety certification and cybersecurity management thereby establishing a closed loop for product quality improvement fea-
turing "systematic self-inspection + precise rectification." * Deepen the cultivation of a quality culture and optimize quality control processes based on a high-quality
We enhanced environmental management of secondary suppliers by refining environmental access standards improving cer- Internal quality management system;
tification verification processes and implementing stricter incoming material inspections thereby steadily increasing the pro-
portion of green production among suppliers. Focusing on quality and safety we improved network equipment security base- strengths and * Leverage our innovative corporate culture to encourage quality improvement and technology innovation;
line inspection processes and established a full lifecycle quality traceability mechanism significantly increasing the incoming opportunities * Capitalize on our R&D strengths in low pollution and low energy consumption to enhance the level of green
material qualification rate while substantially enhancing product security redundancy and supply chain risk resilience. After
full-process self-inspection and rectification the Company's supply chain ESG management processes became more stand- quality control.ardized and our capabilities in sustainable supply chain risk forecasting full-life-cycle compliance control of materials and
the implementation of green cooperation standards all improved markedly providing strong support for the achievement of
the annual ESG development goals. * With quality as our core competitiveness accelerate domestic market expansion and the development of
External
market new customers;
Hazardous substance management opportunities * Integrate the advantages of quality management into marketing and promotion and enhance customer
trust through a compliant and reliable quality image.Koal strictly complies with the requirements of laws and regulations industry standards and international conventions related to haz-
ardous chemical substances such as RoHS and REACH. In conjunction with customer specification requirements the Company has
formulated a series of management systems including Hazardous Substance Management Manual and Compendium of Hazardous
Substance Management Procedure Documents to clarify the control requirements for chemical substances during the production and * Leverage the opportunities arising from breakthroughs in service areas and concurrently formulate
use processes and continuously improved and dynamically updated the chemical substance inventory. The Company strictly identi- Quality quality control standards and processes for the corresponding areas;
fied prevented and exercised whole-process control over hazardous substances in accordance with the requirements of its systems enhancement
and conducted hazardous substance compliance investigations and third-party testing based on relevant standards to ensure that all opportunities
* Strengthen quality training and supervision in new areas and seize market opportunities with high-
products we produced and delivered complied with laws regulations and customer specification requirements. standard quality services.Impact risk and opportunity management
To ensure the compliant and effective operation of the quality management system Koal has established a full-process management Indicators and targets
mechanism of "risk identification - opportunity discovery - precise response" systematically identifying internal and external risks and
opportunities in the quality field and formulating scientific and feasible response measures for the identified risks and opportunities
thereby providing solid support for the steady improvement of the quality of our products and services and our compliant development. Indicators and targets 2025 achievement status
* Strengthen quality control throughout the entire process and advance "testing personnel involvement at Average defect density of submitted product test versions
Direct an earlier stage" and automated testing;
Actual average defect density: 11.33/KLOC
< 20/KLOC
quality risks * Improve the quality training system and enhance quality responsibility awareness among all employees;
* Establish a quality risk early warning mechanism and promptly address potential quality issues. Test software reconfirmation rate ≥ 90% Actual reconfirmation rate: 100% Target
achieved
* Strictly implement the quality standards integrating ISO9001 and CMMI Level 5; Product production process error detection rate < 10% Actual error detection rate: 2.67%
Indirect * Establish a customer user feedback mechanism to optimize product safety performance in a
quality risk targeted manner;
* Strengthen education on quality compliance and safety responsibilities in employee training. Audit completion rate for completed project tasks ≥ 98% Actual audit completion rate: 100%
49 50Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Customer relationship management Dimension Specific measures and service effectiveness
Governance In response to government user needs we leveraged AI technology to build a real-time online system operation and maintenance monitoring platform enabling timely alerts for anomalies. With the sup-
Technology
Koal has established a hierarchical management model featuring high-level coordination dedicated responsibility and collabora- empowerment port of large AI models we conduct root cause analysis attempt self-repair or provide solution refer-
tive linkage clarified customer relationship management responsibilities at each level and formed dedicated service and techni- ences effectively improving response timeliness analysis completeness and accuracy while reducing
cal support teams to ensure the efficient implementation of customer service and precise response. The Company has established operational manpower input.a comprehensive customer management system covering the entire customer service process. It has developed policies and
procedures such as the Customer Relationship Management System Customer Complaint Management System Koal Customer We established a comprehensive network protection assurance system forming dedicated support System
Service Hotline Handling Process Customer Service Hotline Handling Guidelines and Guosen 400 Hotline Technical Support Plan. development teams for major projects to provide full-process tracking services effectively ensuring service stability
These initiatives clarify customer service standards standardize service processes establish mechanisms for service oversight and and security while enhancing professionalism and precision in major project support.continuous improvement regulate various service practices manage risks associated with customer service and drive continuous
Process We deeply optimized internal service processes and significantly improved cross-departmental col-
improvements in customer service quality and response efficiency. upgrade laboration efficiency effectively shortening response times and enhancing overall service efficiency.Strategy and management approach Demand We established a multi-dimensional user feedback mechanism to promptly collect and understand user
Customer service responsiveness needs make targeted improvements to service details and comprehensively enhance customer satisfaction.Customer service management
The Company has formulated a customer service management system clarifying the full-process standards for pre-sales in-sales
and after-sales services and implementing systematic management throughout the entire customer service process. This covers Listening to customer needs
key aspects such as after-sales service requests and handling hardware warranty services software defect handling product in-
spection services customer complaint handling and system upgrades. We remain committed to customer satisfaction as our goal Koal attaches great importance to customer concerns and feedback. It has established Key Performance
and provide customers with high-quality efficient and flexible professional services. normalized customer communication mechanisms and communication processes re-
sponded promptly handled various customer issues efficiently strengthened the investi- Number of product and
gation handling tracking and supervision of customer complaint incidents conducted service complaints
* Conduct market research and customer development and identify target customers through review and analysis of various opinions and issues raised by customers advanced targeted
industry analysis competitor research and customer profiling; improvements and optimization ensured that customers' reasonable needs are respond- 0
Pre-sales * Conduct needs analysis and in-depth communication to accurately grasp key information such as ed to and met in a timely manner and continuously improved customer satisfaction.customers' pain points budgets and timelines;
* Develop personalized solutions based on customer needs.Receive customer complaints through mul- Customer service personnel or rele- Based on complaint categories severity
tiple channels such as the customer service vant department heads conduct a pre- levels and involved areas complaints
* Standardize project implementation management complete product manufacturing or service hotline email and customer service desk; liminary assessment of the complaint are accurately assigned to relevant
preparation in accordance with standard procedures track implementation progress supervise quality and Upon receipt of a complaint customer service clarify the nature and urgency of the departments or specialized teams
In-sales communicate with customers in a timely manner; personnel meticulously document all details complaint and determine whether it with clear responsibilities and handling
* Standardize logistics and delivery management coordinate transportation arrangements provide on-site including the complainant's basic informa- needs to be handled immediately or timelines defined.support such as installation and commissioning and operation training and enhance customer experience. tion specific issues raised time of complaint transferred to the corresponding de-
and the expected resolution sought. partment for processing.* Conduct customer follow-up visits and collect feedback. Regularly follow up by phone email Complaint Preliminary Assignment
and on-site visits to understand product usage and service experience and identify improvement reception analysis
directions based on satisfaction surveys and complaint records;
* Strengthen technical support and issue resolution. Provide free maintenance and warranty
After-sales Summary and Follow-up Investigation services during the contract period and remote technical guidance and establish a rapid response improvement and feedback and resolution
mechanism (e.g. 24/7) to ensure efficient response;
* Deepen customer relationship maintenance and continuously improve customer satisfaction Review and summarize the entire complaint After solution implementation The responsible person conducts a detailed inves-
through regular visits. handling process conduct an in-depth anal- follow-up visits are conducted tigation into the complaint issues comprehensive-
ysis of the root causes of complaints and the with customers to assess satis- ly understands the specific circumstances of the
problems and deficiencies in the handling faction with the resolution and issues collects relevant evidence and information
process and prepare a review report; confirm that issues have been and formulates a reasonable solution;
Optimizing customer service Optimize service processes and improve fully resolved. The responsible person proactively communicates
The Company continuously advances key improvement projects and continuously optimizes the customer service system. During management systems based on the review the solution with the customer fully solicits the
the Reporting Period the Company improved service efficiency and service quality across multiple dimensions including tech- results reduce the occurrence of similar customer's opinions and ensures that the solution
nology empowerment system development process upgrades and demand response helping us establish a high-quality service complaints at the source and continuously aligns with the customer's demands and obtains
brand image in the industry. improve service quality. the customer's recognition.
51 52Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Customer satisfaction
The Company conducts customer satisfaction surveys every year. Key Performance Improve approval mechanisms and strengthen compliance safeguards
After technical support personnel complete on-site customer
service they promptly collect the customer-completed satisfac- Customer satisfaction Customer satisfaction with the qual- We established a closed-loop compliance approval mechanism for major contracts to strengthen compliance control
tion survey forms. The survey covers satisfaction with the service rate for customer service ity of the Company's products over key marketing stages. After business departments initiate major contract approvals the Compliance Department
provided and satisfaction with product quality. After collecting 98.6 98.8 conducts specialized reviews. If approved the process proceeds to subsequent approval stages and final execution; if customer satisfaction information the Company systematically % % not approved revisions are required before resubmission. This full-process compliance mechanism ensures effective
summarizes and conducts in-depth analysis of the survey results implementation of responsible marketing.formulates and implements targeted improvement measures
continuously optimizes product performance and service stand-
ards and continuously enhances customer satisfaction.Strictly control content authenticity and ensure product compliance.Case Koal's Government Cloud Security Operation and Maintenance Services Received High Praise We strictly control compliance in marketing content and product promotion. All products and materials provided to
customers are accompanied by certifications from authoritative institutions. All disclosed customer cases include
traceable customer names and contact information and are rigorously verified for authenticity. When our products
In January 2026 Shanghai Koal Software Security Technology Co. form part of a complete information system with other customer products they must be certified by authoritative bod-
Ltd. a subsidiary of the Company received a letter of appreciation ies before activation ensuring full compliance in product application.from a major data center in Shanghai. The letter highly commended
the Company's operation maintenance and security support servic-
es provided to its Government Affairs Cloud platform in 2025 recog-
nizing the team's strong technical capabilities in ensuring secure sta- Strengthen personnel management and standardize communication
ble and efficient platform operation. In the future the Company will
continue to deepen its presence in the digital security field refine its We regularly conduct specialized responsible marketing training for marketing personnel and partner service providers
technical capabilities and optimize service quality. We look forward clarifying behavioral guidelines and operational standards. All external communications must strictly follow approved
to strengthening cooperation with customers and working together messaging avoiding false exaggerated outdated ambiguous or undisclosed information. Meanwhile we publish
to continuously inject security momentum into digital government monthly product updates regularly sharing product iterations and certification updates and compile the Koal Stand-
development. ard Product Catalog to provide accurate and comprehensive product information for all departments and marketing
personnel ensuring timeliness and accuracy of communication.Letter of Appreciation from a Customer
Responsible marketing Improve supervision and assessment to ensure accountability
Koal strictly complies with relevant laws and regulations and industry standards in the regions where it operates comprehensively We have established a comprehensive supervision and assessment mechanism for responsible marketing incorporat-
promoting standardized management of responsible marketing. The principles of responsibility are embedded throughout the en- ing implementation performance into departmental KPIs and employee evaluations. Reporting channels are set up for
tire marketing process to safeguard customer rights and brand credibility ensuring compliant orderly and sustainable marketing internal and external supervision continuously enhancing social responsibility and sustainability of marketing activities.practices. During the Reporting Period the Company did not experience any major violations related to marketing.Standardize marketing principles and incorporate them into institutional systems
Key Performance
We fully integrate responsible marketing requirements into all operational processes clearly defining compliance
boundaries and ethical standards across scenarios such as advertising customer communication and brand collabo- Total responsible marketing training duration total number of participants in responsible marketing training
ration. False advertising excessive marketing and inappropriate targeting of vulnerable groups are strictly prohibited.These requirements are incorporated into our core ESG management system to promote standardized and normalized 7242.7 hours 5711
responsible marketing practices. In addition we formulated the Koal Product Pricing Management Measures (Trial)
clarifying processes for pricing execution evaluation and adjustment. Quotations below standard pricing are subject
to progressively higher approval levels standardizing marketing personnel's pricing behavior.
53 54Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Impact risk and opportunity management Confidentiality Work Leading Group
We attach great importance to risk management related to customer relationship management. We have established a full-process The Leader of the Leading Group is the General Manager who assumes overall leadership responsibility for the
risk management mechanism covering "risk identification assessment and control". Potential risks related to customer qualifica- Management Company's information security and confidentiality work;
tions compliance and demand matching are regularly identified and assessed. Through tiered assessments we determine risk levels body The Deputy Leader is the Chief Confidentiality Officer who assumes direct leadership responsibility for confidenti-
and have formulated relevant policies including the Regulations on Reporting Major Customer Service Incidents and Emergency ality work within the Company;
Response. We implement targeted measures—such as eligibility reviews dynamic monitoring and coordinated communication—to Members include Deputy General Managers heads of various departments and the Director of the Confidentiality Of-
fice who assume direct leadership responsibility for confidentiality work within their respective areas of responsibility.mitigate risks associated with customer management.We strictly comply with laws regulations and industry standards in operating regions establishing rigorous review processes and Confidentiality Office
responsible marketing material approval and supervision mechanisms. All disclosed marketing materials must be approved by au-
thorized personnel. Regular training covers all marketing processes departments and partner service providers. Violations are strictly The office is responsible for confidentiality supervision and inspection confidentiality risk assessment
investigated and addressed in accordance with laws and regulations ensuring full coverage of responsible marketing management. investigation and handling of confidentiality breaches and confidentiality archives management.General Office and Operations & Maintenance Team
Indicators and targets The General Office is responsible for the Company's information management control of key confi-
dentiality areas centralized management of state secret carriers and classified materials regulation
Execution of foreign-related activities and classified meetings and implementation of information security and
Indicators and targets 2025 achievement status body confidentiality requirements in news publicity;
An Operations & Maintenance Team is established under the General Office responsible for the daily
operation and maintenance of the Company's information systems and related equipment ensuring
Customer service satisfaction rate ≥ 95% Actual satisfaction rate: 98.6% system stability and reliability and strengthening the technical defense line for information security.Other functional departments
They are responsible for promoting and implementing information security and confidentiality work
Customer satisfaction with product quality ≥ 95% Actual satisfaction rate: 98.8% within their respective departments.Head of the Confidentiality Work Leading Group: General Manager
Target
Survey response rate > 80% Actual rate: 100%
achieved Deputy Head of the Confidentiality Work Leading Group: Chief Confidentiality Officer
Members: Deputy General Managers Department Heads
Training plan completion rate ≥ 95% Actual rate: 100%
General Office
Sales contract review rate = 100% Actual rate: 100%
Operations & Main-
tenance Team
Koal's Information Security and Confidentiality Work Organizational Structure
We strictly comply with Cybersecurity Law of the People's Republic of China Data Security Law of the
Information security and privacy protection People's Republic of China Personal Information Protection Law of the People's Republic of China Na-
tional Security Law of the People's Republic of China and Administrative Measures for Data Security in
the Industry and Information Technology Sector (Trial) among other applicable laws and regulations.Governance We have formulated policies and management standards such as the Information Security Manage-
ment System Manual Network and Information Security Management Policy Confidentiality Work
We have established a comprehensive information security and privacy protection management structure building a hierarchical Guidance Manual and Confidentiality Assessment Rewards and Penalties System thereby establishing
responsibility system with clearly defined departmental responsibilities. Through regular coordination meetings responsibilities a comprehensive information security management system. During the Reporting Period we revised
are effectively implemented at all levels forming an efficient joint defense mechanism characterized by centralized coordination and implemented multiple institutional documents closed management gaps established a compre-
and grassroots collaboration. hensive policy framework strengthened end-to-end risk control improved security incident response
efficiency significantly reduced the network attack surface and promoted centralized allocation of de-
fense resources achieving seamless integration between routine protection and emergency response.
5556
Confidentiality
Office
Human Resources
Department
Finance Departmen
Quality Manage-
ment Department
Technology R&D
Department
Project Manage-
ment Department
Marketing
Department
Special Business
DivisionKoal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Strategy and management approach
To continuously enhance information security and privacy protection Koal carried out relevant work in areas including information security
management security certification and audit security technology upgrades privacy data protection and security culture development in
accordance with applicable laws regulations and internal management requirements continuously improving management mechanisms * No department is allowed to independently set up networks. Network deployment
and safeguard measures. is centrally implemented by the General Office after feasibility assessment;
Cybersecurity * Any unauthorized modification of IP addresses or connection methods is strictly Information security management management prohibited. Access by external personnel to the Company's internal network
We adhere to the principle of "security first prevention as a priority." Based on domestic and international regulatory requirements and general infor- systems is strictly controlled.mation security management system standards and drawing on industry best practices we have established a comprehensive information security
and privacy protection management system and continuously improved the security management system for critical information infrastructure. We
implement information security management measures across systems organization personnel construction and operations while leveraging ad-
vanced technologies to ensure data integrity and availability thereby comprehensively safeguarding internal information security.* The Company provides computer equipment for internal use. Employees are not
Service Support System allowed to replace or dismantle equipment without authorization and must maintain
Equipment a clean safe and proper working environment;
Security Policy System Security Technology System safety
management * Employees must strictly comply with operating procedures for computer use
Security Strategy Pre-event Control including startup and shutdown protocols and are responsible for the security of
Security Organization Resource Resource Authori Dynamic Trusted Resource Trusted Trusted Cryptographic the equipment they use.Object Management zation Control Authentication Marking Services
Asset Management In-process Protection
Data
Control Data Flow Control Centralized Data Control
Transparent Data
Encryption/Decryption * Important work files must not be stored on the C drive (including the desktop).Application They must be regularly backed up and centrally stored on designated departmental Application Access Application Access Application Code
Security Authentication Control Signing folders on the Company's file server with each department responsible for review
and security management;
Cryptographic Application Data Flow Verification Behavior Accountability
Incident Management Encrypted * When employees leave their positions their work materials must be copied to the
Boundary Boundary Access Boundary Access Terminal Identity
Business Continuity file storage departmental folder by the department head;Security Authentication Control Authentication
Management * Important information files must be stored in encrypted form. Electronic certificates
Compliance Management Network Source Information Channel Transmission Anti-tampering of official documents and similar materials must include explanatory watermarks or
Security Organization Communication Encryption Protection Transmitted Information usage labels. Any leakage or loss caused by improper storage or use shall be borne
System
Anti-theft of Two-way Transmission Video Encryption fully by the responsible individual.Establishing Security Supervision Transmission Traffic Authentication and Compression
Management System
Terminal
Environment Trusted Terminal Marking Usage Object Marking
Integrated Identity
Authentication
* For sensitive information we follow the principles of "strict management rigorous
Terminal Cryptographic Trusted Program An- Local Cryptographic
Calculation Module ti-counterfeiting Operation Calculation Sandbox prevention ensured security" and operational convenience. We implement "triple
control" measures and "full-process control" to ensure secure and controlled
Post-event Response handling at all stages;
Implem Detection Monitoring Auditing Tracing Information * Information transmission must be handled by designated personnel in accordance entation Audit
confidentiality with regulations and transmission via ordinary postal or courier channels is strictly Scanning Penetration Testing
management prohibited;
Response Emergency Management Incident Handling * Before leaving a position or the Company employees must return all classified
Implem Improv
entation ement Recovery Recovery Mechanism Disaster Recovery Measures Continuity materials and complete confirmation procedures. Destruction of classified carriers
must be supervised by at least two persons and conducted at designated locations;
Security Operation System
* Dual agreements are signed with outsourced personnel to ensure data security.Situation Overview Risk Handling Risk Monitoring Security Enhancement
Asset Value Cryptographic Ob- Measure Plan Situational Risk Early Decision-making
Management ject Identification Selection Formulation Awareness Warning Suggestions
Security Risk Assessment Plan Implementation and Drill Risk Handling Risk Tracing Avoidance Knowledge Base
58
CryptographicApplications Professional
Definition
Cryptographic Support
Personnel Capabili-
ty Requirements
Trust System
Security Organiza-
tional Structure
CryptographyKoal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Information security certification and audit Information security technology
Koal continues to advance the development of infor- We actively promote upgrades and enhancement of information security technologies. Through multi-layered deployment and optimi-
mation security management systems and profes- zation across network application and data levels we effectively defend against large-scale cyberattacks improve incident response
sional certifications. As of the end of the Reporting efficiency ensure data security and business continuity and establish a comprehensive intelligent multi-layered protection system.Period we have obtained the ISO 27034 Application
Security System Certification ISO 27001 Information
Security Management System Certification as well as
professional service qualifications such as CCRC Infor- Strengthen multi-layered defenses and build a robust comprehensive barrier
mation System Security Operations and Maintenance
Service Certification and CCRC Information System At the network layer high-defense servers and intelligent traffic scrubbing centers are deployed; at the ap-
Security Integration Service Certification.plication layer WAF and code audits are used to prevent SQL injection and XSS attacks; at the data layer
In accordance with relevant regulations and internal encryption and integrity verification are implemented for data at rest and in transit.management systems we conduct regular audits of ISO 27034 Application Security ISO 27001 Information Security
information security policies and systems covering Systems Certification Management Systems Certification
four key areas: policy implementation technical
protection data security and compliance. By contin- Optimize threat detection and accelerate incident response
uously improving audit coverage optimizing special-
ized audit mechanisms establishing a closed-loop AI-driven threat intelligence analysis is introduced for proactive alerts on ransomware and automated bots;
"audit–feedback–rectification" management system RPA is deployed to counter large-scale crawling attacks; a 24/7 Security Operations Center (SOC) is estab-
and strengthening risk early warning capabilities we lished with regular emergency drills conducted.ensure the rigor and effectiveness of our information
security system and provide strong support for stable
business operations. In addition we undergo external
information security inspections from third parties Strengthen data security to ensure business continuity
such as government authorities on an irregular basis.During the Reporting Period we conducted one in- CCRC Information System Security CCRC Information System Security
ternal information security audit and underwent one Operation and Maintenance Integration Service Certification We strictly implement a "2-1" backup strategy and conduct regular data recovery tests. A zero-trust archi-
Service Certification
external information security review. tecture is adopted under the principle of "never trust always verify" enabling dynamic access control.Privacy and data security
Koal strictly follows the principle of "minimal data collection" in personal information processing. Customer data is systematically
stored in the ERP system and protected in terms of integrity and confidentiality through our comprehensive information security
Policy and system audit Technology and control audit Data Security and Privacy Audit Compliance audit management system. Access permissions are assigned based on roles key customer data is desensitized and certified commercial
cryptography products are used to ensure security protection.Verify the compliance of Evaluate the effectiveness of Review compliance of data Assess compliance against
processes for policy formu- technical measures such as classification storage en- national laws and industry
lation review approval firewalls and intrusion de- cryption transmission pro- standards identify gaps and
and communication and tection systems and verify tection and personal data promote corrective actions.assess implementation the implementation of ac- processing with regulatory Data backup Data flow control Encrypted storage
effectiveness. cess control and vulnerabili- requirements.ty management measures. We adopt cyclical full and incremen- Backup data files are strict- Encr yption is applied to
tal backup strategies to regularly back ly safeguarded to prevent sensitive fields such as per-
Koal's Information Security Policy and System Audit up data across all systems (including unauthorized copying or sonal information sensitive
internal networks operational plat- destruction. Unauthorized personal data and corporate
We regularly conduct confidentiality supervision and inspections for sensitive information and personnel. Confidential personnel forms portals corporate email ERP export of databases is strict- sensitive data.perform self-inspections every two months while departments handling classified work conduct monthly self-inspections. De- systems etc.) ensuring optimal data ly prohibited.partment heads implement and review confidentiality practices based on business characteristics. Quarterly inspections are con- recovery in case of system failures.ducted on departmental leaders' confidentiality responsibilities semi-annual inspections on responsible executives and annual
inspections on the General Manager. All inspection results are documented.
59 60Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Security development Information security culture
We integrate information security requirements into the entire product development lifecycle establishing a comprehen- We promote systematic and targeted development of information security and confidentiality culture embedding security
sive security management system to build an all-round protection framework for our products. awareness into employees' mindset and daily practices. This approach comprehensively enhances employees' confidenti-
ality literacy and information security awareness strengthening the cultural foundation of information security.We conduct security training through diversified formats such as online courses on-site lectures and simulation drills deeply
embedding security awareness among employees and fostering a culture of full participation and proactive protection. At the
Security requirements Security design same time we organize skills competitions and attack-defense drills to cultivate professional security talent and enhance prac-
tical technical capabilities thereby strengthening the talent foundation for sustained information security protection.Identify sensitive data based on security base- Translate security requirements into tech-
line checklists and determine protection levels; nical solutions based on security baselines; We revised the list of confidentiality-related positions clarified role classifications and responsibility boundaries and
Define compliance requirements such as Conduct peer reviews to ensure full cover- strengthened full-process management of personnel with access to confidential information. We also developed and dis-
Grade Protection 2.0 and industry standards. age of security requirements. tributed confidentiality awareness manuals established an online learning platform and built a tiered assessment system
to carry out integrated online and offline training programs. During the Reporting Period we achieved 100% coverage of
confidentiality training a participation rate of 99.5% and a pass rate of 99.2%. All non-compliant personnel achieved com-
pliance after rectification effectively fulfilling differentiated training objectives for confidentiality-related personnel and
Security testing Security development general employees.Improve the security testing framework by Strengthen security training to enhance
enhancing test case design and multilingual employees' awareness and capabilities; Key Performance
secure coding examples to ensure rigorous Establish a normalized code audit mech-
and effective testing; anism (self-check + static tool scanning + Total information security Total number of participants in training duration information security training
Combine tool-based scanning with manual manual review);
penetration testing to ensure compliance with Implement comprehensive open-source 2 hours 160
security baselines; governance (full lifecycle management +
Integrate penetration testing into the release vulnerability and license scanning) to en- Number of confidenti- Total confidentiality Total number of participants ality training sessions training duration in confidentiality training
process (for key projects) to strengthen pre-re- sure product security and compliance;
lease security assurance; Apply AI-assisted security development 7 3800 hours 600
Add pre-release host inspections to ensure technologies such as intelligent coding as-
compliance with security hardening guidelines. sistants for security issue remediation.Impact risk and opportunity management
Security deployment and operations We attach great importance to information security risk management by establishing a professional emergency response
team and formulating policies such as the Information Security Risk Management Procedures Confidentiality Man-
Harden products and operating environments in accordance with security hardening guidelines; agement Policy and Emergency Response Plan for Information Leakage Incidents . This forms a full-cycle information
Strengthen vulnerability governance of existing system components (daily updates of the latest open- security risk management system characterized by closed-loop processes controllable risks and efficient response.source component vulnerabilities are pushed to products) thereby reducing potential security risks; Through standardized and well-defined risk management processes we accurately identify potential information secu-
Establish a vulnerability early warning and response process to track product vulnerability risks and rity risks and implement targeted control measures to build robust protection barriers. At the same time we establish
implement graded emergency response measures based on risk levels. comprehensive emergency response procedures and mechanisms conduct regular practical drills and comprehensively
prevent and mitigate various information security risks ensuring stable business operations and core data security. Dur-
ing the Reporting Period no major data leakage or information security incidents occurred. One information security or
attack-defense emergency drill was conducted.
61 62Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Risk identification Risk analysis Risk assessment Risk disposal
For all identified as- After risk identifica- Based on established Control requirements are strictly imple- * Anomaly discovery: Monitor server anomalies (such as hacker attacks abnormal processes etc.) and
sets risk identification tion the potential risk criteria risk anal- mented for identified risk points and Incident make a preliminary judgment as to whether an intrusion or information leakage has occurred.is conducted based impact of risks is ysis results are com- corrective measures are carried out item discovery * Internal reporting: Immediately report the basic details of the incident to the direct supervisor or the
on confidentiality in- analyzed and de- pared to determine by item to reduce the likelihood of risk and information Operations & Maintenance Team to ensure timely communication of information.tegrity and availability scribed and risk w h et h e r r i s k s a re occurrence; reporting * Evidence preservation: While reporting properly preserve relevant logs screenshots or files to provide
requirements and a values are calculat- acceptable or require
risk inventory is estab- ed using relevant treatment and the We conduct research on confidentiality a basis for subsequent investigation.lished. methodologies. entire risk assessment risk assessment management continu-
process is document- ously improve confidentiality manage-
ed and archived. ment capabilities and proactively identify * Preliminary analysis and classification: Upon receiving the report conduct a preliminary review of the and control various confidentiality risks. nature of the incident determine whether it is a genuine security incident and activate the corresponding level
Information Security Risk Management Process of response plan based on the severity of the incident (such as scope of impact and data sensitivity).Preliminary
response * Emergency plan activation: After confirming an intrusion or leakage immediately activate the emergency
response plan.* Business impact assessment: Determine whether the affected server is a critical business node and without
affecting business operations immediately take the server involved offline.* Investigation and verification: Departments such as the information Operations & Maintenance Team the
Confidentiality Office or the Information Security Management Office take the lead in conducting investigations
Risk type Mitigation measures reviewing database operation logs server processes network logs and suspicious files to confirm whether
information leakage has occurred and identify the cause of the incident the scope of impact and the
External attack risks: These include hack- Closed-Loop vulnerability management: Establish Investigation and leak responsible party.ers exploiting system vulnerabilities to an "identify–assess–remediate–verify" process re- confirmation * Critical evidence preservation: Back up all logs malicious files and attack traces. In severe cases escalate the
gain unauthorized access phishing attacks quiring high-risk vulnerabilities to be resolved within matter to appropriate law enforcement authorities.
24 hours.
disguised as internal emails or legitimate * Leak Source Identification: Analyze the leaked data to precisely locate the source of the leakage (such as the
software and ransomware attacks that en- Ransomware protection: Implement a "2-1" backup attack path and vulnerability points) and promptly remediate security weaknesses at the earliest possible time.crypt core data and demand payment. strategy (two types of media one offline copy) and
deploy dedicated anti-ransomware tools.Internal security risks: These include acci- * Threat elimination: Remove viruses trojans and attack files. Implement security measures on compromised Data loss prevention: Monitor and control the
dental misoperations by employees (such transmission of sensitive data via endpoints Emergency servers. Conduct thorough checks on all connected systems to prevent pivot attacks or secondary leaks.as mistakenly sending confidential files or email and cloud storage. handling and * System fortification: Update all vulnerability patches implement encryption for core data rectify high-risk
connecting to public WiFi) malicious data system systems and establish security baselines.Permission lifecycle management: Implement recovery
leakage for personal gain or retaliation * Recovery and enhanced monitoring: Restore network connections after confirming system security. automated permission request and revocation
and excessive permission accumulation Implement heightened monitoring protocols with particular emphasis on database access logs.processes with regular permission audits.due to poor access management.Full lifecycle system management: Establish
graded evaluation and decommissioning mech- * Incident documentation and archiving: Compile detailed incident reports documenting leaked content System and compliance risks: These
anisms for legacy systems; implement isolation potential harm mitigation measures implemented and responsible personnel involved.include legacy systems with unpatched protection for irreplaceable systems; enforce * Compliance Reporting: Ensure responsible departments submit written reports to the Company's
vulnerabilities due to discontinued vendor code review and vulnerability scanning for Confidentiality Office and leadership group within 24 hours of leak discovery. The Company must provide written
support and vulnerabilities in self-devel- self-developed systems. Post-Incident notification to the Shanghai Secrecy Administration Bureau within 24 hours and submit investigation results within
oped systems caused by coding defects. management Compliance and vulnerability mitigation: Con- three months.and compliance
duct regular compliance self-inspections im- * Internal leak handling: For unintentional leaks follow established virus handling procedures for equipment and Reporting
plement temporary protective measures for un- intensify employee training programs. In cases of intentional leaks restrict involved employees' account privileges
patched systems and coordinate with vendors collect log evidence and in severe cases refer the matter to relevant national authorities for further action.or technical teams to remediate vulnerabilities. * Corrective measures: Update security policies strengthen employee training and optimize the technical
protection system.* Continuous improvement: Regularly conduct emergency plan drills and critically assess and revise operational
Risk Identification and Mitigation Measures procedures as needed. Implement encryption storage and leak prevention measures for all critical data.Information Security Incident Emergency Response Process and Measures
63 64Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Indicators and targets Sustainable supply chain
In the face of increasingly complex cyber threats Koal focused on information security and privacy protection building a multi-lay-
ered intelligent and highly compliant protection system to ensure the continued and stable operation of our business strengthen Koal continued to improve its supply chain management system formulated and strictly complied with systems such as Supplier
the defenses for data security and personal information privacy protection translate relevant requirements into actionable and Code of Conduct Qualified Supplier System and Procurement Management Process standardized the supplier lifecycle manage-
measurable work objectives at all levels clarify implementation paths and achievement standards and link the assessment results ment improved the long-term communication mechanism with suppliers effectively prevented potential risks in the supply chain
of these objectives to management performance incentives thereby promoting the effective implementation of all tasks. continuously enhanced supply chain resilience and made every effort to build a compliant stable and highly resilient sustainable
supply chain system.Indicators and targets 2025 achievement status
Supplier lifecycle management
Enhance the defense capabilities of endpoint devices prevent
Strengthen endpoint
virus and ransomware attacks and safeguard data security Achieved Koal focused on the core objectives of standardized supplier management and ensuring supply chain stability and quality. In light
security protection
through technology deployment and data encryption. of the characteristics of the information security industry we established a standardized supplier lifecycle management system
covering the entire process from access classification evaluation to exit effectively ensuring compliant stable and high-quality
Improve security Establish real-time monitoring mechanisms optimize emergency operation of the supply chain.monitoring and response processes and team capabilities and reduce the risk of Achieved
emergency response business disruption.Conduct security training covering phishing attack identification Supplier admission Graded and classified
Enhance employee and assessment management
password management and other topics to reduce vulnerabili- Achieved
security awareness
ties caused by human operational errors. We define supplier access standards review core Based on dimensions such as material/service type
relevant conditions such as qualifications quality procurement amount and strategic importance sup-
Improve security policies strengthen supplier security assess- contract performance capability and financial status pliers are categorized into strategic key and general
Optimize compliance
ments and supply chain controls and ensure compliance with Achieved and through preliminary screening on-site evaluation types among others and differentiated management is
management
national and industry regulations. comprehensive quantitative scoring and joint approval implemented; combined with performance evaluation by multiple departments include qualified suppliers in results they are classified into grades such as excellent
the approved supplier list and establish dedicated files and qualified with supporting incentive or corrective
Promote technology Introduce technologies related to the zero-trust architecture to for them strictly controlling the access threshold. measures to precisely align with the Company's supply
innovation and Achieved
application enable dynamic access control and reduce internal threats.chain management needs.Complete revisions to confidentiality management systems and Regular evaluation Supplier exit
implement the compilation of business systems; prepare and and feedback
disseminate training manuals covering project processes con-
Optimization of We conduct annual performance evaluations of suppli- For suppliers with serious quality issues repeated fidentiality knowledge and other content; throughout the year
confidentiality Achieved ers quantitatively scoring them on core indicators such breaches of contract or violations of laws and regula-
systems and training conduct at least two confidentiality training sessions and one as quality delivery cost and service; establish a regular tions we implement exit procedures in accordance with
year-end examination for all employees conduct at least three communication mechanism to promptly convey require- established processes ensure proper handover and con-
training sessions for SM personnel and project personnel and ments and standards information; promote joint im- tingency arrangements analyze root causes and prevent
complete 15 class hours of training materials for SM personnel. provement with suppliers; and dynamically update the recurrence of similar issues thereby safeguarding supply supplier roster to ensure the vitality of the supply chain. chain stability and fully aligning with our compliance and
risk management requirements.Implement centralized management of inspections risk as-
Routine sessments and document receipt dispatch and circulation;
confidentiality complete two confidentiality inspections one risk assessment Achieved
management and confidentiality training and examination for new employees
Key Performance
upon onboarding.Complete all Company supervision and follow-up tasks as re- Total number of major suppliers total number of major domestic suppliers
Internal
quired; strengthen cross-departmental collaboration with the
implementation and Achieved
quarterly collaboration evaluation rated as qualified; no viola- 83 83
coordination
tions of regulations or discipline and no major quality incidents.
65 66Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Supply chain ESG management Enhancing supply chain resilience
The Company continuously strengthened supplier ESG management practiced the principles of sustainable procurement and To ensure supply chain continuity and stability Koal has comprehensively built a supply chain resilience enhancement system.built a sustainable supply chain. On the basis of ensuring business continuity we fully integrated ESG factors into the entire pro- Through two core measures namely end-to-end risk prevention and control and normalized supplier capability building we con-
cess of supplier admission and management and control driving upstream and downstream participants across the supply chain tinuously strengthened the supply chain's risk resistance and coordinated development providing solid supply chain support for
to collaboratively practice the philosophy of sustainable development. the stable operation of our business.The Company has established a sound ESG management system formulated the Supplier Code of Conduct and signed agree-
ments with suppliers such as the Partner Integrity and Honest Cooperation Agreement Supplier Environmental Responsibility Supply chain risk prevention and control
Agreement and Supplier Product Quality Assurance Agreement covering key areas including labor standards environmental re- Koal has established the Supplier Continuity Mechanism creating a comprehensive risk prevention and control system and standard-
sponsibility business ethics product quality and compliant employment. ESG requirements have been incorporated into the core ized procedures to effectively mitigate various risks including supply chain disruptions price increases and unforeseen incidents.assessment for supplier admission strictly prohibiting benefit transfers and regulating employment and environmental practices
effectively promoting suppliers to jointly practice the concept of sustainable development and continuously enhancing the sus-
tainability of the supply chain.Strengthen risk assessment and forecasting and build a solid first line of defense against risks
Supplier Code of Conduct We conduct supplier risk assessments across multiple dimensions including financial stability production base distribution
geopolitics and technological iteration; record high-frequency points of supply chain disruption; monitor incoming material
quality data from suppliers; and regularly review responses to quality issue handling with a focus on key suppliers and various
sudden risk points so as to comprehensively and accurately identify various potential risks across the supply chain.Human Strictly prohibit child labor forced labor and all forms of discrimination; comply with lo-
Rights and cal labor laws; safeguard employees' wages working hours and occupational safety; and
Labor Improve and diversify the supplier layout to reduce the risk of reliance on a single sourcestandardize employment management.For key materials or services we avoid reliance on a single supplier maintain two to three backup suppliers promote a geo-
graphically diversified supplier layout establish long-term strategic partnerships with core suppliers share risk response plans
and sign business continuity agreements to enhance the supply chain's resilience to fluctuations.Operate legally possess environmental qualifications standardize the disposal of the
Environmental
Protection "three wastes" promote cleaner production and resource conservation and cooperate Refine safety stock management and control to ensure continuous and stable supply
with the Company's green procurement requirements.Based on actual production needs we have established a safety stock of at least one and a half months for materials with
long procurement cycles and insufficient production capacity. We implemented a system of daily inventory inspections and
monthly stocktaking updates and established an inventory alert system and a coordinated supplier response mechanism to
Provide employees with a safe working environment and protective equipment safety proactively prevent the risk of supply disruption.Health
and Safety training formulate emergency response plans and provide qualified sanitation facilities to
safeguard employees' occupational health life and safety. Optimize the emergency response system and improve the effectiveness of risk handling
We closely monitor the qualification status and negative information of information technology service institution suppliers
(in line with the Company's information security attributes) clarify the processes for information reporting risk assessment
Business Adhere to integrity in operations strictly prohibit commercial bribery and transfer of ben- and emergency preparedness incorporate suppliers' contingency plans for emergency situations into the Company's overall
Ethics and efits cooperate with integrity supervision and jointly build a fair and clean cooperation emergency management establish a three-tier response process from Level 1 to Level 3 and rapidly address various types of
Anti-
corruption environment.supply interruption issues.Improve the sound performance management and control mechanism to drive the continuous optimization of the system
We continuously improve the management mechanism through KPI assessments risk reviews on-site audits and other
measures while identifying key supply chain nodes and formulating tailored prevention and control plans thereby advancing
the enhancement of supply chain resilience in a closed loop and strengthening the defense line against supply chain risks.Key Performance
Number of suppliers which have Number of suppliers which have Number of suppliers which have ob- Supplier capability building
obtained the quality management obtained the environmental manage- tained the occupational health and safe-
system certification: approximately ment system certification ty management system certification Koal attaches great importance to supplier training. In light of the characteristics of the information security industry and cooperation
80 10 2 needs we provide targeted training for suppliers to strengthen collaborative alignment between both the supply and demand sides. During the Reporting Period Koal conducted three training sessions for suppliers to help them fully understand the Company's phi-
losophy cooperation rules quality standards and business processes standardize cooperation practices enhance supply capabilities
and service standards improve supply efficiency and grow together.
67 68People-oriented
collaborative and
win-win outcomes
Employee rights and benefits
Human capital development
Occupational health and safety
Industry ecosystem development
Community engagement
Contributing to the UN 2030 SDGsKoal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Employee rights and benefits Key Performance
The Company strictly complies with laws and regulations related to labor protection comprehensively safeguards employees' law- Signing rate of labor contracts Social insurance coverage
ful rights and interests and adheres to fair employment equal treatment and standardized labor practices. The Company contin-
ued to improve its diversified benefits system kept employee communication channels open and paid close attention to employ- 100 % 100 %
ees' work-life balance. We safeguarded rights and interests through sound systems and conveyed care through benefits effectively
enhancing employees' sense of gain security and belonging.Labor and human rights management Diversity and equal opportunities
The Company strictly complies with the requirements of the International Bill of Human Rights ILO Conventions UN Guiding Principles The Company has consistently adhered to the philosophy of diversified talent development widely recruiting outstanding talent with differ-
on Business and Human Rights the Labor Law of the People's Republic of China and other relevant requirements and formulated poli- ent genders professional backgrounds cultural experiences and specialized skills.By integrating diversity we stimulate organizational vital-
cies and systems related to employee rights and human rights protection such as the Compendium of Human Resources Management ity uphold equal employment and fair competition eliminate all forms of discrimination and improper employment practices and strive to
Systems clearly stipulating our conduct in employment processes such as employee hiring onboarding management and separation foster an open inclusive equal and respectful working atmosphere providing every employee with a platform for growth and the full dis-
standardizing the identification of corresponding employment compliance risks as well as remedial measures and procedures for ad- play of their talents. During the Reporting Period Koal did not experience any complaint incidents related to discrimination or harassment.verse incidents and regularly reviewing and revising them to ensure consistency with the latest legal and regulatory requirements. We upheld gender equality provided female employees with fair compensation and benefits training promotion and career develop-
To systematically prevent human rights compliance risks the Company established a labor compliance risk identification mecha- ment opportunities eliminated the gender pay gap encouraged women to take on management positions and enabled them to fully
nism clarified the response procedures and corrective measures for negative incidents and strengthened the baseline for human realize their value. At the same time the Company protected female employees' maternity-related leave in accordance with the law
rights risk prevention and control. During the Reporting Period the Company carried out a comprehensive identification of human provided commercial maternity insurance and offered paternity leave to male employees advocating shared family responsibilities and
rights compliance risks clarified 45 core employee rights and human rights protection provisions and fully embedded employee creating a secure and stable environment for women's long-term career development. At the same time we deeply integrated diversity
rights protection and human rights risk prevention and control requirements into all aspects of production operations and man- into corporate governance. In the terms of reference of the Nomination Committee of the Board of Directors gender diversity was ex-
agement thereby achieving proactive prevention and closed-loop management of human rights risks. plicitly identified as a key dimension in candidate evaluation. The Company currently has one female employee director and two female
Senior Management members. The Company strives to increase the proportion of female directors to one-third before the re-election of
Checklist for Identifying HR Legal Standards the next Board of Directors and supports more outstanding female managers in joining the senior management team.Number
Legal standards of articles Main content
identified In 2025
All Company management systems and operational practices
Labor Law of the People's Republic of Employee discrimination Proportion of female Proportion of female employees Proportion of female senior
30 articles must safeguard workers' statutory rights including occupation-
China incidents employees in middle management management employees
al safety and health protection among others 0 Cases 20.85% 14.6 % 16.67 %
The formulation of labor quotas shall be scientific and reason-
Labor Contract Law of the People's
12 articles able ensuring that most employees can complete them within Number of ethnic minority Number of employees Return-to-work rate after parental
Republic of China
normal working hours etc. employees with disabilities leave
14 Persons 12 Persons 100 %
Criminal Law of the People's Republic
1articles It is strictly prohibited to force others to work by any means etc.
of China
Law of the People's Republic of China on Using violence threats or other means to force others to work Employee engagement and communication
Penalties for Administration of 1articles even if it does not constitute a criminal offense also constitutes
Public Security a violation of public security administration. The Company attaches great importance to employee communication and democratic participation fully respects employees'
opinions and reasonable appeals and actively fosters harmonious healthy and stable employee relations by maintaining smooth
communication channels improving the whistleblowing system and conducting satisfaction surveys thereby creating a positive
Labor security supervision and inspection cover the entire
Regulations on Labor Security Supervi- working atmosphere of equality and respect openness and transparency and smooth communication. During the Reporting Peri-
1articles process from recruitment to resignation from wages to social
sion and Inspection od the Company filed the 2025 Special Collective Contract on Wages 2025 Comprehensive Collective Contract and the 2025 Spe-
insurance and from working hours to special protection. cial Contract on the Protection of the Rights and Interests of Female Employees with government authorities ensuring employee
contracts were compliant and transparent and safeguarding employees' basic rights and interests.
71 72Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Open communication channels
The Company has established a de-layered multi-dimensional communication mechanism and built diverse accessible channels Case Employee Survey
for expressing opinions including on-site complaints to the Human Resources Department written complaints telephone com-
plaints as well as the general manager hotline and the general manager email encouraging employees to communicate freely In 2025 to comprehensively understand employees' awareness and evaluations of the Company's strategic positioning
across levels and offer suggestions and recommendations. At the same time the Company has continuously optimized the opinion organizational structure talent management compensation and benefits performance appraisal and incentive systems
feedback and handling process to ensure that every employee appeal receives a response and every matter is properly addressed the Company conducted a strategic and management follow-up survey through questionnaires. The survey covered
fostering a positive atmosphere of openness mutual trust and active participation. multiple dimensions including the clarity of the Company's strategy the rationality of the organizational structure the
smoothness of cross-departmental collaboration talent recruitment and retention the level of compensation and bene-
fits and the effectiveness of performance appraisal and incentive systems. A total of 613 questionnaires were distributed
Case Establish a Suggestion (Complaint) Mailbox in this survey and 524 valid questionnaires were collected. The survey results showed issues such as employees' insuf-
ficient depth of understanding and sense of identification with the Company's strategy as well as shortcomings in the
Company's compensation performance and incentive mechanisms. Going forward the Company will focus on these
In 2025 to further promote internal communication and encourage employees
areas and carry out corresponding management optimization and improvement.to actively participate in Company management we established a suggestion
(complaint) mailbox inviting every employee to put forward valuable opinions
and suggestions on the Company's operations management culture building Employee care
and other aspects. We committed to handling all suggestions confidentially
carefully considering and responding to each suggestion regularly organizing The Company integrates employee care into its daily management and development Key Performance
relevant departments to evaluate and discuss the collected suggestions and practices. By regularly organizing diverse cultural and sports activities such as cycling
adopting and implementing them based on actual circumstances. Employee Suggestion Mailbox events sports competitions and summer parent-child activities it enriches employ- Average number of paid
ees' lives and ensures they receive care and support in areas ranging from physical and vacation days per person
mental health working environment and living security to emotional well-being. The per year
Grievance reporting procedure Company also provides care and support to vulnerable groups including employees in difficulty and female employees fostering a warm inclusive and fulfilling workplace 8
Koal has established a transparent standardized and strictly confidential employee grievance and whistleblowing mechanism atmosphere and jointly building a warm and harmonious corporate family.that covers all full-time and part-time employees encouraging employees to promptly file grievances with their immediate super-
visors or the Human Resources Department when they experience any unfair treatment. The Company has designated personnel
to receive and handle employee grievances and whistleblowing incidents. The Human Resources Department serves as the griev-
ance acceptance center and together with the Internal Audit Department is responsible for the acceptance investigation han-
dling and follow-up tracking of grievances. Based on the principles of authenticity confidentiality and effectiveness we ensured
the timely acceptance of each reasonable whistleblowing matter and conducted independent investigations. The Company strictly
kept confidential the personal information of the grievance reporter and the specific grievance content and took necessary meas-
ures to protect the safety and legitimate rights and interests of the grievance reporter. Any retaliation against a grievance reporter
or any information leakage once verified was dealt with seriously.Conduct satisfaction surveys
The Company regularly conducts employee satisfaction surveys to listen to employees' voices and needs from multiple dimen- Cycling Event Union Activity
sions and extensively collect opinions and suggestions. Based on the survey results and employee feedback it continuously opti-
mizes management measures and steadily enhances employee experience and management effectiveness.Key Performance
Total number of employees covered by the Collective bargaining agreement Employee satisfaction
union/collective bargaining agreement signing rate
585Persons 100 % 75 %
Badminton Competition Retirement Seminar Activity
73 74Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Human capital development Recruitment channels
Headhunter recruitment
Governance Online recruitment For key talent such as senior manage-
ment and core technical positions
The Company continuously improves its human resources management system to ensure that human resources management is aligned Recruitment information is published we engage professional headhunting
through platforms such as recruit- Internal referrals
with the Company's overall strategic objectives. The Board has established a Remuneration and Appraisal Committee responsible for firms for recruitment.ment websites the Company's official We encourage our employees to rec-
formulating and overseeing compensation policies and performance evaluation standards for directors and senior management. The website and social media to attract a ommend outstanding talent and pro-
Human Resources Director formulates human resource planning based on overall corporate strategy and provides strategic support and large number of applicants to submit vide certain rewards to employees for
resumes. This channel is suitable for
recommendations. The Human Resources Department is responsible for developing and implementing HR plans objectives policies successful referrals thereby improving recruiting personnel for various posi- recruitment efficiency and quality.and processes with clearly defined responsibilities at all levels to promote human capital development. tions.Koal has formulated and continuously improved systems such as the Compensation Structure System Training Management System Company
Recruitment
improving the human resources management system. Through scientific system development and standardized management we rea-
Campus recruitment Channels Talent market recruitment
sonably allocated human resources enabled people to make the best use of their talents and talents to be fully utilized effectively pre-
vented the risk of losing key talent and safeguarded organizational stability and sustainable development. In 2025 the Company newly We establish partnerships with univer- We participate in job fairs talent ex-sities participate in campus recruit- change events etc. and communicate
formulated systems such as Promotion Management System and Performance Evaluation Management System and completed the ment fairs and hold campus presenta- directly with job seekers face to face to
preparation of the Compendium of the Human Resources Systems which includes 11 major systems as well as the preparation of job tions to recruit fresh graduates. Other channels quickly screen suitable candidates.descriptions for 60 departments laying a foundational framework for the standardized management of human resources. Based on recommendations from
industry associations media adver-
Strategy and management approach tisements employee self-recommen-
dations etc. we select talent flexibly
Koal followed industry development trends and the Company's overall business strategy to define the human resources strategic according to actual circumstances.positioning of "sustainable development driven by human capital". Our talent strategy focused on a paradigm shift from "transac-
tion processing" to "strategic value creation" with "digitalization specialization and sustainability" at its core. We aimed to make
human capital the core engine for enhancing the Company's ESG management and business growth and to build a sustainable Case Product Manager "Elite Troops Program"
talent ecosystem in which employees are proud businesses place their trust and investors give recognition.Talent attraction Product managers are the core hub connecting technology business and users and shortcomings in their capabilities
directly constrain the market competitiveness of the three major product lines (cryptographic machines signatures and
Koal has established diversified and open recruitment channels and a talent pool to accurately identify talent gaps in key positions. We cryptographic service platforms). To address pain points across the entire chain of "selection development utilization
regularly conduct talent assessments enrich talent reserves and promote talent pipeline development. Guided by corporate strategy and retention" of product managers and build a strategic high ground for product talent in the field of cryptographic
we build an efficient and equitable talent acquisition system. On one hand we recruit high-quality external talent through diversified security the Company formulated the Product Manager Elite Troops Recruitment Program including:
channels such as social media and university partnerships to improve recruitment efficiency and job-person matching. On the other
hand we promote internal recruitment to identify and utilize existing talent ensuring alignment between recruitment plans and strategic
objectives and optimizing workforce allocation and structure. In addition the Company focuses on talent integration and development
attaches importance to the recruitment of campus hires and their onboarding experience continuously optimizes recruitment strategies
and achieves full-cycle management of talent through precise acquisition efficient empowerment and sustained retention. Precise profiling. In addition to Professionalized channels. We co- Introduction of special manage-
conventional product capabil- operate with leading headhunt- ment for cadres. We set red lines
Recruitment principles ities hard thresholds such as ers for targeted talent acquisition for cultural alignment conduct
cryptographic algorithms cryp- and leverage their professional progressive assessments and
Fairness and justice Merit-based competition Job-person matching Legality and compliance tographic protocols and security talent search and recommen- establish an 18-month special
and compliance must be added. dation capabilities to improve management period to prevent
During the recruitment Through scientific as- Based on the responsi- Recruitment activities recruitment success rates. cultural misalignment.process all candidates are sessment methods and bilities requirements strictly comply with na-
entitled to equal employ- rigorous selection proce- and qualifications of the tional laws and regula-
ment opportunities and dures outstanding talent position personnel with tions and relevant local
the recruitment proce- best suited to the Com- the corresponding capa- policies ensuring the le-
dures and standards are pany's job requirements bilities and qualities are gality and compliance of
open and transparent to is selected from among selected to ensure the the recruitment process
all candidates eliminating numerous candidates. optimal match between and recruitment groups.any form of discrimina- personnel and positions It is strictly prohibited to
tion and favoritism. thereby improving work recruit persons under the
efficiency and employee age of 18.satisfaction.
75 76Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Key Performance Employee training
The Company has always placed talent cultivation and development at a strategic level and is committed to building a full-cycle
Total number of Number of people employed Number of newly recruited
employee during the Reporting Period fresh graduates learning and growth platform for employees. Through a wide range of internal and external training and development activities
covering all employees we empower employees continuously enhance their professional capabilities broaden their career hori-
585 43 15 zons and clarify their development paths.Persons Persons Persons
Training system
The Company has established a hierarchical and categorized training system covering the entire employee career cycle. Through a sound train-
ing management system and a technical R&D rank system we provide solid support for talent development. We conduct dedicated training
Number of employees by gender Number of employees by position level for new employees incumbent employees management personnel and reserve cadres respectively. We adopt diverse forms such as internal
instruction guidance from external experts on-the-job practice industry exchanges and online learning to continuously enhance employees'
122 538 professional capabilities and overall competencies and support the mutual growth of employees and the enterprise.
6
Cultural Communication External Training for Mid-to-Senior
463 41 Level Cadres
Compliance and Fundamental
nce
Cad
Competencies re
uid
a Dev Special Assignments
Male employees Female employees Senior management Middle management
Work Transition
Entry-level employees
Training
Number of employees by age Number of employees by educational background Sales-focused Development System Platform Support
135 Delivery Improvement powe por
t S
rm Organizational Support27 47 R&D Skill Enhancement ent Su
p
244367
Faculty Resources
New Employee Onboarding
43
175168
New employee training
Employees aged below 29 Employees aged 30-39 Employees with associate degree and below The Company continuously optimizes its training system for new employees creating a training model that integrates online
Employees aged 40-49 Employees aged 50-59 Employees with bachelor's degree self-directed learning with on-the-job practical coaching and combines learning with assessment and implements an onboarding
development mechanism that integrates online learning on-the-job coaching and a mentorship system. The Company has estab-
Employees aged 60 and above Employees with a master's degree /MBA degree lished a sound mentorship system and implemented a two-way selection process between mentors and mentees assigning an
Employees with doctoral degree or above exclusive mentor to each new employee. Through one-on-one on-the-job guidance we helped new employees smoothly navigate
the onboarding adaptation period quickly integrate into the team and become competent in their roles.By employment type Number of employees by geographical region
Case Intern and New Employee Training Program
582585
We assign a mentor to each new employee and develop an exclusive
3 training plan based on the principle of online learning as a supple-
ment and project-based practice as the main focus. Through phased
0 learning (one month three months and six months) we help interns
and new employees quickly adapt to their positions. In 2025 the
participation rate in the Company's new employee training program
Full-time Temporary workers/Labor Employees in China (in- Overseas employees was 100% with a pass rate of 96%.dispatch employees/Interns cluding Hong Kong Macao
and Taiwan regions) Online Training Courses for New Employees
7778
Cultural G
ystem
ent
lop
m
e
ss E
m
BusineKoal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Leadership training Koal Academy
The Company has developed comprehensive leadership development plans To deepen our strategic corporate planning and talent system development we established Koal Academy as our core internal talent
for employees at different levels providing incumbent managers and reserve development platform. The Academy was positioned to serve our core business and support the implementation of strategy. Upholding
management talent with comprehensive systematic online-and-offline the operating philosophy of "derived from business serving the business" it was an important support for promoting the Company's
integrated management and leadership courses helping them broaden strategic transformation and high-quality development. As the core platform for the Company's talent development and capability en-
their horizons enhance their overall capabilities continuously update their hancement Koal Academy is responsible for coordinating training plans establishing a course system integrating internal and external
management knowledge and professional skills and effectively apply them teaching resources and advancing talent pipeline development. Through a "training-and-practice integration" model it strengthens
in business practice and corporate development. During the Reporting Peri- employees' capability building while also undertaking the function of standardized communication of corporate culture. In the future it
od the Company selected 4 middle- and senior-level cadres to participate in will further become a core force in driving organizational transformation. During the Reporting Period Koal Academy carried out talent
external leadership training programs including CEIBS EMBA further studies development initiatives around three key areas: foundational empowerment for all employees tiered talent cultivation and optimiza-
Zhengqi Academy training and M&A practical training class so as to enhance tion of system support achieving remarkable training results.the overall quality of middle- and senior-level management cadres and
strengthen team collaboration and leadership capabilities. Key Performance
Leadership Training Site
Professional skills training
Total investment in employee
To support the growth and development of employees across all professional tracks the Company has established three core job training Number of employees trained
skill training systems. Each year we customize special training plans based on job skill requirements covering business areas such
as R&D testing implementation and sales to help employees systematically master the required professional knowledge and job RMB 189000 8809 persons
skills continuously enhance their core competitiveness and clearly identify their career direction and development goals.ing System fo
r Three Co
Train
re Positions
Total employee training hours Average annual training Employee training
hours per employee coverage rate
12079.98 Hours 20.65 Hours 100
Training System for Training System for Tech- Implementation and O&M %
Sales-Related Positions nical R&D Positions Position Training System
Product knowledge: Data Core Technology module: Implementation skills module:
security products Anxin New technology learning (such Product deployment system Employee training coverage rate by gender
business training as LLM applications) technical configuration implementation
Sales skills: Sales techniques specifications processes
Male employees Female employees
business negotiation customer Product R&D module: Product Operations and maintenance
management architecture R&D processes management module: System 100 % 100 %
Implementation Capabilities: coding standards maintenance troubleshooting
Product deployment Quality testing module: operations and maintenance tools
Testing technologies Customer service module: Average training hours per employee by gender
automated testing quality Service response issue resolution
assurance customer satisfaction Male employees Female employees
20.65 Hours 20.65 Hours
Collaboration with external institutions
The Company actively expands high-quality external learning chan- Employee training coverage rate by level
nels for employees introduces professional and authoritative training
Senior management Middle management Entry-level employees
resources and supports employees in continuously deepening their
expertise and steadily improving in their professional fields. During the
Reporting Period the Company invited Professor Yang Bo's team from 100% 100% 100%
Shaanxi Normal University to deliver lectures on the fundamentals of
cryptography.Professor Yang Bo's Team from Shaanxi Normal University
Conducting Basic Cryptography Training
79 80Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Employee development Performance evaluation and feedback
The Company conducts regular performance evaluations. By breaking down overall performance goals into specific targets for
Career development each department we ensure that every team and employee clearly understands their objectives and responsibilities and can effi-
Technology track Management track ciently complete their tasks. For the work of employees at different levels and of different types we adopt a combination of quali-The Company places great impor- tative and quantitative methods to comprehensively assess key performance indicators and work objectives and link the achieve-
tance on employees' career develop- T6 M4 ment of individual performance to individual bonus coefficients. Through scientific guidance timely supervision and objective
ment has established the Promotion technical leader Technical Director measurement we comprehensively and fairly evaluate employees' performance.Management System It has built a
dual career development pathway T5 We have established smooth performance coaching and communication procedures to provide employees with timely and com-
in which technical and management domain expert prehensive feedback and guidance throughout the entire performance appraisal process supporting them in achieving their goals
positions advance in parallel and M3 and improving performance. Within five working days after performance evaluation results are finalized supervisors conduct
established a systematic and stand- T4 R&D Director performance feedback interviews with employees based on principles of timeliness objectivity constructiveness and two-way
ardized employee promotion system technical expert communication. These discussions clarify evaluation results analyze strengths and weaknesses propose improvement measures
enabling employees to achieve two-
way promotion and development in and assist in developing personal development plans to support their career growth. The Human Resources Department and the T3
both the technical professional track heads of all departments regularly track and evaluate employees' performance improvement progress promptly resolve improve-principal engineer M2
and the management track based R&D Manager ment-related issues reward and recognize employees with significant improvement results and further provide coaching and
on their own strengths and develop- training to employees whose improvement efforts are ineffective.In addition by linking company and departmental performance T2
ment aspirations. Through an open senior engineer results to the total bonus pool we help employees recognize their individual value within the organization and motivate them to
transparent and well-regulated make greater contributions.promotion mechanism we provide a T1 M1
clear path and solid support for em- software engineer Assistant R&D Manager
ployees' career growth.Employee benefits and welfare
Education and certificate support Koal has implemented a comprehensive multi-faceted welfare system that encompasses all employees. Beyond the statutory
The Company actively encourages and supports employees in pursuing advanced degrees publishing papers and undertaking basic benefits the Company offers an extensive range of non-monetary benefits to its entire workforce covering health protection
studies and certification for qualification certificates and enhances employees' professional competencies through incentive and life support. This enhances employees' sense of belonging and well-being fostering a warm and supportive workplace envi-
subsidies. The Company has formulated the Revised Measures for Encouraging and Rewarding Employee Paper Publications the ronment that drives high-quality enterprise development.Measures for Encouraging and Rewarding Employees Obtaining Qualification Certificates clarifying the reward standards for em-
ployees publishing papers and obtaining professional qualification certificates. After obtaining approval employees can receive
support and assistance such as expense reimbursement and monetary incentives continuously empowering their professional
growth. During the Reporting Period a total of nine employees of the Company successfully obtained the corresponding profes-
sional qualification certificates and were rewarded accordingly. Statutory social insurance and housing fund Health care
In compliance with national regulations the The Company provides employees with com-
Compensation and benefits Company contributes to social pension in- prehensive medical insurance and health man-
surance medical insurance unemployment agement services including regular physical
Based on job value performance and competency levels the Company has established an equitable compensation system. insurance work-related injury insurance ma- examinations and health consultations focusing
Through standardized performance evaluation and feedback mechanisms we scientifically assess employee performance and ternity insurance and housing provident fund on both physical and mental well-being.provide employees with market-competitive compensation and benefits ensuring that incentives are aligned with contributions. for eligible employees.Scientific compensation structure
Koal has established a sound compensation structure system and employee evaluation system and regularly conducts comprehensive assess-
ments of employees' performance capabilities and work attitudes providing an objective basis for compensation adjustments job promo- Leave benefits Employee care
tions and talent development. Based on job requirements and employee performance and benchmarking against industry standards we pro-
vide competitive compensation and performance incentives including year-end bonuses and project bonuses. We also implement employee The Company has established a ro- The Company attends to employees' per-
bust leave system including paid an- sonal needs and family circumstances
shareholding plans to establish a medium- to long-term incentive mechanism featuring shared risks and shared benefits enabling employees nual leave marriage leave maternity offering services such as birthday wishes
to share in the Company's growth and development. leave and sick leave ensuring that and support for children's education.employees' rest and personal needs
The Company's remuneration system consists of base salary by position performance-based salary subsidies and allowances bonuses and are adequately addressed.benefits. The remuneration of senior management is determined and paid based on factors such as their position responsibilities capabilities
and prevailing market salary levels and their variable remuneration is linked to factors including the Company's operating performance and
performance appraisal results thereby achieving shared development and growth with the Company. The compensation structure for general
employees includes base salary performance-based salary year-end performance bonuses and allowances. Year-end bonuses are closely
Work-life balance
linked to overall business performance and individual performance evaluations enabling dynamic adjustment of employee income. This en-
hances employee satisfaction and productivity while reducing turnover of key personnel. At the same time the Company regularly conducts The Company regularly organizes various cultural and sports activ-
salary market surveys to ensure that our compensation levels remains competitive and to attract and retain outstanding talent. During the ities for employees including fitness sessions and sports competi-tions to help them achieve a healthy work-life balance.Reporting Period 100% of all employees and departments received regular performance appraisals and all management personnel and en-
try-level employees especially non-sales function employees received compensation commensurate with their appraisal results.
81 82Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Occupational health and safety
Employee turnover rate 19.89 % Koal Software rigorously adheres to pertinent laws and regulations including the Law of
the People's Republic of China on the Prevention and Control of Occupational Diseases
and the Provisions on the Supervision and Administration of Occupational Health at
Work Sites while fully complying with the requirements of the ISO 45001 management
Turnover rate by gender Employee turnover rate by age
system. The Company consistently enhances its occupational health-related policies and
regulations establishes robust procedures for identifying and addressing potential risks 职业健康安全管理体系认证证书
24.89% 注册号:17325S20431R1M
20.26% 19.80% 19.88% and opportunities and implements comprehensive daily supervision and inspection 兹证明 上海格尔安全科技有限公司
17.74% protocols. By prioritizing health and safety across all business operations the Company 统一社会信用代码:913102303122023147 注册地址:上海市崇明区陈家镇层海路 888号 3 号楼 1088 室(上海智慧岛数据产业园)
经营地址:上海市松江区泗泾镇沐川路58弄2号3楼
ensures the safeguarding of employees' occupational health. 职业健康安全管理体系符合 GB/T45001-2020/ISO45001:2018标准认证覆盖的范围应用软件的设计开发及计算机系统集成及办公相关职业健康安全管理活动
8.82%(体系覆盖不包含分支机构)
初次发证日期:2022年07月06日本次发证日期:2025年07月04日证书有效期至:2028年07月05日
The Company has appointed dedicated Management Representatives and Employ- 签发人
Establish a ee Safety Representatives for the Occupational Health and Safety Management Sys-
注:在证书有效期内,获证组织须按规定接受年度监督审核,保持认证资格,通过扫描二维码可获知证书状态。该证书信息还可在国家management 认证认可监督管理委员会官方网站(www.cnca.gov.cn)和北京中交远航认证有限公司官方网站(www.bjzjyh.com)上查询。 tem. These individuals are tasked with establishing implementing and enhancing 北京中交远航认证有限公司 机构地址:北京市西城区广安门外大街248号1号楼12层1205号Male Female Employees Employees Employees Employees structure the occupational health and safety management system as well as coordinating and addressing related issues that arise during system operation.employees employees aged below 29 aged 30-39 aged 40-49 aged 50-59 Obtained ISO 45001 Occupational
The Company has formulated and constantly refines a comprehensive set of safety Health and Safety Management
Develop management and occupational health-related regulations including the Fire Safety System CertificationImpact risk and opportunity management management Management System and Fire Control Procedures. Furthermore a Quality Environ-
policies mental and Occupational Health and Safety Management Manual has been com-piled to bolster workplace safety protection effectiveness and foster a high-quality In 2025
Koal places paramount importance on human capital risk management meticulously identifying key areas of potential vulnera- healthy and secure working environment for all employees.bility. The Company employs a continuous process of risk identification assessment response and monitoring of human capital Investment in health and safety
risks guided by its strategic objectives. By integrating insights from employee satisfaction surveys Koal consistently refines its
human resource management strategies throughout the entire talent lifecycle encompassing "attraction development utilization The Company has established specific occupational health and safety objectives
and retention." This comprehensive approach ensures that human capital development risks remain within manageable parame- targeting "zero major safety incidents" and "zero major fire incidents." To facilitate RMB 268000
ters enabling high-quality organizational growth through a high-caliber talent pool. the achievement of these objectives the Company cascades them across functional Set annual departments and formulates tailored management and evaluation plans thereby Annual safety incidents
objectives ensuring the effective implementation of preventive measures and reinforcing the
foundation of its occupational health and safety management. Regular internal
Analysis of human capital risks Response strategies audits management reviews and external audits of the ISO 45001 management sys- 0
tem are conducted to ensure continued compliance with system standards.Risks associated with strategic and Enhance human capital risk identification and assessment mechanisms maintaining
organizational change an up-to-date human capital risk inventory. Work injury rate
Risk of core technical talent attri- Implement a scientifically robust human resource management system featuring The Company has implemented a robust Hazard Identification Risk Assessment
tion demand-driven strategic talent pool planning. Conduct regular talent and organiza- and Risk Control Planning Procedure to standardize the process of hazard identifi-
tional assessments aligned with the Company's strategic direction and business de- cation and evaluation. This procedure clearly delineates operational requirements
0%
Risk of mismatch between skills including risk avoidance risk reduction and risk acceptance measures ensuring
and business needs velopment trajectory effectively mitigating reducing or transferring identified risks. comprehensive coverage of safety risk management across all business processes Occupational disease
Risk of insufficient international Prioritize the recruitment of technical talent that aligns with the Company's evolving and enhancing overall risk resilience. During the Reporting Period the Company
talent pipeline needs while conducting targeted specialized training for existing employees to en- Address
incidence rate
completed the preparation of the list of unacceptable risks analyzed seven risks
hance skill adaptability. safety risks assigned control responsibilities to specific departments and identified three major Risk related to performance incen- hazard sources and 23 general hazard sources all of which were subject to impact %
tives and compensation competi- Establish clear and measurable performance standards foster open communication 0analysis and control measures.tiveness and feedback channels and constantly refine performance management tools and
processes. Define and implement a safety risk management process that covers planning and Number of employee Diversity and inclusion risk organization hazard identification risk assessment identification of major hazards
Risk of insufficient training and Implement regular employee satisfaction surveys to identify potential issues in talent
fatalities due to work-re-
risk control evaluation and implementation.development management processes and develop targeted improvement initiatives.lated incidents
Compliance and employment risk In response to potential emergencies in daily operations and life scenarios we have 0
formulated the Emergency Preparedness and Response Control Procedure and var-
Indicators and targets ious emergency plans for safety incidents. These documents cover the full process Number of working days Conduct from preparedness and response to drills and post-event review ensuring 100% lost due to work-related
emergency implementation and coverage of all employees. injuries
Indicators and targets 2025 achievement status drills We regularly conduct various types of emergency drills simulating real-life scenarios
continuously optimizing response measures and enhancing employees' emergency
Human resources cost control ≤ 100% Target achieved management capabilities. During the Reporting Period we conducted two safety 0
emergency drills.Employee training coverage rate: 100% Target achieved
83 84Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Industry ecosystem development Case The Company Supported the Cybersecurity and Cryptography-themed Carnival
The Company proactively integrates into the industry ecosystem development and through various means such as enterprise co- In December 2025 Koal as a supporting unit participated in the Cybersecurity and Cryptography-themed Carnival of
operation education and outreach industry talent cultivation and participation in industry forums contributes Koal strength to Xuhui District No. 1 Central Primary School under the theme of "Carrying Forward the Red Gene and Safeguarding Cy-
promoting inter-industry collaboration and sustainable development. bersecurity." The event featured an experience zone an interactive zone and themed display boards on "The Past and
Present of Cryptography" showcasing the evolution of cryptographic technology from ancient times to the present day.Enterprise cooperation Students took part in hands-on activities such as weaving ciphertext with cipher sticks and practicing Morse code pro-
moting the extension of cybersecurity awareness into families. At the same time Cai Guanhua the Company Board Sec-
As a partner in the HarmonyOS ecosystem Koal has leveraged more than 20 years of accumulated retary entered the campus to deliver a patriotic-themed school assembly lesson "The Mysteries of Cryptography" using
cryptographic technology expertise to complete the native HarmonyOS adaptation and deployment easy-to-understand language to popularize basic cryptography knowledge among students and enhance their interest
of multiple products. Our security solutions have been successfully implemented in critical fields such in cryptographic science.as Huawei's financial systems and the National Bureau of Statistics providing reliable support for the
smooth migration of important business systems to the HarmonyOS platform. This series of practices
has verified the feasibility of the deep integration of domestic cryptographic technologies with propri-
etary operating systems demonstrating the core value of the "built-in security" model in safeguarding
the digital transformation of national critical information infrastructure. In the future Koal will contin-
ue to deepen technical synergies with the HarmonyOS ecosystem adhere to cryptographic technolo-
gy as the cornerstone provide independent controllable secure and reliable foundational capability
support for the digital transformation of various industries and jointly promote the construction and
development of new national digital security infrastructure.Educational outreach
"Pioneer Award" in the Com-
The Company actively promotes public awareness of cryptography security through both mercial Market Category at
online and offline activities enhancing public understanding of cryptography security. It has the 2025 HarmonyOS Office Industry Summit
also established a professional cryptography technology exhibition hall to demonstrate the
application value and security concepts of cryptographic technologies through interactive
experiences and scenario-based displays.Case Koal Cryptography Workshop Hosted the "Career Experience Day for Senior High School Year One" Event
In May 2025 the Company's Koal Cryptography Workshop hosted an immersive cryptography career experience journey
for 45 senior high school students from Shanghai Xuhui High School. Through the innovative model of "industry aware-
ness + position experience" the event enabled students to closely engage with the cutting-edge achievements and
extensive applications of cryptographic technology gain first-hand awareness of the use of cryptographic technology
in real life and personally experience the technical appeal of emerging professions such as cryptographic technology
application specialists and cryptographic engineering technicians.
85 86Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Industry talent cultivation
The Company places a strong emphasis on cultivating industry talent through systematic training and evaluations school-enter- Case Koal Appeared at the First Photosynthesis Organization AI Conference
prise cooperation and integration of production and education to inject new vitality into the industry. During the Reporting Period
the Company nurtured a total of 490 information technology innovation talents through comprehensive training and assessments In December 2025 the first Photosynthesis Organization Artificial Intelligence Innovation Conference (HAIC2025) was held in Kun-
including five internal and 485 external participants. shan. Koal was invited to attend the forum on "Cryptographic Technology and Trusted Computing" where it delivered a keynote
speech on Exploration and Practice of a New-Generation Cryptographic Application System. At the same time it showcased the
Hosting a Visit by First-Year Students from Shanghai University of Engineering Science to the G60 Commercial practical achievements of integrating "AI + cryptography" in the "AI + Industry Applications" exhibition area. We also showcased a Case Cryptography Industrial Base solution for "assigning digital identities to AI" enabling clear accountability boundaries for AI systems and providing practical techni-
cal support for AI governance. We proposed a deployment model of "built-in services activated on demand" ensuring standardized
and inclusive baseline security capabilities while supporting dynamic expansion for specific scenarios thereby building scalable
In October 2025 Koal hosted 70 first-year students from the School of Electronic and Electrical Engineering of Shang- and customizable security infrastructure for AI cloud computing and the IoT.hai University of Engineering Science at the G60 Commercial Cryptography Industrial Base. The visit included tours of
the cryptography workshop and the Shanghai Information Technology Application Innovation Comprehensive Service
Center showcasing our development history commercial cryptography solutions industry ecosystem and cutting-edge
R&D achievements. A themed lecture on "information technology application innovation and cryptography industry
development" was also held featuring expert insights and interactive discussions to help students understand industry
trends and career development opportunities demonstrating our strong commitment to industry talent cultivation.Case Koal Participated in the Preparation of a Post-Quantum Cryptography Report for the Financial Industry
In December 2025 at the 8th Financial Technology Industry Conference the China Academy of Information and Com-
munications Technology together with Koal and several other organizations officially launched the preparation of the
Research Report on the Application of Frontier Technologies in the Financial Industry - Post-Quantum Cryptography.Koal drew heavily on "practical experience" and focused on real-world financial scenarios to support the implementa-
tion of compilation work. In 2025 the post-quantum cryptography pilot project jointly carried out by Koal and institu-
tions such as China Galaxy Securities had already demonstrated the feasibility of integrating new cryptographic algo-
rithms in specific business scenarios and identified practical pathways for smooth transition.Looking ahead in the face of the far-reaching and widespread impact that quantum computing will have on the security
transformation Koal will deepen its expertise in cryptographic technology and the application ecosystem. By integrat-
ing cutting-edge cryptographic research with complex real-world financial information systems and through continu-
ous technological innovation extensive ecosystem collaboration and rigorous pilot testing we will gradually lay a solid
foundation of trusted security for the future of the financial industry thereby ensuring the smooth transition of the digi-
tal economy.Industry exchange
The Company proactively monitors cutting-edge industry developments policy directions and market trends; actively participates
in various industry forums and academic exchange events; joins multiple industry associations and alliances; deepens multi-party
cooperation; expands business opportunities; promotes the sharing of resources; and contributes to the high-quality development
of the industry. During the Reporting Period the Company participated in one industry exchange event and joined one nation-
al-level academic society or industry alliance.
87 88Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Community engagement Community Activities
The Company proactively integrates into local development and community building. In 2025 Koal actively carries out diverse public welfare activities on community cybersecurity regularly entering communities to provide
Leveraging our own resources and strengths we extensively participate in activities such convenient services such as science popularization lectures and Q&A on personal information security protection and effectively
as rural revitalization the Belt and Road Initiative and community welfare providing sup- Total expenditure on delivers professional cybersecurity knowledge to community residents.port for the public to participate in socioeconomic political and cultural activities. public welfare and external
donations
Rural Revitalization 200000 Case Weaving a Dense Grassroots Security Net to Protect the "Last Mile" of CybersecurityRMB
Koal actively integrates into the rural revitalization development strategy and has
continuously participated in the east-west support collaboration between Chong- In September 2025 Wei Jie Koal's Deputy General Manager was invited to attend the National Cybersecurity Awareness
ming District Shanghai and Lincang City Yunnan Province and participated in des- Week and the series of activities themed "Cybersecurity and Red Culture Together" where he participated in the one-to-
ignated industrial collaboration projects. In 2025 the Company received the honor one pairing and signing ceremony between member units of the Jing'an District Cybersecurity Technology Support Alli-
"Crossing Mountains and Seas with Bonds Stronger than Gold" for its contributions ance and subdistricts and towns within the district. Through the pairing and co-building mechanism the Company will
to east-west collaboration efforts. fully leverage its technical expertise and service capabilities in the field of cybersecurity work in coordination with the cor-
Belt and Road responding subdistricts and towns to enhance their cybersecurity protection capabilities respond promptly to the practi-cal needs of enterprises and public institutions within the jurisdiction in terms of cyber and data security and compliance
and actively organize cybersecurity publicity and awareness education for community residents.Koal actively responded to the national Belt and Road Initiative. Starting with the Algeria project
through an integrated output model of "technology + standards + services" we provided a Chi-
nese solution for security cooperation under the "Digital Silk Road" continuously strengthening
the security foundation for digital infrastructure development in countries along the route and Dedication Honor for East-West
supporting the high-quality development of the global digital trust system. Cooperation
Case Koal Showcased China's First Large-Scale Overseas Cryptography Technology Project at the 2025 CSITF
In June 2025 at the third Commercial Cryptography Exhibition of the 11th China (Shanghai) International Technology
Fair (CSITF) Koal comprehensively showcased key breakthroughs in the large-scale overseas deployment of domestic
cryptographic technology centered on the core case of the Digital Trust Services System Construction Project in Algeria:
the first overseas implementation of PQC Algorithms in a PKI digital trust system and the first large-scale application of
the entire domestic software and hardware chain in overseas critical infrastructure. This project is a landmark achieve-
ment of the Company in responding to the national Digital Silk Road initiative and serving the Belt and Road Initiative.Its successful implementation marks the leap of China's cryptographic technology from "following" to "leading." In the
future Koal will continue to deepen cooperation with countries along the Belt and Road promote the large-scale appli-
cation of domestic cryptographic technology in international markets and inject Chinese momentum into the building
of a secure and open global digital ecosystem.Charitable Education Support
Koal has developed non-profit research and study bases for schools focusing on key themes such as "digital economy" "cryptog-
raphy" and "information technology innovation." These centers provide teachers and students with opportunities to gain insights
into the development and trends of the information technology innovation industry as well as the role of cryptographic technol-
ogy as security foundations through interactive learning experiences. The Company offers complimentary access to its facilities
including server rooms IT innovation adaptation and verification practice areas and cryptography factories. This allows visiting
schools to witness firsthand the increasing capabilities of domestically produced independent and controllable server systems.
89 90Green operations
low-carbon future
Environmental management system
Climate change mitigation
Green products and solutions
Green operations
Contributing to the UN 2030 SDGs
91 92Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Environmental management system Environmental Management Process
In line with its operational realities Koal has implemented a comprehensive environmental
management framework based on the ISO 14001 Environmental Management System en- 荣誉奖项 Define envi- Establish quantifiable
suring compliance with relevant domestic and international laws regulations and standards ronmental environmental man- Achieve
including the Environmental Protection Law of the People's Republic of China and the Energy management 100%classified disposal of solid wasteobjectives agement targets:
Conservation Law of the People's Republic of China. The Company has developed a suite of
policy documents such as the Environmental Management Manual and Environmental Moni- Obtained the ISO 14001
toring and Measurement Procedures. Koal regularly conducts environmental risk assessments Environmental Manage-
organizes company-wide environmental protection training and implements awareness-raising ment System Certification
initiatives aiming to progressively mitigate the environmental impact of its operations. During Develop en- Based on the environmental management targets each operating location creates annual
the Reporting Period the Company reported no environmental pollution incidents received no vironmental
management environmental management work plans that comply with relevant national and regional environmental administrative penalties and experienced no major environmental accidents.plans regulations and align with their specific circumstances.Koal has established a robust environmental management structure and process. The General Manager assumes overall leadership
responsibility for environmental management coordinating related activities across business operations. The Management Repre-
sentative and all departments within the Company grounded in their practical work and fulfilling their respective responsibilities
implement measures such as monitoring environmental indicators and managing targets to comprehensively promote the Com- Internal audit
pany's green and compliant production. The Company conducts annual internal reviews of its environmental management system
Implement following the Management Review Control Procedure and Internal Audit Procedure. Correc-
environmen-
tal manage- tive actions are proposed and monitored based on review findings.ment audits
External audit
The Company undergoes annual third-party environmental audits from external stakeholders.Functional departments General Manager
Identify and assess environmen- Establish environmental policies Conduct The Company carries out regular on-site inspections and supervision to identify and ad-
tal factors and potential hazards and objectives aligned with the routine en-
vironmental dress gaps in environmental management practices ensuring the effective operation of the within their department; Company's strategic direction;
monitoring environmental management system.Develop departmental environ- Integrate environmental man-
mental objectives and monitor agement system requirements
their achievement status. into business operations and
secure necessary resources;
Enhance The Company has developed and regularly updates the Emergency Preparedness and Re-
Management representative Ensure company-wide under- environmen- sponse Management Procedure. Annual environmental emergency drills are conducted to
standing and implementation of tal emergency prepare for potential incidents and mitigate environmental impacts. During the Reporting
environmental policies promot- management
Oversee the establishment implementa- Period the Company executed one environmental emergency response drill.ing process-based approaches
tion and maintenance of environmental and risk-based thinking.management system processes;
Report to the General Manager on the en-
vironmental management system's perfor- Foster a robust envi- The Company actively fosters an environmental culture conducts regular environmental
mance and internal audit results including ronmental protection training and continuously enhances employees' environmental awareness.improvement recommendations. culture
93 94Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Climate change mitigation
In response to global climate change Koal actively supports the national "dual carbon" goals. The Company adheres to the frame- Strategy and management approach
work recommendations outlined in the Guidelines No. 14 of Shanghai Stock Exchange for Self-Regulation of Listed Companies—
Sustainability Report (Trial) proactively identifying various risks that climate change poses to its business operations. By integrat- The Company has conducted a comprehensive analysis and assessment of climate change risks (including physical risks and tran-
ing four key dimensions - climate change-related governance strategy impact risk and opportunity management and indicators sition risks) and opportunities facing its business operations.and targets - Koal actively develops response measures. These efforts aim to enhance the Company's resilience in the face of cli-
mate change scenarios and constantly improve its ability to address climate risks.Risk/
Governance Category Opportuni-
Risk/Opportunity Impact Potential Mitigation measures
ty type description period financial impact
The Company has seamlessly integrated climate change-related functions into its ESG governance structure clearly delineating man-
agement responsibilities across various levels. This facilitates comprehensive discussions on climate change-related issues enables
the identification of climate risks and opportunities and supports the development of targeted measures to address climate change. Implement timely forecasting and
Severe climate events such as warning systems for extreme weath-
typhoons and floods may lead er events. Develop comprehensive
The Board of Directors and ESG Committee to extreme weather or natural emergency response plans for extreme
disasters potentially affecting
Assume a leadership role in the management and decision-making of climate change issues weather scenarios. Stockpile emer-
Management Koal's infrastructure servers Revenue decline Acute gency supplies and conduct regular
body Supervise climate change management decision-making and other equipment across Short-term cost increase physical emergency drills to enhance response
various operational sites. This Medium-term liability rise and capabilities.Review strategic planning for climate action targets and implementation progress as well as the risks could result in a series of di- asset impairment
results and management of climate risk and opportunity assessments rect or indirect economic loss- Prioritize climate-resilient areas under
es including asset damage comparable circumstances when
increased repair costs and selecting new operational sites thor-
ESG Executive Committee higher insurance premiums. oughly considering local historical data
on natural disasters.Function as the executive body of the ESG Committee coordinating the comprehensive Physical
implementation of climate change issue management
risks
Guide the design and execution of strategies objectives and initiatives related to climate change issues
Assess and manage climate change-related risks and opportunities
Climate change-induced
Regularly collate and summarize the progress and effectiveness of climate change-related work
Execution rise in average temperatures providing comprehensive reports to the ESG Committee
body increases the need for ven- Continuously optimize energy use
tilation and cooling in office efficiency strengthen the monitoring
Functional departments Chronic spaces. This could negatively of energy use improve the precision Medium-term Revenue decline
physical impact the normal operation management of energy consumption
long-term and cost increase
Manage and supervise the implementation of specific climate-related work risks and lifespan of the Company's statistics and monitoring and encour-
servers and other hardware age employees to practice green office
Spearhead the implementation of climate-related actions across various business units support- while also leading to in- operations.ing company-wide climate strategy implementation creased energy consumption
and operational costs.Execute energy use optimization and carbon reduction plans at the operational level
9596
aKoal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Risk/ Impact risk and opportunity management
Category Opportunity Risk/Opportunity Impact Potential description period financial impact Mitigation measurestype To address potential risks and capitalize on opportunities brought about by climate change Koal has established a robust process
As progress is made towards "dual
Closely monitor changes in interna- for managing climate risks and opportunities. Through a combination of internal research climate scenario analysis industry stud-
carbon" goals stricter domestic and
tional and domestic environmental ies and external recommendations the Company systematically identifies analyzes evaluates and manages significant climate
international policies and regulations
Policy and and carbon-related laws regu- change risks and opportunities. Based on comprehensive risk identification results a climate risk-opportunity matrix and targeted
are being introduced to mitigate cli- Short-term Revenue decline
regulatory lations and policies. Strengthen mitigation measures are developed promoting the integration of climate risk management into the company-wide multi-depart-
mate change. The gradual advance- medium-term and cost increase
Risks compliance management strategies mental risk management process to actively address climate change challenges.ment of carbon emissions trading
in alignment with the Company's
mechanisms exposes the Company
specific circumstances. Climate Risk and Opportunity Identification Analysis Evaluation and Management Process
to heightened compliance risks.Influenced by climate change and Climate risk-opportunity research Identify risk-opportunity inventory
global energy transition prices for
energy (electricity steam) water and Forge strategic partnerships with Conduct preliminary identification of climate risk and op- Identify climate risks and oppor-
hardware facilities are likely to in- high-quality collaborators to bolster portunity types including physical risks transition risks and tunities within the industry and
crease leading to higher operational Revenue decline supply chain resilience and risk re- climate opportunities based on disclosure recommenda- along the value chain forming a
costs. Medium-term cost increase sponse capabilities. tions from authoritative sources such as the Guide No. 4 for comprehensive risk inventory.Market risks
long-term liability rise and Self-Regulatory Supervision on Listed Companies of the SSE As demand for climate-friendly prod- Intensify research and application Screen risks and opportunities
Tran- asset impairment — Compilation of Sustainable Development Reports (January ucts and services increases the Com- efforts in green products and solu- relevant to Koal based on internal
sition 2026 Revision) and the IFRS S2 Climate-related Disclosures.pany may face operational risks such tions to stay ahead of changing mar- and external expert recommenda-
risks
as lower product prices rising raw ket trends. tions databases and other credi-
material prices and products failing ble sources.to meet market demand.Conduct rigorous feasibility studies Climate risk and opportunity management Climate risk-opportunity
Investment in research and applica- on the R&D and application of green materiality analysis and assessment
tion of new green products and tech- products and solutions. Actively Perform in-depth materiality analysis and financial impact
Technology Short-term Revenue decline
nologies may lead to decreased prod- engage in industry collaborations assessment of climate risks and opportunities developing key Conduct a thorough assess-
risks medium-term and cost increase
uct demand and revenue if customers and work closely with value chain response strategies. ment of the impact period
do not accept these innovations. partners to promote low-carbon The ESG Executive Committee functional departments and materiality level of cli-
technology R&D and application. branches and controlled subsidiaries implement targeted risk mate risks and opportunities
leveraging internal research
Increasingly stringent environmental management and response initiatives developing compre-
Monitor market regulatory and dis-
performance disclosure requirements hensive risk treatment plans. The ESG Committee regularly
climate scenario analysis
Reputational Short-term closure requirements across various monitors and tracks implementation progress to ensure effec- industry studies and external increase compliance costs associated Cost increase
risks medium-term regions and implement comprehen- recommendations.with maintaining or enhancing corpo- tiveness.sive compliance measures.rate reputation.By developing and innovating cli-
Capitalize on opportunities for
mate-friendly products and tech- Indicators and targets
green transformation and upgrade.nologies and providing services to
Develop targeted products and
Products customers with green needs such as Short-term Indicators Unit 2025
Revenue growth technologies that not only meet
and services environmental protection and energy medium-term
basic customer needs but also in- Direct GHG emissions (Scope 1) Tons of CO equivalent (tCO e) 17.37
Climate conservation we can help open up
22
corporate environmentally friendly
oppor- new growth opportunities for the Greenhouse Indirect GHG Emissions (Scope 2) Tons of CO equivalent (tCO e) 776.22technologies. 2 2
tunities Company.gas emis-
sions Total GHG emissions (Scope 1 and Scope 2)
1 Tons of CO2 equivalent (tCO2e) 793.59
Achieve dual benefits of cost savings
Integrate energy-saving technolo- GHG emission intensity tCO2e/person 1.36and environmental protection by
Resource Short-term Revenue growth gies and equipment across all oper-
adopting energy-efficient technolo-
efficiency medium-term and cost increase ational facets driving down energy Note1:GHG emissions reported here refer exclusively to carbon dioxide emissions and do not encompass other greenhouse gas types such as methane
gies and equipment to reduce energy and nitrous oxide emitted from other sources.. Scope 2 GHG emissions represent emissions caused by purchased electricity and heat. The electricity
costs.consumption in operations. emission factor is derived from the Announcement on the Release of Carbon Dioxide Emission Factors for Electricity in 2023 (Announcement No. 47 of
2025) jointly issued by the Ministry of Ecology and Environment and the National Bureau of Statistics .
97 98Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Green products and solutions Green Innovation in Hardware Integration
In new product development the Company takes low-carbon and environmental protection as an important value orientation
drives innovation with green technology concepts and supports sustainable development with lightweight low-energy-consump-
tion digital products demonstrating the ecological responsibility and long-term development pursuit of a technology enterprise. Hardware life cycle management Hardware selection
Software R&D Reduces the Digital Carbon Footprint Modular design: For indus- Energy efficiency first principle: Select encryption cards with better
trial computers adopt a plug- power efficiency ratios (performance/watt) and hardware security
gable encryption card design modules (HSMs) that support energy-saving modes (such as sleep and
power gating).Algorithm level: Through technologies such as algorithm optimization and CPU encryption modules facilitating partial upgrades
rather than replacement of Thermal design optimization: During the integration stage of indus-
we improve the processing efficiency per unit of computing power reducing energy consumption by the entire machine and re- trial control computers reduce fan power consumption and extend
more than 15% under the same encryption and decryption performance. ducing electronic waste. hardware service life through optimized heat dissipation structures.Algorithm and Lightweight design: We streamline code libraries and dependent components reduce runtime mem- Firmware upgrades: Con- Low-power Hardware Selection: Prioritize products supporting dy-
code-level ory and storage usage and indirectly lower the energy consumption of servers/terminal devices. tinuously optimize hardware namic power adjustment technologies which automatically switch to
optimization sleep mode when idle to reduce standby energy consumption; prior-
Intelligent resource scheduling: We introduce a dynamic voltage and frequency scaling (DVFS) strat- energy efficiency to avoid itize CPU-integrated encryption modules to replace external modules
egy into industrial all-in-one machine software adjusting CPU performance states in real time based frequent equipment replace- reducing energy loss caused by hardware redundancy.on computing load thereby reducing the energy consumption of industrial computers by 20%-30% ment solely for energy effi-
ciency improvements. Eco-friendly materials and regulatory compliance: Work with in-
during idle periods and balancing security performance with low-carbon needs. dustrial control computer suppliers to select recyclable low-volatile
organic compound (VOC) environmentally friendly materials; give pri-
ority to enclosures made of recycled aluminum alloy or biodegradable
plastics; ensure core components comply with environmental stand-
Cloud-side and ards such as RoHS and REACH; and eliminate components containing
deployment Cloud-native architecture support: The product supports containerized deployment and elastic hazardous substances such as lead and mercury.energy scaling helping customers achieve on-demand allocation of computing resources on cloud platforms Fanless cooling design compatibility: On the basis of optimizing heat
efficiency and reduce idle energy consumption in data centers. dissipation for both software and hardware support some industrial
control computers in adopting passive cooling solutions to replace tra-
ditional fan cooling and reduce energy consumption.Carbon Emission Reduction Across the Product Lifecycle
Require hardware suppliers to provide proof of environmental materials
Procurement
stage (such as RoHS certification) and carbon footprint data and give priority
to partners certified as green factories.Establish a green development system promote paperless design re-
views virtualized testing environments (reducing demand for physical
R&D stage equipment) and remote collaboration and reduce carbon emissions by
lowering the frequency of business travel.Integrate a power consumption monitoring module into the management
interface to help users view the energy efficiency of encryption devices in real
Use stage time and optimize the distribution of business workloads.Industrial computer products come with energy-saving settings such as au-
tomatic sleep mode and hard drive speed reduction enabled by default.Provide hardware recycling guidance and cooperate with compliant dis-
Decommission-
ing stage posal agencies to ensure the security of encrypted data as well as carry
out destruction and material recycling.
99 100Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Green operations Indicators Unit 2025
Koal actively promotes green and low-carbon operational practices incorporating climate change considerations into its busi- Gasoline tons 5.82
ness control processes. The Company consistently improves its environmental performance in areas such as energy usage water
resource management and waste disposal. By implementing energy-saving measures ensuring proper waste management and
Purchased electricity 10000 kWh 146.29
fostering a green culture Koal creates an environmentally friendly office environment thereby reducing the environmental impact
Energy
of its operations. Consumption
Total energy consumption1 tce 188.35
Energy management
The Company's primary energy consumption stems from official vehicle gasoline use and purchased electricity. We have estab-
Energy consumption intensity tce/person 0.32
lished energy management policies including the Electricity Saving Management Measures and Notice on Standardizing the Man-
agement of Office Electricity Use. Through various initiatives we strive to reduce greenhouse gas emissions and actively address
climate change. Note1: Total energy consumption is calculated in tons of standard coal equivalent (tce) in accordance with the General Rules for Calculation of the Compre-
hensive Energy Consumption (GB/T 2589-2020) issued by the State Administration for Market Regulation and the Standardization Administration of China.Water resource management
Lighting electricity Office electricity
management management The Company's primary water consumption is attributed to daily office use with the municipal water supply serving as the main
We maximize the use of natural Employees are required to turn off source. We have designed and implemented efficient water resource management measures for our business activities establish-
light turning off unnecessary computers printers and copiers ing plans to reduce water consumption. By adopting appropriate measures to achieve water management goals we constantly
lighting fixtures when daylight is when not in use; computers are set
sufficient. Natural light is prior- to sleep mode after more than 10 improve our water usage performance.itized in window-adjacent office minutes of inactivity; double-sided
areas. The number of lighting printing and copying are encour-
fixtures is adjusted according to aged; the use of high-power un-
area-specific functional require- authorized electrical appliances is Water equipment management Drinking water equipment maintenance
ments with reasonable control strictly prohibited; idle servers must We have installed faucets with temperature-controlled We carry out regular maintenance and inspections
of lighting brightness. Lighting be shut down in a timely manner
in corridors meeting rooms re- with scientifically planned opera- automatic shut-off functions in public restrooms to of water dispensers to ensure normal operation of
strooms and other public areas is tion schedules and regular inspec- prevent water waste caused by prolonged water flow. heating/cooling functions preventing equipment
turned off when unoccupied and tions. Regular inspections of water facilities are conducted malfunctions that could lead to water waste.lighting schedules are set based and leaks are promptly repaired to ensure effective
on actual usage patterns to avoid utilization of water resources.waste.Energy-saving training Air conditioning
and publicity temperature control
Office drinking water management Water conservation promotion
New employees receive training Air conditioning is set to 26 ° C in
on electricity usage standards; summer (activated only when in- We dynamically adjust the supply of bottled water We conduct employee awareness campaigns
through policy communication door temperature exceeds 28 ° C) based on seasonal variations reasonably increasing encouraging the use of personal water bottles to
and case-based training we en- and 20 ° C in winter (activated only supply during high-consumption summer months and reduce disposable paper cup consumption. This
hance employees' energy-saving when indoor temperature falls reducing allocation during low-consumption winter approach also mitigates water waste from bottled
awareness and promote green and below 10° C); cooling capacity is ad- months. The provision of individual bottled water in water dispensers due to casual usage (e.g. over-dis-
low-carbon office practices; ener- justed based on server heat output
gy-saving messages are displayed and room temperature to ensure daily office scenarios has been discontinued with pensing and discarding unconsumed water).on large screens in prominent lo- compliance while reducing energy employees encouraged to use centralized water dis-
cations to reinforce awareness in consumption. pensers instead. We recycle unfinished bottled water
daily work. for plant irrigation.Inspections and accountability Indicators Unit 2025
implementation
The Company designates dedicated personnel to be responsible for electricity use inspections in public areas. These Water resource Total water consumption tons 21648.54
persons conduct inspections three times a day—morning noon and evening—and keep detailed records of the time consumption
location and person responsible for any violations. Water consumption intensity ton/person 37.01
101 102Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Waste management Indicators Unit 2025
The Company primarily generates waste in the form of office paper courier boxes ink cartridges toner cartridges waste fluores- Paper tons 1.48
cent tubes and discarded electronic equipment. We actively encourage waste reduction recycling and reuse aiming to minimize
waste generation where feasible and mitigate the environmental impact of waste disposal. Waste toner and ink
Non-hazardous - 122
cartridges
Equipment recycling Packaging material recycling Green procurement waste discharge
Non-hazardous waste
We repurpose refurbished equip- Recyclable materials generated dur- We prioritize the purchase of envi- kg/person 2.53
ment within the Company and ex- ing operations such as courier car- ronmentally friendly biodegrada- discharge intensity
plore external reuse channels such tons and document packaging box- ble or recyclable materials reduc-
as collaborating with small enter- es were collected organized and ing environmental pollution and Waste fluorescent lamps - 72
prises to sell idle but still functional stored by category in a centralized resource waste.computers at discounted prices. manner reducing the total amount Number of scrapped kg 111
of waste transported off-site. microcomputers (hosts)
Volume of monitors
kg 30
scrapped
Equipment downgrading Paperless office Non-hazardous
Waste discharge Volume of laptops
For electronic equipment such as servers hosts hard We extensively utilize ERP systems encouraging employees kg 8scrapped
drives and computers we have established an internal to store share and approve documents electronically. For
equipment allocation platform to reassign devices suita- instance through the Company's internal cloud storage sys-
ble for downgraded use between different departments tem employees can conveniently store and retrieve various Volume of printers kg 45
or projects within the Company. Hard drives with remain- documents replacing traditional paper file cabinets. scrapped
ing storage capacity and read/write speeds suitable for
non-critical operations are removed from high-perfor- Volume of servers
mance hosts and installed in office computers with lower kg 64
storage requirements for secondary utilization. scrapped
103 104Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Key performance table
Key performance table Indicator Unit 2023 2024 2025
Employment
Governance and Economic Performance Total number of employees persons 821 679 585
Number of employees hired during the Reporting Period persons 123 75 43
Indicator Unit 2023 2024 2025 Number of employees by Male persons 657 537 463
gender
Operating revenue RMB 100 million 5.61 5.29 3.58 Female persons 164 142 122
Net profit attributable to shareholders of the listed Senior management persons 6 7 6
RMB 100 million 0.37 0.37 -0.85 Number of employees by
company Middle management persons 116 82 41position level
Total assets RMB 100 million 16.61 16.70 15.59 Entry-level employees persons 699 590 538
Total taxes paid RMB 10000 2968.28 4193.18 4019.27 29 and below persons 321 210 175
Basic earnings per share RMB/share 0.16 0.16 -0.36 Aged 30 to 39 persons 322 293 244
Number of employees
Total number of Board members persons 9 9 9 Aged 40 to 49 persons 158 153 135by age
Proportion of independent directors % 33.33% 33.33% 33.33% Aged 50 to 59 persons 15 20 27
Major corruption and bribery incidentscidents cases 0 0 0 Aged 60 and above persons 5 3 4
Number of employees Chinese employees persons 821 679 585
by geographical region Overseas employees persons 0 0 0
Social Performance Employees with associ- persons 246 170 168ate degree and below
Employees with bache-
Indicator Unit 2023 2024 2025 persons 516 455 367lor's degree
Number of employees by
R&D Innovation educational background Employees with a
R&D investment RMB 10000 9859.99 9788.89 9560.15 master's degree /MBA persons 56 51 47
degree
R&D investment as a percentage of operating revenue % 17.57% 18.49% 26.74%
Employees with doctoral
Number of newly granted patents items 9 13 4 persons 3 3 3degree or above
Cumulative number of granted patents items 67 84 88 Regular employees persons 791 663 582
Number of newly registered software copyrights items / 15 22 By Employment Type Temporary workers/ persons 30 16 3
labor dispatch/interns
Cumulative number of registered software copyrights items / 197 219
Employee turnover rate % 28% 23.95% 19.89%
Products and Services
Employee turnover rate Male % 80% 19.75% 20.26%
Incoming material inspection pass rate % / 100% 100% by gender Female % 20% 4.20% 19.80%
Software retesting confirmation rate % / 100% 100%
Aged 29 and below % 51% 10.22% 24.89%
Customer service satisfaction rate % 99.1% 98.2% 98.6% Aged 30 to 39 % 33% 7.95% 17.74%
Supply Chain Management Employee turnover rate Aged 40 to 49 % 13% 5.33% 19.88%
by age
Total number of suppliers companies 68 64 83 Aged 50 to 59 % 3% 0.34% 8.82%
Number of domestic suppliers companies 68 64 83 Aged 60 and above % 0 0.11% 0
Number of overseas suppliers companies 0 0 0 Diversity and Equal Opportunities
Information Security and Privacy Protection Proportion of female employees % 20% 21% 21%
Number of major service/information security incidents times / 0 0 Proportion of ethnic minority employees % 3% 3% 2%
Annual training coverage rate for information security/ Proportion of employees with disabilities % 1% 2% 2%
%100%100%100%
information technology services Proportion of female employees in middle management % / 17.74% 14.6%
Number of data breach incidents times 0 0 0 Proportion of female senior management employees % / 8.3% 16.67%
105 106Koal Software Co. Ltd. 2025 Environmental Social and Governance (ESG) Report Indicator index table
Indicator Unit 2023 2024 2025
Employee Training Indicator index table
Total investment in employee training RMB 10000 162.02 53.7 18.9 Koal has reported the information referenced in this index for the period from January 1 2025 to December 31 2025 in accordance
Total attendance of training throughout the year / 9918 7237 8809 with the Guidelines No. 14 of Shanghai Stock Exchange for Self-Regulation of Listed Companies—Sustainability Report (Trial) and
with reference to the GRI Standards
Total employee training hours hours 19668.63 9556.13 12079.98
Average annual training hours per employee hours 23.67 14.26 20.65 Reporting framework Index to the Shanghai Stock Exchange Sustaina- GRI Standards 2021bility Reporting Guidelines (Reference)
Employee training coverage rate % 99% 100% 100% Message from the Chairman / 2-22
Health and Safety About This Report / 2-22-3
Investment in health and safety RMB 10000 36.66 22.5 26.8 About Koal / 2-12-6
Sustainable Development Article 12 Article 13 Article 14 Article 15 Article 17 2-92-132-142-162-293-1
Annual production safety incidents case(s) 2 0 0 Management Article 18 Article 51 Article 52 Article 53 3-23-3
Work injury rate % 0.2% 0 0 Special Topic:Forging the "Koal
Article 20 Article 28 Article 37 302-5
Occupational disease incidence rate % 0 0 0 Shield" for the Digital Age
Excellence in Governance Efficient Operations
Number of employee fatalities due to work-related
persons 0 0 0
incidents Corporate governance Article 51 Article 53 2-102-122-272-153-3
Risk and compliance management Article 19 Article 54 2-27207-2207-3
Number of working days lost due to work-related
/18000
injuries Business ethics Article 11 Article 19 Article 54 Article 55 Article 56 2-273-3205-2206-1
Community Engagement and Public Welfare Party Leadership / /
Innovation Leads the Way Digital Technology as Our Shield
Total investment in public welfare and external
RMB 10000 / 20 20
donations Product technology innovation Article 11 Article 19 Article 41 Article 42 203-13-3416-1
Product quality and safety Article 11 Article 19 Article 44 Article 47 2-252-273-3
Environmental Performance 2-252-273-3416-2417-1Customer relationship management Article 11 Article 19 Article 44 Article 47 417-2417-3418-1
Information security and privacy 203-23-3416-1417-1
Indicator Unit 2023 2024 2025 Article 11 Article 19 Article 44 Article 47 Article 48protection 417-2417-3418-1
Gasoline tons / / 5.82 Sustainable supply chain Article 44 Article 45 Article 46 204-1308-1414-1414-2
People-oriented Collaborative and Win-win Outcomes
Purchased electricity 10000 kWh / 205.78 146.29
2-72-272-30401-1401-2
Total energy consumption tce / 252.91 188.35 Employee rights and benefits Article 49 Article 50 401-3406-1407-1
Energy consumption intensity tce/person / 0.37 0.32 Human capital development Article 11 Article 19 Article 50 3-3401-2404-1404-2404-3
Direct GHG emissions (Scope 1) tons of CO 403-1403-2403-3403-52 equivalent (tCO2e) / 0 17.37 Occupational health and safety Article 50 403-8403-9403-10
Indirect GHG emissions (Scope 2) tons of CO2 equivalent (tCO2e) / 1104.22 766.22 Industry ecosystem development / /
Total greenhouse gas emissions Community engagement Article 38 Article 39 Article 40 203-1203-2
tons of CO2 equivalent (tCO2e) / 1104.22 793.59
(Scope 1 and Scope 2) Green Operations Low-Carbon Future
Environmental management system Article 29 Article 33 2-27
GHG emission intensity tCO2e/person / 1.63 1.36
Article 11 Article 19 Article 20 Article 21 Article 22 201-23-3302-5305-1
Climate change mitigation
Total water consumption tons / 26730.01 21648.54 Article 23 Article 24 Article 25 Article 26 Article 27 305-2305-4
Water consumption intensity ton/person / 39.37 37.01 Green products and solutions Article 34 Article 35 Article 37 302-4302-5
2-27302-1302-3303-5
Non-hazardous waste discharge intensity kg/person / 1.69 2.53 Green operations Article 34 Article 35 Article 36 306-3306-4306-5
107 108Koal Software Co. Ltd.
Address: Building A2 G60 Commercial Cryptography Industrial Base No. 1-7 Lane
58 Muchuan Road Sijing Town Songjiang District Shanghai China
Tel: +86 021-62327010
Fax: +86 021-62327015
沪公网安备31011802005267号
