To ensure soundness of management and sustainable development, Walsin Lihwa adopts the enterprise risk management (ERM) framework to continue identification and evaluation of various possible risks, and monitors global environmental and industrial changes to enable appropriate risk management strategy development, and decrease the probability of risks and negative impacts of risks to effectively manage and mitigate such impacts.

3 lines of defense for corporate risk management are implemented together by the Board of Directors, Audit Committee, Auditing Office, President, President's Office, individual units, risk management units, and subsidiaries:

Walsin Lihwa's Risk Management Policy and Procedures are the highest guiding principles of risk management procedures for itself and its subsidiaries. On January 26, 2024, the Company revised its risk management objectives, organizational structure, relevant units' responsibilities, management procedures, and control mechanisms to incorporate risk management into daily operations, and encouraged employees to conform with the principle to together participate in and promote risk management. Every year the status of risk management is reviewed and reported to the Audit Committee and the Board of Directors. The 2024 status of risk management was reported to the Audit Committee and Board of Directors respectively on November 1 and November 8, 2024.

Walsin Lihwa's risk management is intended to mitigate the impacts from internal and external risks, using the degrees of severity and Company's business characteristics to identify, monitor, and manage the risks associated with corporate governance as well as economic, environmental, and social issues. For further information on the risk response plans and mitigation measures, please refer to relevant chapters of this report or the Annual Report. For further information on relevant risk types and risk control mechanisms, please refer to Table 1 in the Risk Management Policy and Procedures.

Walsin Lihwa has included emerging risks into risk management supervised by the Board of Directors. The Company pays attention to the global environmental and industry trends in order to identify emerging risks every year, taking into account the Company's comprehensive business development and future planning.

Through effective intellectual property right management, Walsin Lihwa encourages R&D, protects its technologies and R&D achievements, pursues manufacturing process optimization, expedites product innovations and upgrades, and pursues smart manufacturing to achieve value-added transformation of the Company for ongoing growth. In 2020, Walsin Lihwa commenced implementation of the Taiwan Intellectual Property Management System (TIPS), which was certified in the same year. Class A certification by the TIPS was granted to Walsin Lihwa for the second time in 2021 and successfully passed the third TIPS Class A recertification in 2023.. The certification is valid through December 31, 2025.

An organizational adjustment in 2023 incorporated the Procurement Management Center into the TIPS' scope of implementation and planned the development of a trade secret management system in conjunction with confidentiality labelling of electronic documents implemented in 2022 to gradually strengthen confidential information protection in compliance with the TIPS requirements and develop annual intellectual property management policies and their objectives. On November 8, 2024, the status of implementation and annual plan were reported to the Board of Directors.

Walsin Lihwa encourages employees and outsiders to report corruption, bribery, as well as unethical conduct and other misconduct. Walsin Lihwa has enacted its Guidelines for Suggestions and Complaints by Stakeholders and set up the Stakeholder Communication Area on Walsin Lihwa's website. Stakeholders can leave their suggestions and complaints on the website to Walsin Lihwa's management and Chief Audit Executive. There is also an opinion mailbox for employees to provide suggestions, and employees or stakeholders are encouraged to report any suspicious activities or misconduct within the organization or between transacting parties, thereby preventing unlawful conduct or misconduct. The investigation process is always kept confidential to protect whistleblowers. The reports received are processed by responsible units, and the Audit Committee shall be informed of how they are processed. In 2024, 6 complaints and 2 suggestions were received, and all 8 cases were processed according to relevant regulations. Suspicious activities or misconduct included:

Walsin Lihwa has a robust internal audit system and has appointed independent directors to ensure the effective operation of internal control and reporting mechanisms; management also closely monitors the improvement results for internal control deficiencies. The Auditing Office—an independent unit with a Chief Audit Executive and dedicated auditors—reports directly to the Board of Directors and regularly attends Board meetings to present audit reports. The Chief Audit Executive and Independent Directors shall meet at least once quarterly to report the statuses of internal control and audit implementation to the Audit Committee in addition to regular reports to the Board of Directors. Extraordinary meetings may be convened in the case of major abnormalities. The Chief Audit Executive reports to the Chairman of the Board, the convener of the Audit Committee, Independent Directors, and President on an as-needed basis. The Auditing Office may also provide management with timely information on existing or potential issues with internal control through auditing activities.

To build an information system framework that is "digitally sustainable" and promote the Company's goal of digital transformation, Walsin Lihwa is promoting an information security strategy that focuses on strengthening information security resilience. The Company has established a comprehensive information security protection platform and runs simulation drills, and has integrated AI automated detection and defense technology. By improving the Company's information security technical protection measures Walsin Lihwa can leverage real-time and proactive defenses against information security risks, thereby laying a foundation for digital sustainability and meeting the government's policy goal of "information security is national security".

In the face of increasingly severe information security threats, Walsin Lihwa has implemented information security defenses based on the NIST CSF and CISA ZTA frameworks that are rigorous in both depth and scope, thereby comprehensively and effectively identifying information security risks faced by the Company and implementing effective control measures in real time to reduce information security risks. Additionally, the Company is actively promoting "net zero carbon emissions" and strengthening "cloud information security". Walsin Lihwa will continue to optimize information security protections and implement an integrated cloud–on-premise information security management framework. Information systems and backup mechanisms will gradually be transitioned to cloud-based ones in order to improve operational efficiency and information security standards, which will help the Company attain the goal of net zero emissions.

The Chief Information Security Officer (CISO) and the Information Security and System Maintenance Division of Walsin Lihwa are responsible for information security management promotion, including information security policy development, planning, and coordination, as well as the implementation of information security protection measures, assessment and management of information security risks, comprehensive information security planning, and promotion of information security management year by year with relevant solutions provided.

The IT Steering Committee—the information security management organization and decision maker at the Company and its individual business units—is responsible for reviews and decisions of matters related to information security management. The Board of Directors also has several members with information technology-related backgrounds on the Audit Committee, which supervises and reviews the Company's information security policy promotion. Members on the IT Steering Committee shall convene at least one management review meeting every year to review the status of information security policy implementation and ensure the effectiveness and appropriateness of standardized information security policies, thus complying with relevant laws and regulations as well as the competent authorities' requirements. In 2024, 13 information security regulations were amended to comply with ISO 27001:2022, as well as domestic and overseas laws and regulations and respond to external changes.

Walsin Lihwa introduced the ISO 27001 Information Security Management System (ISMS) in 2022, and has formulated detailed management strategies for information authorization, data backup, system development, outsourcing management, and intellectual property rights. The Company successfully obtained ISO 27001:2013 certification in 2023, and was subsequently certified under the updated ISO 27001:2022 version in 2024, further strengthening the Company's security protection related to threat intelligence, configuration management, and cloud services. Walsin Lihwa has adopted the Plan-Do-Check-Act (PDCA) methodology for quality management, and has comprehensively built an information security management system to ensure confidentiality, integrity, and availability. Walsin Lihwa continues to optimize information security measures based on the management framework of pre-incident prevention, real-time monitoring, and post-incident response. In 2024, the Company has conducted 4 external third-party information security risk assessments and further strengthened information security protection, ensuring the long-term security and stability of corporate information resources.

The objective of Walsin Lihwa's information security is to protect the confidentiality, integrity, and availability of sensitive customer data and business information. Through the joint efforts of all employees, internal and external information service users, and third-party service providers, the Company is committed to achieving the following policies and goals:

• Comply with internal and external regulations to protect the Company's confidential information and prevent unauthorized access, tampering, destruction, or improper disclosure.
• Protect the Company's business information, prevent unauthorized access or disclosure, and ensure the accuracy and completeness of business information in order to effectively protect trade secrets.
• Set up comprehensive business continuity planning and information security incident management procedures to ensure that the Company can properly respond to and handle incidents, and conduct regular drills to ensure the continuous operation of information systems or services.
• Properly handle and protect personal information and intellectual property rights in accordance with domestic and foreign laws and regulations, such as the Personal Data Protection Act and laws related to intellectual property.
• Regularly conduct information security compliance reviews, examine and implement the information security management system, and ensure compliance with the plan-do-check-act (PDCA) process in order to achieve continuous optimization.
• All employees must maintain a high level of awareness toward information security, and supervisors at all levels shall be responsible for overseeing and managing information security through activities such as management reviews, risk assessments, internal auditing, education and training, and information security drills, thereby achieving the goal of reducing risks from using information technology.
• All employees of the Company are required to comply with the Information Security Policy, management regulations, and SOPs. Any violation of the Information Security Policy or related regulations will be handled in accordance with applicable laws or Company rules.

Walsin Lihwa has developed information security plans for information security policy implementation year by year, introducing information security systems and workflow standards, and continuously improved the comprehensiveness of information security technologies and relevant protection measures. The specific management program has 5 objectives: separation of intranet from extranet, multilayered security defense, identification of security loopholes or other potential risks by log analysis and security inspection, smart security protection, and behavior analysis by log and big data analysis at the security operation center. These objectives can be achieved step by step through 4 approaches: IT governance, data and equipment protection, network and system control, and boundary defense.

▪The specific management program includes:

• Information protection mechanism planning and implementation to decrease confidential information leakage risks.
• Continue introducing advanced information solutions to enable effective system, host, and network behavior management and protection.
• Reinforcement of protection of external information service to effectively block hacker attacks.
• Provision of education and training on a regular basis to share new knowledge on information security and strengthen employees' awareness of information security.
• Focus on important systems to conduct disaster backup drills on a regular basis to rapidly resume operation in case of any disasters.
• Implementation of endpoint detection and response (EDR) to strengthen endpoint, server, and network equipment protection.
• Implementation of a security operation center (SOC) to enable effective and timely responsiveness to security issues.
• Reinforcement of cloud information security management through Zero Trust to help achieve digital and ESG sustainability.
• Introduction of AI automated technology to assist in information security detection and protection.

Walsin Lihwa regularly organizes Information Security Month every year, which lasts for one month. The Company also provides compulsory information security training courses for all personnel. In 2024, over 3,000 employees participated in the courses, and 6 email social engineering drills were conducted, with more than 2,500 participants for each drill. Employees who failed the drills were required to complete online information security courses and pass tests. In addition, the Company comprehensively implemented information security incident reporting management and drills this year, including the organization of incident reporting, the reporting and handling processes, and the external communication mechanisms, thereby comprehensively improving the Company's internal incident response and handling capabilities.

There were no major information or communication security issues, no confidential information leakage, and no related damage to the Company or its customers this year.

A corporate culture of "commitment to business integrity" refers to how all business activities must comply with local laws and regulations of Taiwan and the place of business. Walsin Lihwa stresses to our employees that they must refrain from violating relevant laws and regulations when pursuing business profits.

Walsin Lihwa is in the manufacturing industry, and our main compliance risks are related to labor and environmental protection laws, as well as the use of conflict minerals. Sales related risks include the protection of consumer safety and health rights as required by the industry's competent authority and the Fair Trade Act. Accounting-related risks are mainly related to the tax laws and tax collection regulations in each country, as well as their anti-money laundering regulations. Public companies are required to comply with the Company Act, the Securities and Exchange Act, and corporate governance and ESG related regulations.

No bribery, corruption, money laundering, anti-competitive practices, violations of the Company Act, insider trading, conflicts of interest, discrimination, harassment, personal information or privacy leakage, or other violations of business ethics occurred in 2024. However, there were incidents of non-compliance with the Labor Standards Act and Labor Law, related material penalties (higher than NT$100,000 or RMB 22,000) and the status of improvements are listed below: