Sustainable Governance

M31 Technology has established the “Corporate Governance Practice Principles” and operates in accordance with the following principles to ensure the Company’s sustainable operation.

1. Protecting shareholders’ rights and interests

2. Strengthen the functions of the Board of Directors

3. Enabling the role of the Audit Committee

4. Respecting the rights and interests of stakeholders

5. Enhancing information transparency

The Board of Directors members of the Company are composed based on professionalism and diversification, taking into account gender and age, with no kinship among the directors, and no more than one-third of the directors are also at managerial level (for details, please refer to the “Corporate Governance” section of the website), in order to achieve the professionalism and independent operation of the Board of Directors. The Chairman of the Board of Directors does not hold any managerial position, but oversees the overall operation and management of the Company. The Board of Directors’ meetings are held at least quarterly with an attendance rate of over 80% of the Board members.
The Company has established the “Audit Committee”, “Compensation Committee”, and “Nomination Committee” and “Sustainable Development Committee” to assist the Board of Directors in the consideration of important motions. In order to effectively implement the mechanism of independent supervision and checks and balances, all motions are submitted to the Board of Directors for reporting and discussion.

Corporate Governance Responsibility Unit

On May 4, 2021, the M31 Board of Directors resolved to appoint the Corporate Governance Officer to lead a cross-departmental Corporate Governance team responsible for corporate governance-related matters as follows to strengthen the Board structure and operations:

Handling matters relating to meetings of the Board of Directors, committees (composed of directors) and shareholders’ meetings in accordance with the law
Preparing minutes for the Board of Directors and shareholders’ meetings
Assisting directors in their appointment and continuing education
Providing information necessary for the directors to perform their duties
Assisting directors to comply with laws and regulations

Ethical Management Responsibility Unit

M31 Technology’s cross-departmental Ethical Management Team is a dedicated unit for promoting ethical management. Based on the responsibilities and scope of each department, this team is responsible for assisting the Board of Directors and management in formulating and implementing the Ethical Corporate Management Practice Principles. The implementation status of the 2022 Ethical Management Plan was presented to the Board of Directors every year, along with the submission of the Ethical Management Plan.

In order to establish a corporate culture of ethical management that promotes healthy development, as well as a framework for excellent business operations, the Company has established the “Ethical Corporate Management Practice Principles”, “Code of Ethical Conduct”, and “Complaint and Whistleblowing Procedure”.

The Company conducts ethical management-related training for managerial officers and all employees at least once a year; new employees sign a declaration of integrity during the orientation training. Each department of the Company follows the “Ethical Corporate Management Practice Principles” and “Internal Controls” to ensure ethical management in accordance with areas of responsibility.

The Company has established complaint and whistleblowing channels to ensure the fulfillment of the above commitments to ethical management and to protect the legitimate rights and interests of informants or complainants.

The Company’s “Internal Material Information Handling and Insider Trading Prevention Operational Procedure” provides specific guidelines for conducting business, including points to be observed, and strictly prohibits company personnel from engaging in insider trading using undisclosed information they are aware of and must not be disclosed to others to prevent the misuse of such undisclosed information for insider trading.

Personal Data Protection Policy

M31 upholds the principles of integrity and respect for personal privacy. The Company strictly complies with the Personal Data Protection Act and other related laws and regulations, and is committed to establishing a sound personal data management and protection mechanism to ensure the security and confidentiality of personal data. The Company has established the “Personal Data Protection Management Regulations” to implement stringent privacy and data protection measures, build a data governance framework, set data standards, enforce access control mechanisms, and establish data ownership review procedures. These ensure the availability, integrity, and confidentiality of personal data throughout its collection, processing, and utilization.

This policy applies to the Company, all subsidiaries, business locations, customers, suppliers, employees (including part-time, interns, and contractors), and any individuals providing personal data, as well as third parties entrusted by the Company to collect, process, or use such data.To effectively manage data protection risks, the Corporate Governance Task Force under the Sustainability Development Committee is responsible for supervising and implementing compliance with the ‘Personal Data Protection Management Regulations.’ The Legal Department provides regulatory and legal support, while data management units are responsible fo maintaining and protecting the data under their control.

The Governance Task Force convenes annual and ad hoc meetings to enhance cross-department communication, ensure compliance, and provide necessary resources and support for data protection activities.Employees or stakeholders who have questions or complaints related to personal data protection may contact the Corporate Governance Task Force. Individuals may request to inquire, review, or obtain copies of their personal data. The responsible data unit shall respond or make a decision within fifteen (15) days, with the possibility of an extension of another fifteen (15) days when necessary, with written notice to the applicant.

Personal Data Protection Implementation in 2025
To enhance company-wide data protection awareness and ensure compliance, the Company carried out the following measures in 2025:

1. Conducted 2 Personal Data Protection Management Meetings to review progress and improvement plans.

2. Organized employee training sessions totaling 276 participants / 138 hours, Participation Rate 92.2%, achieving a 100% passing rate in post-training assessments.

3. Recorded zero (0) complaints or incidents of data breaches or information security anomalies.

The Company will continue to strengthen data governance and privacy protection mechanisms, implement risk management and legal compliance, and safeguard the personal data of customers, employees, and partners — striving to be a trusted and responsible enterprise.

Corporate Governance Performance

For four consecutive years, the Company has received the honor of being ranked among the top 5% of listed companies in the “Corporate Governance Evaluation System”, demonstrating our achievements in various aspects, including “Protecting Shareholders Rights and Interests and Treating Shareholders Equally”, “Strengthening Board Structure and Operations,” “Enhancing Information Transparency”, and “Practicing Corporate Social Responsibility”.

Annual status of complaints and whistleblowing are as follows:

Complaint and Whistleblowing Channels	Significant Employee Complaints / Whistleblowing (Uncategorized)	Sexual Harassment	Complaints of Unlawful Incidents	Confidential Information Protection Control Procedure	Cases Established After Investigation
2023	0	0	0	0	0
2024	0	0	0	0	0
2025	1	0	0	0	0

Handling of 1 employee complaint case: The case was investigated and handled in accordance with applicable regulations and subsequently closed; it did not fall within the scope of ethical management.

On December 19, 2025, the Ethical Management Team presented the implementation status of the 2025 Ethical Management Plan to the Board of Directors, along with the submission of the 2026 Ethical Management Plan and conducted insider trading awareness promotion for the board of directors.

Regularly remind directors and managerial officers via email that they are prohibited from trading the company’s stock 30 days before the annual financial report announcement and 15 days before each quarterly financial report announcement.

In 2025, the Company organized a training program for managerial officers and all employees related to ethical management. The course includes online training on ethical management practices and the prohibition of insider trading, with a total of 318 participants, an attendance rate of 82%, and 91% passing rate in post-training assessments. Course materials have been uploaded to the internal education and training platform for employees’ reference.