Investor

INVESTOR

Corporate governance

Corporate Governance Operations

XXXXXX

公司治理主管

The Board meeting of 3 November 2020 resolved to appoint Ms. Chia-Chun Chiang, Manager of the Finance Department, as the Corporate Governance Officer. In an effort to enhance the functions of the Board of Directors and protect shareholder rights, the Board meeting on 31 October 2022 passed a resolution to establish a Secretariat, Board of Directors as the Corporate Governance Unit with Manager Chia Chun Chiang designated as the dedicated Corporate Governance Officer. She possesses over three years of experience in managing financial and corporate governance affairs for publicly traded companies. Additionally, Ms Shu-Ling Chen was appointed (with experience in stock affairs and having passed the professional competence test for stock personnel-Certificate No. 4610256012 issued by the Taiwan Stock Exchange in 2019) to assist in the operations related to corporate governance matters.

The responsibilities include the following:
1.Conducting board meeting and shareholders’ meetings related affairs.
2.Compiling minutes for both Board of Directors and shareholders’ meetings.
3.Assisting directors on board and providing support for ongoing education.
4.Furnishing information required for the execution of directors’ duties.
5.Assisting directors in compliance with legal requirements.
6.Conducting legal assessments of the eligibility of independent directors.
7.Handling matters related to changes in the composition of the Board of Directors.
8.Addressing other matters stipulated in the company’s articles of incorporation or contracts.

2025:

1.Business practicing is stated as following:
(1) Conducted meetings of Board of directors : totaling 5 times.
(2) Conducted Annual General Meeting and prepared AGM meeting minutes: one time.
(3) Conducted Directors’ training: 11 participants, totaling 72 hours.
(4) Assisted relevant data for Directors’practices, including meeting materials provided to the Board 7 days ahead.
(5) Assisted Directors in compliance with applicable laws and regulations.
(6) Report to the Board of Directors on the legality of independent directors.
(7) Pre-registration of the date of the annual general meeting of shareholders is carried out in accordance with the
law, Instantly process changes to registration items, For example, amending the articles of incorporation or
elections director.

2. Training Overview:

Date	Organizer	Course Title	Hours
2025.05.16	SECURITIES & FUTURES INST.	Prevention of insider trading publicity meeting	3
2025.07.09	TWSE	CATHAY SUSTAINABLE FINANCE AND CLIMATE CHANGE SUMMIT	6
2025.07.25	SECURITIES & FUTURES INST.	Insider Equity Trading Legal Compliance Seminar	3
2025.10.28	TWSE	TWSE-Listed Company Business Promotion	3

XXXXXXXXXX

防範內線交易之落實情形

Implementation of Insider Trading Prevention Measures:

(1) Education and Advocacy:

The company arranges educational sessions on the “Insider Trading Prevention Policy” and related regulations for new directors and managers within three months of their appointment.
For newly hired employees, the Human Resources Department provides education on insider trading prevention during pre-employment training.

(2) Announcement and Reminders:

The company announces its annual and quarterly financial reports on the same day as approval by the Board of Directors. Directors are reminded, when meeting notices are sent, not to trade company stocks during the blackout periods:

30 days prior to the announcement of annual financial reports.
15 days prior to the announcement of quarterly financial reports.

For 2025 (114th year), the dates of advocacy regarding prohibited trading during blackout periods are as follows:

Board Meeting Date	Advocacy Date (E-mail)	Report Period
114/02/25	114/01/16	Financial Report for FY113
114/04/29	114/04/01	Q1 Financial Report FY114
114/07/29	114/07/01	Q2 Financial Report FY114
114/11/04	114/10/07	Q3 Financial Report FY114

(3) Employee Training:

“Ethical Business and Insider Trading Prevention Advocacy and Intellectual Property Rights Promotion” sessions were conducted on September 23, 2025 and October 14, 2025, for employees at three plants (or units).
Each session lasted one hour, with a total of 58 attendees.

XXXXXXXXX

推動企業信經營具體落實情形

Specific Implementation of Promoting Ethical Business Practices:

(1) Education and Advocacy:

On September 20, 2024 (113th year) and October 18, 2024, the company conducted a one-hour “Ethical Business and Insider Trading Prevention Advocacy” session for employees across three plants (or units), with a total of 47 participants.

(2) Compliance Status:

As of December 31, 2024, no incidents of violations of ethical business practices have been identified.
The company has not received any internal or external reports regarding violations of ethical business practices. The implementation status remains normal without any irregularities.

XXXXXXXXX

資通安全落實情形

Implementation of Information Security Measures:

1. Management Level Support
On 2025/11/04, we already report the 2025-year information and communication security (InfoSec) management status to the Board of Directors.

2. InfoSec Resource Input
(1) Critical Asset Risk Management – For better system availability and reliability:
•Remote Data Backup: Use self-built VPN secure network and auto-schedule to backup main server system to Taipei company.
•Disaster Recovery Drill: Simulate ERP main server failure and do recovery test using Taipei backup, restore into HR virtual machine to continue service.

(2) Data Security Management – To protect data from malware attack:
• User Workstation Audit: Check legal software, auto system update, antivirus auto update, and data backup.
• NAS Server Management: Check disk array health, firmware update, and backup NAS management.
• Firewall Management: Check event log, adjust related security settings.

3. Operational InfoSec Management – Keep updating with time, follow InfoSec operations:
(1) DNS : attack and adjust.
(2) Firewall : update fireware, check event log and adjust related security settings.
(3) Send computer center staff to external education training.
(4) Hold InfoSec operation training in each factory/site: use real incident example to explain prevention and how to handle it.

4. Cybersecurity and Network Risk Assessment
(1) In Year 2025, we do InfoSec risk evaluation by steps: identify risk, analyze, define risk level, and do risk evaluation. No high impact found on business operation.
(2) Deloitte audit on internal control for information system in Year 2025 did not find serious risk.
(3) External company do network security test twice in Year 2025. No big cybersecurity issue found.

5. InfoSec Incidents
(1) No major InfoSec incident happened in past 3 years that cause company loss or affect operation.
(2) Every year we do ERP system off-site recovery drill to respond fast in abnormal situation.1.

XXXXXXXXX

智財權的執行情形

Specific of Promoting Intellectual Property Rights Practices：

(1) Management policies：

. On July 29, 2025, were submitted to the Board of Directors for review and approval for “Intellectual Property Management Policy” and “Intellectual Property Management Plan” .

(2) Implementation status :

. On September 23, 2025 and October 14, 2025, the company conducted a one-hour “Ethical Business and Insider Trading Prevention Advocacy and Intellectual Property Rights Promotion” session for employees across three plants (or units), with a total of 58 participants.

Investor

INVESTOR

Investor

Corporate Governance Operations

公司治理主管

2025:

防範內線交易之落實情形

Implementation of Insider Trading Prevention Measures:

推動企業信經營具體落實情形

Specific Implementation of Promoting Ethical Business Practices:

資通安全落實情形

Implementation of Information Security Measures:

智財權的執行情形

Specific of Promoting Intellectual Property Rights Practices：

Headquarters

General Administration Office

Fugang Plant

Toufen Plant

About GCM

Products

Can insights

News

ESG

Investor

Careers

Contact

About GCM

Products

Can insights

News

ESG

Investor

Careers

Contact