CONTENTS
Message from the Chairman 01 Sustainable development management 11
About this Report 03 Special Topic:Forging the "Koal Shield" for 15
the Digital Age
About Koal 04
Excellence in Innovation leads
governance the way
efficient
operations as our shield
Corporate governance 19 Product technology innovation 35
Risk and compliance management 26 Product quality and safety 45
Business ethics 28 Customer relationship management 51
Party leadership 30 Information security and privacy protection 55
Sustainable supply chain 66
People-oriented Green operations
collaborative and
win-win outcomes
future
Employee rights and benefits 71 Environmental management system 93
Human capital development 75 Climate change mitigation 95
Occupational health and safety 84 Green products and solutions 99
Industry ecosystem development 85 Green operations 101
Community engagement 89
Key performance table 105
Indicator index table 108
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Message from the Chairman
Message from the Chairman
Building on Cryptography, Empowering Through Govern-
ance, Embarking Together on a New Journey Towards Sus-
tainable Development
In 2025, Koal continued to deepen its ESG strategy, contin- digital authentication and trusted identity systems, launched industries. In the field of domestic computing security,
uously optimized its governance structure with the Board comprehensive quantum-safe solutions tailored to key sectors we deepened collaboration with mainstream domestic
of Directors at the core and the ESG Committee as the such as E-Government, finance, and energy, and took the lead in chip and operating system vendors to advance the large-
execution hub, and further strengthened its team of social completing pilot applications on digital government platforms in scale application of built-in cryptographic capabilities. By
responsibility and environmental experts. Through these certain cities, effectively countering the potential threats posed adopting a green technology solution of "ready-to-use
measures, we ensured that the "hard constraints" of gov- by quantum computing and building a secure barrier for urban upon startup, enabled on demand," we are continuously
ernance were effectively transformed into the "soft power" information networks in the quantum era. reducing industry deployment costs and energy con-
driving corporate development. In our daily operations, sumption, thereby creating a replicable and scalable ESG
paperless office practices have achieved full-scenario In the field of data governance, we uphold the principle of path for domestic computing security practices.
coverage. The green operations of six major R&D centers, placing equal emphasis on security and low carbon, and fos-
ten delivery centers, and all marketing service outlets tering the coexistence of compliance and value, integrating Looking ahead, Koal will continue to focus on core areas
delivered remarkable results, and energy consumption data governance throughout the entire business process. such as post-quantum cryptography and data govern-
per unit of output value further decreased compared with On the one hand, with "identity + cryptography" as our core ance, increase investment in green technology R&D, and
the previous year. Koal Academy continued to upgrade its capability, we built a security protection system covering the explore more environmentally friendly, secure, and effi-
training system, effectively putting into practice employ- entire lifecycle of data collection, transmission, storage, and cient software solutions. We will remain steadfast in our
ee career development and care for physical and mental use. Leveraging technical measures such as refined access corporate mission to "make connectivity more trustwor-
health, and conducted over 100 various specialized train- management and real-time data monitoring, we prevented thy and data more secure." We will integrate ESG princi-
ing sessions throughout the year. The rural revitalization the risks of data leakage and misuse, providing customers with ples into every aspect of technology innovation, business
plan progressed steadily, and our cooperation with Guo- reliable data security protection. On the other hand, we deeply management, and social responsibility. Working hand in
dazhai Township, Fengqing County, Lincang City, Yunnan integrated low-carbon principles into the process of data fac- hand with all like-minded partners, we will build a solid
Province continued to deepen. By leveraging digital mar- torization, optimized our cryptographic service architecture, foundation with cryptography and empower develop-
keting to empower the brand upgrade of "Qiongying An- and reduced energy consumption losses during data process- ment through governance amid the tide of the digital era.
cient Tree Tea," we truly transformed lucid waters and lush ing. Meanwhile, we actively promoted the standardization of Together, we will write a new chapter in the synergistic de-
mountains into invaluable assets for rural revitalization. supply chain data governance, assisted core suppliers in estab- velopment of ESG and digital security, injecting stronger
Dear colleagues and partners,and friends who follow and sup- lishing carbon accounting and data disclosure systems, and momentum for security into the sustainable development
port Koal: During the year, we consistently centered on technology fostered an industrial ecosystem of "data security + low-car- of the digital economy and society.
As time passes and the seasons change, our original aspiration innovation, prioritizing post-quantum cryptography and bon development," making the development philosophy of
Once again, we extend our sincerest gratitude to friends
remains as steadfast as a rock. As the year 2026 unfolds, we data governance as the top priorities of our ESG practices, "innovation, coordination, green, openness, and sharing" the
from all sectors who have shown concern and support
present this annual ESG report to review Koal's meticulous and deeply integrating security capabilities with sustaina- underlying logic of the digital era.
for Koal's development! May you all lead the way, gallop
efforts towards sustainable development and to further convey bility concepts. In the field of post-quantum cryptography,
ahead like fine steeds, and charge forward with unstop-
our unwavering commitment to addressing the challenges of we have never ceased our exploration in the face of the Additionally, we continued to expand the breadth and depth
pable momentum!
the times with technology innovation. Since the United Nations disruptive challenges that quantum computing technolo- of ESG application scenarios. In the low-altitude economy
Global Compact proposed the concept of ESG, this philosophy gy poses to traditional cryptographic systems. In 2025, the sector, we further improved the trust service system for low-al-
has evolved from an industry consensus into a core driving Company increased its investment in research and devel- titude aircraft, upgraded drone identity sensing and signal
force for high-quality corporate development, and Koal has al- opment, established a dedicated technical task force, and monitoring equipment, and, combined with AI computing
Chairman of Koal Software Co., Ltd.
ways firmly believed that the deep integration of ESG and digi- achieved key breakthroughs in the optimization of PQC Al- power infrastructure, achieved precise prediction and rapid re-
tal security is the key for us to gain a firm foothold and achieve gorithms and their engineering applications. We success- sponse to the abnormal behavior of illegal drones, safeguarding Kong Lingang
steady and sustainable growth in an era of transformation. fully deeply integrated post-quantum cryptography with the sustainable development of the country's strategic emerging
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report 关于格尔软件
About Koal
About this Report About Koal
This Report is the third Environmental, Social and Governance (ESG) Report publicly released by Koal Software Co., Ltd. (hereinaf-
Company profile
ter referred to as "Koal") to the public (hereinafter referred to as "this Report"). This Report, based on the principles of objectivity,
openness, and transparency, discloses to stakeholders Koal Software Co., Ltd.'s sustainability philosophy, management practices, Koal Software Co., Ltd. (stock code: 603232) is a pioneer and leader in China's information security digital trust sector and serves as
and key performance in 2025. the president unit of the Shanghai Commercial Cryptography Industry Association. In April 2017, Koal was listed on the main board
of the Shanghai Stock Exchange. The Company operates six major R&D centers and ten major delivery centers, with a network of
marketing and service outlets spanning major provincial capital cities across the country, providing end-to-end, fully compatible
Reporting scopeq Organizational Scope: The scope of this Report aligns with that of the annual consolidated financial and comprehensive security solutions and specialized services to more than 30 national ministries and commissions, over 100
statements of the Company. state-owned enterprises and central state-owned enterprises, and more than 200 commercial banks. In 2023, Koal was recognized
Reporting Period: This Report covers the period from January 1, 2025, to December 31, 2025. Some con- as one of the Top Ten Leading Enterprises in Digital Economy Innovation of 2023, and was ranked by IDC among the top three com-
tent may be extended beyond this timeframe as deemed appropriate. This Report is an annual report. panies in China's Identity and Access Management Software Market Share and among top 10 for security in the "Top 100 Digital
Government Rankings." In 2024, the Company was recognized by CCID as top 2 in China's Identity Authentication Market Vendor
Structure, and was named one of the 2024 Top 50 Competitive Enterprises in China's Cybersecurity Industry by the China Cyber-
Definition of terms For ease of expression and reading, Koal Software Co., Ltd. is referred to as "Koal," "the Company,"
security Industry Alliance (CCIA). In 2025, the Company received the Second Prize for Scientific and Technological Progress from
or "we" in this Report.
Shaanxi Province and the "Pioneer Award" in the commercial market category at the HarmonyOS Office Industry Summit.
Basis for preparation Guidelines No. 1 of Shanghai Stock Exchange for Self-Regulation of Listed Companies - Standard-
ized Operation (Revised in May 2025); Guidelines No. 14 of Shanghai Stock Exchange for Self-Regu-
lation of Listed Companies - Sustainability Report (Trial) (Effective on May 1, 2024); Guidelines No.
ability Reports (Revised in January 2026); the Ministry of Finance's Sustainability Disclosure Stand- Unity, dedication,
ards for Business Enterprises - Basic Standard (Trial) (Issued on November 20, 2024); the Ministry of innovation, security,
Finance's Application Guide for the Corporate Sustainability Disclosure Standards - Basic Standard efficiency, sharing
(Trial) (Issued on September 15, 2025); the Ministry of Finance's Corporate Sustainability Disclosure
Standards No. 1 - Climate (Trial) (Issued on December 25, 2025); IFRS S1: General Requirements for Vision
Disclosure of Sustainability-related Financial Information; IFRS S2: Climate-related Disclosures; GRI
To be a leader in cy-
(Global Reporting Initiative) Sustainability Reporting Standards (2021); United Nations Sustainable
Mission berspace and digital
Development Goals (SDGs).
asset security
To defend digital
Source of information All information and data in the Report are sourced from the Company's official documents statistical sovereignty and
reports, and financial statements, as well as information on sustainable development practices of each safeguard the
that have been gathered and reviewed by the relevant functional departments of the Company. Unless digital world
otherwise specified, all monetary amounts mentioned in this Report are measured in RMB.
Assurance of accuracy The Company assures that this Report contains no false records, misleading statements, or signifi-
cant omissions, and is accountable for the authenticity and accuracy of its content. This Report has
been reviewed by the Company's Board of Directors and is being publicly released.
Report access & contact The electronic version of this Report is available on the Shanghai Stock Exchange website (www.
sse.com.cn) and the Cninfo website (www.cninfo.com.cn). If you have any questions regarding this
Report, please feel free to contact us through the following channels:
Address: Building A2, G60 Commercial Cryptography Industry Base, No. 1-7, Lane 58,
Muchuan Road, Sijing Town, Songjiang District, Shanghai
Tel/Fax: 021-62327028/021-62327015
Email: stock@koal.com
Website: www.koal.com
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report About Koal
URUIMGIO
Service Presence SHENYANG
BEIJING
Shanghai, Beijing
ZHENGZHOU
R&D Centers XI'AN NANJING
SHANGHA
Algeria
Beijing, Shanghai, Xi'an, Chengdu, Zhengzhou, Nanjing WUHANO
LHASA
CHENGDUO
Diaoyu Island
Beijing, Shanghai, Zhengzhou, Xi'an, Chengdu, Guangzhou,
QUANZHOU
Dongsha Islands
Urumqi, Lhasa, Wuhan, Shenyang GUANGZHIOU
South China Sea
Xisha Islands
Nationwide coverage across all provinces, municipalities, auton- Zhongsha Islands
omous regions and SARs in China
Thailand Nansha Islands
Business Presence
Gambia
Subsidiaries
Subsidiaries
Companies
Productization Verticalization Platformization Operationalization Servitization
Identity security Cryptographic security Data security
IoT security product series
product series product series product series
Company The identity security product series encompasses Public Key Infrastructure The cryptographic security product se- The data security product series in- The IoT security product series is underpinned by com-
(PKI) and trusted identity control platforms. The PKI serves as a security ries includes foundational cryptograph- cludes products such as data access mercial cryptography, guided by national standards, and
Product Series foundation, integrating digital certificate authentication systems, certificate ic components such as key manage- control gateways, database encryp- aims to achieve authentic identity, protocol integrity, and
registration systems, and collaborative signature services. It ensures confi- ment systems, cryptographic machines, tion systems, storage encryption data encryption across multi-dimensional spaces includ-
dentiality, integrity, authenticity, and non-repudiation across various digital and signature verification servers, as gateways, data asset discovery, and ing sky, ground, sea, air, network, people, and objects. By
scenarios, forming the cornerstone for building digital trust systems. The well as products such as SSL VPN, IPSEC data security management, as well as implementing authentication, authorization, and encryp-
trusted identity control platform amalgamates PKI with other identity tech- VPN, and integrated application security full-scenario solutions for data securi- tion technologies in intelligent IoT scenarios, it establishes
nologies, broadening the scope of identity management. Beyond digital gateways. It also features a cryptographic ty built on the basis of these products, a scalable security foundation. This enables secure and ef-
certificate-based identities, it offers unified lifecycle management for diverse service platform that enables centralized and trusted data space solutions for ficient interconnection in smart IoT applications, prevents
digital entities, along with multi-factor authentication, access policy man- management and service-oriented exten- the field of data circulation. unauthorized access to critical information, safeguards
agement, and identity risk analysis functionalities, providing platform-level sion of these components and products, sensitive data from breaches, protects individual privacy,
support for constructing robust digital trust systems. serving as the foundational base for cy- and bolsters the overall security of smart networks.
bersecurity and data security.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report About Koal
Key Performance
Total assets:RMB Annual R&D investment for the year: RMB Total number of employees Energy consumption intensity
Operating revenue:RMB Test software re-confirmation rate: Percentage of female employees GHG emissions intensity:
Total tax payment: RMB Customer satisfaction rate for customer service: Total employee training hours Water consumption intensity
Proportion of independent directors Non-hazardous waste discharge intensity
Total expenditure on public wel-
Major corruption and bribery incidents Acceptance rate for procured materials fare and external donations: RMB
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report About Koal
Responsibilities and Honors
Award Association name
Second Prize for Scientific and Technological
Competitiveness - Large-Scale tographic Technologies and Applications for
Shanghai Software Industry Association Data Security Protection on Cloud Platforms Shanghai Commercial Cryptog- Shanghai Secrets Pro- Journal of Information Security
People's Government of Shaanxi Province raphy Industry Association tection Association and Communications Privacy
President Unit Vice President Unit Vice President Unit
Exemplary Case of Innovation in Information
Top 10 Projects of the China (Shanghai) Interna-
Technology Applications - Koal Cloud Cryp-
tional Technology Fair (CSITF): Koal Quantum
tographic Service Platform
Cryptography Security Solution
China State Secrets Shanghai Software Industry Shanghai Information Security
Specialized Committee on Information Technolo-
China (Shanghai) International Technology Fair (CSITF) Protection Association Association Trade Association
gy Innovation, China Institute of Communications
Council Member Unit Council Member Unit Council Member Unit
ESG New Benchmark Enterprise Award Outstanding Investor Relations Team
Stock Star Stock Star
Chinese Association for Cryp- WG3 and WG4 Working Groups of Big Data Working Group of the
tologic Research the Information Security Stand- Information Security Standardi-
ardization Technical Committee zation Technical Committee
Golden Intelligence Award in China's Network Golden Intelligence Award in China's Net- Council Member Unit Member Unit Member Unit
Security and Information Industry - Innovation work Security and Information Industry -
Leading Enterprise of the Year Innovative Solution of the Year
The Journal of Information Security and Communi- The Journal of Information Security and Communi-
cations Privacy Magazine and other organizations cations Privacy Magazine and other organizations
China Cybersecurity In- Shanghai Industrial Technology Yulin Municipal Commercial
dustry Alliance and Innovation Association Cryptography Association
Member Unit Council Member Unit Board Member
Outstanding Enterprise in the Commercial
Commercial Market "Pioneer Award" Cryptography Industry for 2024-2025
Forum of the Commercial Cryptography Industry
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Sustainable development management
Sustainable development management Stakeholder engagement
Koal highly values the opinions and demands of stakeholders, continuously improves stakeholder engagement mechanisms and communication
Sustainable development governance structure methods, and maintains regular communication with stakeholders, enabling stakeholders to effectively participate in our ESG governance work.
Koal places great emphasis on sustainable development management and is committed to embedding sustainability principles across all
aspects of its operations. The Company has established and continuously improved its ESG governance framework and management system, Stakeholders Issues of concern Communication channels and methods
formulated ESG-related policies, and developed an efficient ESG management mechanism. ESG strategies are effectively integrated into various
Risk and Compliance Management General Meeting of Shareholders
departments and core business processes, which consistently enhances top-down ESG engagement and management capabilities.
Business Ethics and Anti-corruption Roadshows and results briefings
The Company has established a comprehensive and systematic ESG governance structure covering the "decision-making body, management
R&D Innovation Investor hotline and email
body, and execution body." As the leading and decision-making body for ESG management, the Board of Directors is responsible for reviewing
Product Quality and Safety Communication with minority shareholders
and approving the Company's ESG strategic plans and targets, ESG governance structure and important policies, major ESG matters, and re- Shareholders
sponse plans for major ESG-related risks. Under the supervision and guidance of the Board of Directors, the ESG Committee was established, or investors Sustainable Supply Chain Regular information disclosure (annual fi-
with the General Manager serving as the Chair of the ESG Committee, responsible for establishing and continuously optimizing the Company's nancial reports, ESG reports, official WeChat
ESG governance structure, formulating key ESG strategic objectives and strategic plans, reviewing annual ESG plans, and supervising and guid- account, company website, etc.)
ing their implementation, among other related tasks. An ESG Executive Committee was established under the ESG Committee, responsible for
Risk and Compliance Management Special reception day
the day-to-day management, promotion, implementation, and execution of ESG work.
Business Ethics and Anti-corruption Information disclosure platforms
In 2025, Koal newly revised the Implementation Rules of the ESG Committee of Koal Software Co., Ltd. The ESG Committee continued to active-
Information Security and Privacy Protection Government meetings and government visits
ly perform its duties, identifying and discussing important ESG-related issues of the Company and reviewing and approving the Koal Software
Climate Change Mitigation Regular information disclosure (annual fi-
Co., Ltd. 2024 Environmental, Social and Governance (ESG) Report , while clarifying specific work directions in areas such as the utilization of Government
Emissions and Waste Management nancial reports, ESG reports, official WeChat
green energy and the development of green applications. At the same time, the Company actively participated in ESG training covering the and regulatory
account, company website, etc.)
latest ESG trends and compliance requirements, as well as the enhancement of ESG management capabilities, laying a solid governance foun- authorities Product Quality and Safety
dation for achieving sustainable development. Communication with industry associations
and other organizations
Koal's ESG Governance Structure
Product Quality and Safety Customer satisfaction surveys
Customer Relationship Management Pre-sales, mid-sales, and after-sales custom-
Board of Directors R&D Innovation er communication
Deci- Review and approve the Company's ESG strategic plans and goals, ESG governance structure, and important policies Customer visits
Information Security and Privacy Protection
sion-making Customers
Review and approve the Company's major ESG matters and response plans for major ESG-related risks, etc. Climate Change Mitigation Customer audits
body
Review the Company's ESG-related disclosure documents, including but not limited to the annual ESG report Clean Technology Opportunities (Green Prod- Third-party training
ucts and Solutions)
Human Capital Development Employee activities and communication
ESG Committee Labor and Human Rights Management Employee performance communication
Establish and continuously optimize the Company's ESG governance structure Diversity and Equal Opportunities Internal information communication platform
Employees
In conjunction with the corporate development strategy, formulate key ESG strategic goals and strategic Talent Training and Development Employee satisfaction surveys
Management Occupational Health and Safety Employee complaint channels
plans, review annual ESG plans, and supervise and guide their implementation
body
Supervise, guide, and optimize the Company's key work related to environmental protection, social re- Product Quality and Safety Supplier training
sponsibility, and corporate governance, and promote the Company's sustainable development Sustainable Supply Chain On-site audits and communication
Review other major ESG-related matters Partners/Suppliers Climate Change Mitigation Regular visits
Other matters authorized by the Board of Directors
Product Quality and Safety Face-to-face communication
Information Security and Privacy Protection Complaint hotline
Climate Change Mitigation Public welfare activities
ESG Executive Committee
Emissions and Waste Management Public channels such as the Company's offi-
Conduct centralized management and implementation of various issues Community and cial website and official account
Execution Resource Utilization and Circular Economy
body the public
Monitor and report project progress and target achievement Community Engagement Regular information disclosure (annual fi-
Collect and consolidate ESG information and data nancial reports, ESG reports, official WeChat
account, company website, etc.)
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Sustainable development management
Material issue management 2025 Materiality Issues Matrix of Koal
High
Material issue management is the foundation for enterprises to advance sustainable development planning, risk and opportunity management, and Social
information disclosure. Koal, based on the GRI Sustainability Reporting Standards (GRI Standards) , Guidelines No. 14 of Shanghai Stock Exchange for 01 01 Product Quality 02 R&D Innovation
Significance of Impact on Economic, Environmental, and Social Sustainability
the Sel—Regulation of Listed Companies — Sustainability Report (Trial) and IFRS Sustainability Disclosure Standard No. 1 —General Requirements 02 and Safety
for Disclosure of Sustainability—related Financial Information (IFRS S1) , as well as other latest information disclosure standards, and in light of the
Company's business characteristics, conducted a double materiality analysis for all stakeholders from two dimensions: "impact materiality" (i.e., the
significance of impacts on economic, environmental, and social sustainability) and "financial materiality" (i.e., the significance of impacts on the Com- 11 10 04
pany's finances). Through assessment and analysis, we identified and screened material issues as the focus of sustainable development management
and ESG information disclosure, so as to better respond to stakeholders' expectations and concerns.
Opportunities Rights Management
fare Volunteering and Rural Revitalization)
Governance
Identification of ESG issues 03 Information Security 04 Business Ethics and
In line with the macro policies of the regions where we operate, as well as the specific policies or standards of 16 Development ance Management
the industries in which we operate, we compiled an ESG issues list based on an analysis of internal and external
Environmental
development trends, and identified 17 material general issues and industry-specific issues by: a) referencing 17
authoritative domestic and international sustainability reporting guidelines and standards; b) referencing main-
Mitigation Opportunities (Green
stream domestic and international ESG rating systems and sustainability issues of concern within the same Products and Solutions)
industry; c) selecting issues of common concern to internal and external stakeholders, combined with the char-
acteristics of the industry in which we operate, the stage of industry development, our business model, the value
Low Significance of Impact on the Company's Financial Performance High and Circular Economy Management
chain in which we participate, and other factors, to identify other issues with financial materiality or impact ma-
teriality; d) consulting expert opinions, etc.
Analysis of risks and opportunities related to material issues
For material issues, the Company comprehensively reviewed risks and opportunities and their impact periods, and formulated corresponding response strate-
gies to strictly control relevant risks, actively seize relevant opportunities, and achieve the Company's sustainable development.
Material issues Impact period Risks and opportunities Impact level
Research and assessment
Inconsistent code quality and frequent security vulnerabilities may lead to insufficient system sta- Negative impact:
Product Short-term,
bility, undermining user trust. Very significant
Quality and medium-term,
Following the principle of double materiality, we regularly conducted research and assessment on the "impact High-quality products can increase customer trust, enhance market share, and secure a competi- Positive impact:
Safety long-term
tive advantage. Very significant
materiality" and "financial materiality" of issues, forming the Company's double materiality issue matrix. In 2025,
Information Negative impact:
the stakeholders participating in the materiality issue research of Koal included directors, senior management, Short-term, Data breaches, cyberattacks, and rising compliance requirements may trigger compliance risks or reputa-
Security and Very significant
employees, customers, suppliers, investors, regulatory authorities, media, and the public. medium-term, tional damage.
Privacy Positive impact:
long-term Strengthening the Company's internal information security protection helps enhance customer trust.
Impact materiality: We determined the assessment factors and scoring ranges for impact materiality, and had Protection Very significant
stakeholders assess the Company's material issues based on factors such as the scale, scope, irremediability, High R&D investment may face the risk of failure, and accelerated technological iteration may Negative impact:
Short-term,
R&D cause products and services to become obsolete rapidly. Moderately signifi-
and likelihood of occurrence of impacts; medium-term,
Innovation Emerging technologies such as AI and cloud computing drive business growth, and policy support cantPositive impact:
long-term
Financial materiality: We determined the assessment factors and thresholds for financial materiality, and accelerates the commercialization of technological achievements. Very significant
assessed financial materiality based on factors such as whether the issues were expected to have significant Insufficient employee training and development will lead to risks such as strategic and organization-
Negative impact:
Short-term, al transformation risks and employee turnover risks.
impacts in the short, medium, and long term on the Company's business model, business operations, develop- Human Capital Moderately significant
medium-term, A sound employee learning and development and talent cultivation system will strongly support
ment strategy, financial position, operating results, cash flow, financing methods, and costs. Development Positive impact:
long-term the achievement of the Company's strategic objectives, enhance the Company's brand and market
Very significant
competitiveness, and bring potential business opportunities to the Company.
Incidents of commercial bribery and corruption may bring significant economic costs, legal consequenc-
es, operational risks, and reputational impacts to the Company. Negative impact:
Business Ethics Short-term,
Anti-bribery and anti-corruption efforts help enterprises establish and improve sound internal manage- Significant
and Anti- medium-term,
Issue confirmation and reporting ment systems and processes, optimize internal management, and enhance management efficiency and Positive impact:
corruption long-term
transparency. Moderately significant
Customized services can accurately match customers' business models and enhance user loyalty.
We integrated the results of impact and financial materiality, and reviewed the screening and analysis results Negative impact:
Customer Short-term, Standardized services may find it difficult to meet personalized needs, potentially leading to a decline in
through two channels, internal management team and external experts, which were then reviewed and con- Significant
Relationship medium-term, customer satisfaction.
firmed by the ESG Committee. For material issues, the report focuses on disclosures related to governance, Positive impact:
Management long-term Customized services can accurately match customers' business models and enhance user satisfaction.
strategy, risk and opportunity management, indicators, and targets. Moderately significant
As demand for climate-friendly products and services increases, the Company may face operational risks
Negative impact:
Climate such as lower product prices, rising raw material prices, and products failing to meet market demand.
Medium-term, Significant
Change By developing and innovating climate-friendly products and technologies and providing services to cus-
long-term Positive impact:
Mitigation tomers with green needs such as environmental protection and energy conservation, we can help open
Signifcant
Koal's Double Materiality Assessment Process for 2025 up new growth opportunities for the Company.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Forging the "Koal Shield" for the Digital Age - Koal's NGPKI Post-Quantum Cryptography Innovation and Sustainable Practices
NGPKI Implementation Practice: Empowering Security Transforma-
tion in Key Areas
Special Forging the "Koal Shield" for the Digital Age
Topic
Koal adheres to the integration of technology innovation and practical implementation, applies NGPKI technology across multiple fields, demon-
—Koal's NGPKI Post-Quantum Cryptography strates corporate responsibility in practice, and strives to achieve the unity of technological value, commercial value, and social value, promoting the
sustainable development concept to take root through concrete actions.
Innovation and Sustainable Practices
Empowering the financial industry Overseas benchmark implementation Empowering multi-sector scenarios
NGPKI has engaged in in-depth cooper- Koal, in collaboration with CETCI, applied NGPKI has served multiple critical
Quantum computing is posing a severe challenge to traditional cryptographic sys- ation with China Galaxy Securities and NGPKI to a digital trust project in countries sectors such as government, energy,
tems, and digital security has become a critical pillar supporting the sustainable jointly participated in a research project along the Belt and Road, achieving the first and healthcare, providing customized
development of the cryptography industry. Koal independently developed the on the application of post-quantum cryp- overseas implementation of domestically post-quantum digital trust solutions
next-generation public key infrastructure (NGPKI), deeply integrating cutting-edge tography. This project was rated as an developed post-quantum PKI and mark- for various customers. By building fu-
technologies such as post-quantum cryptography, automated management, and AI Outstanding Research Project of the Se- ing a milestone in the global expansion of ture-oriented quantum-safe protection
to build an autonomous and controllable, intelligent and efficient post-quantum dig- curities Association of China for 2023, and China's post-quantum cryptography tech- systems for customers, it has helped
ital trust solution, effectively strengthening the cybersecurity barrier in cyberspace the engineering implementation of its nology. This project applied the full chain them implement security governance
and empowering all industries to achieve secure digital transformation. research results is currently progressing of domestically developed software and requirements, reduce digital security
Schematic Diagram of the Next-Generation Public Key steadily. The Company has applied NG- hardware to local critical infrastructure, risks, and promote the upgrading of
Infrastructure (NGPKI) Architecture PKI technology to core scenarios such as providing countries along the route with the industry's digital security ecosys-
NGPKI Technology Innovation: Building a Solid Technological Founda-
financial transactions and electronic bills, replicable and scalable quantum-secure tem, achieving mutual empowerment
helping safeguard financial data security solutions, supporting them in building the between technology innovation and
tion for Digital Security and transaction trustworthiness, prevent
financial risks in the quantum era, and
foundation for digital trust, demonstrating
the international responsibility and eco-
sustainable industrial development, and
demonstrating Koal's corporate mission
Koal has deeply engaged in the field of cryptographic technology. Relying on its solid independent R&D capabilities, it has built the NGPKI core fulfill our responsibility to ensure security system co-building philosophy of Chinese to empower the security transformation
technology system and integrated the concept of sustainable development into every technology innovation. This has not only strengthened auton- in the financial sector and maintain social enterprises, and providing support for the of all industries.
omous and controllable technological advantages, but also empowered security assurance, O&M efficiency, and ecosystem collaboration through and economic stability. coordinated development of the global
technology, demonstrating its corporate governance responsibility and social value. digital security ecosystem.
Deeply cultivating innova- Innovative hybrid 2025
tion in algorithm systems migration model
NGPKI builds a self-controlled fully compatible architecture, To address the pain points faced by traditional cryptographic systems in the course 1.Performance improvements in NGPKI compared with the previous version
deeply integrating domestic post-quantum cryptography of post-quantum migration, such as extensive retrofitting difficulties and high risks of
(PQC) algorithms such as AIGIS-SIG/ENC, CTRU/CNTR, and business interruption, the Company innovatively developed a hybrid security migration RA certificate issuance perfor- and latency CA certificate issuance perfor- and latency
LMS-SM3/HSS-SM3, while also being compatible with inter- architecture and independently developed a seamless collaboration model for classical mance increased by decreased by mance increased by decreased by
national FIPS series algorithms such as ML-KEM, ML-DSA, and cryptography and post-quantum cryptography. Through a dual-public-key mecha-
SLH-DSA, strictly aligning with the compliance requirements of
the Cryptography Law of the People's Republic of China. This
nism embedded in a single certificate, parallel verification of traditional cryptographic
algorithms such as SM2 and RSA and post-quantum cryptography algorithms can be
design helps break external dependence on core technolo- achieved. This solution requires no disruptive transformation of existing systems and en-
gies, demonstrates Koal's clear commitment to independent ables a secure and smooth transition, effectively reducing customer migration costs and
innovation in cryptography technology, provides important the risk of business interruption, minimizing resource input and waste, and aligning with
technical support for the independent and controllable de- the concept of sustainable development; meanwhile, it ensures the continuous and KM key distribution perfor- and KM key distribution SM2 certificate status query per- and SM2 certificate status
velopment of national cybersecurity, and fulfills important stable operation of customer business and achieves a coordinated balance between mance increased by latency decreased by formance increased by query latency decreased by
responsibilities at the corporate governance level. cybersecurity and operational efficiency through technology innovation.
Improving ecosystem Build an intelligent
adaptation support management engine
NGPKI is fully compatible with the domestic software and To meet the management needs of the IoT era, we independently built a pol-
hardware ecosystem, supports disaster recovery deployment
across "two sites and three centers," and strictly meets the
cybersecurity graded protection and cryptography assess-
icy-driven intelligent automated management engine to achieve automated
full lifecycle management of the application, issuance, deployment, renewal,
and revocation of certificates for diverse entities such as personnel, devices,
The minimum operating power consumption of the IoT-side PKI SDK has been reduced to approximately 160 mW (STM32F103
device, 3.3 V, 30–50 mA current)
ment requirements. It can adapt to the digital innovation services, and AI Agents, and it is compatible with internationally adopted
transformation needs of critical sectors such as government, protocols such as ACME and EST. This engine helps address the pain points
finance, energy, and healthcare. By deeply integrating into of low efficiency and high O&M risks in the management of massive volumes
the domestic ecosystem and advancing the development of certificates in IoT and cloud environments, effectively reducing customers' By leveraging its independent innovation in NGPKI technology, Koal deeply integrates digital security with sustainable development, thereby
of a trusted digital space, it helps key industries strengthen O&M labor costs and security risks. By improving efficiency through technolo- strengthening the Company's core technological barriers and demonstrating governance responsibility through independent innovation, while also
the foundation of digital security and puts into practice the gy, it supports the implementation of sustainable development management earnestly fulfilling its social responsibilities in safeguarding cyberspace security, empowering industries, and promoting international collaboration.
corporate social value of safeguarding public security and for customers and the industry, and provides support for the efficient digital In the future, Koal will continue to optimize NGPKI technologies and solutions, further cultivate the digital security field, fulfill its sustainable develop-
empowering industrial development. transformation of the industry. ment mission through technology innovation, and contribute to building a trusted, secure, and efficient digital world.
Excellence in governance
efficient operations
Corporate governance
Risk and compliance management
Business ethics
Party leadership
Contributing to the UN 2030 SDGs
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Corporate governance Board of Directors
Accountable to the General Meeting of Shareholders, the Board of Directors' responsibilities include convening general
Corporate governance system meetings of shareholders, formulating business strategies, preparing budgets and financial reports, proposing profit distri-
bution plans, and structuring internal management. The Board operates through five specialized committees: The Strategy
Koal complies with the requirements of relevant laws, regulations, and normative documents such as Company Law of the Peo- Committee, the Audit Committee, the Nomination Committee, the Remuneration and Appraisal Committee, and the ESG
ple's Republic of China, Securities Law of the People's Republic of China, Code of Corporate Governance for Listed Companies, Committee. These committees handle specific Board authorized matters and provide expert advice for decision-making.
Shanghai Stock Exchange Stock Listing Rules, Guidelines No. 1 of the Shanghai Stock Exchange for Self-regulation of Listed Com-
panies - Standardized Operation, and Articles of Association. We have established a governance structure composed of the General
Meeting of Shareholders and the Board of Directors, with clearly defined powers and responsibilities, independent operation, and The Board of Directors During which With a
mutual checks and balances. We also established an independent and complete business and management structure that aligns
with its development needs and actual circumstances, continuously improving corporate governance effectiveness to provide a
solid foundation for the Company's sustained and healthy development. During the Reporting Period, in accordance with relevant
convened 8 meetings
throughout the year
and approved
rate among all Board members
laws, regulations, and regulatory requirements, Koal streamlined and optimized the corporate governance structure, legally abol-
ished the Board of Supervisors, and transferred the supervisory functions to the Audit Committee of the Board of Directors. A new
employee representative director was appointed to further optimize the composition of the Board of Directors and reinforce the
Throughout the year
solid foundation for the Company's standardized operations. The Remuneration and Appraisal
The Company has formulated a series of management systems, including Articles of Association, Rules of Procedure for the Gen- The Audit Committee The Strategy Committee convened Committee convened
eral Meeting of Shareholders, Board of Directors Rules of Procedure, Working System for Independent Directors , and continuously
revised and improved them based on development conditions, laws and regulations, and regulatory requirements. In 2025, the convened meetings meeting meetings
Company revised more than 20 corporate governance systems in total, added systems such as the Rules for the Work of the Com-
pany's General Manager and Other Senior Management Personnel and Management System for the Resignation of the Company's
Directors and Senior Management Personnel , and abolished internal systems and relevant provisions related to supervisors or the The Nomination Committee the ESG Committee convened
Board of Supervisors, such as Rules of Procedure for Board of Supervisors Meetings, further enhancing the standardization and ef-
fectiveness of governance work.
convened 2 meetings 1 meeting
Board diversity and effectiveness
General Meeting of Shareholders
Board of Directors
Board diversity
Koal is committed to building a diversified Board of Directors, placing strong emphasis on members' backgrounds, skills, and areas of
expertise to ensure the integration of diverse perspectives and experiences, thereby safeguarding the scientific and effective nature of
the Board of Directors' decision-making. Members of the Company's Board of Directors possess interdisciplinary expertise and exten-
Remuneration
Strategy Nomination sive industry experience, covering multiple fields such as information technology, risk management, financial accounting, law, and
ESG Committee Audit Committee and Appraisal
Committee Committee
Committee finance, demonstrating the Board of Directors' balance in terms of experience, background, and professional capabilities. The Chair of
the Audit Committee has a professional background in accounting, and several directors possess extensive practical experience in risk
management and control, including establishing and improving risk management systems and handling major risk events, thereby
Organization Chart effectively supporting the Company's risk identification, risk assessment, response, and mitigation.
The nomination of members of the Board of Directors is subject to a rigorous selection process. The Nomination Committee incor-
General Meeting of Shareholders porates diversity into its considerations, taking into account candidates' educational background, industry experience, professional
skills, and credentials, and explicitly identifies gender diversity as a key dimension in candidate evaluation in the Terms of Reference
of the Nomination Committee of the Board of Directors, so as to maintain a balance on the Board of Directors in terms of capabilities,
As the Company's supreme authority, the General Meeting of Shareholders is responsible for reviewing annual budgets and
gender, skills, experience, and cultural and educational background. In addition, we established a systematic training and nomination
financial reports, electing or replacing directors and supervisors, approving profit distribution plans, and making critical mechanism. The Human Resources Department and the Nomination Committee collaboratively reviewed and established a reserve
company decisions. It operates in compliance with regulations such as the Rules for the Shareholders' Meetings of Listed pool of female talent for key positions, formulated targeted development plans, and actively searched externally for suitable female
Companies and Koal's own Rules of Procedure for General Meeting of Shareholders . The meetings combine on-site and on- director candidates, enabling members of the Board of Directors to bring different perspectives and complementary experience, and
line voting to ensure the protection of shareholders' rights. enhancing the effectiveness of oversight and decision-making by the Board of Directors and senior management.
Koal actively promoted members of the Board of Directors and the Board Secretary to participate in professional development train-
ing and compliance education, so as to strengthen their professional competence and ability to perform their duties. During the
were held during the year
At which proposals were
reviewed and approved
Reporting Period, the Company actively organized members of the Board of Directors and senior management to participate in spe-
cialized training held by the Shanghai Stock Exchange, the Association for Listed Companies, and other organizations, effectively en-
hancing their compliance awareness, performance of duties, and strategic vision. The Board Secretary actively participated in profes-
sional competency training organized by external regulatory authorities, covering topics such as market capitalization management
and mergers and acquisitions as well as restructuring, thereby providing solid support for the Company's steady operations.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Directors' educational background Directors by gender Directors by age Effectiveness of the Board of Directors
The Company strictly complies with laws, regulations, and regulatory requirements such as the Company Law of the People's Republic of China
System for Independent Directors and Working System for Special Meetings of Independent Directors , clarified the roles and responsibilities of
independent directors in corporate governance, and ensured that they diligently performed their duties and responsibilities. During the Reporting
Period, the Company's Board of Directors comprised a total of nine members, of whom three were independent directors, accounting for 33.33%.
The Chair of the Audit Committee under the Board of Directors of the Company was Mr. Yu Jiming, an independent director; the Chair of the Nom-
ination Committee was Mr. Zheng Xianyi, an independent director; and the Chair of the Remuneration and Appraisal Committee was Mr. Wang Ya-
pei, an independent director. Independent directors accounted for a majority on the Audit Committee, Nomination Committee, and Remuneration
and Appraisal Committee, and served as the chairs of these committees, ensuring the professionalism and independence of decision-making.
the deep integration of independent directors into corporate governance, and gives full play to their role in professional oversight and deci-
PhD Male Aged under 40 sion-making support. In 2025, the Company revised the Working System for Independent Directors, Working System for Special Meetings of
Independent Directors, clarifying the qualifications for independent directors, nomination and election procedures, duties and authorities,
Master's degree Female Aged 40 to 49 methods of performing duties, and performance guarantees. They played an important role in providing professional judgment and independ-
ent oversight in matters such as the re-election of the Board of Directors, the elimination of the Board of Supervisors, related-party transactions,
Bachelor's degree Aged 50 to 59
and below and periodic reports, effectively safeguarding independent directors' exercise of rights and performance of duties, and effectively protecting the
Aged 60 and above overall interests of the Company and the legitimate rights and interests of minority shareholders.
At the same time, we conduct a comprehensive annual assessment of the Board of Directors' standardized operations and effectiveness, so as to pro-
mote its efficient performance of duties, strengthen its core governance role, and effectively safeguard the interests of the Company and all sharehold-
ers. In 2025, the Company disclosed the annual performance of duties by directors, including the meetings of the Board of Directors and the content of
its resolutions, directors' attendance at meetings of the Board of Directors and general meetings of shareholders, and the performance of duties by the
committees under the Board of Directors. For details, please refer toKoal Software Co., Ltd. 2025 Annual Report.
Professional Knowledge and Skills
Case Thematic Learning for Independent Directors
Name Position Gender Technology Environment
Strategic Industry Risk
Accounting Legal research and and
planning experience management In November 2025, the ninth-term independent directors of the Company participated in training on the performance
development sustainability
of duties by independent directors. The training was conducted around the core theme of "Strengthening Compliance
Kong Through the Implementation of New Regulations, and Promoting Governance Through Professional Performance of Duties
Chairman Male
Lingang - Standardized Performance of Duties and Value Enhancement for Independent Directors Under the New System. Against
the regulatory backdrop of the implementation of the new Company Law in 2025, the reform of the independent director
Director, General system, and the rollout of the new Code of Corporate Governance for Listed Companies , it focused on compliance require-
Ye Feng Male
Manager
ments, professional capabilities, and risk prevention and control in the performance of duties by independent directors,
helping them accurately grasp the boundaries of their duties, improve the quality and effectiveness of duty performance,
Zhu Director, Deputy
Male and promote the modernization of the governance system and governance capacity of listed companies.
Litong General Manager
Huang
Non-executive Key Performance
Zhen- Male
Director
dong
Number of independent Number of independent directors on the Number of independent Number of independent
Non-executive directors on the Audit Remuneration and Appraisal directors on the Nomination directors on the ESG
Wu Wei Male
Director
Committee Committee Committee Committee
Employee
Pu Qian Female
Director
Independent Remuneration and appraisal
Yu Jiming Male
Director The Company has established a remuneration management system and incentive and restraint mechanism for directors and sen-
ior management, and has specified that the Remuneration and Appraisal Committee of the Board of Directors is responsible for
Zheng Independent formulating and reviewing the remuneration policies and proposals for directors and senior management. The annual salary sys-
Male
Xianyi Director tem applies to the remuneration of the Company's directors and senior management, comprising fixed salary and year-end bonus-
es. The year-end bonuses were linked to the performance of both the Company and individuals, and were assessed based on the
Wang Independent established appraisal indicator system. If the relevant requirements were not met, corresponding deductions were made, further
Male enhancing the initiative and creativity of the Company's operators and managers and promoting the sustained growth of the Com-
Yapei Director
pany's performance.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Protection of investors' rights and interests Investor communication
Koal strictly complied with relevant laws and regulations such as the Company Law of the People's Republic of China, the Securities Koal is committed to establishing a timely communication mechanism of mutual trust with investors, continuously improving our
Law of the People's Republic of China , the Guidelines for the Management of Investor Relations of Listed Companies , as well as rel- Investor Relations Management System , and building diversified investor communication channels. Through performance brief-
evant provisions such as the Articles of Association , and established and improved mechanisms for protecting investors' rights and ings, the investor hotline, the investor email mailbox, the sseinfo.com platform, and institutional investor surveys, we strengthen
interests. The Company upholds the investor relations management philosophy of "respecting investors, serving investors, and em- interactive communication with investors, answer their questions, enable them to gain a deeper understanding of our business
powering investors," regards investor relations management as an important component of the Company's strategic development, is model, development strategy, and financial position, help them make informed investment decisions, and ensure that their re-
committed to building a long-term relationship of trust between the Company and investors, and fully safeguards all investors' right quests receive prompt responses and efficient feedback.
to know, the right to participate, and other lawful rights and interests right to know and other lawful rights and interests.
Case The Company's Board Secretary Participated in High-Quality Dialogue on Securities Daily
Respect investors Empower investors
We fully respect investors' right to know and right We create value for investors through high-qual-
to participate, carefully listen to investors' opin- ity development. Through continuous technol- In August 2025, the Company's Board Secretary,
ions and suggestions, respond promptly to inves- ogy innovation, market expansion, and man- Cai Guanhua, participated in the high-quality
tors' concerns, and protect investors' legitimate agement optimization, enhance the Company's dialogue of the "Inside Listed Companies" series
rights and interests. core competitiveness and deliver long-term hosted by Securities Daily. During the dialogue, he
returns to investors. comprehensively investors with a comprehensive
overview of the Company's business and future
development opportunities from multiple dimen-
sions, including quantum science popularization,
quantum security, quantum encryption, and
Serve investors Transparent communication quantum application scenarios.
We serve investors with sincerity, professionalism, We adhere to the principles of truthfulness, ac-
and efficiency; communicate and engage with curacy, completeness, timeliness, and fairness
investors through various channels; and help in- in information disclosure, communicate with
vestors gain a comprehensive understanding of investors in an open and transparent manner,
the Company's operating performance and devel- and build a relationship of trust between the
opment strategy. Company and investors.
Case Koal Won Two Awards from Stock Star
Information disclosure
Koal strictly follows the Administrative Measures for Information Disclosure of Listed Companies , the Guidelines No. 2 of the
In November 2025, Koal participated in the 13th
Shanghai Stock Exchange for Self-regulation of Listed Companies — Management of Information Disclosure , and other regulatory
"Capital Power" Annual Brand Event hosted by
documents. It has revised and strictly implemented the Information Disclosure System , and improved the basic principles, content
Stock Star. With its outstanding performance in
standards, review procedures, and accountability mechanisms for information disclosure. Guided by investor needs, we properly
investor relations and corporate governance, the
prepared, submitted for review, and disclosed the Company's interim announcements and periodic reports, ensuring that the
Company won the "Outstanding Investor Relations
Company's information disclosure was truthful, accurate, timely, and complete. The Company has strengthened insider informa-
Team Award"; Mr. Cai Guanhua, the Company's
tion management, revised the Management System for Persons with Knowledge of Insider Information , standardized the manage-
Board Secretary, won the "Outstanding Board
ment of persons with knowledge of insider information, and enhanced the confidentiality of insider information. In addition, the
Secretary Award" for his professional competence
Company attaches importance to the standardized management of related-party transactions and external guarantees, and has re-
in performing his duties. The two honors demon-
vised the Decision-Making System for Related-Party Transactions and the Management System for External Guarantees, improving
strate the capital market's high recognition of
the criteria for identifying related-party transactions, decision-making authority, review procedures, disclosure requirements, as Stock Star's "Outstanding Investor Board Secretary Cai Guanhua
Koal's standardized governance, efficient commu- Won the "Outstanding Board
well as the approval authority, decision-making procedures, and risk control measures for external guarantees, thereby safeguard- Relations Team Award"
nication, and overall value. Secretary Award"
ing the interests of the Company and shareholders. During the Reporting Period, the Company's information disclosure did not
contain any false records, misleading statements, material omissions, or other improper disclosures.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Risk and compliance management
Key Performance
Risk management
Disclosed
offline investor online investor
periodic reports engagement sessions engagement sessions Through the division of labor and collaboration among the Board of Directors, the Audit Committee, and the Management, Koal
has clarified the allocation of responsibilities and the decision-making mechanism for risk and compliance management:
Responded to investors Answered Replied to
The Board of Directors and the The Management is responsible Due to the special nature of its
Audit Committee supervise and for organizing the day-to-day business, the Company has estab-
evaluate the effectiveness of risk operation of internal control to lished a dedicated Confidentiality
and compliance management, ensure the compliance and effi- Office to manage confidential pro-
Protection of the rights and interests of minority shareholders
ensuring the transparency and ciency of management activities. jects, confidential qualifications,
The Company treated all shareholders equally. Small and medium shareholders could attend general meetings of shareholders in efficiency of the management and personnel with access to con-
person or vote on resolutions of the General Meeting of Shareholders through online channels. For major matters that might affect mechanism. fidential information throughout
the interests of small and medium investors, the Company separately counted and disclosed the votes of small and medium inves- the entire process, so as to ensure
tors. A question session for small and medium investors was included in the agenda of general meetings of shareholders, and we the security and supervision of
actively listened to their opinions and suggestions. The selection of the time and venue of general meetings of shareholders was confidential information.
conducive to enabling as many shareholders as possible to attend the meetings, and we made full use of modern information tech-
nology to increase the proportion of shareholders participating in general meetings of shareholders. When the profit distribution
proposal was reviewed and decided upon, the Independent Directors Committee diligently fulfilled its responsibilities and issued
clear opinions. After the relevant proposal was reviewed and approved by the Board of Directors of the Company, it was submitted
Risk identification and response
to the Company's General Meeting of Shareholders for deliberation, effectively safeguarding the legitimate rights and interests of
small and medium shareholders. Koal formulated the Risk Management System , continuously strengthening risk identification and response capabilities, standard-
izing business management processes, and achieving risk identification, risk assessment, risk response, risk monitoring, and con-
tinuous improvement for core business segments. Through the comprehensive identification and management of market, opera-
tional, financial, legal and compliance, and technological risks, the Company ensures its steady development in a complex market
environment. At the same time, the Company integrates environmental, social, and governance (ESG) risks into the comprehensive
risk management system, further identifying and managing potential risks related to quality, safety, environmental protection, and
anti-corruption, and improving its risk resilience.
Risk identification Risk assessment Risk response
Comprehensively identify inter-
Analyze the likelihood and Based on the risk assessment
nal and external risks, covering
impact of risks. results, formulate targeted risk
all aspects of the Company's
response strategies.
operations.
Continuous improvement Risk monitoring
Continuously optimize risk management pro-
Continuously track risk status to ensure risks
cesses through feedback mechanisms to form
remain under control.
closed-loop management.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Risk training
To enhance employees' compliance awareness, the Company regularly carried out special training covering analysis of historical
Business ethics
compliance risks, case discussions, compliance reviews, risk assessment and response, and internal audit supervision. Through
the training, employees improved their risk management capabilities, further reduced compliance risks, and safeguarded the Com- Governance
pany's stable development.
Koal is committed to building an ethical and transparent business environment, and strictly complies with laws, regulations, and
Internal control and compliance
industry standards such as the Company Law of the People's Republic of China, the Anti-unfair Competition Law of the People's Re-
public of China, the Anti-Monopoly Law of the People's Republic of China, and Anti-Money Laundering Law of the People's Republic
of Chin a. We have formulated policies and systems such as the Code of Business Ethics , the Anti-bribery and Anti-corruption Policy ,
Koal strictly complies with such institutional norms as Guidelines for the Application of Enterprise Internal Control, Guidelines for
and the Whistleblowing and Whistleblower Protection Management Policy , established detailed standards for anti-corruption and an-
the Evaluation of Enterprise Internal Control , and Guidelines for the Audit of Enterprise Internal Control , and formulated and con-
ti-bribery conduct across all aspects of our operations, and promoted compliance with business ethics and anti-corruption standards
tinuously improved the Internal Control System and Internal Audit System . We systematically implement standardized review and
by both the Company and our partners.
audit workflows that encompass audit preparation, risk assessment, test procedure design, review procedure implementation,
approval and rectification, as well as report supervision, thereby fully leveraging the effectiveness of internal audit supervision. In To ensure the implementation of the business ethics and anti-corruption policies and to monitor their enforcement, the Company has
risk links, and intensified audit efforts. In accordance with the annual plan, we carried out special audit work in an orderly manner, as the first line of defense, embedding business ethics and anti-corruption requirements into compliance processes and conducting
promptly rectified issues identified during audits and incorporated them into performance assessments, thereby forming a positive regular self-inspections. The Legal Department serves as the second line of defense, responsible for overseeing implementation. The
cycle of using rectification to enhance management, ensuring the compliant operation of all our businesses, as well as the effective Internal Audit Department serves as the third line of defense, responsible for developing business ethics and anti-corruption policies,
operation and continuous optimization of internal control. conducting independent audits, investigating whistleblower reports, and enforcing accountability. It also performs regular reviews
and risk assessments to ensure that the Company's operations comply with business ethics laws, regulations, and internal policies.
Tax management
Strategy and management approach
Koal strictly complies with Law of the People's Republic of China on the Administration of Tax Collection and Enterprise Income Tax Law of
the People's Republic of China , as well as other relevant tax laws and regulations. It has formulated and continuously improved its Tax Man- Koal has embedded the principles of integrity and probity into the core of its corporate culture, incorporated them into the Company's
agement System , and standardized tax operation procedures. The Company has established and improved its tax management system, im- long-term development strategy, and extended this requirement to its supply chain to ensure high-quality development.
plementing a tax management structure featuring "headquarters coordination + business unit execution," while clearly defining the respon-
sibilities of each level to coordinate and manage all tax-related matters, and effectively prevent tax-related violations and non-compliance. Development of a culture of integrity
Specifically, the Company's Finance Department, as the core management department, is responsible for coordinating the formulation of
The Company normalizes the development of a business ethics
tax policies, risk control, and compliance management across the Group. Each subsidiary appoints a tax specialist responsible for daily tax and anti-corruption culture. By formulating policy documents Conduct Specialized Training on Business Ethics
filing, invoice management, and liaising on local tax matters. During the Reporting Period, the Company did not commit any major tax viola- Case and Anti-Corruption for Directors and Senior
such as Code of Conduct for Integrity , the Company clarified
tions and was not involved in any major tax-related litigation or arbitration. the business ethics standards that employees must comply Management
with. All employees are required to sign the Employee Integrity
Commitment Letter and Employee Integrity Agreement . Em- In December 2025, to continuously strengthen corporate
During the Reporting Period ployees' compliance with the Company's values, professional
governance and enhance the compliance awareness and
ethics, and code of conduct is taken as an important basis for
ethical standards of directors and senior management,
their performance appraisal, promotion, appointment, and
removal. Business ethics and anti-corruption training and case the Company organized special business ethics and an-
The Company did not commit any major tax violations and was not involved in any warning education activities have been carried out to popularize ti-corruption training, focusing on the three dimensions of
major tax-related litigation or arbitration. business ethics and anti-corruption knowledge among directors laws and regulations, case practice, and judicial standards,
and all employees, to enhance employees' professional ethics to help the core management team gain a deeper under-
standards, and to foster a clean and upright internal atmosphere
standing of compliance boundaries and build a solid barri-
within the Company. During the Reporting Period, Koal was not
involved in any major litigation cases related to corruption, brib- er for risk prevention.
ery, or unfair competition.
The Company regularly conducted tax risk inspections, checked the tax filing status of each Key Performance
unit on a monthly basis, and used the tax filing control checklist to avoid missed filings, late
filings, and delayed tax withholding, ensuring that no tax risks occurred during the Reporting
Supplier chain integrity management
the Company paid a total of
Period. The Company regularly organized tax management training, accurately identified the The Company has formulated centralized procurement management measures and process mechanisms. Internally, we review
orientation and key priorities of policy support, promptly shared new government policies
and new industry developments, guided all departments and units to correctly understand
various taxes and fees
potential conflicts of interest in accordance with the procurement process system. Externally, we incorporate business ethics and
anti-corruption requirements into the Company's standard contracts and require suppliers to sign them, or require suppliers to
and apply relevant policies, provided guidance on carrying out related business activities, separately sign Integrity Agreement and Cooperation Partner Integrity Commitment, requiring suppliers or partners to comply with
mitigated tax risks, and continuously improved the professional competence and practical op- national laws and regulations, policies, and industry standards in their places of operation, and prohibiting them from engaging in
erational capabilities of tax personnel. During the reporting period, the Company paid a total or tolerating any form of corruption, fraud, extortion, or embezzlement. For suppliers that violate the policy, the Company will take
of RMB ( )00 million in various taxes and fees. measures including suspension of cooperation and contract termination
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Anti-unfair competition
The Company strictly complies with the Anti-unfair Competition Law of the People's Republic of China, the Anti-monopoly Law of the
Party leadership
People's Republic of China, Several Provisions on Prohibiting Acts of Infringing Trade Secrets and the anti-monopoly and fair competition
Koal, guided by Xi Jinping Thought on Socialism with Chinese Characteristics for a New Era, fully implements the guiding principles of
laws and regulations of the countries and regions where it operates. We pledge not to collect competitors' trade secrets or other confi-
the 20th CPC National Congress and the Third and Fourth Plenary Sessions of the 20th CPC Central Committee, thoroughly puts into
dential information through illegal means, nor to engage in illegal activities such as colluding with competitors to fix prices and disrupt
practice the general requirements for Party building in the new era and the Party's organizational line for the new era, closely adheres to
market order. We reject all forms of unfair competition and are committed to maintaining a fair and competitive market environment.
the overall requirements of "Studying the Ideology, Strengthening Party Spirit, Emphasizing Practice, and Achieving New Feats," focuses
During the Reporting Period, Koal did not experience any violations of laws and regulations against unfair competition.
on enhancing organizational capacity, uses the deep integration of Party building and business operations as the key lever, and solidly
advances political development, ideological development, organizational development, conduct development, and discipline develop-
Whistleblowing and whistleblower protection
ment, thereby providing strong political and organizational support for the Company's high-quality development.
Koal maintains zero tolerance for acts such as corruption and bribery that violate business ethics. We have established open, trans-
parent, and diverse reporting channels, and encourage internal employees and external partners to report non-compliant conduct.
Whistleblowing channels include the Company's official telephone number, hotline, whistleblowing mailbox, mailed correspond- Strengthen the foundation of governance
ence, or in-person visits. After receiving a report, the Company will establish a professional investigation team to conduct an inde-
pendent investigation in accordance with laws and regulations, and will cooperate with relevant departments to ensure smooth The Company's Party Committee effectively fulfills its primary responsibility for exercising full and rigorous Party self-governance, incor-
information flow. The investigation results will be reported directly to senior management. Once verified, the Company will adopt porating Party building into the overall annual work plan, and ensuring that it is planned, deployed, advanced, and assessed in tandem
corresponding accountability mechanisms. with business operations. At the same time, based on adjustments to Party members' positions and work needs, the Company promptly
by-elects members of the branch committee, optimizes the structure of the branch leadership team, clarifies the division of responsibil-
The Company undertakes to keep whistleblowers' personal information and whistleblowing materials strictly confidential. Whis-
ities among branch committee members, and has established a working pattern in which the branch secretary assumes overall respon-
tleblowing leads and materials are handled by designated personnel and managed strictly in accordance with confidentiality clas-
sibility, branch committee members collaborate based on their respective duties, and all Party members participate. In 2025, we strictly
sifications. It is expressly stipulated that whistleblowers' personal information, the handling of whistleblowing cases, and other re-
implemented the organizational life systems, including "Three Meetings and One Lecture", themed Party Day activities, organizational
lated information must not be disclosed to the reported person or to personnel unrelated to the handling of whistleblowing work.
life meetings, and democratic appraisal of Party members. Throughout the year, we convened four Party branch member meetings, 12
While keeping whistleblowers' information confidential, the Company strictly cracks down on any retaliatory acts. Once verified,
branch committee meetings, and 24 Party group meetings. Organizational life meetings and democratic appraisal of Party members
the Company will deal with them seriously. For acts that have indeed seriously endangered whistleblowers' rights and interests, we
were carried out in an orderly manner, with a 100% participation rate among Party members.
will promptly report them to the judicial authorities and pursue criminal liability in accordance with the law.
To ensure the standardization and long-term effectiveness of Party building work, the Company has established and continuously im-
Impact, risk, and opportunity management proved Party building policies and systems, formulated a joint conference system for Party building work under the leadership of the Par-
ty Committee, and regularly organized coordination meetings among various departments to promote information exchange, resource
Koal incorporates business ethics and anti-corruption risks into the Company's comprehensive risk management system. To prop- sharing, and coordinated action, thereby forming a strong working synergy. At the same time, the Company strictly implements the
erly address business ethics-related risks, the Company regularly conducts the identification and assessment of business ethics procedures for Party member development and actively promotes the building of the Party affairs cadre team. It selects cadres who are
risks (for specific procedures, please refer to the "Risk and Compliance Management" section of this report), thoroughly analyzes politically strong, professionally competent, and have good work conduct to fill Party affairs positions, and has improved the "dual culti-
factors that may trigger ethical risks, as well as various potential conflicts of interest, improper benefit transfers, and unfair com- vation" mechanism, cultivating Party members from key operational personnel and cultivating management talent and technical experts
petition, and has formulated detailed policies and procedures to ensure that all business conduct complies with ethical standards from Party members, thereby forming a multidisciplinary team structure in which "Party affairs cadres understand business operations,
and legal and regulatory requirements. To ensure the timely disclosure of potential risks, the Company continuously improves its and key operational personnel are competent in Party building." During the Reporting Period, the Party Committee of the Company culti-
monitoring system, including but not limited to internal audits, compliance inspections, and whistleblowing mechanisms. The vated three Party membership applicants, admitted one probationary Party member, and confirmed one full Party member.
Company's Internal Audit Department conducts orderly audits and inspections of the implementation of business ethics-related
systems and the risks of business ethics across various business scenarios. Audit results, major findings, and matters requiring at-
tention are regularly reported directly to the Audit Committee of the Board of Directors and the Chairman, while maintaining inde-
pendence at the organizational, business, and individual levels.
Indicators and targets
Indicators and targets 2025 achievement status
Zero occurrence of major corruption incidents Target achieved
Ensure comprehensive audit coverage of all business areas
Target achieved
every three years
Convene the 2025 Special Organizational Life Meeting and Democratic Appraisal of Party Members Meeting
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Strengthen the ideological foundation Deepen the improvement of work conduct Key Performance
The Company consistently placed political development first, continuously strength- The Company remains unwavering in its commitment to strict standards, continuously
Integrity talks with more than
ened theoretical grounding, and steadily enhanced Party members' and cadres' politi- strengthening the improvement of work conduct and the promotion of integrity within
cal judgment, political comprehension, and political execution capabilities. the Party, and fostering a political environment characterized by integrity and fairness.
Normalize and deepen theoretical study Strengthen efforts to improve
Strengthen integrity education Improve supervision mechanisms
We strictly implemented the First Agenda system, organizing Party branch members work conduct
to focus on studying Xi Jinping Thought on Socialism with Chinese Characteristics
We deepened special rectification We organized Party members and We established and improved the
for a New Era, the guiding principles of the 20th CPC National Congress and the
efforts against formalism and bu- cadres to study intra-Party regulations Party branch supervision mecha-
Third and Fourth Plenary Sessions of the 20th CPC Central Committee, as well as the
reaucracy, focusing on issues such such as Regulations of the Communist nism, with branch committee mem-
essence of General Secretary Xi Jinping's series of important speeches, instructions, as shirking responsibility, buck-pass- Party of China on Disciplinary Actions bers assigned responsibilities by
and directives, and to conduct in-depth study of important works such as Xi Jinping: ing, perfunctory performance of and Code of Integrity and Self-Disci- division of labor to conduct routine
the Governance of China (Volumes I to IV) and Excerpts on Xi Jinping Thought on duties, and low efficiency in work. pline of the Communist Party of China, supervision over Party members and
Socialism with Chinese Characteristics for a New Era. We conducted self-inspection and and carried out four integrity warning cadres in the performance of their
self-correction, established issue education activities. Through watching duties, fulfillment of responsibilities,
By combining study sessions led by the Party branch secretary, guided learning by lists, responsibility lists, and rectifi- warning education films, visiting integ- and integrity and self-discipline.
branch committee members, and self-study by Party members, theoretical learning was cation lists, and ensured rectification rity education bases, and circulating
We kept supervision channels open
was implemented within prescribed typical corruption cases, we guided
promoted to be truly understood and internalized, ensuring that Party members and by setting up suggestion boxes and
time limits. Party members and cadres to respect
cadres consistently maintained a high degree of alignment with the Party Central Com- reporting hotlines, encouraging Par-
the law, remain vigilant, and uphold
mittee with Comrade Xi Jinping at its core in terms of ideology, politics, and action. Party members and cadres were ty members and the public to partic-
the bottom line.
organized to carry out heart-to-heart ipate in supervision, and promptly
talks. The branch secretary and We strictly implemented the spirit of identifying and correcting problems
branch committee members and the Central Committee's Eight-Point in work.
Conduct thematic education in a thorough and effective manner Party members, branch committee Decision and its implementation
members among themselves, and rules, resolutely opposed the "four
In accordance with the unified deployment of the higher-level Party committee,
Party members among themselves forms of misconduct," strengthened
a leading group was established to organize and carry out thematic education, regularly conducted heart-to-heart supervision and inspection of con-
formulate an implementation plan, and advance thematic education in depth talks to promptly understand ideo- duct building during holidays and fes-
and with solid results through such steps as centralized study, discussion and logical trends and work conditions, tivals, and prevented the occurrence
exchange, and rectification and implementation. help resolve practical difficulties, and of violations of rules and discipline.
defuse conflicts and disputes.
We organized Party members and cadres to visit revolutionary education bases
for on-site study sessions on two occasions, where they reviewed the oath of ad- Promoting the integration of party building and business operations
mission to the Party, and carried forward the revolutionary legacy.
The Company actively promotes the deep integration of Party building and business operations, adheres to the principle of grasping
Special seminars were conducted around "Studying the Ideology, Strengthening
Party building through business operations and grasping business operations through Party building, and regularly organizes thematic
Party Spirit, Emphasizing Practice, and Achieving New Feats." Party members and
discussions, experience-sharing sessions, and learning reviews around the key priorities and difficulties in business work. The Company
cadres shared their insights, reflections, and proposed measures in light of their
has established a "full-chain" accountability system, defining the primary responsibility of the Party Committee, the secretary's role as
specific job responsibilities, thereby forming a consensus in thinking.
the principal responsible party, the "dual responsibilities" of leadership team members, and the responsibilities of Party branches. By
implementing supervision, inspection, and assessment throughout the entire process of Party building, including monthly Party-build-
ing work meetings, specialized inspections, and the incorporation of Party building into performance assessments, the Company strictly
Key Performance conducted work reporting, appraisal, and assessment. At the same time, we hold those responsible for inadequate implementation
strictly accountable, using "Party building to guide labor union building and Youth League building" to ensure that all aspects of Party,
government, labor union, and Youth League work are fully advanced.
study sessions
and Guided by the principles of "Party leadership, unified standards, phased replacement, and safety and controllability," the Com-
pany deeply integrated the localization transformation of computer terminals with grassroots Party-building initiatives, estab-
field study visits themed Party Day lishing a "district committee coordination - subdistrict leadership" advancement mechanism. This achieved independent and
activities were organized controllable software and hardware for office terminals in subdistricts across the entire district, adapted to application scenari-
os, empowered grassroots governance and E-Government, and simultaneously enhanced the information innovation literacy of
Party members and cadres as well as the effectiveness of grassroots governance.
Innovation leads the way
digital technology as our shield
Product technology innovation
Product quality and safety
Customer relationship management
Information security and privacy protection
Sustainable supply chain
Contributing to the UN 2030 SDGs
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Product technology innovation
Building innovation platform
The Company has established six major R&D centers in Beijing, Shanghai, Xi'an, Chengdu, Nanjing, and Zhengzhou, and has part-
nered with multiple domestic research institutes and universities to establish five joint laboratories, building a high-level, open
Governance technology innovation platform and integrated innovation system, accelerating technology innovation, promoting industrial up-
grading, and continuously contributing to the development of the industry.
The Company has established a comprehensive R&D management system. Innovation and R&D work are centrally coordinated and man-
aged by the Product and Technology Committee, which is responsible for formulating R&D strategies and allocating resources. We have R&D platform Positioning and functions
established specialized support departments such as the Product and Ecosystem Management Department and the Infrastructure Depart-
ment to strengthen coordination and linkage between the front and back ends of R&D, creating a working pattern of efficient collaboration
and joint management across all departments, and promoting the efficient implementation of product technology R&D.
• The Company has established six R&D centers, located in Beijing, Shanghai, Xi'an, Chengdu,
Six R&D
The Company has established a standardized policy system around the entire R&D innovation process, formulating the Information Man- Nanjing, and Zhengzhou, to address both the staffing needs of its production lines and the
centers
agement System to clarify the management requirements for each stage of R&D projects. Concurrently, it has established mechanisms distribution of education and research resources.
for R&D reviews and innovation incentives, standardized the commercialization of R&D outcomes and the confidentiality management of
core technologies, and comprehensively ensured that R&D activities are conducted in a standardized, orderly, and efficient manner, there- • Shanghai Jiao Tong University: The Cyberspace Security Key Laboratory was established
by laying a solid policy foundation for technology innovation. to carry out comprehensive cooperation in cybersecurity by leveraging the resources of local
Strategy and management approach
universities in Shanghai.
• Fudan University: A Joint Laboratory for Post-Quantum Cryptography was established.
Leveraging Fudan University's deep expertise in mathematics and cryptography, we will jointly
Koal adheres to the innovation-driven development strategy, coordinating three key initiatives: building an innovation R&D system,
build a "Shanghai flagship" for the integrated development of next-generation post-quantum
upgrading data security products and services, and providing full-process intellectual property protection. The Company continues
cryptography technologies across industry, academia, and research.
to focus on advancing core technologies and strengthening its security technology barriers.
• Shaanxi Normal University: The Cryptography Application Research Key Laboratory was
R&D innovation management established. In collaboration with the Xi'an R&D Center and local universities in Xi'an, we will
Koal adheres to dual-driven innovation and development strategy centered on "technology and products." With talent cultivation conduct in-depth joint research, focusing on new cryptographic algorithms, participation in
Five joint the development of national standards and specifications, and the research and design of
and recruitment as its foundation, the Company leverages AI technology to empower internal R&D operations, prioritizes the re-
laboratories
search, development, and implementation of core security technologies, and relies on collaborative partnerships with external industry-specific cryptographic application solutions.
technology innovation platforms for support. Concurrently, the Company strengthens end-to-end intellectual property protection, • Jiangsu University of Science and Technology: The Network Security Technology
continuously fortifies its core technological barriers, promotes the deep integration of technology innovation and industrial appli- Laboratory was established. Building on partnerships with the Nanjing R&D Center and
cations, and drives high-quality development in the digital security industry through independent innovation. local universities in Jiangsu, we will focus on applied innovation and engage in in-depth
collaboration in the field of network security.
Awards & Recognitions • Jinan University: The Guangzhou Network Security Joint Laboratory was established to
conduct research on distributed identity and self-sovereign identity technologies.
Recognized as a National-level Specialized, Refined, Designated as a "Shanghai Pilot Unit
• Xidian University and Liaoning University: The two institutions have already carried out
certain technical cooperation, and plan to expand their collaboration toward comprehensive
Unique, and Innovative "Little Giant" Enterprise for Patent Work"
industry-academia-research cooperation in cryptography technology.
Recognized as a "National-level Received the "Outstanding Enterprise" in the
High-Tech Enterprise" Commercial Cryptography Industry for 2024
Case Koal Collaborates with Xidian University on Industry-Academia-Research Collaborative Innovation
In 2025, Koal and Xidian University carried out collaborative industry-university-research innovation around the core technical direc-
tion of integrated empowerment through cryptography and AI. The two parties conducted multiple rounds of technical discussions
and jointly carried out related technical research, working together to provide technical support for the research on topics related
to integrated empowerment through cryptography and AI planned by the Shanghai Municipal Cryptography Administration. Both
parties simultaneously advanced the co-establishment of a joint cryptography laboratory, promoting the implementation and
application of Xidian University's "Xuanzhi Large Model" in areas such as security evaluation of cryptography applications, security
Won the "Golden Intelligence Award" in China's Won the "Golden Intelligence Award" in China's Network transformation of cryptography applications, and security assessment of commercial cryptographic products. This fully leveraged
Network Security and Information Industry - Inno- Security and Information Industry - Innovation Leading the empowering effect of artificial intelligence technology in the field of cryptography, and promoted technology innovation and
vative Solution of the Year 2025 Enterprise of the Year 2025 the commercialization of research outcomes through deep integration of industry, academia, and research.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Introduction and development of innovative talent AI-Powered technology innovation
The Company continued to increase efforts to attract high-end technology talent, improve management mechanisms that support the In 2025, Koal focused on the dual-engine drive of an "information-based foundation + AI application layer, " closely aligning with the
development of research talent, steadily advance long-term incentive plans for core talent, provide R&D personnel with various types of strategic goal of "All In AI." We prioritized deepening the integration of AI with our three core businesses of cryptography, security, and
online and offline professional skills training, and build a product technology R&D team with outstanding professional expertise, exten- products, and clearly advanced the evolution of AI applications from tool introduction to paradigm transformation, achieving the dual
sive industry experience, and strong innovation capabilities. During the Reporting Period, the Company conducted a total of five spe- goals of "AI-empowered efficiency and innovation-driven upgrading" and building AI-driven sustainable competitiveness.
cialized product technology training sessions, including courses on AI-assisted coding, frontier technologies in cryptography and data
security (lightweight cryptographic algorithms, block ciphers, and data security for low-altitude IoT), among other topics.
Strengthen information infrastructure and build an AI + business knowledge support system
Innovation and R&D achievements
In 2025, the Company completed the integration of the Company-level information platform, implemented the Information Management System ,
In 2025, the Company continued to deepen its efforts in cutting-edge digital security technologies, steadily advancing technolog-
completed the full integration of legacy system data, and imported core materials such as password security, cryptographic compliance assessment
ical breakthroughs and scenario-based implementation around core areas such as code security, post-quantum technologies,
standards, and API interface documentation, providing standardized knowledge support for the implementation of AI + cryptography and AI + security.
trusted data spaces, and privacy computing. We deeply integrated technology innovation with sustainable development, empow-
In addition, the Company launched an information platform integrating AI platform and knowledge base functions. Its core components were aligned
ered the secure development of industries through technology, and effectively fulfilled our corporate social responsibilities.
with business needs to enable efficient retrieval of core business data. It served both as an internal "intelligent resource browser" and as the "knowl-
edge foundation" for the implementation of AI + business, realizing transparent management and innovative reuse of knowledge assets.
Case Building a Secure-by-Design Code Security System Through Technology
In 2025, Koal built a DevSecOps system combining shift-left security and defense in depth, embedding security capabil- Build an AI efficiency platform and realize the deployment of intelligent applications across multiple scenarios
ities into the CI/CD pipeline to enable real-time code auditing and risk blocking. Concurrently, we established a pano-
ramic SBOM view and introduced externally sourced threat intelligence updated daily to proactively identify newly dis- The platform covered three major dimensions: office operations, business, and R&D. We built an internal AI assistant matrix,
closed vulnerabilities in open-source components, strengthening security management and control over open-source achieving a breakthrough from point-based empowerment to multi-scenario coverage.
components and the supply chain. We also released code security standards and testing tools to promote the forward
shift of security checkpoints. For key products, we implemented dual penetrating verification through static tool scan-
ning + expert manual auditing, comprehensively improving code security quality, internalizing security capabilities as Based on document vectorization technology, the Knowledge AI Assistant delivers intelligent Q&A for internal
Knowl-
core DNA of our products and solidifying the foundation of digital security. edge AI knowledge, integrates core knowledge such as cryptography and security, and is integrated into DingTalk and
Assistant the knowledge base to provide employees with convenient knowledge query services.
Case Research, Development and Implementation of PQC Technology
Pre-sales It achieves automatic matching between bidding document parameters and products such as cryptogra-
Koal regarded PQC Technology as a core strategy. In 2024, we launched a series of post-quantum products. In 2025, AI Assis- phy and data security, assists in bidding document preparation, verifies the value of AI-driven efficiency
we carried out pilot applications in the financial sector, promoting the smooth transition of business systems to a tant improvement, and accumulates practical data.
post-quantum security architecture, while also enabling our post-quantum PKI products to expand overseas and pro-
vide digital trust solutions for countries along the Belt and Road. By building full-scenario quantum security solutions
Cryptog- A cryptographic compliance assessment knowledge assistant is built based on RAG technology, which is inte-
and integrating various cryptographic and key technologies, the Company addressed potential quantum computing
raphy AI grated into the cryptographic service platform. It interprets cryptographic assessment standards and answers
threats through continuous technology innovation and supported the security upgrade of the industry. Assistant cryptography-related questions with an accuracy rate of over 90%, thereby supporting technology R&D.
Trusted Data Space Architecture and Imple- Application of Privacy-Preserving Computing
Case Case AI Securi-
mentation Technologies and Ecosystem Development Solutions such as large model security protection are implemented, achieving unified identity authentication,
ty Assis-
tant encrypted transmission, and risk identification, which have been validated in joint demonstration with Hygon.
In 2025, Koal made in-depth deployments in trusted In 2025, Koal continued to deepen its presence in the
data spaces, participated in research on the national field of privacy-preserving computing and built an infor-
data circulation and communication system and mation-sharing platform based on oblivious query for Covering five core product lines, it enables functions such as automated certificate management and AI
took the lead in drafting reports related to cross-bor- China UnionPay. By integrating secure multi-party com- Product AI data classification and grading, among which AI data classification and grading is already capable of pro-
der data, joined the National Data Standards Com- putation and oblivious query technologies, we enabled Assistant viding services. The platform has completed multiple technical validations, accumulating experience for
mittee and the Trusted Data Space Development the secure sharing of blacklist and graylist information subsequent implementation across all scenarios.
Alliance , participated in formulating the group among financial institutions with data available but
standard Capability Requirements for Trusted Data invisible, effectively improving the risk prevention and
Spaces, and actively advanced the R&D and industri- control of financial transactions as well as operational
Strengthen the AI talent pipeline to support innovation in core businesses
al deployment of trusted data space platforms. The efficiency. We also made angel investments in priva-
Company also applied for national pilot projects for cy-preserving computing enterprises to build an indus-
data infrastructure, forming a complete practical sys- trial ecosystem featuring complementary technologies In 2025, the Company conducted 15 AI-themed training sessions, introducing new modules on AI and cryptography as well as AI
tem in technological R&D, standard development, and collaborative advancement, thereby strengthening and security, covering core fields including the eight major directions of AI cryptography proposed by Academician Feng Dengguo.
and ecosystem implementation. product responsibility and social trust through technolo- The Company developed an AI Competency Assessment Form to incorporate AI application capabilities in cryptography, security,
gy implementation and ecosystem development. and other areas into the assessment process, established a four-level competency matrix, and preliminarily formed specialized tal-
ent teams for AI + cryptography and AI + security, thereby consolidating the talent foundation.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Technology ethics The cryptographic service platform supports modular, flexible
tailoring and combination, and can be adapted to diverse delivery
Koal has consistently integrated technology ethics into the entire process of innovation and implementation across its core businesses,
forms such as stand-alone machines, all-in-one machines, data
including digital security, cryptographic technology, and AI applications. We uphold our original commitment to technology for good and
centers, cloud platforms, and cryptography clouds. It comprehen-
secure, controllable development, and use ethical principles to regulate technology research and development as well as business practic-
sively empowers multiple business scenarios, including cloud envi-
es. Based on the industry characteristics, the Company regards data security and privacy protection, technological transparency and tracea-
ronments, big data, the IoT, and AI, enabling full-chain cryptograph-
bility, fairness and inclusiveness, and compliance and self-discipline as core principles. It integrates ethical considerations into every stage of
ic integration, operations, maintenance, and supervision.
product design and project R&D, and incorporates designs such as granular control and behavior traceability into products including NGPKI
and AI security solutions, so as to avoid ethical risks such as technology abuse and algorithmic bias. In addition, we promoted the integra-
tion of technology ethics into employee-wide training and institutional development, built ethical consensus with ecosystem partners, and
Single-unit, Single-package
guided the standardized application of technology. In the future, the Company will continue to fulfill its technology ethics responsibilities
through compliance and self-discipline, balance technology innovation, commercial value, and social value, and contribute corporate
Easy and flexible deployment at low cost, suitable for small
strength to building a trustworthy and orderly digital ecosystem.
enterprises and individual users;
Plug-and-play, rapid start-up, and simple maintenance, re-
Data Security products and services
ducing the burden of IT management.
Koal has deeply cultivated the core field of digital security. Grounded in independently controllable cryptographic technology, we have built a
complete product and service system covering comprehensive cryptographic services, full life cycle data security products, and one-stop secu-
rity services, providing all-dimensional and highly reliable security support for the digital transformation of thousands of industries.
All-in-One Delivery
Comprehensive cryptographic service capability system Integrated software and hardware, ready to use out of the box,
The Company has established and continues to refine a comprehensive cryptographic service capability system. With the cryp- reducing deployment time;
tographic service platform as the core, we have built a "1+3" product system consisting of three major platforms: Cryptographic Suitable for enterprise applications that require rapid launch,
supervision, operations and maintenance management, and the cryptographic laboratory. The platform is capable of uniformly have limited budgets, and involve many small-scale business
managing various types of heterogeneous cryptographic devices and integrating diversified cryptographic services, providing up- applications.
per-layer applications with rich and diversified cryptographic service support.
Data Center Delivery
Provide powerful computing and storage resources to sup-
port large-scale data processing;
Feature high availability and fault tolerance to ensure busi-
ness continuity, with easy scalability and management.
Cloud Platform Delivery
Integrate the advantages of cloud platforms to provide flexi-
ble resource management and elastic scalability;
Optimize costs and performance, and enhance business agil-
ity and security.
Cryptography Cloud Delivery
Specialize in encryption services, adopting advanced tech-
nologies and stringent access controls to ensure the securi-
ty of data transmission and storage;
Simplify cryptographic management, with cryptographic
services ready for immediate use.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Data security product system Safety service system
Koal has built a one-stop, comprehensive data security service system. Based on in-depth consulting, we assisted customers in comprehensively reviewing data assets,
Koal deeply integrates cutting-edge technologies with customers' actual needs to tailor data security solutions that fit their re-
identifying security risks, and provided security integration and product implementation services to ensure the efficient execution of solutions. In addition, the Company
quirements. The Company has assembled a cross-disciplinary R&D team composed of data security experts, software engineers,
provides operational services such as security system operations, routine security operation and maintenance, and emergency response. Through continuous assessment
and AI algorithm professionals, and continuously carried out technology innovation and key technology research, building a mul-
and optimization, we are constantly enhancing our data security protection capabilities to provide security support for enterprises undergoing digital transformation.
ti-level, integrated data security product system covering the entire data lifecycle to provide customers with robust data security
protection.
Data Security Data Security Implementa- Data Security
Consulting Services tion Services Operation Services
Service Content Service Content Service Content
Asset Review Service Security Construction Security System Operation
Data Lifecycle Risk Assessment Service Integration Service Daily Security Maintenance
Security System Construction
Emergency Response Service
Service Value Service Value Service Value
Clarify Current Data Security Status Customized Solutions Strong Data Security Assurance
Identify Risks and Issues Address Protection Capability Gaps Continuous Evolution and Optimi-
Trustworthy Data Circulation
Meet Regulatory Compliance
zation Around Business Needs
Reliable Data Content
Collection Transmission Storage Usage Exchange Destruction Requirements
Product Implementation/ Ongoing Evaluation/
Data Collection Data Transmis- Data Storage Data Process- Data Exchange Data Destruc- Inventory Assets/Assess Risks
System Construction Continuous Optimization
Security sion Security Security ing Security Security tion Security
Case China Mobile's Project to Develop Regulatory Standard Formulation for Commercial Cryptography
Integrated Data Security Platform
Koal took the lead in drafting China Mobile Group's Requirements Specification for the Operational Security Assurance System of Commercial
Security Situation Security Threat De- Security Capability Cryptography . Leveraging the Company's technical expertise and industry practice in the field of commercial cryptography, we supported Chi-
Awareness System tection System Assessment System na Mobile in building a full-process security assurance system covering the application of cryptographic algorithms, full lifecycle key manage-
ment, and security and compliance assessment. This standard aligns with the security requirements of scenarios such as 5G private networks
and cloud-network convergence, and can be applied to the construction of China Mobile's nationwide information security systems, effectively
Supervised Cross-border Data
Traceable Data Compliance
enhancing our brand influence and core competitiveness in the telecommunications operator sector.
Identity Management,
Cryptographic Basic Cryptographic Identity Infra-
Authentication, and
Infrastructure Service Capabilities structure Ministry-level Unified Identity Authentication Smart Customs Cryptographic Service Project
Authorization Case Case
Project (Phase I) of the General Administration of Customs
The Company deeply participated in the construction of the Unified Koal relied on the cryptographic service platform to provide data
Identity Authentication Project (Phase I) of the Ministry of Civil Affairs. encryption and decryption support for the Smart Customs supervi-
Cryptographic Service Platform Public Key Infrastructure (PKI)
As an important component of the Golden Civil Affairs Project, this sion platform of the General Administration of Customs, successfully
HSM Key Management project adopts a "four horizontal and four vertical" architecture to sup- completed the assessment topic on encryption capabilities, and
Identity and Access Management
System (KMS) port the secure operation of multiple business systems, including so- verified the platform's outstanding capabilities in key management,
(IAM) System
Digital Signature and TSA Server cial assistance, elderly care services, and child welfare, and realizes the high-performance encryption and decryption, and other aspects.
Verification interconnection, sharing, and utilization of civil affairs data nationwide. At the same time, the Company provided an identity authentication
In the future, the project will cover five levels of administrative units and secure login solution based on Chinese commercial cryp-
and more than 300 types of public service scenarios, continuously tographic algorithms for Customs mobile office scenarios, providing
enhancing the Company's demonstration effect in the fields of digital reliable cryptographic support for the digitalized and intelligent
government and public welfare security. supervision of Customs.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Intellectual property protection Risk scenario Risk identification Mitigation measures
Koal continuously strengthened full-process intellectual property management, improved the protection and compliance system, and
built a dedicated protection barrier for R&D innovation achievements. The Company adheres to an intellectual property management
policy of "innovation-driven, implementation-focused, standardized management, risk prevention, and legal compliance." It strictly Use of unaudited third-party AI tools results Issue a List of Recommended AI Tools; the guidelines
complies with laws and regulations such as Patent Law of the People's Republic of China, Trademark Law of the People's Republic of Use of inter- in code/data being retained for training; required that the sensitive information be replaced with
China, and Copyright Law of People's Republic of China. The Company has established a policy system covering the entire life cycle of nal AI tools Core algorithms and sensitive data are mis- placeholders;
intellectual property, and formulated systems such as Intellectual Property Management Manual, Compliance Management System , and takenly entered into public network AI AI-generated code is incorporated into Code Review
Patent Work Management System to clarify management standards for core aspects including intellectual property rights confirmation,
application, and protection, improve the mechanisms for identifying and controlling infringement risks, and effectively prevent the loss
of intangible assets. While strictly protecting our own intellectual property, we also adhere to the bottom line of compliance to ensure Integrate SCA tools into the CI/CD pipeline to block high-
that we do not infringe upon third parties' intellectual property rights, such as trademarks, patents, and copyrights. The introduction of copyleft licenses forces
Use of ex- risk components;
core code to be open-sourced;
We have established an enterprise-wide, coordinated intellectual property management framework with clearly defined respon- ternal open- Issue the Catalog of Recommended Open Source Software ;
source tools Open-source components contain malicious
sibilities. The General Manager serves as the primary responsible person, while the Strategic Planning and Marketing Department Components outside the whitelist require dual manual
backdoors or high-risk vulnerabilities (CVE)
approval
acts as the centralized management unit, coordinating the full lifecycle of intellectual property management. Functional depart-
ments such as Human Resources Department, Finance Department, and Product R&D Department implement IP management
according to their respective responsibilities, forming a collaborative and efficient management structure.
The development network segment is isolated from the
General col- Core code is accidentally pushed to a
During the Reporting Period, the Company conducted a total of three special intellectual property training sessions, covering core topics external network. Exclusive keys are dynamically gener-
laboration and personal repository;
such as the intellectual property management system, regulatory standards, and patent mining, clarifying the boundaries of responsibilities ated, and writing them into the code repository is strictly
data leakage Hard-coded credentials in code lead to prohibited;
of each department, and effectively enhancing employees' awareness of intellectual property protection and professional capabilities. prevention
leakage
Establish a CI/CD inspection mechanism
Key Performance
Delivered product dependency compo-
A total of with a total training duration of Monitor vulnerabilities in SBOM components and trigger
Operation of nents expose newly disclosed high-severity
emergency response;
current network
version
vulnerabilities;
Compatibility/security risks encountered on
Advance the replacement plan for high-risk or discontin-
ued components
intellectual property training the customer site
In 2025
new patents software copy- trademarks
were granted rights were added were registered Indicators and targets 2025 achievement status
A cumulative total of R&D product release rate ≥ 98% Actual release rate: 100%
patents were granted software copyrights trademarks were Intellectual Property Compliance son-day 151.33 lines of code/person-day
were obtained registered Management System Certification
Two new intellectual property applications filed in 2025 19 applications filed
Impact, risk, and opportunity management Target
The Company has built a five-stage risk management process covering the entire lifecycle--"identification, assessment, response, At least one intellectual property right is implemented each year
implemented
monitoring, and improvement" and strictly follows risk management systems such as ISO/IEC 27005. Based on core R&D innovation
scenarios, and focusing on four core risk scenarios, namely the use of internal AI tools, the introduction of external open-source re-
sources, general collaboration and data leakage prevention, and the operation of live network versions, we have established a risk At least three IP training sessions conducted annually for employees 3 sessions conducted in practice
management process and mechanism of "identification-assessment-treatment-monitoring-improvement." By leveraging targeted
measures such as tool management, checklist guidelines, and security access controls, we will advance technology innovation safely Conduct at least one follow-up investigation per year into intellectu- 12 intellectual property tracking
while ensuring full compliance with laws and regulations, thereby achieving a virtuous cycle of development characterized by man- al property infringement involving the Company's main products investigations were conducted
ageable risks, seized opportunities, and orderly innovation.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Strategy and management approach
Product quality management
Key Performance Koal, based on ISO 9001 Quality Management System and CMMI 5 Capability Maturity Model Integration Certification, has formulated
institutional documents such as R&D Project Quality Assessment Measures (Draft) and Quality Management Manual. In 2025, in line
Annual R&D investment representing a year-on-year with our operational development and business process needs, we revised and improved the Quality Management Manual , optimized
amounted to RMB accounting for increase of procedures and the document structure, further enhanced the efficiency of system operation, supplemented weak links in manage-
ment, and refined key control requirements to ensure that all quality activities were carried out in a standardized and orderly manner.
The Company conducted internal audits and management reviews of the quality management system according to the annual
plan, continuously improving the effectiveness and efficiency of management system operations, and deeply integrating quality
control requirements into the entire business process. During the Reporting Period, Koal experienced one quality liability incident
Number of R&D personnel Participated in the formulation of and
related to products and services. In response to the user rights infringement incident involving NSAGClientSDK version 1.0.0 noti-
industry standards in 2025
fied by the Ministry of Industry and Information Technology, the Company swiftly completed emergency response actions such as
removing the problematic SDK related to the HarmonyOS platform, communicating and coordinating with the competent author-
ities, and submitting a rectification application to the China Academy of Information and Communications Technology. Internally,
Cumulatively participated in the the Company revised its R&D self-inspection red line checklist and the quality evaluation measures for R&D projects, and designat-
accounting for formulation of and ed the primary responsible person for reviews. Externally, the Company engaged with third-party compliance certification bodies,
plans to join the SDK Security Ecosystem Alliance, and is working with the Legal Department to improve product compliance legal
statements, thereby comprehensively implementing rectification and long-term compliance improvements.
Cumulatively participated in
the construction of more than Cumulatively won Qualifications and Certifications
third-party digital certification centers
Progress Awards
Obtained the ISO 9001 Quality Obtained the ISO 20000 Information Technol-
Management System Certification ogy Service Management System Certification
Product quality and safety
Obtained the CCRC Information Obtained the CMMI 5 Capability Maturity
Governance
Security Service Level 2 Certification Model Integration Certification
Koal has established a sound product quality and safety governance system, covering a full-dimensional governance framework of
policy development, process standardization, and organizational support, effectively strengthening the defense line for product qual-
ity and safety. The Company established a Safety Leadership Group responsible for coordinating the formulation of the Company's Level 1 Assessment of Information Level 1 Assessment of Information Technology
safety strategic plans and annual safety work objectives, and for reviewing and approving major safety investments, safety systems, Technology Innovation and Digital Innovation and Digital Intelligence Service
and emergency response plans, thereby ensuring the security and compliance of delivered products. Intelligence Service Capabilities - Data Capabilities - Information Technology Innova-
Service Capability tion Project Implementation Capability
In 2025, the Company focused on deeply aligning the quality management system with the current state of operations and business
processes, revised core systems such as the Quality Management Manual , optimized the content structure, reduced the subsequent
maintenance costs of the manual, improved the operational efficiency of the system, refined the closed-loop institutional system, and
ensured that all quality and safety management activities were governed by rules and based on established regulations.
Certified under the ISO 10015
Training Management System
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Full Lifecycle quality management
Koal focuses on customer needs, key areas, and Quality Management System for the Entire Product Lifecycle
core processes. Relying on the ERP system, the
Company has established a quality manage-
ment system covering the entire product lifecy- Requirements Design Production Coding
cle, including requirements, design, production,
coding, testing, delivery, and maintenance, to Product requirements shall be reasonable, Design shall ensure efficiency and During the production process, products must be The code must comply with specifications,
achieve standardized control throughout the stable, and accurate, prepared in accord- maintainability, and high-level de- manufactured in accordance with guiding docu- emphasize secure design, and pass unit test-
full project lifecycle and continuously provide ance with the CMMI model and templates, sign shall be prepared in accordance ments such as Product Assembly and Production ing with test cases and results documented;
customers with high-quality products and and run throughout the product lifecycle; with CMMI templates; Manual, Product Inspection Specifications, Prod-
Unit testing must cover key elements such as
services. The Company has strengthened the For projects related to system testing, test- For Class A/B projects, a separate uct Factory Release Inspection Checklist, Product
the test object, inputs, and results.
management of reviews at all project stages, fully ing personnel shall participate in require- high-level design shall be prepared Protection Operation Instructions , so as to ensure
recording review comments, clearly defining ments reviews to ensure the testability of and reviewed through a "formal in- the delivery of conforming products.
responsibilities, corrective actions, and deadlines requirements. spection."
for identified issues, and implementing full-pro-
cess tracking and closed-loop management. The
Company strictly enforces standardized project Maintenance Delivery Test 测试
change management procedures, ensuring full
control over application, approval, implemen- Management and control are carried out After the product arrives at the user For integration testing, tests are performed after functional acceptance. For Class A/B projects, separate test cases
tation, and verification processes. It routinely in accordance with Monitoring and Meas- site, product shelving, installation, and defect lists must be created; configuration administrators review delivery compliance.
conducts deviation analyses regarding progress, uring Equipment Control Procedures and adaptation, commissioning, and
For system testing, test cases must cover requirements, and test reports must be reviewed; QA checks the com-
quality, and cost, promptly tracing the root caus- Equipment Maintenance Regulations , with other work are required to be carried
pleteness of testing documentation.
es to correct deviations and prevent the spread regular product maintenance conducted. out in accordance with guidance
of risks, thereby comprehensively ensuring that documents such as Product Delivery Integration testing execution requirements are emphasized to verify functionality of modules, interfaces, and data
projects proceed with high quality and according Process and Implementation Plan, transmission accuracy, ensuring compliance with system design specifications and enabling more efficient issue
to schedule throughout their entire lifecycle. and user satisfaction is collected. detection and localization.
Dimension Measures
Product testing and recall
The Company has established policy documents such as Testing Operation Manual and Quality and Safety Requirements for Com-
pany Products and Software Deliverables, which clearly stipulate all aspects of our software testing, including test classification, We implemented the DevSecOps agile security process, breaking down barriers between
test objectives, test design, test procedures, test acceptance criteria, and main evaluation methods. These documents require Process development and security, atomizing security capabilities and embedding them into the
testing be conducted on different types of objects according to the various stages of the software lifecycle. Before a product is re- optimization CI/CD pipeline, achieving "code as inspection, commit as audit," and enabling real-time
leased, it must meet the "Level 1" requirements of internal security testing before it can be delivered. interception of security risks without compromising R&D efficiency.
In 2025, Koal focused on enhancing the efficiency of quality inspection and full-process control, advancing two key initiatives,
namely testing personnel involvement at an earlier stage and automated testing, and driving a shift in quality inspection from
We built a dynamic sensing and holistic monitoring system, established a panoramic SBOM
ex post remediation to ex ante prevention and process control. Testing personnel are embedded into the R&D production line to
view, introduced externally sourced threat intelligence updated daily, proactively identified
participate early in all development stages and conduct synchronized testing, empowering R&D from a customer perspective and Monitoring newly disclosed vulnerabilities in open-source components, cut off supply chain risk trans-
identifying product optimization opportunities; automated testing is developed in parallel to improve testing efficiency and accu- system
mission paths, and ensured that the introduction of third-party components was secure
racy. The successful advancement of testing personnel involvement at an earlier stage and automated testing effectively reduced
and controllable.
product costs, improved testing efficiency and product qualification rates, shortened the R&D cycle, and laid a solid foundation for
the high-quality development of products.
Meanwhile, the Company formulated Control Procedure for Nonconforming Products to guide the identification and control of We established standardized security baselines and self-inspection mechanisms, issued
nonconforming products generated at each stage. For nonconforming products discovered after delivery to customers or after use Employee enterprise-level secure coding standards and inspection baselines, and provided self-test
has commenced, we verify the specific circumstances and determine whether to notify customers for a recall, so as to prevent the empower- toolkits to shift security gates left to developers' desktops, empowering all employees to
unintended use or delivery of nonconforming products. During the Reporting Period, the Company did not experience any product ment help developers strengthen the first line of defense for code security, reduce rework costs,
recall incidents. and improve intrinsic code quality.
Code security enhancement
We strengthened security verification of core assets, and implemented dual penetrating
In 2025, Koal focused on enhancing product code security by comprehensively implementing a new DevSecOps system that placed Core inspections for key products through static tool scanning + expert manual auditing, con-
equal emphasis on "shifting security left and defense in depth." Through multidimensional control measures, we achieved full-pro- protection ducting in-depth investigation of underlying architecture and algorithm logic to identify
cess control of code security, strengthened the intrinsic security of product code, fulfilled our product security responsibilities, and deep-seated hidden risks and ensure the absolute security of business assets.
practiced the concept of sustainable development in the field of digital security through technology innovation.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Develop a quality culture
• Establish and improve the review procedures and audit oversight mechanisms for quality-related
The Company attaches great importance to fostering and building a quality culture. It integrates quality concepts into every aspect of marketing materials, and specify that all marketing materials involving product quality may only be
corporate operations, continuously improves the quality training system, and works to enhance quality awareness among all employees, Quality-relat-
released after approval by authorized company management personnel;
thereby empowering improvements in management effectiveness and product quality optimization through quality control. During the ed marketing
Reporting Period, the Company incorporated quality training into the core modules of new employee onboarding training, systematically compliance • Regularly conduct special audits on responsible marketing, covering the entire process of quality-
explaining content such as quality control standards, position-specific quality requirements, and quality compliance standards to new risks related promotion as well as relevant departments and partner service providers, and seriously pursue
employees, thereby achieving comprehensive cultivation and foundational integration of quality concepts among new employees. accountability for non-compliant promotional conduct in accordance with laws and regulations.
Supply chain quality management and control
Koal attaches great importance to supply chain quality control. We require suppliers to obtain ISO9001 Quality Management System • Increase investment in technology R&D to address shortcomings in core technologies;
certification, establish a sound quality management system, and, by signing the Supplier Product Quality Assurance Agreement with
Internal quality
suppliers, clarify the specific requirements of both parties in terms of quality responsibilities, issue handling, and implementation of recti- • Improve the quality management system to eliminate control blind spots;
control risk
fication, so as to ensure consistency in quality throughout the entire chain from source to end terminal. The Company regularly conducts
supplier quality-related training and exchanges to promote suppliers' accurate understanding of product quality requirements and con-
• Promote information-based and standardized operations to enhance the precision of quality control.
tinuously improve the overall quality level of the supply chain.
Case Advancing the ESG Collaboration Project for the Network Equipment Supply Chain
• Dynamically track updates to quality-related system standards and regulations, and promptly
External quali- optimize quality management processes;
ty compliance
In 2025, Koal worked with a certain cloud service provider to advance a network equipment supply chain collaboration pro- • Strengthen quality compliance training for all employees to ensure that the quality management
risk
ject. Focusing on the three dimensions of environmental, quality and safety, and compliance governance, we carried out system remains continuously aligned with compliance requirements.
targeted special self-inspections covering key stages such as the development of environmental protection systems, material
safety certification, and cybersecurity management, thereby establishing a closed loop for product quality improvement fea-
turing "systematic self-inspection + precise rectification." • Deepen the cultivation of a quality culture, and optimize quality control processes based on a high-quality
We enhanced environmental management of secondary suppliers by refining environmental access standards, improving cer- Internal quality management system;
tification verification processes, and implementing stricter incoming material inspections, thereby steadily increasing the pro-
portion of green production among suppliers. Focusing on quality and safety, we improved network equipment security base-
strengths and • Leverage our innovative corporate culture to encourage quality improvement and technology innovation;
opportunities
line inspection processes and established a full lifecycle quality traceability mechanism, significantly increasing the incoming • Capitalize on our R&D strengths in low pollution and low energy consumption to enhance the level of green
material qualification rate while substantially enhancing product security redundancy and supply chain risk resilience. After
quality control.
full-process self-inspection and rectification, the Company's supply chain ESG management processes became more stand-
ardized, and our capabilities in sustainable supply chain risk forecasting, full-life-cycle compliance control of materials, and
the implementation of green cooperation standards all improved markedly, providing strong support for the achievement of
the annual ESG development goals. • With quality as our core competitiveness, accelerate domestic market expansion and the development of
External
new customers;
market
Hazardous substance management opportunities • Integrate the advantages of quality management into marketing and promotion, and enhance customer
trust through a compliant and reliable quality image.
Koal strictly complies with the requirements of laws and regulations, industry standards, and international conventions related to haz-
ardous chemical substances, such as RoHS and REACH. In conjunction with customer specification requirements, the Company has
formulated a series of management systems, including Hazardous Substance Management Manual and Compendium of Hazardous
Substance Management Procedure Documents , to clarify the control requirements for chemical substances during the production and
• Leverage the opportunities arising from breakthroughs in service areas, and concurrently formulate
Quality
use processes, and continuously improved and dynamically updated the chemical substance inventory. The Company strictly identi- quality control standards and processes for the corresponding areas;
enhancement
fied, prevented, and exercised whole-process control over hazardous substances in accordance with the requirements of its systems,
opportunities • Strengthen quality training and supervision in new areas, and seize market opportunities with high-
and conducted hazardous substance compliance investigations and third-party testing based on relevant standards to ensure that all
products we produced and delivered complied with laws, regulations, and customer specification requirements. standard quality services.
Impact, risk, and opportunity management
To ensure the compliant and effective operation of the quality management system, Koal has established a full-process management Indicators and targets
mechanism of "risk identification - opportunity discovery - precise response," systematically identifying internal and external risks and
opportunities in the quality field, and formulating scientific and feasible response measures for the identified risks and opportunities,
thereby providing solid support for the steady improvement of the quality of our products and services and our compliant development. Indicators and targets 2025 achievement status
• Strengthen quality control throughout the entire process, and advance "testing personnel involvement at Average defect density of submitted product test versions
an earlier stage" and automated testing; Actual average defect density: 11.33/KLOC
Direct < 20/KLOC
quality risks • Improve the quality training system, and enhance quality responsibility awareness among all employees;
• Establish a quality risk early warning mechanism, and promptly address potential quality issues.
Test software reconfirmation rate ≥ 90% Actual reconfirmation rate: 100% Target
achieved
• Strictly implement the quality standards integrating ISO9001 and CMMI Level 5; Product production process error detection rate < 10% Actual error detection rate: 2.67%
Indirect • Establish a customer user feedback mechanism to optimize product safety performance in a
quality risk targeted manner;
Audit completion rate for completed project tasks ≥ 98% Actual audit completion rate: 100%
• Strengthen education on quality compliance and safety responsibilities in employee training.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Customer relationship management Dimension Specific measures and service effectiveness
Governance In response to government user needs, we leveraged AI technology to build a real-time online system
operation and maintenance monitoring platform, enabling timely alerts for anomalies. With the sup-
Technology
Koal has established a hierarchical management model featuring high-level coordination, dedicated responsibility, and collabora- port of large AI models, we conduct root cause analysis, attempt self-repair, or provide solution refer-
empowerment
tive linkage, clarified customer relationship management responsibilities at each level, and formed dedicated service and techni- ences, effectively improving response timeliness, analysis completeness, and accuracy while reducing
cal support teams to ensure the efficient implementation of customer service and precise response. The Company has established operational manpower input.
a comprehensive customer management system covering the entire customer service process. It has developed policies and
We established a comprehensive network protection assurance system, forming dedicated support
procedures such as the Customer Relationship Management System, Customer Complaint Management System, Koal Customer System
teams for major projects to provide full-process tracking services, effectively ensuring service stability
Service Hotline Handling Process, Customer Service Hotline Handling Guidelines , and Guosen 400 Hotline Technical Support Plan . development
and security while enhancing professionalism and precision in major project support.
These initiatives clarify customer service standards, standardize service processes, establish mechanisms for service oversight and
continuous improvement, regulate various service practices, manage risks associated with customer service, and drive continuous
Process We deeply optimized internal service processes, and significantly improved cross-departmental col-
improvements in customer service quality and response efficiency.
upgrade laboration efficiency, effectively shortening response times and enhancing overall service efficiency.
Strategy and management approach Demand We established a multi-dimensional user feedback mechanism to promptly collect and understand user
responsiveness needs, make targeted improvements to service details, and comprehensively enhance customer satisfaction.
Customer service
Customer service management
The Company has formulated a customer service management system, clarifying the full-process standards for pre-sales, in-sales,
and after-sales services, and implementing systematic management throughout the entire customer service process. This covers Listening to customer needs
key aspects such as after-sales service requests and handling, hardware warranty services, software defect handling, product in-
spection services, customer complaint handling, and system upgrades. We remain committed to customer satisfaction as our goal Koal attaches great importance to customer concerns and feedback. It has established Key Performance
and provide customers with high-quality, efficient, and flexible professional services. normalized customer communication mechanisms and communication processes, re-
sponded promptly, handled various customer issues efficiently, strengthened the investi- Number of product and
gation, handling, tracking, and supervision of customer complaint incidents, conducted service complaints
• Conduct market research and customer development, and identify target customers through
industry analysis, competitor research, and customer profiling;
review and analysis of various opinions and issues raised by customers, advanced targeted
improvements and optimization, ensured that customers' reasonable needs are respond- 0
Pre-sales • Conduct needs analysis and in-depth communication to accurately grasp key information such as ed to and met in a timely manner, and continuously improved customer satisfaction.
customers' pain points, budgets, and timelines;
• Develop personalized solutions based on customer needs.
Receive customer complaints through mul- Customer service personnel or rele- Based on complaint categories, severity
tiple channels such as the customer service vant department heads conduct a pre- levels, and involved areas, complaints
• Standardize project implementation management, complete product manufacturing or service hotline, email, and customer service desk; liminary assessment of the complaint, are accurately assigned to relevant
preparation in accordance with standard procedures, track implementation progress, supervise quality, and clarify the nature and urgency of the departments or specialized teams,
Upon receipt of a complaint, customer service
In-sales communicate with customers in a timely manner; complaint, and determine whether it with clear responsibilities and handling
personnel meticulously document all details,
• Standardize logistics and delivery management, coordinate transportation arrangements, provide on-site including the complainant's basic informa- needs to be handled immediately or timelines defined.
support such as installation and commissioning and operation training, and enhance customer experience. tion, specific issues raised, time of complaint, transferred to the corresponding de-
and the expected resolution sought. partment for processing.
Complaint Preliminary
• Conduct customer follow-up visits and collect feedback. Regularly follow up by phone, email, Assignment
reception analysis
and on-site visits to understand product usage and service experience, and identify improvement
directions based on satisfaction surveys and complaint records;
• Strengthen technical support and issue resolution. Provide free maintenance and warranty Summary and Follow-up Investigation
After-sales
services during the contract period and remote technical guidance, and establish a rapid response improvement and feedback and resolution
mechanism (e.g. 24/7) to ensure efficient response;
• Deepen customer relationship maintenance and continuously improve customer satisfaction Review and summarize the entire complaint After solution implementation, The responsible person conducts a detailed inves-
through regular visits. handling process, conduct an in-depth anal- follow-up visits are conducted tigation into the complaint issues, comprehensive-
ysis of the root causes of complaints and the with customers to assess satis- ly understands the specific circumstances of the
problems and deficiencies in the handling faction with the resolution and issues, collects relevant evidence and information,
process, and prepare a review report; confirm that issues have been and formulates a reasonable solution;
Optimizing customer service Optimize service processes and improve fully resolved. The responsible person proactively communicates
The Company continuously advances key improvement projects and continuously optimizes the customer service system. During management systems based on the review the solution with the customer, fully solicits the
the Reporting Period, the Company improved service efficiency and service quality across multiple dimensions, including tech- results, reduce the occurrence of similar customer's opinions, and ensures that the solution
nology empowerment, system development, process upgrades, and demand response, helping us establish a high-quality service complaints at the source, and continuously aligns with the customer's demands and obtains
brand image in the industry. improve service quality. the customer's recognition.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Customer satisfaction
The Company conducts customer satisfaction surveys every year. Key Performance Improve approval mechanisms and strengthen compliance safeguards
After technical support personnel complete on-site customer
service, they promptly collect the customer-completed satisfac- Customer satisfaction Customer satisfaction with the qual- We established a closed-loop compliance approval mechanism for major contracts to strengthen compliance control
tion survey forms. The survey covers satisfaction with the service rate for customer service ity of the Company's products
over key marketing stages. After business departments initiate major contract approvals, the Compliance Department
provided and satisfaction with product quality. After collecting conducts specialized reviews. If approved, the process proceeds to subsequent approval stages and final execution; if
customer satisfaction information, the Company systematically % % not approved, revisions are required before resubmission. This full-process compliance mechanism ensures effective
summarizes and conducts in-depth analysis of the survey results, implementation of responsible marketing.
formulates and implements targeted improvement measures,
continuously optimizes product performance and service stand-
ards, and continuously enhances customer satisfaction.
Strictly control content authenticity and ensure product compliance.
Case Koal's Government Cloud Security Operation and Maintenance Services Received High Praise
We strictly control compliance in marketing content and product promotion. All products and materials provided to
customers are accompanied by certifications from authoritative institutions. All disclosed customer cases include
traceable customer names and contact information and are rigorously verified for authenticity. When our products
form part of a complete information system with other customer products, they must be certified by authoritative bod-
In January 2026, Shanghai Koal Software Security Technology Co.,
ies before activation, ensuring full compliance in product application.
Ltd., a subsidiary of the Company, received a letter of appreciation
from a major data center in Shanghai. The letter highly commended
the Company's operation, maintenance, and security support servic-
es provided to its Government Affairs Cloud platform in 2025, recog-
nizing the team's strong technical capabilities in ensuring secure, sta- Strengthen personnel management and standardize communication
ble, and efficient platform operation. In the future, the Company will
continue to deepen its presence in the digital security field, refine its We regularly conduct specialized responsible marketing training for marketing personnel and partner service providers,
technical capabilities, and optimize service quality. We look forward clarifying behavioral guidelines and operational standards. All external communications must strictly follow approved
to strengthening cooperation with customers and working together messaging, avoiding false, exaggerated, outdated, ambiguous, or undisclosed information. Meanwhile, we publish
to continuously inject security momentum into digital government monthly product updates, regularly sharing product iterations and certification updates, and compile the Koal Stand-
development. ard Product Catalog to provide accurate and comprehensive product information for all departments and marketing
personnel, ensuring timeliness and accuracy of communication.
Letter of Appreciation from a Customer
Responsible marketing Improve supervision and assessment to ensure accountability
Koal strictly complies with relevant laws and regulations and industry standards in the regions where it operates, comprehensively
We have established a comprehensive supervision and assessment mechanism for responsible marketing, incorporat-
promoting standardized management of responsible marketing. The principles of responsibility are embedded throughout the en-
ing implementation performance into departmental KPIs and employee evaluations. Reporting channels are set up for
tire marketing process to safeguard customer rights and brand credibility, ensuring compliant, orderly, and sustainable marketing
internal and external supervision, continuously enhancing social responsibility and sustainability of marketing activities.
practices. During the Reporting Period, the Company did not experience any major violations related to marketing.
Standardize marketing principles and incorporate them into institutional systems
Key Performance
We fully integrate responsible marketing requirements into all operational processes, clearly defining compliance
boundaries and ethical standards across scenarios such as advertising, customer communication, and brand collabo- Total responsible marketing training duration total number of participants in responsible marketing training
ration. False advertising, excessive marketing, and inappropriate targeting of vulnerable groups are strictly prohibited.
These requirements are incorporated into our core ESG management system to promote standardized and normalized hours
responsible marketing practices. In addition, we formulated the Koal Product Pricing Management Measures (Trial),
clarifying processes for pricing, execution, evaluation, and adjustment. Quotations below standard pricing are subject
to progressively higher approval levels, standardizing marketing personnel's pricing behavior.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Impact, risk, and opportunity management Confidentiality Work Leading Group
We attach great importance to risk management related to customer relationship management. We have established a full-process The Leader of the Leading Group is the General Manager, who assumes overall leadership responsibility for the
Company's information security and confidentiality work;
risk management mechanism covering "risk identification, assessment, and control". Potential risks related to customer qualifica- Management
tions, compliance, and demand matching are regularly identified and assessed. Through tiered assessments, we determine risk levels body The Deputy Leader is the Chief Confidentiality Officer, who assumes direct leadership responsibility for confidenti-
ality work within the Company;
and have formulated relevant policies, including the Regulations on Reporting Major Customer Service Incidents and Emergency
Members include Deputy General Managers, heads of various departments, and the Director of the Confidentiality Of-
Response . We implement targeted measures—such as eligibility reviews, dynamic monitoring, and coordinated communication—to
fice, who assume direct leadership responsibility for confidentiality work within their respective areas of responsibility.
mitigate risks associated with customer management.
We strictly comply with laws, regulations, and industry standards in operating regions, establishing rigorous review processes and
Confidentiality Office
responsible marketing material approval and supervision mechanisms. All disclosed marketing materials must be approved by au-
thorized personnel. Regular training covers all marketing processes, departments, and partner service providers. Violations are strictly The office is responsible for confidentiality supervision and inspection, confidentiality risk assessment,
investigation and handling of confidentiality breaches, and confidentiality archives management.
investigated and addressed in accordance with laws and regulations, ensuring full coverage of responsible marketing management.
General Office and Operations & Maintenance Team
Indicators and targets The General Office is responsible for the Company's information management, control of key confi-
dentiality areas, centralized management of state secret carriers and classified materials, regulation
Execution of foreign-related activities and classified meetings, and implementation of information security and
Indicators and targets 2025 achievement status body confidentiality requirements in news publicity;
An Operations & Maintenance Team is established under the General Office, responsible for the daily
operation and maintenance of the Company's information systems and related equipment, ensuring
Customer service satisfaction rate ≥ 95% Actual satisfaction rate: 98.6% system stability and reliability, and strengthening the technical defense line for information security.
Other functional departments
They are responsible for promoting and implementing information security and confidentiality work
Customer satisfaction with product quality ≥ 95% Actual satisfaction rate: 98.8% within their respective departments.
Head of the Confidentiality Work Leading Group: General Manager
Target
Survey response rate > 80% Actual rate: 100%
achieved Deputy Head of the Confidentiality Work Leading Group: Chief Confidentiality Officer
Members: Deputy General Managers, Department Heads
Training plan completion rate ≥ 95% Actual rate: 100%
General Office
Finance Departmen
Human Resources
ment Department
ment Department
Special Business
Technology R&D
Quality Manage-
Project Manage-
Confidentiality
Department
Department
Department
Marketing
Division
Sales contract review rate = 100% Actual rate: 100%
Office
Operations & Main-
tenance Team
Koal's Information Security and Confidentiality Work Organizational Structure
Information security and privacy protection
We strictly comply with Cybersecurity Law of the People's Republic of China, Data Security Law of the
People's Republic of China, Personal Information Protection Law of the People's Republic of China, Na-
tional Security Law of the People's Republic of China, and Administrative Measures for Data Security in
the Industry and Information Technology Sector (Trial) , among other applicable laws and regulations.
Governance We have formulated policies and management standards such as the Information Security Manage-
ment System Manual, Network and Information Security Management Policy, Confidentiality Work
We have established a comprehensive information security and privacy protection management structure, building a hierarchical Guidance Manual, and Confidentiality Assessment, Rewards and Penalties System , thereby establishing
responsibility system with clearly defined departmental responsibilities. Through regular coordination meetings, responsibilities a comprehensive information security management system. During the Reporting Period, we revised
and implemented multiple institutional documents, closed management gaps, established a compre-
are effectively implemented at all levels, forming an efficient joint defense mechanism characterized by centralized coordination
hensive policy framework, strengthened end-to-end risk control, improved security incident response
and grassroots collaboration.
efficiency, significantly reduced the network attack surface, and promoted centralized allocation of de-
fense resources, achieving seamless integration between routine protection and emergency response.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Strategy and management approach
To continuously enhance information security and privacy protection, Koal carried out relevant work in areas including information security
management, security certification and audit, security technology upgrades, privacy data protection, and security culture development, in
accordance with applicable laws, regulations, and internal management requirements, continuously improving management mechanisms • No department is allowed to independently set up networks. Network deployment
and safeguard measures. is centrally implemented by the General Office after feasibility assessment;
Cybersecurity
• Any unauthorized modification of IP addresses or connection methods is strictly
Information security management management
prohibited. Access by external personnel to the Company's internal network
We adhere to the principle of "security first, prevention as a priority." Based on domestic and international regulatory requirements and general infor- systems is strictly controlled.
mation security management system standards, and drawing on industry best practices, we have established a comprehensive information security
and privacy protection management system and continuously improved the security management system for critical information infrastructure. We
implement information security management measures across systems, organization, personnel, construction, and operations, while leveraging ad-
vanced technologies to ensure data integrity and availability, thereby comprehensively safeguarding internal information security.
• The Company provides computer equipment for internal use. Employees are not
Service Support System allowed to replace or dismantle equipment without authorization and must maintain
Equipment a clean, safe, and proper working environment;
Security Policy System Security Technology System safety
management • Employees must strictly comply with operating procedures for computer use,
Security Strategy Pre-event Control including startup and shutdown protocols, and are responsible for the security of
Security Organization Resource Resource Authori Dynamic Trusted Resource Trusted Trusted Cryptographic the equipment they use.
Object Management zation Control Authentication Marking Services
Asset Management
In-process Protection
CryptographicApplications
Cryptographic Support
Data Transparent Data
Data Flow Control Centralized Data Control
Control
• Important work files must not be stored on the C drive (including the desktop).
Encryption/Decryption
Cryptography
Trust System
They must be regularly backed up and centrally stored on designated departmental
Application Application Access Application Access Application Code
Security Authentication Control Signing folders on the Company's file server, with each department responsible for review
and security management;
Cryptographic Application Data Flow Verification Behavior Accountability
Incident Management Encrypted • When employees leave their positions, their work materials must be copied to the
Boundary Boundary Access Boundary Access Terminal Identity
Business Continuity file storage departmental folder by the department head;
Security Authentication Control Authentication
•
Management
Important information files must be stored in encrypted form. Electronic certificates,
Compliance Management Network Source Information Channel Transmission Anti-tampering of official documents, and similar materials must include explanatory watermarks or
Communication Encryption Protection Transmitted Information
Security Organization usage labels. Any leakage or loss caused by improper storage or use shall be borne
System
Anti-theft of Two-way Transmission Video Encr yption fully by the responsible individual.
Establishing Security Supervision Transmission Traffic Authentication and Compression
Management System
Terminal Integrated Identity
Trusted Terminal Marking Usage Object Marking
Personnel Capabili-
Environment
Security Organiza-
Authentication
ty Requirements
tional Structure
• For sensitive information, we follow the principles of "strict management, rigorous
Professional
Definition
Terminal Cryptographic Trusted Program An- Local Cryptographic
Calculation Module ti-counterfeiting Operation Calculation Sandbox prevention, ensured security", and operational convenience. We implement "triple
control" measures and "full-process control" to ensure secure and controlled
Post-event Response
handling at all stages;
Implem
entation Audit Detection Monitoring Auditing Tracing
Information
• Information transmission must be handled by designated personnel in accordance
confidentiality with regulations, and transmission via ordinary postal or courier channels is strictly
Scanning Penetration Testing
management prohibited;
Response Emergency Management Incident Handling
• Before leaving a position or the Company, employees must return all classified
Implem Improv
entation ement
Recovery Recovery Mechanism Disaster Recovery Measures Continuity materials and complete confirmation procedures. Destruction of classified carriers
must be supervised by at least two persons and conducted at designated locations;
Security Operation System
• Dual agreements are signed with outsourced personnel to ensure data security.
Situation Overview Risk Handling Risk Monitoring Security Enhancement
Asset Value Cryptographic Ob- Measure Plan Situational Risk Early Decision-making
Management ject Identification Selection Formulation Awareness Warning Suggestions
Security Risk Assessment Plan Implementation and Drill Risk Handling Risk Tracing Avoidance Knowledge Base
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Information security certification and audit Information security technology
Koal continues to advance the development of infor- We actively promote upgrades and enhancement of information security technologies. Through multi-layered deployment and optimi-
mation security management systems and profes- zation across network, application, and data levels, we effectively defend against large-scale cyberattacks, improve incident response
sional certifications. As of the end of the Reporting efficiency, ensure data security and business continuity, and establish a comprehensive, intelligent, multi-layered protection system.
Period, we have obtained the ISO 27034 Application
Security System Certification, ISO 27001 Information
Security Management System Certification, as well as
professional service qualifications such as CCRC Infor- Strengthen multi-layered defenses and build a robust, comprehensive barrier
mation System Security Operations and Maintenance
Service Certification and CCRC Information System
At the network layer, high-defense servers and intelligent traffic scrubbing centers are deployed; at the ap-
Security Integration Service Certification.
plication layer, WAF and code audits are used to prevent SQL injection and XSS attacks; at the data layer,
In accordance with relevant regulations and internal encryption and integrity verification are implemented for data at rest and in transit.
management systems, we conduct regular audits of ISO 27034 Application Security ISO 27001 Information Security
Systems Certification Management Systems Certification
information security policies and systems, covering
four key areas: policy implementation, technical
protection, data security, and compliance. By contin- Optimize threat detection and accelerate incident response
uously improving audit coverage, optimizing special-
ized audit mechanisms, establishing a closed-loop AI-driven threat intelligence analysis is introduced for proactive alerts on ransomware and automated bots;
"audit–feedback–rectification" management system, RPA is deployed to counter large-scale crawling attacks; a 24/7 Security Operations Center (SOC) is estab-
and strengthening risk early warning capabilities, we lished, with regular emergency drills conducted.
ensure the rigor and effectiveness of our information
security system and provide strong support for stable
business operations. In addition, we undergo external
information security inspections from third parties Strengthen data security to ensure business continuity
such as government authorities on an irregular basis.
During the Reporting Period, we conducted one in- CCRC Information System Security CCRC Information System Security
Operation and Maintenance Integration Service Certification We strictly implement a "2-1" backup strategy and conduct regular data recovery tests. A zero-trust archi-
ternal information security audit and underwent one
Service Certification tecture is adopted under the principle of "never trust, always verify," enabling dynamic access control.
external information security review.
Privacy and data security
Koal strictly follows the principle of "minimal data collection" in personal information processing. Customer data is systematically
stored in the ERP system and protected in terms of integrity and confidentiality through our comprehensive information security
Policy and system audit Technology and control audit Data Security and Privacy Audit Compliance audit management system. Access permissions are assigned based on roles, key customer data is desensitized, and certified commercial
cryptography products are used to ensure security protection.
Verify the compliance of Evaluate the effectiveness of Review compliance of data Assess compliance against
processes for policy formu- technical measures such as classification, storage en- national laws and industry
lation, review, approval, firewalls and intrusion de- cryption, transmission pro- standards, identify gaps, and
and communication, and tection systems, and verify tection, and personal data promote corrective actions.
Data backup Data flow control Encrypted storage
assess implementation the implementation of ac- processing with regulatory
effectiveness. cess control and vulnerabili- requirements.
ty management measures. We adopt cyclical full and incremen- Backup data files are strict- Encr yption is applied to
tal backup strategies to regularly back ly safeguarded to prevent sensitive fields such as per-
Koal's Information Security Policy and System Audit up data across all systems (including unauthorized copying or sonal information, sensitive
internal networks, operational plat- destruction. Unauthorized personal data, and corporate
We regularly conduct confidentiality supervision and inspections for sensitive information and personnel. Confidential personnel forms, portals, corporate email, ERP export of databases is strict- sensitive data.
perform self-inspections every two months, while departments handling classified work conduct monthly self-inspections. De- systems, etc.), ensuring optimal data ly prohibited.
partment heads implement and review confidentiality practices based on business characteristics. Quarterly inspections are con- recovery in case of system failures.
ducted on departmental leaders' confidentiality responsibilities, semi-annual inspections on responsible executives, and annual
inspections on the General Manager. All inspection results are documented.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Security development Information security culture
We integrate information security requirements into the entire product development lifecycle, establishing a comprehen- We promote systematic and targeted development of information security and confidentiality culture, embedding security
sive security management system to build an all-round protection framework for our products. awareness into employees' mindset and daily practices. This approach comprehensively enhances employees' confidenti-
ality literacy and information security awareness, strengthening the cultural foundation of information security.
We conduct security training through diversified formats such as online courses, on-site lectures, and simulation drills, deeply
embedding security awareness among employees and fostering a culture of full participation and proactive protection. At the
Security requirements Security design same time, we organize skills competitions and attack-defense drills to cultivate professional security talent and enhance prac-
tical technical capabilities, thereby strengthening the talent foundation for sustained information security protection.
Identify sensitive data based on security base- Translate security requirements into tech-
line checklists and determine protection levels; nical solutions based on security baselines; We revised the list of confidentiality-related positions, clarified role classifications and responsibility boundaries, and
Define compliance requirements, such as Conduct peer reviews to ensure full cover- strengthened full-process management of personnel with access to confidential information. We also developed and dis-
Grade Protection 2.0 and industry standards. age of security requirements. tributed confidentiality awareness manuals, established an online learning platform, and built a tiered assessment system
to carry out integrated online and offline training programs. During the Reporting Period, we achieved 100% coverage of
confidentiality training, a participation rate of 99.5%, and a pass rate of 99.2%. All non-compliant personnel achieved com-
pliance after rectification, effectively fulfilling differentiated training objectives for confidentiality-related personnel and
Security testing Security development
general employees.
Improve the security testing framework by Strengthen security training to enhance
enhancing test case design and multilingual employees' awareness and capabilities; Key Performance
secure coding examples to ensure rigorous Establish a normalized code audit mech-
and effective testing; Total information security Total number of participants in
anism (self-check + static tool scanning +
training duration information security training
Combine tool-based scanning with manual manual review);
penetration testing to ensure compliance with
security baselines;
Implement comprehensive open-source
governance (full lifecycle management +
Number of confidenti- Total confidentiality Total number of participants
Integrate penetration testing into the release vulnerability and license scanning) to en-
ality training sessions training duration in confidentiality training
process (for key projects) to strengthen pre-re- sure product security and compliance;
lease security assurance;
Add pre-release host inspections to ensure
Apply AI-assisted security development
technologies, such as intelligent coding as-
compliance with security hardening guidelines. sistants for security issue remediation.
Impact, risk, and opportunity management
Security deployment and operations We attach great importance to information security risk management by establishing a professional emergency response
team and formulating policies such as the Information Security Risk Management Procedures, Confidentiality Man-
Harden products and operating environments in accordance with security hardening guidelines; agement Policy , and Emergency Response Plan for Information Leakage Incidents . This forms a full-cycle information
Strengthen vulnerability governance of existing system components (daily updates of the latest open- security risk management system characterized by closed-loop processes, controllable risks, and efficient response.
source component vulnerabilities are pushed to products), thereby reducing potential security risks; Through standardized and well-defined risk management processes, we accurately identify potential information secu-
Establish a vulnerability early warning and response process to track product vulnerability risks and rity risks and implement targeted control measures to build robust protection barriers. At the same time, we establish
implement graded emergency response measures based on risk levels. comprehensive emergency response procedures and mechanisms, conduct regular practical drills, and comprehensively
prevent and mitigate various information security risks, ensuring stable business operations and core data security. Dur-
ing the Reporting Period, no major data leakage or information security incidents occurred. One information security or
attack-defense emergency drill was conducted.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Risk identification Risk analysis Risk assessment Risk disposal
For all identified as- After risk identifica- Based on established Control requirements are strictly imple-
• Anomaly discovery: Monitor server anomalies (such as hacker attacks, abnormal processes, etc.) and
sets, risk identification tion, the potential risk criteria, risk anal- mented for identified risk points, and make a preliminary judgment as to whether an intrusion or information leakage has occurred.
Incident
is conducted based impact of risks is ysis results are com- corrective measures are carried out item discovery • Internal reporting: Immediately report the basic details of the incident to the direct supervisor or the
on confidentiality, in- analyzed and de- pared to determine by item to reduce the likelihood of risk and information Operations & Maintenance Team to ensure timely communication of information.
tegrity, and availability scribed, and risk whether risks are occurrence; reporting • Evidence preservation: While reporting, properly preserve relevant logs, screenshots, or files to provide
requirements, and a values are calculat- acceptable or require
We conduct research on confidentiality a basis for subsequent investigation.
risk inventory is estab- ed using relevant treatment, and the
risk assessment management, continu-
lished. methodologies. entire risk assessment
ously improve confidentiality manage-
process is document-
ed and archived.
ment capabilities, and proactively identify • Preliminary analysis and classification: Upon receiving the report, conduct a preliminary review of the
and control various confidentiality risks. nature of the incident, determine whether it is a genuine security incident, and activate the corresponding level
Information Security Risk Management Process of response plan based on the severity of the incident (such as scope of impact and data sensitivity).
Preliminary
response • Emergency plan activation: After confirming an intrusion or leakage, immediately activate the emergency
response plan.
• Business impact assessment: Determine whether the affected server is a critical business node and, without
affecting business operations, immediately take the server involved offline.
• Investigation and verification: Departments such as the information Operations & Maintenance Team, the
Confidentiality Office, or the Information Security Management Office take the lead in conducting investigations,
Risk type Mitigation measures
reviewing database operation logs, server processes, network logs, and suspicious files to confirm whether
information leakage has occurred, and identify the cause of the incident, the scope of impact, and the
Investigation
External attack risks: These include hack- Closed-Loop vulnerability management: Establish responsible party.
and leak
ers exploiting system vulnerabilities to an "identify–assess–remediate–verify" process, re- confirmation • Critical evidence preservation: Back up all logs, malicious files, and attack traces. In severe cases, escalate the
quiring high-risk vulnerabilities to be resolved within matter to appropriate law enforcement authorities.
gain unauthorized access, phishing attacks
disguised as internal emails or legitimate
Ransomware protection: Implement a "2-1" backup attack path and vulnerability points), and promptly remediate security weaknesses at the earliest possible time.
software, and ransomware attacks that en-
strategy (two types of media, one offline copy) and
crypt core data and demand payment.
deploy dedicated anti-ransomware tools.
Internal security risks: These include acci- • Threat elimination: Remove viruses, trojans, and attack files. Implement security measures on compromised
Data loss prevention: Monitor and control the
dental misoperations by employees (such transmission of sensitive data via endpoints, Emergency
servers. Conduct thorough checks on all connected systems to prevent pivot attacks or secondary leaks.
as mistakenly sending confidential files or handling and • System fortification: Update all vulnerability patches, implement encryption for core data, rectify high-risk
email, and cloud storage.
connecting to public WiFi), malicious data system systems, and establish security baselines.
Permission lifecycle management: Implement recovery • Recovery and enhanced monitoring: Restore network connections after confirming system security.
leakage for personal gain or retaliation, automated permission request and revocation
Implement heightened monitoring protocols, with particular emphasis on database access logs.
and excessive permission accumulation processes, with regular permission audits.
due to poor access management.
Full lifecycle system management: Establish
graded evaluation and decommissioning mech- • Incident documentation and archiving: Compile detailed incident reports, documenting leaked content,
System and compliance risks: These
anisms for legacy systems; implement isolation potential harm, mitigation measures implemented, and responsible personnel involved.
include legacy systems with unpatched • Compliance Reporting: Ensure responsible departments submit written reports to the Company's
protection for irreplaceable systems; enforce
vulnerabilities due to discontinued vendor code review and vulnerability scanning for Confidentiality Office and leadership group within 24 hours of leak discovery. The Company must provide written
support, and vulnerabilities in self-devel- self-developed systems. Post-Incident notification to the Shanghai Secrecy Administration Bureau within 24 hours and submit investigation results within
management
oped systems caused by coding defects. three months.
Compliance and vulnerability mitigation: Con-
duct regular compliance self-inspections, im-
and compliance
• Internal leak handling: For unintentional leaks, follow established virus handling procedures for equipment and
Reporting
plement temporary protective measures for un- intensify employee training programs. In cases of intentional leaks, restrict involved employees' account privileges,
patched systems, and coordinate with vendors collect log evidence, and, in severe cases, refer the matter to relevant national authorities for further action.
or technical teams to remediate vulnerabilities. • Corrective measures: Update security policies, strengthen employee training, and optimize the technical
protection system.
• Continuous improvement: Regularly conduct emergency plan drills, and critically assess and revise operational
Risk Identification and Mitigation Measures procedures as needed. Implement encryption storage and leak prevention measures for all critical data.
Information Security Incident Emergency Response Process and Measures
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Indicators and targets
In the face of increasingly complex cyber threats, Koal focused on information security and privacy protection, building a multi-lay-
Sustainable supply chain
ered, intelligent, and highly compliant protection system to ensure the continued and stable operation of our business, strengthen Koal continued to improve its supply chain management system, formulated and strictly complied with systems such as Supplier
the defenses for data security and personal information privacy protection, translate relevant requirements into actionable and Code of Conduct, Qualified Supplier System , and Procurement Management Process , standardized the supplier lifecycle manage-
measurable work objectives at all levels, clarify implementation paths and achievement standards, and link the assessment results ment, improved the long-term communication mechanism with suppliers, effectively prevented potential risks in the supply chain,
of these objectives to management performance incentives, thereby promoting the effective implementation of all tasks. continuously enhanced supply chain resilience, and made every effort to build a compliant, stable, and highly resilient sustainable
supply chain system.
Indicators and targets 2025 achievement status
Supplier lifecycle management
Enhance the defense capabilities of endpoint devices, prevent
Strengthen endpoint
virus and ransomware attacks, and safeguard data security Achieved Koal focused on the core objectives of standardized supplier management and ensuring supply chain stability and quality. In light
security protection
through technology deployment and data encryption. of the characteristics of the information security industry, we established a standardized supplier lifecycle management system,
covering the entire process from access, classification, evaluation, to exit, effectively ensuring compliant, stable, and high-quality
Improve security Establish real-time monitoring mechanisms, optimize emergency operation of the supply chain.
monitoring and response processes and team capabilities, and reduce the risk of Achieved
emergency response business disruption.
Conduct security training covering phishing attack identification, Supplier admission Graded and classified
Enhance employee and assessment management
password management, and other topics to reduce vulnerabili- Achieved
security awareness
ties caused by human operational errors. We define supplier access standards, review core Based on dimensions such as material/service type,
relevant conditions such as qualifications, quality, procurement amount, and strategic importance, sup-
Improve security policies, strengthen supplier security assess- contract performance capability, and financial status, pliers are categorized into strategic, key, and general
Optimize compliance and through preliminary screening, on-site evaluation, types, among others, and differentiated management is
ments and supply chain controls, and ensure compliance with Achieved
management comprehensive quantitative scoring, and joint approval implemented; combined with performance evaluation
national and industry regulations.
by multiple departments, include qualified suppliers in results, they are classified into grades such as excellent
the approved supplier list and establish dedicated files and qualified, with supporting incentive or corrective
Promote technology for them, strictly controlling the access threshold. measures to precisely align with the Company's supply
Introduce technologies related to the zero-trust architecture to
innovation and Achieved chain management needs.
enable dynamic access control and reduce internal threats.
application
Complete revisions to confidentiality management systems and Regular evaluation Supplier exit
and feedback
implement the compilation of business systems; prepare and
disseminate training manuals covering project processes, con-
Optimization of We conduct annual performance evaluations of suppli- For suppliers with serious quality issues, repeated
fidentiality knowledge, and other content; throughout the year, ers, quantitatively scoring them on core indicators such breaches of contract, or violations of laws and regula-
confidentiality Achieved
conduct at least two confidentiality training sessions and one as quality, delivery, cost, and service; establish a regular tions, we implement exit procedures in accordance with
systems and training
year-end examination for all employees, conduct at least three communication mechanism to promptly convey require- established processes, ensure proper handover and con-
training sessions for SM personnel and project personnel, and ments and standards information; promote joint im- tingency arrangements, analyze root causes, and prevent
provement with suppliers; and dynamically update the recurrence of similar issues, thereby safeguarding supply
complete 15 class hours of training materials for SM personnel.
supplier roster to ensure the vitality of the supply chain. chain stability and fully aligning with our compliance and
risk management requirements.
Implement centralized management of inspections, risk as-
Routine sessments, and document receipt, dispatch, and circulation;
confidentiality complete two confidentiality inspections, one risk assessment, Achieved
management and confidentiality training and examination for new employees
Key Performance
upon onboarding.
Total number of major suppliers total number of major domestic suppliers
Complete all Company supervision and follow-up tasks as re-
Internal
implementation and
coordination
quired; strengthen cross-departmental collaboration, with the
quarterly collaboration evaluation rated as qualified; no viola-
Achieved
tions of regulations or discipline, and no major quality incidents.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Supply chain ESG management Enhancing supply chain resilience
The Company continuously strengthened supplier ESG management, practiced the principles of sustainable procurement, and To ensure supply chain continuity and stability, Koal has comprehensively built a supply chain resilience enhancement system.
built a sustainable supply chain. On the basis of ensuring business continuity, we fully integrated ESG factors into the entire pro- Through two core measures, namely end-to-end risk prevention and control and normalized supplier capability building, we con-
cess of supplier admission and management and control, driving upstream and downstream participants across the supply chain tinuously strengthened the supply chain's risk resistance and coordinated development, providing solid supply chain support for
to collaboratively practice the philosophy of sustainable development. the stable operation of our business.
The Company has established a sound ESG management system, formulated the Supplier Code of Conduct , and signed agree-
ments with suppliers such as the Partner Integrity and Honest Cooperation Agreement, Supplier Environmental Responsibility Supply chain risk prevention and control
Agreement, and Supplier Product Quality Assurance Agreement, covering key areas including labor standards, environmental re- Koal has established the Supplier Continuity Mechanism, creating a comprehensive risk prevention and control system and standard-
sponsibility, business ethics, product quality, and compliant employment. ESG requirements have been incorporated into the core ized procedures to effectively mitigate various risks, including supply chain disruptions, price increases, and unforeseen incidents.
assessment for supplier admission, strictly prohibiting benefit transfers and regulating employment and environmental practices,
effectively promoting suppliers to jointly practice the concept of sustainable development and continuously enhancing the sus-
tainability of the supply chain.
Strengthen risk assessment and forecasting, and build a solid first line of defense against risks
Supplier Code of Conduct We conduct supplier risk assessments across multiple dimensions, including financial stability, production base distribution,
geopolitics, and technological iteration; record high-frequency points of supply chain disruption; monitor incoming material
quality data from suppliers; and regularly review responses to quality issue handling, with a focus on key suppliers and various
sudden risk points, so as to comprehensively and accurately identify various potential risks across the supply chain.
Strictly prohibit child labor, forced labor, and all forms of discrimination; comply with lo-
Human
Rights and cal labor laws; safeguard employees' wages, working hours, and occupational safety; and
Labor Improve and diversify the supplier layout to reduce the risk of reliance on a single source
standardize employment management.
For key materials or services, we avoid reliance on a single supplier, maintain two to three backup suppliers, promote a geo-
graphically diversified supplier layout, establish long-term strategic partnerships with core suppliers, share risk response plans,
and sign business continuity agreements to enhance the supply chain's resilience to fluctuations.
Operate legally, possess environmental qualifications, standardize the disposal of the
Environmental
Protection "three wastes," promote cleaner production and resource conservation, and cooperate Refine safety stock management and control to ensure continuous and stable supply
with the Company's green procurement requirements.
Based on actual production needs, we have established a safety stock of at least one and a half months for materials with
long procurement cycles and insufficient production capacity. We implemented a system of daily inventory inspections and
monthly stocktaking updates, and established an inventory alert system and a coordinated supplier response mechanism to
Provide employees with a safe working environment and protective equipment, safety proactively prevent the risk of supply disruption.
Health training, formulate emergency response plans, and provide qualified sanitation facilities to
and Safety
safeguard employees' occupational health, life, and safety. Optimize the emergency response system and improve the effectiveness of risk handling
We closely monitor the qualification status and negative information of information technology service institution suppliers
(in line with the Company's information security attributes), clarify the processes for information reporting, risk assessment,
Business Adhere to integrity in operations, strictly prohibit commercial bribery and transfer of ben- and emergency preparedness, incorporate suppliers' contingency plans for emergency situations into the Company's overall
Ethics and efits, cooperate with integrity supervision, and jointly build a fair and clean cooperation emergency management, establish a three-tier response process from Level 1 to Level 3, and rapidly address various types of
Anti- supply interruption issues.
corruption environment.
Improve the sound performance management and control mechanism to drive the continuous optimization of the system
We continuously improve the management mechanism through KPI assessments, risk reviews, on-site audits, and other
measures, while identifying key supply chain nodes and formulating tailored prevention and control plans, thereby advancing
the enhancement of supply chain resilience in a closed loop and strengthening the defense line against supply chain risks.
Key Performance
Number of suppliers which have Number of suppliers which have Number of suppliers which have ob- Supplier capability building
obtained the quality management obtained the environmental manage- tained the occupational health and safe-
system certification: approximately ment system certification ty management system certification Koal attaches great importance to supplier training. In light of the characteristics of the information security industry and cooperation
needs, we provide targeted training for suppliers to strengthen collaborative alignment between both the supply and demand sides.
losophy, cooperation rules, quality standards, and business processes, standardize cooperation practices, enhance supply capabilities
and service standards, improve supply efficiency, and grow together.
People-oriented
collaborative and
win-win outcomes
Employee rights and benefits
Human capital development
Occupational health and safety
Industry ecosystem development
Community engagement
Contributing to the UN 2030 SDGs
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Employee rights and benefits Key Performance
The Company strictly complies with laws and regulations related to labor protection, comprehensively safeguards employees' law- Signing rate of labor contracts Social insurance coverage
ful rights and interests, and adheres to fair employment, equal treatment, and standardized labor practices. The Company contin-
ued to improve its diversified benefits system, kept employee communication channels open, and paid close attention to employ- % %
ees' work-life balance. We safeguarded rights and interests through sound systems and conveyed care through benefits, effectively
enhancing employees' sense of gain, security, and belonging.
Labor and human rights management Diversity and equal opportunities
The Company has consistently adhered to the philosophy of diversified talent development, widely recruiting outstanding talent with differ-
The Company strictly complies with the requirements of the International Bill of Human Rights, ILO Conventions, UN Guiding Principles
ent genders, professional backgrounds, cultural experiences, and specialized skills.By integrating diversity, we stimulate organizational vital-
on Business and Human Rights , the Labor Law of the People's Republic of China , and other relevant requirements, and formulated poli-
ity, uphold equal employment and fair competition, eliminate all forms of discrimination and improper employment practices, and strive to
cies and systems related to employee rights and human rights protection, such as the Compendium of Human Resources Management
foster an open, inclusive, equal, and respectful working atmosphere, providing every employee with a platform for growth and the full dis-
Systems , clearly stipulating our conduct in employment processes such as employee hiring, onboarding, management, and separation,
play of their talents. During the Reporting Period, Koal did not experience any complaint incidents related to discrimination or harassment.
standardizing the identification of corresponding employment compliance risks as well as remedial measures and procedures for ad-
verse incidents, and regularly reviewing and revising them to ensure consistency with the latest legal and regulatory requirements. We upheld gender equality, provided female employees with fair compensation and benefits, training, promotion, and career develop-
ment opportunities, eliminated the gender pay gap, encouraged women to take on management positions, and enabled them to fully
To systematically prevent human rights compliance risks, the Company established a labor compliance risk identification mecha-
realize their value. At the same time, the Company protected female employees' maternity-related leave in accordance with the law,
nism, clarified the response procedures and corrective measures for negative incidents, and strengthened the baseline for human
provided commercial maternity insurance, and offered paternity leave to male employees, advocating shared family responsibilities and
rights risk prevention and control. During the Reporting Period, the Company carried out a comprehensive identification of human
creating a secure and stable environment for women's long-term career development. At the same time, we deeply integrated diversity
rights compliance risks, clarified 45 core employee rights and human rights protection provisions, and fully embedded employee
into corporate governance. In the terms of reference of the Nomination Committee of the Board of Directors, gender diversity was ex-
rights protection and human rights risk prevention and control requirements into all aspects of production, operations, and man-
plicitly identified as a key dimension in candidate evaluation. The Company currently has one female employee director and two female
agement, thereby achieving proactive prevention and closed-loop management of human rights risks.
Senior Management members. The Company strives to increase the proportion of female directors to one-third before the re-election of
Checklist for Identifying HR Legal Standards the next Board of Directors, and supports more outstanding female managers in joining the senior management team.
Number
Legal standards of articles Main content
identified
In 2025
All Company management systems and operational practices
Labor Law of the People's Republic of Employee discrimination Proportion of female Proportion of female employees Proportion of female senior
China
al safety and health protection, among others
The formulation of labor quotas shall be scientific and reason-
Labor Contract Law of the People's Number of ethnic minority Number of employees Return-to-work rate after parental
Republic of Chin a employees with disabilities leave
normal working hours, etc.
Criminal Law of the People's Republic
of China
Law of the People's Republic of China on Using violence, threats, or other means to force others to work, Employee engagement and communication
Penalties for Administration of 1articles even if it does not constitute a criminal offense, also constitutes
Public Security a violation of public security administration. The Company attaches great importance to employee communication and democratic participation, fully respects employees'
opinions and reasonable appeals, and actively fosters harmonious, healthy, and stable employee relations by maintaining smooth
communication channels, improving the whistleblowing system, and conducting satisfaction surveys, thereby creating a positive
Labor security supervision and inspection cover the entire working atmosphere of equality and respect, openness and transparency, and smooth communication. During the Reporting Peri-
Regulations on Labor Security Supervi-
sion and Inspection
insurance, and from working hours to special protection. cial Contract on the Protection of the Rights and Interests of Female Employees with government authorities, ensuring employee
contracts were compliant and transparent and safeguarding employees' basic rights and interests.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Open communication channels
Case Employee Survey
The Company has established a de-layered, multi-dimensional communication mechanism and built diverse, accessible channels
for expressing opinions, including on-site complaints to the Human Resources Department, written complaints, telephone com-
plaints, as well as the general manager hotline and the general manager email, encouraging employees to communicate freely In 2025, to comprehensively understand employees' awareness and evaluations of the Company's strategic positioning,
across levels and offer suggestions and recommendations. At the same time, the Company has continuously optimized the opinion organizational structure, talent management, compensation and benefits, performance appraisal, and incentive systems,
feedback and handling process to ensure that every employee appeal receives a response and every matter is properly addressed, the Company conducted a strategic and management follow-up survey through questionnaires. The survey covered
fostering a positive atmosphere of openness, mutual trust, and active participation. multiple dimensions, including the clarity of the Company's strategy, the rationality of the organizational structure, the
smoothness of cross-departmental collaboration, talent recruitment and retention, the level of compensation and bene-
fits, and the effectiveness of performance appraisal and incentive systems. A total of 613 questionnaires were distributed
Case Establish a Suggestion (Complaint) Mailbox
in this survey, and 524 valid questionnaires were collected. The survey results showed issues such as employees' insuf-
ficient depth of understanding and sense of identification with the Company's strategy, as well as shortcomings in the
Company's compensation, performance, and incentive mechanisms. Going forward, the Company will focus on these
In 2025, to further promote internal communication and encourage employees
areas and carry out corresponding management optimization and improvement.
to actively participate in Company management, we established a suggestion
(complaint) mailbox, inviting every employee to put forward valuable opinions
and suggestions on the Company's operations, management, culture building, Employee care
and other aspects. We committed to handling all suggestions confidentially,
carefully considering and responding to each suggestion, regularly organizing The Company integrates employee care into its daily management and development Key Performance
relevant departments to evaluate and discuss the collected suggestions, and practices. By regularly organizing diverse cultural and sports activities, such as cycling
adopting and implementing them based on actual circumstances. Employee Suggestion Mailbox events, sports competitions, and summer parent-child activities, it enriches employ- Average number of paid
ees' lives and ensures they receive care and support in areas ranging from physical and vacation days per person
per year
mental health, working environment, and living security to emotional well-being. The
Company also provides care and support to vulnerable groups, including employees
Grievance reporting procedure
in difficulty and female employees, fostering a warm, inclusive, and fulfilling workplace
Koal has established a transparent, standardized, and strictly confidential employee grievance and whistleblowing mechanism atmosphere and jointly building a warm and harmonious corporate family.
that covers all full-time and part-time employees, encouraging employees to promptly file grievances with their immediate super-
visors or the Human Resources Department when they experience any unfair treatment. The Company has designated personnel
to receive and handle employee grievances and whistleblowing incidents. The Human Resources Department serves as the griev-
ance acceptance center and, together with the Internal Audit Department, is responsible for the acceptance, investigation, han-
dling, and follow-up tracking of grievances. Based on the principles of authenticity, confidentiality, and effectiveness, we ensured
the timely acceptance of each reasonable whistleblowing matter and conducted independent investigations. The Company strictly
kept confidential the personal information of the grievance reporter and the specific grievance content, and took necessary meas-
ures to protect the safety and legitimate rights and interests of the grievance reporter. Any retaliation against a grievance reporter
or any information leakage, once verified, was dealt with seriously.
Conduct satisfaction surveys
The Company regularly conducts employee satisfaction surveys to listen to employees' voices and needs from multiple dimen- Cycling Event Union Activity
sions, and extensively collect opinions and suggestions. Based on the survey results and employee feedback, it continuously opti-
mizes management measures and steadily enhances employee experience and management effectiveness.
Key Performance
Total number of employees covered by the Collective bargaining agreement Employee satisfaction
union/collective bargaining agreement signing rate
Badminton Competition Retirement Seminar Activity
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Human capital development
Recruitment channels
Headhunter recruitment
Governance Online recruitment
For key talent such as senior manage-
ment and core technical positions,
Recruitment information is published we engage professional headhunting
The Company continuously improves its human resources management system to ensure that human resources management is aligned Internal referrals
through platforms such as recruit- firms for recruitment.
with the Company's overall strategic objectives. The Board has established a Remuneration and Appraisal Committee responsible for ment websites, the Company's official We encourage our employees to rec-
formulating and overseeing compensation policies and performance evaluation standards for directors and senior management. The website, and social media to attract a ommend outstanding talent and pro-
Human Resources Director formulates human resource planning based on overall corporate strategy and provides strategic support and large number of applicants to submit vide certain rewards to employees for
resumes. This channel is suitable for successful referrals, thereby improving
recommendations. The Human Resources Department is responsible for developing and implementing HR plans, objectives, policies,
recruiting personnel for various posi- recruitment efficiency and quality.
and processes, with clearly defined responsibilities at all levels to promote human capital development. tions.
Company
Koal has formulated and continuously improved systems such as the Compensation Structure System, Training Management System,
Recruitment
improving the human resources management system. Through scientific system development and standardized management, we rea- Channels
Campus recruitment Talent market recruitment
sonably allocated human resources, enabled people to make the best use of their talents and talents to be fully utilized, effectively pre-
We establish partnerships with univer- We participate in job fairs, talent ex-
vented the risk of losing key talent, and safeguarded organizational stability and sustainable development. In 2025, the Company newly
sities, participate in campus recruit- change events, etc., and communicate
formulated systems such as Promotion Management System and Performance Evaluation Management System , and completed the ment fairs, and hold campus presenta- directly with job seekers face to face to
preparation of the Compendium of the Human Resources Systems , which includes 11 major systems, as well as the preparation of job tions to recruit fresh graduates. quickly screen suitable candidates.
Other channels
descriptions for 60 departments, laying a foundational framework for the standardized management of human resources.
Based on recommendations from
industry associations, media adver-
Strategy and management approach tisements, employee self-recommen-
dations, etc., we select talent flexibly
according to actual circumstances.
Koal followed industry development trends and the Company's overall business strategy to define the human resources strategic
positioning of "sustainable development driven by human capital". Our talent strategy focused on a paradigm shift from "transac-
tion processing" to "strategic value creation", with "digitalization, specialization, and sustainability" at its core. We aimed to make
human capital the core engine for enhancing the Company's ESG management and business growth, and to build a sustainable Case Product Manager "Elite Troops Program"
talent ecosystem in which employees are proud, businesses place their trust, and investors give recognition.
Product managers are the core hub connecting technology, business, and users, and shortcomings in their capabilities
Talent attraction
directly constrain the market competitiveness of the three major product lines (cryptographic machines, signatures, and
Koal has established diversified and open recruitment channels and a talent pool to accurately identify talent gaps in key positions. We cryptographic service platforms). To address pain points across the entire chain of "selection, development, utilization,
regularly conduct talent assessments, enrich talent reserves, and promote talent pipeline development. Guided by corporate strategy, and retention" of product managers and build a strategic high ground for product talent in the field of cryptographic
we build an efficient and equitable talent acquisition system. On one hand, we recruit high-quality external talent through diversified security, the Company formulated the Product Manager Elite Troops Recruitment Program, including:
channels such as social media and university partnerships to improve recruitment efficiency and job-person matching. On the other
hand, we promote internal recruitment to identify and utilize existing talent, ensuring alignment between recruitment plans and strategic
objectives and optimizing workforce allocation and structure. In addition, the Company focuses on talent integration and development,
attaches importance to the recruitment of campus hires and their onboarding experience, continuously optimizes recruitment strategies,
and achieves full-cycle management of talent through precise acquisition, efficient empowerment, and sustained retention. Precise profiling. In addition to Professionalized channels. We co- Introduction of special manage-
conventional product capabil- operate with leading headhunt- ment for cadres. We set red lines
Recruitment principles ities, hard thresholds such as ers for targeted talent acquisition for cultural alignment, conduct
cryptographic algorithms, cryp- and leverage their professional progressive assessments, and
Fairness and justice Merit-based competition Job-person matching Legality and compliance tographic protocols, and security talent search and recommen- establish an 18-month special
and compliance must be added. dation capabilities to improve management period to prevent
During the recruitment Through scientific as- Based on the responsi- Recruitment activities recruitment success rates. cultural misalignment.
process, all candidates are sessment methods and bilities, requirements, strictly comply with na-
entitled to equal employ- rigorous selection proce- and qualifications of the tional laws and regula-
ment opportunities, and dures, outstanding talent position, personnel with tions and relevant local
the recruitment proce- best suited to the Com- the corresponding capa- policies, ensuring the le-
dures and standards are pany's job requirements bilities and qualities are gality and compliance of
open and transparent to is selected from among selected to ensure the the recruitment process
all candidates, eliminating numerous candidates. optimal match between and recruitment groups.
any form of discrimina- personnel and positions, It is strictly prohibited to
tion and favoritism. thereby improving work recruit persons under the
efficiency and employee age of 18.
satisfaction.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Key Performance Employee training
The Company has always placed talent cultivation and development at a strategic level, and is committed to building a full-cycle
Total number of Number of people employed Number of newly recruited
employee during the Reporting Period fresh graduates learning and growth platform for employees. Through a wide range of internal and external training and development activities
covering all employees, we empower employees continuously enhance their professional capabilities, broaden their career hori-
zons, and clarify their development paths.
Training system
The Company has established a hierarchical and categorized training system covering the entire employee career cycle. Through a sound train-
ing management system and a technical R&D rank system, we provide solid support for talent development. We conduct dedicated training
Number of employees by gender Number of employees by position level for new employees, incumbent employees, management personnel, and reserve cadres respectively. We adopt diverse forms such as internal
instruction, guidance from external experts, on-the-job practice, industry exchanges, and online learning to continuously enhance employees'
Cultural Communication External Training for Mid-to-Senior
Compliance and Fundamental C a dr
Competencies nce eD
Special Assignments
da ev
ui
Male employees Female employees Senior management Middle management
G
el
al
op
Work Transition
ur
Entry-level employees
me
t
Cul
nt
Training
Number of employees by age Number of employees by educational background
Busin
Sales-focused Development System Platform Support
m
es
te
sE
po S
rt
ys
we Organizational Support
m
rm po
R&D Skill Enhancement
Faculty Resources
New Employee Onboarding
New employee training
Employees aged below 29 Employees aged 30-39 Employees with associate degree and below The Company continuously optimizes its training system for new employees, creating a training model that integrates online
self-directed learning with on-the-job practical coaching and combines learning with assessment, and implements an onboarding
Employees aged 40-49 Employees aged 50-59 Employees with bachelor's degree
development mechanism that integrates online learning, on-the-job coaching, and a mentorship system. The Company has estab-
Employees aged 60 and above Employees with a master's degree /MBA degree
lished a sound mentorship system and implemented a two-way selection process between mentors and mentees, assigning an
Employees with doctoral degree or above exclusive mentor to each new employee. Through one-on-one on-the-job guidance, we helped new employees smoothly navigate
the onboarding adaptation period, quickly integrate into the team, and become competent in their roles.
By employment type Number of employees by geographical region
Case Intern and New Employee Training Program
We assign a mentor to each new employee and develop an exclusive
ment and project-based practice as the main focus. Through phased
and new employees quickly adapt to their positions. In 2025, the
participation rate in the Company's new employee training program
Full-time Temporary workers/Labor Employees in China (in- Overseas employees was 100%, with a pass rate of 96%.
dispatch employees/Interns cluding Hong Kong, Macao,
and Taiwan regions)
Online Training Courses for New Employees
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Leadership training Koal Academy
The Company has developed comprehensive leadership development plans To deepen our strategic corporate planning and talent system development, we established Koal Academy as our core internal talent
for employees at different levels, providing incumbent managers and reserve development platform. The Academy was positioned to serve our core business and support the implementation of strategy. Upholding
management talent with comprehensive, systematic, online-and-offline the operating philosophy of "derived from business, serving the business," it was an important support for promoting the Company's
integrated management and leadership courses, helping them broaden strategic transformation and high-quality development. As the core platform for the Company's talent development and capability en-
their horizons, enhance their overall capabilities, continuously update their hancement, Koal Academy is responsible for coordinating training plans, establishing a course system, integrating internal and external
management knowledge and professional skills, and effectively apply them teaching resources, and advancing talent pipeline development. Through a "training-and-practice integration" model, it strengthens
in business practice and corporate development. During the Reporting Peri- employees' capability building while also undertaking the function of standardized communication of corporate culture. In the future, it
od, the Company selected 4 middle- and senior-level cadres to participate in will further become a core force in driving organizational transformation. During the Reporting Period, Koal Academy carried out talent
external leadership training programs, including CEIBS EMBA further studies, development initiatives around three key areas: foundational empowerment for all employees, tiered talent cultivation, and optimiza-
Zhengqi Academy training, and M&A practical training class, so as to enhance tion of system support, achieving remarkable training results.
the overall quality of middle- and senior-level management cadres and
strengthen team collaboration and leadership capabilities. Key Performance
Leadership Training Site
Professional skills training
Total investment in employee
To support the growth and development of employees across all professional tracks, the Company has established three core job training Number of employees trained
skill training systems. Each year, we customize special training plans based on job skill requirements, covering business areas such
as R&D, testing, implementation, and sales, to help employees systematically master the required professional knowledge and job
skills, continuously enhance their core competitiveness, and clearly identify their career direction and development goals.
RMB 189,000 8,809 persons
for Three Core Po
in g System sit i o n
Train s
Total employee training hours Average annual training Employee training
hours per employee coverage rate
Training System for Training System for Tech- Implementation and O&M
Sales-Related Positions nical R&D Positions Position Training System
Product knowledge: Data Core Technology module: Implementation skills module:
security products, Anxin New technology learning (such Product deployment, system Employee training coverage rate by gender
business training as LLM applications), technical configuration, implementation
specifications processes Male employees Female employees
Sales skills: Sales techniques,
business negotiation, customer
management
Product R&D module: Product
architecture, R&D processes,
Operations and maintenance
management module: System 100 % 100 %
coding standards maintenance, troubleshooting,
Implementation Capabilities:
operations and maintenance tools
Product deployment Quality testing module:
Testing technologies, Customer service module: Average training hours per employee by gender
automated testing, quality Service response, issue resolution,
assurance customer satisfaction Male employees Female employees
Collaboration with external institutions
Employee training coverage rate by level
The Company actively expands high-quality external learning chan-
nels for employees, introduces professional and authoritative training
Senior management Middle management Entry-level employees
resources, and supports employees in continuously deepening their
expertise and steadily improving in their professional fields. During the
Reporting Period, the Company invited Professor Yang Bo's team from 100 % 100 % 100 %
Shaanxi Normal University to deliver lectures on the fundamentals of
cryptography.
Professor Yang Bo's Team from Shaanxi Normal University
Conducting Basic Cryptography Training
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Employee development Performance evaluation and feedback
The Company conducts regular performance evaluations. By breaking down overall performance goals into specific targets for
each department, we ensure that every team and employee clearly understands their objectives and responsibilities and can effi-
Career development
Technology track Management track ciently complete their tasks. For the work of employees at different levels and of different types, we adopt a combination of quali-
The Company places great impor- tative and quantitative methods to comprehensively assess key performance indicators and work objectives, and link the achieve-
tance on employees' career develop- ment of individual performance to individual bonus coefficients. Through scientific guidance, timely supervision, and objective
T6 M4
ment, has established the Promotion technical leader Technical Director measurement, we comprehensively and fairly evaluate employees' performance.
Management System , It has built a
dual career development pathway We have established smooth performance coaching and communication procedures to provide employees with timely and com-
T5
in which technical and management domain expert prehensive feedback and guidance throughout the entire performance appraisal process, supporting them in achieving their goals
positions advance in parallel, and M3 and improving performance. Within five working days after performance evaluation results are finalized, supervisors conduct
established a systematic and stand- R&D Director
T4 performance feedback interviews with employees based on principles of timeliness, objectivity, constructiveness, and two-way
ardized employee promotion system, technical expert communication. These discussions clarify evaluation results, analyze strengths and weaknesses, propose improvement measures,
enabling employees to achieve two-
and assist in developing personal development plans to support their career growth. The Human Resources Department and the
way promotion and development in
T3 heads of all departments regularly track and evaluate employees' performance improvement progress, promptly resolve improve-
both the technical professional track principal engineer M2
and the management track based R&D Manager ment-related issues, reward and recognize employees with significant improvement results, and further provide coaching and
on their own strengths and develop- training to employees whose improvement efforts are ineffective.In addition, by linking company and departmental performance
T2
ment aspirations. Through an open, results to the total bonus pool, we help employees recognize their individual value within the organization and motivate them to
senior engineer
transparent, and well-regulated make greater contributions.
promotion mechanism, we provide a T1 M1
clear path and solid support for em- software engineer Assistant R&D Manager
ployees' career growth.
Employee benefits and welfare
Education and certificate support Koal has implemented a comprehensive, multi-faceted welfare system that encompasses all employees. Beyond the statutory
The Company actively encourages and supports employees in pursuing advanced degrees, publishing papers, and undertaking basic benefits, the Company offers an extensive range of non-monetary benefits to its entire workforce, covering health protection
studies and certification for qualification certificates, and enhances employees' professional competencies through incentive and life support. This enhances employees' sense of belonging and well-being, fostering a warm and supportive workplace envi-
subsidies. The Company has formulated the Revised Measures for Encouraging and Rewarding Employee Paper Publications , the ronment that drives high-quality enterprise development.
Measures for Encouraging and Rewarding Employees Obtaining Qualification Certificates , clarifying the reward standards for em-
ployees publishing papers and obtaining professional qualification certificates. After obtaining approval, employees can receive
support and assistance such as expense reimbursement and monetary incentives, continuously empowering their professional
growth. During the Reporting Period, a total of nine employees of the Company successfully obtained the corresponding profes-
sional qualification certificates and were rewarded accordingly. Statutory social insurance and housing fund Health care
In compliance with national regulations, the The Company provides employees with com-
Compensation and benefits Company contributes to social pension in- prehensive medical insurance and health man-
surance, medical insurance, unemployment agement services, including regular physical
Based on job value, performance, and competency levels, the Company has established an equitable compensation system. insurance, work-related injury insurance, ma- examinations and health consultations, focusing
Through standardized performance evaluation and feedback mechanisms, we scientifically assess employee performance and ternity insurance, and housing provident fund on both physical and mental well-being.
for eligible employees.
provide employees with market-competitive compensation and benefits, ensuring that incentives are aligned with contributions.
Scientific compensation structure
Koal has established a sound compensation structure system and employee evaluation system, and regularly conducts comprehensive assess-
ments of employees' performance, capabilities, and work attitudes, providing an objective basis for compensation adjustments, job promo-
Leave benefits Employee care
tions, and talent development. Based on job requirements and employee performance, and benchmarking against industry standards, we pro-
vide competitive compensation and performance incentives, including year-end bonuses and project bonuses. We also implement employee The Company has established a ro- The Company attends to employees' per-
bust leave system, including paid an- sonal needs and family circumstances,
shareholding plans to establish a medium- to long-term incentive mechanism featuring shared risks and shared benefits, enabling employees nual leave, marriage leave, maternity offering services such as birthday wishes
to share in the Company's growth and development. leave, and sick leave, ensuring that and support for children's education.
employees' rest and personal needs
The Company's remuneration system consists of base salary by position, performance-based salary, subsidies and allowances, bonuses and are adequately addressed.
benefits. The remuneration of senior management is determined and paid based on factors such as their position, responsibilities, capabilities,
and prevailing market salary levels, and their variable remuneration is linked to factors including the Company's operating performance and
performance appraisal results, thereby achieving shared development and growth with the Company. The compensation structure for general
employees includes base salary, performance-based salary, year-end performance bonuses, and allowances. Year-end bonuses are closely
Work-life balance
linked to overall business performance and individual performance evaluations, enabling dynamic adjustment of employee income. This en-
hances employee satisfaction and productivity while reducing turnover of key personnel. At the same time, the Company regularly conducts The Company regularly organizes various cultural and sports activ-
ities for employees, including fitness sessions and sports competi-
salary market surveys to ensure that our compensation levels remains competitive and to attract and retain outstanding talent. During the tions, to help them achieve a healthy work-life balance.
Reporting Period, 100% of all employees and departments received regular performance appraisals, and all management personnel and en-
try-level employees, especially non-sales function employees, received compensation commensurate with their appraisal results.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Occupational health and safety
Employee turnover rate 19.89 % Koal Software rigorously adheres to pertinent laws and regulations, including the Law of
the People's Republic of China on the Prevention and Control of Occupational Diseases
and the Provisions on the Supervision and Administration of Occupational Health at
Work Sites , while fully complying with the requirements of the ISO 45001 management
Turnover rate by gender Employee turnover rate by age
system. The Company consistently enhances its occupational health-related policies and
regulations, establishes robust procedures for identifying and addressing potential risks
职业健康安全管理体系认证证书
注册号:17325S20431R1M
兹证明
上海格尔安全科技有限公司
统一社会信用代码:913102303122023147
ensures the safeguarding of employees' occupational health.
注册地址:上海市崇明区陈家镇层海路 888 号 3 号楼 1088 室(上海智慧岛数据产业园)
经营地址:上海市松江区泗泾镇沐川路 58 弄 2 号 3 楼
职业健康安全管理体系符合
GB/T45001-2020/ISO45001:2018 标准
认证覆盖的范围
应用软件的设计开发及计算机系统集成及办公相关职业健康安全管理活动
(体系覆盖不包含分支机构)
初次发证日期:2022 年 07 月 06 日 本次发证日期:2025 年 07 月 04 日 证书有效期至:2028 年 07 月 05 日
The Company has appointed dedicated Management Representatives and Employ-
签发人
Establish a ee Safety Representatives for the Occupational Health and Safety Management Sys-
management tem. These individuals are tasked with establishing, implementing, and enhancing
注:在证书有效期内,获证组织须按规定接受年度监督审核,保持认证资格,通过扫描二维码可获知证书状态。该证书信息还可在国家
认证认可监督管理委员会官方网站(www.cnca.gov.cn)和北京中交远航认证有限公司官方网站(www.bjzjyh.com)上查询。
structure
北京中交远航认证有限公司
the occupational health and safety management system, as well as coordinating and
机构地址:北京市西城区广安门外大街 248 号 1 号楼 12 层 1205 号
Male Female Employees Employees Employees Employees
addressing related issues that arise during system operation.
employees employees aged below 29 aged 30-39 aged 40-49 aged 50-59 Obtained ISO 45001 Occupational
The Company has formulated and constantly refines a comprehensive set of safety Health and Safety Management
management and occupational health-related regulations, including the Fire Safety System Certification
Impact, risk, and opportunity management
Develop
Management System and Fire Control Procedures. Furthermore, a Quality, Environ-
management
mental , and Occupational Health and Safety Management Manual has been com-
policies In 2025
piled to bolster workplace safety protection effectiveness and foster a high-quality,
Koal places paramount importance on human capital risk management, meticulously identifying key areas of potential vulnera- healthy, and secure working environment for all employees.
bility. The Company employs a continuous process of risk identification, assessment, response, and monitoring of human capital Investment in health and safety
risks, guided by its strategic objectives. By integrating insights from employee satisfaction surveys, Koal consistently refines its
human resource management strategies throughout the entire talent lifecycle, encompassing "attraction, development, utilization,
and retention." This comprehensive approach ensures that human capital development risks remain within manageable parame-
The Company has established specific occupational health and safety objectives,
targeting "zero major safety incidents" and "zero major fire incidents." To facilitate
the achievement of these objectives, the Company cascades them across functional
RMB 268,000
ters, enabling high-quality organizational growth through a high-caliber talent pool.
Set annual departments and formulates tailored management and evaluation plans, thereby
Annual safety incidents
objectives ensuring the effective implementation of preventive measures and reinforcing the
foundation of its occupational health and safety management. Regular internal
Analysis of human capital risks Response strategies audits, management reviews, and external audits of the ISO 45001 management sys-
tem are conducted to ensure continued compliance with system standards.
Risks associated with strategic and Enhance human capital risk identification and assessment mechanisms, maintaining
organizational change an up-to-date human capital risk inventory. Work injury rate
Risk of core technical talent attri- Implement a scientifically robust human resource management system, featuring The Company has implemented a robust Hazard Identification, Risk Assessment,
tion
Risk of mismatch between skills
demand-driven strategic talent pool planning. Conduct regular talent and organiza-
tional assessments aligned with the Company's strategic direction and business de-
and Risk Control Planning Procedure to standardize the process of hazard identifi-
cation and evaluation. This procedure clearly delineates operational requirements,
including risk avoidance, risk reduction, and risk acceptance measures, ensuring
and business needs velopment trajectory, effectively mitigating, reducing, or transferring identified risks. comprehensive coverage of safety risk management across all business processes Occupational disease
Risk of insufficient international Prioritize the recruitment of technical talent that aligns with the Company's evolving and enhancing overall risk resilience. During the Reporting Period, the Company incidence rate
needs while conducting targeted, specialized training for existing employees to en- Address completed the preparation of the list of unacceptable risks, analyzed seven risks,
talent pipeline
safety risks
hance skill adaptability. assigned control responsibilities to specific departments, and identified three major
Risk related to performance incen- hazard sources and 23 general hazard sources, all of which were subject to impact
Establish clear and measurable performance standards, foster open communication %
tives and compensation competi- analysis and control measures.
tiveness and feedback channels, and constantly refine performance management tools and
processes. Define and implement a safety risk management process that covers planning and Number of employee
Diversity and inclusion risk organization, hazard identification, risk assessment, identification of major hazards,
Implement regular employee satisfaction surveys to identify potential issues in talent fatalities due to work-re-
Risk of insufficient training and risk control evaluation, and implementation.
lated incidents
management processes and develop targeted improvement initiatives.
development
Compliance and employment risk
In response to potential emergencies in daily operations and life scenarios, we have
formulated the Emergency Preparedness and Response Control Procedure and var-
Indicators and targets
ious emergency plans for safety incidents. These documents cover the full process
Number of working days
Conduct from preparedness and response to drills and post-event review, ensuring 100%
lost due to work-related
emergency implementation and coverage of all employees.
injuries
drills We regularly conduct various types of emergency drills simulating real-life scenarios,
Indicators and targets 2025 achievement status
Human resources cost control ≤ 100% Target achieved
continuously optimizing response measures and enhancing employees' emergency
management capabilities. During the Reporting Period, we conducted two safety
emergency drills.
Employee training coverage rate: 100% Target achieved
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Industry ecosystem development Case The Company Supported the Cybersecurity and Cryptography-themed Carnival
The Company proactively integrates into the industry ecosystem development and, through various means such as enterprise co- In December 2025, Koal, as a supporting unit, participated in the Cybersecurity and Cryptography-themed Carnival of
operation, education and outreach, industry talent cultivation, and participation in industry forums, contributes Koal strength to Xuhui District No. 1 Central Primary School under the theme of "Carrying Forward the Red Gene and Safeguarding Cy-
promoting inter-industry collaboration and sustainable development. bersecurity." The event featured an experience zone, an interactive zone, and themed display boards on "The Past and
Present of Cryptography," showcasing the evolution of cryptographic technology from ancient times to the present day.
Enterprise cooperation Students took part in hands-on activities such as weaving ciphertext with cipher sticks and practicing Morse code, pro-
moting the extension of cybersecurity awareness into families. At the same time, Cai Guanhua, the Company Board Sec-
As a partner in the HarmonyOS ecosystem, Koal has leveraged more than 20 years of accumulated retary, entered the campus to deliver a patriotic-themed school assembly lesson, "The Mysteries of Cryptography," using
cryptographic technology expertise to complete the native HarmonyOS adaptation and deployment easy-to-understand language to popularize basic cryptography knowledge among students and enhance their interest
of multiple products. Our security solutions have been successfully implemented in critical fields such in cryptographic science.
as Huawei's financial systems and the National Bureau of Statistics, providing reliable support for the
smooth migration of important business systems to the HarmonyOS platform. This series of practices
has verified the feasibility of the deep integration of domestic cryptographic technologies with propri-
etary operating systems, demonstrating the core value of the "built-in security" model in safeguarding
the digital transformation of national critical information infrastructure. In the future, Koal will contin-
ue to deepen technical synergies with the HarmonyOS ecosystem, adhere to cryptographic technolo-
gy as the cornerstone, provide independent, controllable, secure, and reliable foundational capability
support for the digital transformation of various industries, and jointly promote the construction and
development of new national digital security infrastructure.
Educational outreach
"Pioneer Award" in the Com-
The Company actively promotes public awareness of cryptography security through both mercial Market Category at
the 2025 HarmonyOS Office
online and offline activities, enhancing public understanding of cryptography security. It has
Industry Summit
also established a professional cryptography technology exhibition hall to demonstrate the
application value and security concepts of cryptographic technologies through interactive
experiences and scenario-based displays.
Case Koal Cryptography Workshop Hosted the "Career Experience Day for Senior High School Year One" Event
In May 2025, the Company's Koal Cryptography Workshop hosted an immersive cryptography career experience journey
for 45 senior high school students from Shanghai Xuhui High School. Through the innovative model of "industry aware-
ness + position experience," the event enabled students to closely engage with the cutting-edge achievements and
extensive applications of cryptographic technology, gain first-hand awareness of the use of cryptographic technology
in real life, and personally experience the technical appeal of emerging professions such as cryptographic technology
application specialists and cryptographic engineering technicians.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Industry talent cultivation
The Company places a strong emphasis on cultivating industry talent through systematic training and evaluations, school-enter- Case Koal Appeared at the First Photosynthesis Organization AI Conference
prise cooperation, and integration of production and education to inject new vitality into the industry. During the Reporting Period,
the Company nurtured a total of 490 information technology innovation talents through comprehensive training and assessments, In December 2025, the first Photosynthesis Organization Artificial Intelligence Innovation Conference (HAIC2025) was held in Kun-
including five internal and 485 external participants. shan. Koal was invited to attend the forum on "Cryptographic Technology and Trusted Computing," where it delivered a keynote
speech on Exploration and Practice of a New-Generation Cryptographic Application System . At the same time, it showcased the
practical achievements of integrating "AI + cryptography" in the "AI + Industry Applications" exhibition area. We also showcased a
Hosting a Visit by First-Year Students from Shanghai University of Engineering Science to the G60 Commercial
Case solution for "assigning digital identities to AI," enabling clear accountability boundaries for AI systems and providing practical techni-
Cryptography Industrial Base
cal support for AI governance. We proposed a deployment model of "built-in services, activated on demand," ensuring standardized
and inclusive baseline security capabilities while supporting dynamic expansion for specific scenarios, thereby building scalable
In October 2025, Koal hosted 70 first-year students from the School of Electronic and Electrical Engineering of Shang- and customizable security infrastructure for AI, cloud computing, and the IoT.
hai University of Engineering Science at the G60 Commercial Cryptography Industrial Base. The visit included tours of
the cryptography workshop and the Shanghai Information Technology Application Innovation Comprehensive Service
Center, showcasing our development history, commercial cryptography solutions, industry ecosystem, and cutting-edge
R&D achievements. A themed lecture on "information technology application innovation and cryptography industry
development" was also held, featuring expert insights and interactive discussions to help students understand industry
trends and career development opportunities, demonstrating our strong commitment to industry talent cultivation.
Case Koal Participated in the Preparation of a Post-Quantum Cryptography Report for the Financial Industry
In December 2025, at the 8th Financial Technology Industry Conference, the China Academy of Information and Com-
munications Technology, together with Koal and several other organizations, officially launched the preparation of the
Research Report on the Application of Frontier Technologies in the Financial Industry - Post-Quantum Cryptography.
Koal drew heavily on "practical experience" and focused on real-world financial scenarios to support the implementa-
tion of compilation work. In 2025, the post-quantum cryptography pilot project jointly carried out by Koal and institu-
tions such as China Galaxy Securities had already demonstrated the feasibility of integrating new cryptographic algo-
rithms in specific business scenarios and identified practical pathways for smooth transition.
Looking ahead, in the face of the far-reaching and widespread impact that quantum computing will have on the security
transformation, Koal will deepen its expertise in cryptographic technology and the application ecosystem. By integrat-
ing cutting-edge cryptographic research with complex, real-world financial information systems, and through continu-
ous technological innovation, extensive ecosystem collaboration, and rigorous pilot testing, we will gradually lay a solid
foundation of trusted security for the future of the financial industry, thereby ensuring the smooth transition of the digi-
tal economy.
Industry exchange
The Company proactively monitors cutting-edge industry developments, policy directions, and market trends; actively participates
in various industry forums and academic exchange events; joins multiple industry associations and alliances; deepens multi-party
cooperation; expands business opportunities; promotes the sharing of resources; and contributes to the high-quality development
of the industry. During the Reporting Period, the Company participated in one industry exchange event and joined one nation-
al-level academic society or industry alliance.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Community engagement Community Activities
The Company proactively integrates into local development and community building. Koal actively carries out diverse public welfare activities on community cybersecurity, regularly entering communities to provide
In 2025
Leveraging our own resources and strengths, we extensively participate in activities such convenient services such as science popularization lectures and Q&A on personal information security protection, and effectively
as rural revitalization, the Belt and Road Initiative, and community welfare, providing sup- Total expenditure on delivers professional cybersecurity knowledge to community residents.
port for the public to participate in socioeconomic, political, and cultural activities. public welfare and external
donations
Rural Revitalization
Case Weaving a Dense Grassroots Security Net to Protect the "Last Mile" of Cybersecurity
RMB
Koal actively integrates into the rural revitalization development strategy, and has
continuously participated in the east-west support collaboration between Chong- In September 2025, Wei Jie, Koal's Deputy General Manager, was invited to attend the National Cybersecurity Awareness
ming District, Shanghai and Lincang City, Yunnan Province, and participated in des- Week and the series of activities themed "Cybersecurity and Red Culture Together", where he participated in the one-to-
ignated industrial collaboration projects. In 2025, the Company received the honor one pairing and signing ceremony between member units of the Jing'an District Cybersecurity Technology Support Alli-
"Crossing Mountains and Seas, with Bonds Stronger than Gold" for its contributions ance and subdistricts and towns within the district. Through the pairing and co-building mechanism, the Company will
to east-west collaboration efforts. fully leverage its technical expertise and service capabilities in the field of cybersecurity, work in coordination with the cor-
Belt and Road
responding subdistricts and towns to enhance their cybersecurity protection capabilities, respond promptly to the practi-
cal needs of enterprises and public institutions within the jurisdiction in terms of cyber and data security and compliance,
and actively organize cybersecurity publicity and awareness education for community residents.
Koal actively responded to the national Belt and Road Initiative. Starting with the Algeria project,
through an integrated output model of "technology + standards + services", we provided a Chi-
nese solution for security cooperation under the "Digital Silk Road", continuously strengthening
the security foundation for digital infrastructure development in countries along the route and Dedication Honor for East-West
supporting the high-quality development of the global digital trust system. Cooperation
Case Koal Showcased China's First Large-Scale Overseas Cryptography Technology Project at the 2025 CSITF
In June 2025, at the third Commercial Cryptography Exhibition of the 11th China (Shanghai) International Technology
Fair (CSITF), Koal comprehensively showcased key breakthroughs in the large-scale overseas deployment of domestic
cryptographic technology, centered on the core case of the Digital Trust Services System Construction Project in Algeria:
the first overseas implementation of PQC Algorithms in a PKI digital trust system, and the first large-scale application of
the entire domestic software and hardware chain in overseas critical infrastructure. This project is a landmark achieve-
ment of the Company in responding to the national Digital Silk Road initiative and serving the Belt and Road Initiative.
Its successful implementation marks the leap of China's cryptographic technology from "following" to "leading." In the
future, Koal will continue to deepen cooperation with countries along the Belt and Road, promote the large-scale appli-
cation of domestic cryptographic technology in international markets, and inject Chinese momentum into the building
of a secure and open global digital ecosystem.
Charitable Education Support
Koal has developed non-profit research and study bases for schools, focusing on key themes such as "digital economy," "cryptog-
raphy," and "information technology innovation." These centers provide teachers and students with opportunities to gain insights
into the development and trends of the information technology innovation industry, as well as the role of cryptographic technol-
ogy as security foundations through interactive learning experiences. The Company offers complimentary access to its facilities,
including server rooms, IT innovation adaptation and verification practice areas, and cryptography factories. This allows visiting
schools to witness firsthand the increasing capabilities of domestically produced, independent, and controllable server systems.
Green operations
low-carbon future
Environmental management system
Climate change mitigation
Green products and solutions
Green operations
Contributing to the UN 2030 SDGs
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Environmental management system Environmental Management Process
In line with its operational realities, Koal has implemented a comprehensive environmental
management framework based on the ISO 14001 Environmental Management System, en- 荣誉奖项 Define envi- Establish quantifiable
suring compliance with relevant domestic and international laws, regulations, and standards,
including the Environmental Protection Law of the People's Republic of China and the Energy
ronmental
management
objectives
environmental man-
agement targets:
Achieve 100 %classified disposal of solid waste
Conservation Law of the People's Republic of China . The Company has developed a suite of
policy documents, such as the Environmental Management Manual and Environmental Moni- Obtained the ISO 14001
toring and Measurement Procedures . Koal regularly conducts environmental risk assessments, Environmental Manage-
organizes company-wide environmental protection training, and implements awareness-raising ment System Certification
initiatives, aiming to progressively mitigate the environmental impact of its operations. During Develop en- Based on the environmental management targets, each operating location creates annual
the Reporting Period, the Company reported no environmental pollution incidents, received no vironmental
environmental management work plans that comply with relevant national and regional
environmental administrative penalties, and experienced no major environmental accidents. management
plans regulations and align with their specific circumstances.
Koal has established a robust environmental management structure and process. The General Manager assumes overall leadership
responsibility for environmental management, coordinating related activities across business operations. The Management Repre-
sentative and all departments within the Company, grounded in their practical work and fulfilling their respective responsibilities,
implement measures such as monitoring environmental indicators and managing targets to comprehensively promote the Com- Internal audit
pany's green and compliant production. The Company conducts annual internal reviews of its environmental management system,
Implement following the Management Review Control Procedure and Internal Audit Procedure. Correc-
environmen-
tal manage- tive actions are proposed and monitored based on review findings.
ment audits
External audit
The Company undergoes annual third-party environmental audits from external stakeholders.
Functional departments General Manager
Identify and assess environmen- Establish environmental policies Conduct The Company carries out regular on-site inspections and supervision to identify and ad-
tal factors and potential hazards and objectives aligned with the routine en-
dress gaps in environmental management practices, ensuring the effective operation of the
within their department; Company's strategic direction; vironmental
monitoring environmental management system.
Develop departmental environ- Integrate environmental man-
mental objectives and monitor agement system requirements
their achievement status. into business operations and
secure necessary resources;
The Company has developed and regularly updates the Emergency Preparedness and Re-
Enhance
Ensure company-wide under- environmen- sponse Management Procedure . Annual environmental emergency drills are conducted to
Management representative
standing and implementation of tal emergency prepare for potential incidents and mitigate environmental impacts. During the Reporting
environmental policies, promot- management
Period, the Company executed one environmental emergency response drill.
Oversee the establishment, implementa-
ing process-based approaches
tion, and maintenance of environmental
and risk-based thinking.
management system processes;
Report to the General Manager on the en-
Foster a
vironmental management system's perfor-
robust envi- The Company actively fosters an environmental culture, conducts regular environmental
mance and internal audit results, including ronmental protection training, and continuously enhances employees' environmental awareness.
improvement recommendations. culture
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Climate change mitigation
In response to global climate change, Koal actively supports the national "dual carbon" goals. The Company adheres to the frame-
Strategy and management approach
work recommendations outlined in the Guidelines No. 14 of Shanghai Stock Exchange for Self-Regulation of Listed Companies—
Sustainability Report (Trial) , proactively identifying various risks that climate change poses to its business operations. By integrat-
The Company has conducted a comprehensive analysis and assessment of climate change risks (including physical risks and tran-
ing four key dimensions - climate change-related governance, strategy, impact, risk and opportunity management, and indicators
sition risks) and opportunities facing its business operations.
and targets - Koal actively develops response measures. These efforts aim to enhance the Company's resilience in the face of cli-
mate change scenarios and constantly improve its ability to address climate risks.
Risk/
Risk/Opportunity Impact Potential
Governance
Category Opportuni- Mitigation measures
description period financial impact
ty type
The Company has seamlessly integrated climate change-related functions into its ESG governance structure, clearly delineating man-
agement responsibilities across various levels. This facilitates comprehensive discussions on climate change-related issues, enables
the identification of climate risks and opportunities, and supports the development of targeted measures to address climate change.
Implement timely forecasting and
Severe climate events such as warning systems for extreme weath-
typhoons and floods may lead er events. Develop comprehensive
The Board of Directors and ESG Committee to extreme weather or natural emergency response plans for extreme
disasters, potentially affecting weather scenarios. Stockpile emer-
Assume a leadership role in the management and decision-making of climate change issues
Management Koal's infrastructure, servers, Revenue decline, gency supplies and conduct regular
Acute
body and other equipment across Short-term cost increase, emergency drills to enhance response
Supervise climate change management decision-making physical
various operational sites. This Medium-term liability rise, and capabilities.
risks
Review strategic planning for climate action, targets and implementation progress, as well as the could result in a series of di- asset impairment
results and management of climate risk and opportunity assessments rect or indirect economic loss- Prioritize climate-resilient areas under
es, including asset damage, comparable circumstances when
increased repair costs, and selecting new operational sites, thor-
higher insurance premiums. oughly considering local historical data
ESG Executive Committee
on natural disasters.
Function as the executive body of the ESG Committee, coordinating the comprehensive Physical
implementation of climate change issue management
risks
Guide the design and execution of strategies, objectives, and initiatives related to climate change issues
Assess and manage climate change-related risks and opportunities
Climate change -induced
Regularly collate and summarize the progress and effectiveness of climate change-related work,
Execution rise in average temperatures
providing comprehensive reports to the ESG Committee
body increases the need for ven- Continuously optimize energy use
tilation and cooling in office efficiency, strengthen the monitoring
Chronic spaces. This could negatively of energy use, improve the precision
Functional departments Medium-term, Revenue decline
physical impact the normal operation management of energy consumption
long-term and cost increase
risks and lifespan of the Company's statistics and monitoring, and encour-
Manage and supervise the implementation of specific climate-related work
servers and other hardware, age employees to practice green office
while also leading to in- operations.
Spearhead the implementation of climate-related actions across various business units, support-
creased energy consumption
ing company-wide climate strategy implementation
and operational costs.
Execute energy use optimization and carbon reduction plans at the operational level
a
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Risk/
Risk/Opportunity Impact Potential Impact, risk, and opportunity management
Category Opportunity Mitigation measures
description period financial impact
type
To address potential risks and capitalize on opportunities brought about by climate change, Koal has established a robust process
As progress is made towards "dual for managing climate risks and opportunities. Through a combination of internal research, climate scenario analysis, industry stud-
Closely monitor changes in interna-
carbon" goals, stricter domestic and ies, and external recommendations, the Company systematically identifies, analyzes, evaluates, and manages significant climate
tional and domestic environmental
international policies and regulations change risks and opportunities. Based on comprehensive risk identification results, a climate risk-opportunity matrix and targeted
Policy and and carbon-related laws, regu-
are being introduced to mitigate cli- Short-term, Revenue decline mitigation measures are developed, promoting the integration of climate risk management into the company-wide multi-depart-
regulatory lations, and policies. Strengthen
mate change. The gradual advance- medium-term and cost increase mental risk management process to actively address climate change challenges.
Risks compliance management strategies
ment of carbon emissions trading
in alignment with the Company's
mechanisms exposes the Company
specific circumstances. Climate Risk and Opportunity Identification, Analysis, Evaluation, and Management Process
to heightened compliance risks.
Influenced by climate change and
Climate risk-opportunity research Identify risk-opportunity inventory
global energy transition, prices for
energy (electricity, steam), water, and Forge strategic partnerships with Conduct preliminary identification of climate risk and op- Identify climate risks and oppor-
hardware facilities are likely to in- high-quality collaborators to bolster portunity types, including physical risks, transition risks, and tunities within the industry and
crease, leading to higher operational climate opportunities, based on disclosure recommenda- along the value chain, forming a
Revenue decline, supply chain resilience and risk re-
costs. sponse capabilities. tions from authoritative sources such as the Guide No. 4 for comprehensive risk inventory.
Medium-term, cost increase,
Market risks Self-Regulatory Supervision on Listed Companies of the SSE
As demand for climate-friendly prod- long-term liability rise, and Intensify research and application Screen risks and opportunities
Tran- — Compilation of Sustainable Development Reports (January
ucts and services increases, the Com- asset impairment efforts in green products and solu- relevant to Koal based on internal
sition 2026 Revision) and the IFRS S2 Climate-related Disclosures.
pany may face operational risks such tions to stay ahead of changing mar- and external expert recommenda-
risks
as lower product prices, rising raw ket trends. tions, databases, and other credi-
material prices, and products failing ble sources.
to meet market demand.
Conduct rigorous feasibility studies Climate risk and opportunity management Climate risk-opportunity
Investment in research and applica- on the R&D and application of green materiality analysis and assessment
tion of new green products and tech- products and solutions. Actively Perform in-depth materiality analysis and financial impact
Technology Short-term, Revenue decline assessment of climate risks and opportunities, developing key Conduct a thorough assess-
nologies may lead to decreased prod- engage in industry collaborations
risks medium-term and cost increase response strategies. ment of the impact period
uct demand and revenue if customers and work closely with value chain
do not accept these innovations. partners to promote low-carbon and materiality level of cli-
The ESG Executive Committee, functional departments,
technology R&D and application. mate risks and opportunities,
branches, and controlled subsidiaries implement targeted risk
leveraging internal research,
management and response initiatives, developing compre-
Increasingly stringent environmental climate scenario analysis,
Monitor market regulatory and dis- hensive risk treatment plans. The ESG Committee regularly
performance disclosure requirements industry studies, and external
Reputational Short-term, closure requirements across various monitors and tracks implementation progress to ensure effec-
increase compliance costs associated Cost increase recommendations.
risks medium-term regions and implement comprehen- tiveness.
with maintaining or enhancing corpo-
sive compliance measures.
rate reputation.
By developing and innovating cli-
mate-friendly products and tech-
Capitalize on opportunities for
Indicators and targets
green transformation and upgrade.
nologies and providing services to
Develop targeted products and
Products customers with green needs such as Short-term, Indicators Unit 2025
Revenue growth technologies that not only meet
and services environmental protection and energy medium-term
basic customer needs but also in- Direct GHG emissions (Scope 1) Tons of CO2 equivalent (tCO2e) 17.37
Climate conservation, we can help open up
corporate environmentally friendly Greenhouse
oppor- new growth opportunities for the Indirect GHG Emissions (Scope 2) Tons of CO2 equivalent (tCO2e) 776.22
technologies. gas emis-
tunities Company.
sions Total GHG emissions (Scope 1 and Scope 2) 1
Tons of CO2 equivalent (tCO2e) 793.59
Achieve dual benefits of cost savings
Integrate energy-saving technolo- GHG emission intensity tCO2e/person 1.36
and environmental protection by
Resource Short-term, Revenue growth gies and equipment across all oper-
adopting energy-efficient technolo- Note1:GHG emissions reported here refer exclusively to carbon dioxide emissions and do not encompass other greenhouse gas types such as methane
efficiency medium-term and cost increase ational facets, driving down energy
gies and equipment to reduce energy and nitrous oxide emitted from other sources.. Scope 2 GHG emissions represent emissions caused by purchased electricity and heat. The electricity
costs. emission factor is derived from the Announcement on the Release of Carbon Dioxide Emission Factors for Electricity in 2023 (Announcement No. 47 of
consumption in operations.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Green products and solutions
Green Innovation in Hardware Integration
In new product development, the Company takes low-carbon and environmental protection as an important value orientation,
drives innovation with green technology concepts, and supports sustainable development with lightweight, low-energy-consump-
tion digital products, demonstrating the ecological responsibility and long-term development pursuit of a technology enterprise. Hardware life cycle management Hardware selection
Software R&D Reduces the Digital Carbon Footprint Modular design: For indus- Energy efficiency first principle: Select encryption cards with better
trial computers, adopt a plug- power efficiency ratios (performance/watt) and hardware security
gable encryption card design, modules (HSMs) that support energy-saving modes (such as sleep and
power gating).
facilitating partial upgrades
Algorithm level: Through technologies such as algorithm optimization and CPU encryption modules,
rather than replacement of Thermal design optimization: During the integration stage of indus-
we improve the processing efficiency per unit of computing power, reducing energy consumption by
the entire machine and re- trial control computers, reduce fan power consumption and extend
more than 15% under the same encryption and decryption performance. hardware service life through optimized heat dissipation structures.
ducing electronic waste.
Algorithm and Lightweight design: We streamline code libraries and dependent components, reduce runtime mem- Firmware upgrades: Con- Low-power Hardware Selection: Prioritize products supporting dy-
code-level ory and storage usage, and indirectly lower the energy consumption of servers/terminal devices. namic power adjustment technologies, which automatically switch to
tinuously optimize hardware
optimization sleep mode when idle to reduce standby energy consumption; prior-
Intelligent resource scheduling: We introduce a dynamic voltage and frequency scaling (DVFS) strat- energy efficiency to avoid
itize CPU-integrated encryption modules to replace external modules,
frequent equipment replace-
egy into industrial all-in-one machine software, adjusting CPU performance states in real time based reducing energy loss caused by hardware redundancy.
ment solely for energy effi-
on computing load, thereby reducing the energy consumption of industrial computers by 20%-30% Eco-friendly materials and regulatory compliance: Work with in-
ciency improvements.
during idle periods and balancing security performance with low-carbon needs. dustrial control computer suppliers to select recyclable, low-volatile
organic compound (VOC) environmentally friendly materials; give pri-
ority to enclosures made of recycled aluminum alloy or biodegradable
plastics; ensure core components comply with environmental stand-
Cloud-side and ards such as RoHS and REACH; and eliminate components containing
Cloud-native architecture support: The product supports containerized deployment and elastic hazardous substances such as lead and mercury.
deployment
scaling, helping customers achieve on-demand allocation of computing resources on cloud platforms
energy Fanless cooling design compatibility: On the basis of optimizing heat
and reduce idle energy consumption in data centers. dissipation for both software and hardware, support some industrial
efficiency
control computers in adopting passive cooling solutions to replace tra-
ditional fan cooling and reduce energy consumption.
Carbon Emission Reduction Across the Product Lifecycle
Require hardware suppliers to provide proof of environmental materials
Procurement
stage
(such as RoHS certification) and carbon footprint data, and give priority
to partners certified as green factories.
Establish a green development system, promote paperless design re-
views, virtualized testing environments (reducing demand for physical
R&D stage equipment), and remote collaboration, and reduce carbon emissions by
lowering the frequency of business travel.
Integrate a power consumption monitoring module into the management
interface to help users view the energy efficiency of encryption devices in real
Use stage time and optimize the distribution of business workloads.
Industrial computer products come with energy-saving settings such as au-
tomatic sleep mode and hard drive speed reduction enabled by default.
Provide hardware recycling guidance, and cooperate with compliant dis-
Decommission-
ing stage posal agencies to ensure the security of encrypted data, as well as carry
out destruction and material recycling.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Green operations Indicators Unit 2025
Gasoline tons 5.82
Koal actively promotes green and low-carbon operational practices, incorporating climate change considerations into its busi-
ness control processes. The Company consistently improves its environmental performance in areas such as energy usage, water
resource management, and waste disposal. By implementing energy-saving measures, ensuring proper waste management, and
Purchased electricity 10,000 kWh 146.29
fostering a green culture, Koal creates an environmentally friendly office environment, thereby reducing the environmental impact
Energy
of its operations. Consumption
Total energy consumption1 tce 188.35
Energy management
The Company's primary energy consumption stems from official vehicle gasoline use and purchased electricity. We have estab-
Energy consumption intensity tce/person 0.32
lished energy management policies, including the Electricity Saving Management Measures and Notice on Standardizing the Man-
agement of Office Electricity Use . Through various initiatives, we strive to reduce greenhouse gas emissions and actively address
Note1: Total energy consumption is calculated in tons of standard coal equivalent (tce), in accordance with the General Rules for Calculation of the Compre-
climate change.
hensive Energy Consumption (GB/T 2589-2020) issued by the State Administration for Market Regulation and the Standardization Administration of China.
Water resource management
Lighting electricity Office electricity
management management The Company's primary water consumption is attributed to daily office use, with the municipal water supply serving as the main
We maximize the use of natural Employees are required to turn off source. We have designed and implemented efficient water resource management measures for our business activities, establish-
light, turning off unnecessar y computers, printers, and copiers ing plans to reduce water consumption. By adopting appropriate measures to achieve water management goals, we constantly
lighting fixtures when daylight is when not in use; computers are set
improve our water usage performance.
sufficient. Natural light is prior- to sleep mode after more than 10
itized in window-adjacent office minutes of inactivity; double-sided
areas. The number of lighting printing and copying are encour-
fixtures is adjusted according to aged; the use of high-power un-
area-specific functional require- authorized electrical appliances is Water equipment management Drinking water equipment maintenance
ments, with reasonable control strictly prohibited; idle servers must We have installed faucets with temperature-controlled We carry out regular maintenance and inspections
of lighting brightness. Lighting be shut down in a timely manner,
automatic shut-off functions in public restrooms to of water dispensers to ensure normal operation of
in corridors, meeting rooms, re- with scientifically planned opera-
strooms, and other public areas is tion schedules and regular inspec- prevent water waste caused by prolonged water flow. heating/cooling functions, preventing equipment
turned off when unoccupied, and tions. Regular inspections of water facilities are conducted, malfunctions that could lead to water waste.
lighting schedules are set based and leaks are promptly repaired to ensure effective
on actual usage patterns to avoid utilization of water resources.
waste.
Energy-saving training Air conditioning
and publicity temperature control
Office drinking water management Water conservation promotion
New employees receive training Air conditioning is set to 26 ° C in
We dynamically adjust the supply of bottled water We conduct employee awareness campaigns,
on electricity usage standards; summer (activated only when in-
through policy communication door temperature exceeds 28 ° C) based on seasonal variations, reasonably increasing encouraging the use of personal water bottles to
and case-based training, we en- and 20 ° C in winter (activated only supply during high-consumption summer months and reduce disposable paper cup consumption. This
hance employees' energy-saving when indoor temperature falls reducing allocation during low-consumption winter approach also mitigates water waste from bottled
awareness and promote green and below 10° C); cooling capacity is ad- months. The provision of individual bottled water in water dispensers due to casual usage (e.g., over-dis-
low-carbon office practices; ener- justed based on server heat output
daily office scenarios has been discontinued, with pensing and discarding unconsumed water).
gy-saving messages are displayed and room temperature to ensure
on large screens in prominent lo- compliance while reducing energy employees encouraged to use centralized water dis-
cations to reinforce awareness in consumption. pensers instead. We recycle unfinished bottled water
daily work. for plant irrigation.
Inspections and accountability Indicators Unit 2025
implementation
Water resource Total water consumption tons 21,648.54
The Company designates dedicated personnel to be responsible for electricity use inspections in public areas. These
persons conduct inspections three times a day—morning, noon, and evening—and keep detailed records of the time, consumption Water consumption intensity ton/person 37.01
location, and person responsible for any violations.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Excellence in governance Innovation leads the way People-oriented Green operations
efficient operations digital technology as our shield collaborative and win-win outcomes low-carbon future
Waste management Indicators Unit 2025
The Company primarily generates waste in the form of office paper, courier boxes, ink cartridges, toner cartridges, waste fluores- Paper tons 1.48
cent tubes, and discarded electronic equipment. We actively encourage waste reduction, recycling, and reuse, aiming to minimize
waste generation where feasible and mitigate the environmental impact of waste disposal. Waste toner and ink
Non-hazardous - 122
cartridges
waste discharge
Equipment recycling Packaging material recycling Green procurement
Non-hazardous waste
We repurpose refurbished equip- Recyclable materials generated dur- We prioritize the purchase of envi- kg/person 2.53
discharge intensity
ment within the Company and ex- ing operations, such as courier car- ronmentally friendly, biodegrada-
plore external reuse channels, such tons and document packaging box- ble, or recyclable materials, reduc-
as collaborating with small enter- es, were collected, organized, and ing environmental pollution and Waste fluorescent lamps - 72
prises to sell idle but still functional stored by category in a centralized resource waste.
computers at discounted prices. manner, reducing the total amount Number of scrapped
kg 111
of waste transported off-site. microcomputers (hosts)
Volume of monitors
kg 30
scrapped
Equipment downgrading Paperless office Non-hazardous
Waste discharge Volume of laptops
For electronic equipment such as servers, hosts, hard We extensively utilize ERP systems, encouraging employees kg 8
scrapped
drives, and computers, we have established an internal to store, share, and approve documents electronically. For
equipment allocation platform to reassign devices suita- instance, through the Company's internal cloud storage sys-
ble for downgraded use between different departments Volume of printers
tem, employees can conveniently store and retrieve various kg 45
or projects within the Company. Hard drives with remain- scrapped
documents, replacing traditional paper file cabinets.
ing storage capacity and read/write speeds suitable for
non-critical operations are removed from high-perfor- Volume of servers
mance hosts and installed in office computers with lower kg 64
scrapped
storage requirements for secondary utilization.
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Key performance table
Key performance table Indicator Unit 2023 2024 2025
Employment
Governance and Economic Performance
Total number of employees persons 821 679 585
Number of employees hired during the Reporting Period persons 123 75 43
Number of employees by Male persons 657 537 463
Indicator Unit 2023 2024 2025
gender Female persons 164 142 122
Operating revenue RMB 100 million 5.61 5.29 3.58
Senior management persons 6 7 6
Net profit attributable to shareholders of the listed
RMB 100 million 0.37 0.37 -0.85 Number of employees by
company Middle management persons 116 82 41
position level
Total assets RMB 100 million 16.61 16.70 15.59 Entry-level employees persons 699 590 538
Total taxes paid RMB 10,000 2,968.28 4,193.18 4,019.27 29 and below persons 321 210 175
Basic earnings per share RMB/share 0.16 0.16 -0.36 Aged 30 to 39 persons 322 293 244
Number of employees
Total number of Board members persons 9 9 9 Aged 40 to 49 persons 158 153 135
by age
Proportion of independent directors % 33.33% 33.33% 33.33% Aged 50 to 59 persons 15 20 27
Major corruption and bribery incidentscidents cases 0 0 0 Aged 60 and above persons 5 3 4
Number of employees Chinese employees persons 821 679 585
by geographical region Overseas employees persons 0 0 0
Social Performance
Employees with associ-
persons 246 170 168
ate degree and below
Employees with bache-
Indicator Unit 2023 2024 2025 persons 516 455 367
lor's degree
Number of employees by
R&D Innovation Employees with a
educational background
master's degree /MBA persons 56 51 47
R&D investment RMB 10,000 9,859.99 9,788.89 9,560.15
degree
R&D investment as a percentage of operating revenue % 17.57% 18.49% 26.74%
Employees with doctoral
persons 3 3 3
Number of newly granted patents items 9 13 4 degree or above
Cumulative number of granted patents items 67 84 88 Regular employees persons 791 663 582
Number of newly registered software copyrights items / 15 22 By Employment Type Temporary workers/
persons 30 16 3
labor dispatch/interns
Cumulative number of registered software copyrights items / 197 219
Employee turnover rate % 28% 23.95% 19.89%
Products and Services
Employee turnover rate Male % 80% 19.75% 20.26%
Incoming material inspection pass rate % / 100% 100%
by gender Female % 20% 4.20% 19.80%
Software retesting confirmation rate % / 100% 100%
Aged 29 and below % 51% 10.22% 24.89%
Customer service satisfaction rate % 99.1% 98.2% 98.6%
Aged 30 to 39 % 33% 7.95% 17.74%
Supply Chain Management Employee turnover rate
Aged 40 to 49 % 13% 5.33% 19.88%
by age
Total number of suppliers companies 68 64 83 Aged 50 to 59 % 3% 0.34% 8.82%
Number of domestic suppliers companies 68 64 83 Aged 60 and above % 0 0.11% 0
Number of overseas suppliers companies 0 0 0 Diversity and Equal Opportunities
Information Security and Privacy Protection Proportion of female employees % 20% 21% 21%
Number of major service/information security incidents times / 0 0 Proportion of ethnic minority employees % 3% 3% 2%
Annual training coverage rate for information security/ Proportion of employees with disabilities % 1% 2% 2%
% 100% 100% 100%
information technology services Proportion of female employees in middle management % / 17.74% 14.6%
Number of data breach incidents times 0 0 0 Proportion of female senior management employees % / 8.3% 16.67%
Koal Software Co., Ltd. 2025 Environmental, Social and Governance (ESG) Report Indicator index table
Indicator index table
Indicator Unit 2023 2024 2025
Employee Training
Total investment in employee training RMB 10,000 162.02 53.7 18.9 Koal has reported the information referenced in this index for the period from January 1, 2025 to December 31, 2025, in accordance
Total attendance of training throughout the year / 9,918 7,237 8,809 with the Guidelines No. 14 of Shanghai Stock Exchange for Self-Regulation of Listed Companies—Sustainability Report (Trial) and
with reference to the GRI Standards
Total employee training hours hours 19,668.63 9,556.13 12,079.98
Index to the Shanghai Stock Exchange Sustaina- GRI Standards 2021
Average annual training hours per employee hours 23.67 14.26 20.65 Reporting framework
bility Reporting Guidelines (Reference)
Employee training coverage rate % 99% 100% 100% Message from the Chairman / 2-22
Health and Safety About This Report / 2-2,2-3
About Koal / 2-1,2-6
Investment in health and safety RMB 10,000 36.66 22.5 26.8
Sustainable Development Article 12, Article 13, Article 14, Article 15, Article 17, 2-9,2-13,2-14,2-16,2-29,3-1,
Annual production safety incidents case(s) 2 0 0
Management Article 18, Article 51, Article 52, Article 53 3-2,3-3
Work injury rate % 0.2% 0 0 Special Topic:Forging the "Koal
Article 20, Article 28, Article 37 302-5
Shield" for the Digital Age
Occupational disease incidence rate % 0 0 0
Excellence in Governance, Efficient Operations
Number of employee fatalities due to work-related
persons 0 0 0 Corporate governance Article 51, Article 53 2-10,2-12,2-27,2-15,3-3
incidents
Risk and compliance management Article 19, Article 54 2-27,207-2,207-3
Number of working days lost due to work-related
/ 180 0 0
injuries Business ethics Article 11, Article 19, Article 54, Article 55, Article 56 2-27,3-3,205-2,206-1
Party Leadership / /
Community Engagement and Public Welfare
Innovation Leads the Way, Digital Technology as Our Shield
Total investment in public welfare and external
RMB 10,000 / 20 20 Product technology innovation Article 11, Article 19, Article 41, Article 42 203-1,3-3,416-1
donations
Product quality and safety Article 11, Article 19, Article 44, Article 47 2-25,2-27,3-3
Environmental Performance
Customer relationship management Article 11, Article 19, Article 44, Article 47
Information security and privacy 203-2,3-3,416-1,417-1,
Article 11, Article 19, Article 44, Article 47, Article 48
Indicator Unit 2023 2024 2025 protection 417-2,417-3,418-1
Gasoline tons / / 5.82 Sustainable supply chain Article 44, Article 45, Article 46 204-1,308-1,414-1,414-2
People-oriented, Collaborative and Win-win Outcomes
Purchased electricity 10,000 kWh / 205.78 146.29
Total energy consumption tce / 252.91 188.35 Employee rights and benefits Article 49, Article 50
Energy consumption intensity tce/person / 0.37 0.32 Human capital development Article 11, Article 19, Article 50 3-3,401-2,404-1,404-2,404-3
Direct GHG emissions (Scope 1) tons of CO2 equivalent (tCO2e) / 0 17.37 Occupational health and safety Article 50
Indirect GHG emissions (Scope 2) tons of CO2 equivalent (tCO2e) / 1,104.22 766.22 Industry ecosystem development / /
Total greenhouse gas emissions Community engagement Article 38, Article 39, Article 40 203-1,203-2
tons of CO2 equivalent (tCO2e) / 1,104.22 793.59
(Scope 1 and Scope 2) Green Operations, Low-Carbon Future
Environmental management system Article 29, Article 33 2-27
GHG emission intensity tCO2e/person / 1.63 1.36
Article 11, Article 19, Article 20, Article 21, Article 22, 201-2,3-3,302-5,305-1,
Climate change mitigation
Total water consumption tons / 26,730.01 21,648.54 Article 23, Article 24, Article 25, Article 26, Article 27 305-2,305-4
Water consumption intensity ton/person / 39.37 37.01 Green products and solutions Article 34, Article 35, Article 37 302-4,302-5
Non-hazardous waste discharge intensity kg/person / 1.69 2.53 Green operations Article 34, Article 35, Article 36
Koal Software Co., Ltd.
Address: Building A2, G60 Commercial Cryptography Industrial Base, No. 1-7, Lane
Tel: +86 021-62327010
Fax: +86 021-62327015
首页
微信公众号
证券之星APP
