COMPLIANCE, BUSINESS ETHICS AND CYBERSECURITY STATEMENT

1. CODE OF CONDUCT AND BUSINESS ETHICS

Contraves’ Code of Conduct and Business Ethics (COBE) reinforces our commitment to uphold the highest standards of ethics and integrity in the conduct of the company’s business and operations. This applies to all employees, directors and third parties who represent or act for the company. The COBE also contains specific provisions on anti-competitive practices. In addition, we consider the responsible use of nature and its resources to be important. We are continuously striving to reduce our CO2 emissions to lessen our contribution to climate change. Adapting to the consequences of climate change is increasingly important for our future.

2. ANTI-BRIBERY AND CORRUPTION AND ANTI-MONEY LAUNDERING

The COBE is supported by Contraves’ Anti-Bribery and Corruption and Anti-Money Laundering (ABC & AML) Policy which is applicable to all employees, directors and third parties representing Contraves. Contraves enforces zero-tolerance for all forms of bribery and corruption. Our COBE and ABC & AML policies collectively aim to further fortify Contraves culture of good business ethics and integrity.

3. WHISTLE BLOWING

Our Whistleblowing Policy encourages disclosure on any form of improper misconduct even on an anonymous basis without fear of the complaint leading to reprisal, retaliation, discrimination, demotion, unfair dismissal or disservice. To lodge a report, please email to governance@contraves.com.my

4. EXPORT CONTROL

Contraves is committed to controlling exports in accordance with Malaysia’s Strategic Trade Act 2010 (EN/BM) and all relevant international laws to support the prevention of the sale, transfer, export or re-export of Products for use in activities that involve the development, production, use or stockpiling of all forms of weapons for mass destruction.

5. CYBERSECURITY COMPLIANCE

We are committed to maintaining a robust digital environment that complies with a wide range of regulations and international standards to secure the privacy and confidentiality of digital assets and information. Our dedication towards safeguarding the data of our stakeholders is made possible as we ensure that our digital environment service provider abide to but not limited of the following standards and regulations (local and international):

• DATA PRIVACY

We adhere to data privacy laws and regulations, ensuring confidentiality and integrity of personal data.

• HEALTHCARE DATA SECURITY

Our commitment includes ensuring the protection of sensitive health and/or medical related information.

• FINANCIAL DATA SECURITY

We implement rigorous measures to securing and safeguarding all data related to financial transactions and related sensitive information.

• RELEVANT GOVERNMENT AND INDUSTRY STANDARDS

We comply to relevant regulations and adapt our cybersecurity practices in line with industry standards.

6. INTERNAL INFORMATION TECHNOLOGY (IT) POLICY

Internally, we endeavour to align our digital environment and database structure with ISO/IEC 27000 series standards for Information Security, Cybersecurity and Privacy Protection. We recognise the importance of these standards and have integrated them into our operations. Our commitment is towards continuous improvement as we implement best practices in risk management, security controls and data privacy.

Effective 1 November 2023
On behalf of CONTRAVES ADVANCED DEVICES SDN BHD

CHIEF EXECUTIVE OFFICER