The Company maintains a "Zero Tolerance" attitude towards fraudulent behavior. We strictly abide by laws and regulations such as the Anti-Unfair Competition Law of the People's Republic of China. The Company is committed not to engaging in fraudulent behavior or intentionally assisting third parties in committing fraud.

The Company has clearly defined the definition, identification criteria and handling process of various types of fraudulent behavior. The Company defines fraud as deceptive or deliberately misleading conduct for the purpose of obtaining improper or illegal financial or personal benefits (e.g., destroying, manipulating, altering, or falsifying company records, manipulating financial or accounting records, intentionally creating "fake" contracts that do not reflect the true nature of the contractual relationship, backdated contracts, misrepresenting the contract signing dates, intentionally creating or paying false claims or reimbursements, falsifying or duplicating expense reimbursements, intentionally misrepresenting, concealing or failing to disclose material facts involving decision or transaction, etc.). We rely on the Company's comprehensive risk management system to conduct regular risk assessments, including identifying fraud risks in key areas and positions, and developing targeted prevention and control measures.

We provide necessary anti-fraud training to our employees to enhance their anti-fraud awareness. At the same time, we set up reporting channels to encourage employees, customers, the public and other stakeholders to report suspected fraudulent behavior, and establish a whistleblower protection system to keep whistleblower information strictly confidential. We will seriously deal with the fraudulent behavior that is verified, and if it is suspected of violating law and regulations, it will be handed over to the judicial authorities for handling in accordance with the law. We also extend the anti-fraud requirements to suppliers, upstream supply chain beyond Tier 1 suppliers, contractors and other partners to jointly create an integrity and compliance industry ecosystem.

The Company attaches importance to protecting the rights of shareholders, and the Memorandum of Association allows shareholders to exercise the following rights:

* Decide on the Company's business policies and investment plans;

* Appoint and replace the Executive Directors / Non-Executive Directors who act as the representatives of shareholders, and decide the remuneration matters of the Executive Directors;

* Deliberate and approve the reports of the Executive Directors;

* Receive dividends and other forms of profit distribution according to the shares held;

* Request, convene, preside over, attend or appoint the shareholder proxy to attend the shareholders' meeting in accordance with the law, and exercise the corresponding voting rights;

* Supervise the Company's operation, and put forward suggestions or inquires;

* Transfer, grant or pledge the shares held in accordance with the provisions of laws, administrative regulations and the Memorandum of Association;

* Access the Company's legal records such as the Memorandum of Association, register of shareholders, register of directors and register of mortgage and pledge, the minutes of shareholders' meeting, written resolution of the shareholders' meeting, and audit report of the Company, and investigate and understand any matters that have significant impacts on the Company's operation;

* Participate in the distribution of the Company's residual property based on the shares held when the Company is terminated or liquidated;

* Make resolutions on the merger, demerger, dissolution, liquidation or change of corporate form of any subsidiary of the Group;

* Amend the Company's Memorandum of Association; and

* Other rights stipulated by laws, administrative regulations, departmental rules or the Memorandum of Association.

The Company strictly complies with the laws and regulations such as the Company Law of the People's Republic of China, continuously optimizes corporate governance, and effectively protects shareholders' rights. We fulfill our information disclosure obligations in a timely, accurate and complete manner to ensure that all shareholders have equal access to company information. We actively respond to investor concerns and maintain positive interaction with investors through various channels. We support and encourage all shareholders to actively exercise their right to vote, right to inquire, etc., and we carefully study and actively implement the reasonable suggestions put forward by minority shareholders. At the same time, we attach great importance to investor returns, develop a reasonable profit distribution policy based on the Company's operating performance, stage of development, etc., and are committed to creating sustainable value for our shareholders while striving to improve the Company's performance.

The Company believes that the establishment of a standardized and organized delegating authority is an important guarantee for enhancing the efficiency of corporate governance. We have established an delegating authority management system covering various aspects of the Company's operations, clearly defining the boundaries of responsibilities among the shareholders' meeting, the Board of Directors, and the management, so as to ensure that each of them performs its respective duties with organic synergies and effective checks and balances. In accordance with the ongoing marketization of the Company, we have gradually improved the corporate governance system, clarifying the scope of authority, decision-making matters, rules of procedure, supervision mechanism, etc., of each governance body, so as to ensure that each governance body performs its duties in compliance with laws and regulations.

For major decision-making matters, such as external investment, asset disposal, related party transactions, etc., we strictly follow internal procedures to prevent decision-making risks. At the same time, we continuously optimize business processes, strive to promote flat management, reduce redundant approval processes, and improve operational management efficiency while ensuring compliant and effective authorization. We also regularly assess the effectiveness of the delegating authority implementation and dynamically optimize and adjust according to changes in the internal and external environments, so as to ensure the effectiveness and adaptability of the delegating mechanism.

With respect to the delegation of authority by the Board of Directors on ESG matters, the Company's Board of Directors identifies ESG risks, formulates ESG-related objectives, policies and programs, and conducts ESG performance evaluation through delegating authorities to the Board's Remuneration and Performance Management Committee and the management's ESG Committee, Health, Safety and Environment (HSE) Management Committee, Information Technology Leadership (ITL) Group, and Ethics and Discipline Committee. At the same time, the Board of Directors has authorized the ESG Working Group, DE&I Working Group, other dedicated person or designated directors of each function to coordinate ESG-related work and guide the implementation of ESG work in each implementation unit of the Company. In addition, the Board of Directors has also authorized the Internal Audit Department to act as the leading department for the Company's ESG risk identification, assessment and management, as well as the supervision, evaluation and internal audit function of the Company's ESG report-related work. The Internal Audit Department oversees the supervision, evaluation and rectification of the Company's annual ESG report, ensuring the accuracy, timeliness, consistency and truthfulness of the externally disclosed ESG information.

Conflicts of interest is a common challenge faced by corporate governance. We attach great importance to the management of conflicts of interest and minimize the risk of conflicts of interest to safeguard the interests of the Company and all shareholders. We have gradually improved relevant rules and regulations on conflicts of interest, clarifying the identification criteria and approval processes for conflicts of interest and related party transactions.

For key parties such as the Company's directors, senior management and controlling shareholders, we require them to truthfully report potential conflicts of interest, abstain from relevant decision-making, and prevent harm to the Company's interests. The Company has also engaged a third party to compile a Memorandum of Related Party Transactions and prepare a template of the List of Related Persons and Contacts, to avoid the existence of relatives of persons in sensitive or high-risk related positions in the Company. For related party transactions, we strictly follow internal decision-making procedures such as the Board of Directors, with related parties abstaining from voting to ensure fair and reasonable related party transactions and protect the interests of the Company and minority shareholders. We also strengthen the dynamic monitoring of the use of funds by controlling shareholders and their related parties to prevent the encroachment on the Company's interests by controlling shareholders. At the same time, we have strengthened the education on conflict of interest, enhanced the awareness of conflict of interest among all employees, and encouraged employees to take the initiative to actively report situations of conflicts of interest. We also accept supervision from shareholders, identify and resolve conflict of interest risks in a timely manner, and maintain a good corporate governance ecosystem.

Fair, reasonable and competitive executive compensation is key to attracting and retaining outstanding management talent. We have established a remuneration system that matches the Company's strategy and is commensurate with executive responsibilities, fully mobilizing the enthusiasm and creativity of executives while reasonably controlling compensation costs. Executive compensation is evaluated, supervised and reviewed by the Board's Remuneration and Performance Management Committee. The Remuneration and Performance Management Committee comprehensively considers factors such as the executive's job responsibilities, tenure, performance, etc., and refers to industry compensation levels to propose differentiated compensation plan recommendations. The Company has gradually linked executive remuneration to ESG performance, which is assessed on a quarterly basis.

The Company attaches great importance to maintaining the cybersecurity of its own office network. The Company has established the Information Technology Leading (ITL) Group under the management, which is authorized by the Board of Directors to comprehensively coordinate the Company's information technology (IT)-related work, and regularly report to the Board on the progress of the work on cybersecurity and data privacy and protection, and is accountable to the Board. The Group's ITL Group is responsible for the Group's IT planning, IT budgeting and execution, IT team building and management, IT project implementation and promotion, IT system and standards development. At the same time, with the support of IT technical experts throughout the Group, the ITL Group also oversees the Group's prevention measures for cybersecurity and data protection and privacy. The ITL Group monitors the threat situations faced by all businesses of the Company, provides guidance to various functional departments, and ensures that the Group as a whole effectively manages cybersecurity risks and data protection and privacy, providing high-level promotion and resource guarantee for the Company's information security.

The Company follows the requirements of national policies, regulations and the ISO 27001 Information Security Management System to establish and improve the IT management system. We have formulated a series of specialized systems, such as the IT Management System and the Confidentiality Management System to clarify the cybersecurity management requirements and operational standards within the Group. In respect of the Company's operation of data centers, as the Company only rents the cabinets to its clients and provides data center operation and maintenance (O&M) services, the servers are managed by the client-side users themselves, while the Company does not directly or indirectly access the data and information within the clients' servers. Therefore, in the field of data center business, the Company focuses on strengthening the physical security protection of the data center, providing high-quality cabinet rental and O&M services, and safeguarding the physical security and operational continuity of clients' servers. In terms of the management of internal information systems and data assets within the Group, the Company strictly implements the requirements of the systems related to cybersecurity and data protection and privacy to ensure the security of the Group's internal information systems and data assets. We continuously revise and improve the management system in accordance with the needs of business development and changes in the external situation to ensure its applicability and effectiveness. The Company regularly conducts inspections on the implementation of the system, promptly identifies and rectifies deviations in system implementation, and promotes the formation of a regularized closed-loop management mechanism.

The Company strictly complies with the requirements of laws and regulations such as the Cybersecurity Law of the People's Republic of China, the Data Security Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China, and actively complies with domestic and international regulatory trends to continuously improve the level of cybersecurity compliance and enhance the awareness of cybersecurity among all employees through training. We fully assess the data compliance risks of our own business and systematically sort out compliance in the collection, storage, use, entrusted processing and cross-border transmission of personal information. We have built a data security classification and grading system, conducted data security risk assessment and implemented data classification and grading control measures. In addition, based on the requirements of information security level protection certification and ISO 27001 Information Security Management System certification, we regularly conduct third-party compliance audits to identify potential data compliance risks and rectify problems in a timely manner, so as to continuously improve the standardization of operation and management. We have also incorporated cybersecurity as a risk control point into our comprehensive risk management system, and have engaged a third-party consultant to conduct assessments of relevant risks on a regular basis to ensure effective control of relevant risks. Meanwhile, the Company continues to strengthen the security operation capability. We have continuously improved our ability to monitor, assess, alert, respond and handle security incidents to build an active security defense system. As of the end of December 2023, we have completed the information security management system assessments of the national Internet Data Center (IDC) business and Internet Service Provider (ISP) business, obtained 9 Multi-Level Protection of Information Security (MLPS) Level 3 certifications, and obtained 6 ISO 27001 Information Security Management System certifications at both group level and site level.

The Company has established a standardized, efficient and diversified board structure and will gradually enhance the independence and effectiveness of the Board of Directors. In 2023, the Group's Board of Directors consisted of five directors, including two executive directors and three non-executive directors, with a tenure of three years and eligible for re-election, and 40% of whom were female directors. In the future, the Company will continue to enhance the independence of the Board of Directors in accordance with the marketization process, introduce independent non-executive directors, and further optimize the structure of the Board of Directors to enhance the Board effectiveness.

The Board of Directors is the highest decision-making authority of the Company and is accountable to the Shareholder Meeting. The members of the Board of Directors are elected by the Shareholder Meeting, and the composition of the Board of Directors is diversified and complementary to ensure the scientific and effective decision-making of the Board. When hiring and performing the Board's duties, we consider all aspects of the Board members' gender, age, cultural and educational background, professional experience, ESG experience, international background, ethnicity, and socioeconomic background. We follow the principle of marketization, and Board members are required to have professional competence and rich experience that match their positions. Currently, the expertise of the Group's Board members covers the Internet Data Center (IDC), finance, technology and other fields.

The Board of Directors has established a Remuneration and Performance Management Committee. By authorizing the Remuneration and Performance Management Committee under the Board of Directors and the ESG Committee, the HSE Management Committee, the Group's ITL Group and the Ethics and Discipline Committee under the management, the members of the Board of Directors perform their own duties and effectively improve the operational efficiency. We have also clarified the boundaries of the duties of the Board of Directors, its deliberation procedures and decision-making mechanism in the Memorandum & Articles of Association (M&A) to ensure that the Board of Directors operates in a standardized and organized manner.

The Board of Directors is the supervision organization of the Company's ESG work and assumes overall ESG strategy formulation and reporting responsibilities. The Board of Directors sets the high-level strategy for the Company's ESG work, and the ESG Committee regularly reports to the Board of Directors on the progress of the ESG work and is accountable to the Board of Directors. The ESG Committee, as a specialized body under the management, is established under the approval of the Board of Directors, and is authorized by the Board of Directors to be responsible for researching and proposing recommendations on the Company's ESG work, as well as coordinating the conveyance, communication, and implementation of ESG-related work among the departments. The ESG Committee is chaired by the President of the Company, with the President Assistant as the general coordinator, and the designated heads of each functional department participating as members of the Committee. The responsibilities and authorities of the ESG Committee are mainly as follows:

* Based on the Company's sustainable development strategy, formulate annual ESG objectives and work plans and submit to the Board of Directors for approval;

* Coordinate ESG-related work with each department, supervise the formulation, implementation and evaluation of ESG-related performance targets of all departments of the Company, and provide suggestions on actions needed to improve performance;

* Conduct research on ESG issues and risks ("ESG Risks"), focusing on material issues closely related to the Company's business (such as GHG emissions, energy management, climate-related risks, Diversity, Equality and Inclusion (DE&I), stakeholder engagement, anti-corruption and anti-bribery, employee health and safety, data security, customer privacy, etc.), coordinate with the Internal Audit Department to identify, assess, mitigate and monitor the Company's ESG risks, and incorporate ESG risks (including climate-related risks) into the Company's comprehensive risk management system;

* Oversee the implementation of the Company's Stakeholder Engagement Program, communicate with the Company's stakeholders to ensure that relevant policies effectively promote the relationship between the Company and its stakeholders and protect the Company's reputation;

* Identify and assess ESG-related matters that have an impact on the Company's operations and/or the rights and interests of other important stakeholders, evaluate and determine the identified material ESG issues and the level of materiality, and submit them to the Board of Directors for approval;

* Allocate the ESG metrics involved in ESG reporting to each functional department in accordance with the compliance requirements of the Environmental, Social and Governance Reporting Guide and the Company's ESG objectives and strategies, and designate the relevant person in charge of and the person responsible for handling the ESG reporting in each functional department accordingly;

* Formulate ESG reporting-related systems and processes, develop annual ESG reporting work plans, and organize all relevant departments to carry out ESG reporting work;

* Receive regular reports from the ESG Working Group, follow up on the actual fulfillment of the Company's ESG reporting efforts, and provide confirmation to the Board of Directors on the effectiveness of relevant systems;

* Coordinate with the Internal Audit Department to lead and supervise the ESG Working Group in preparing the ESG report, receive reports from the ESG Working Group on a regular basis, follow up on the actual fulfillment of the Company's ESG reporting work, and provide confirmation to the Board of Directors on the effectiveness of relevant systems;

* Submit the Company's annual ESG report to the Board of Directors of the Company for approval in accordance with the work plan, and review and submit other public information disclosures and important matters in the field of ESG to the Board of Directors for approval;

* Organize and conduct ESG report-related communication, consultation and training, etc., as appropriate, based on the working situation of the ESG report for the respective year, the working suggestions of external service providers (if any), and the latest developments in international, domestic and peer-related ESG reporting;

* Oversee and review the Company's ESG policies and practices to ensure that the policies and practices are fit for purpose and comply with applicable laws, regulatory requirements and international standards;

* Inspect the annual budget expenditures and work plans of the Company's ESG-related funds, provide suggestions to the Board for approval, oversee the work progress of the project where the funds are used, and report the latest progress update to the Board as appropriate; and

* Other matters stipulated in laws, regulations, rules, normative documents, the M&A, internal rules and guidelines of the Company and other matters authorized by the Board of Directors.

The HSE Committee established under the Company's management is authorized by the Board of Directors to regularly report on the progress of the Company's HSE work to the Board and be accountable to the Board. The working office of HSE Committee is placed in the HSE Department of the Company. As the leading organization of the Company's safety and health management, the HSE Committee is headed by the Company's Chief Project Officer (CPO), with the Director of the HSE Department as the Executive Director, and the Company's senior management and the person in charge of each department as committee members. The main responsibilities of the HSE Management Committee are detailed in the Bohao HSE Management System Manual, which include regularly analyzing the situation of the Company's HSE work, coordinating, guiding and supervising the Company's HSE work, as well as studying, coordinating and solving material HSE issues.

The ITL Group is established under the Company's management with the approval of the Board of Directors and is authorized by the Board to report the Company's work progress on cybersecurity as well as data privacy and protection to the Board on a regular basis. The ITL Group is accountable to the Board. The ITL Group is responsible for the Group's information technology (IT) planning, IT budgeting and execution, IT team building and management, IT project implementation and promotion, as well as IT system and specification development, etc. Headed by the Executive Director & COO, with the Vice President of the General Administration as the Deputy Team Head, the participation of all director in charge of each function and the Administration Department (IT), and under the support of IT technical experts throughout Bohao, the ITL Group oversees the group's cybersecurity precautions as well as data protection and privacy, monitors the threat landscape for all Group businesses, provides guidance to functional departments, and ensures that the Group as a whole effectively manages risks of cybersecurity and data protection and privacy.

The Ethics and Discipline Committee under the Company's management is established with the approval of the Board of Directors and is authorized by the Board to report to the Board on a regular basis on the process of the Company's integrity and anti-corruption efforts and is accountable to the Board. The Ethics and Discipline Committee consists of five members, three secretaries and a convener. The Ethics and Discipline Committee takes the lead in resolving issues related to the Company's integrity and anti-corruption efforts, oversees the investigation of relevant issues or violations that do not involve any member of the Ethics and Discipline Committee, and implements preventive and corrective measures. The responsibilities of the Ethics and Discipline Committee are detailed in the Notice on the Establishment of the Ethics and Discipline Committee of Bohao, whose main responsibilities include but are not limited to the following:

* Oversee compliance status of the Company's integrity and anti-corruption policies and procedures, review overall integrity compliance practices and significant issues (if any) in the Ethics and Discipline Committee meetings;

* Report to the Board on significant issues, including reported cases related to integrity and anti-corruption;

* Organize the investigation and handling of all corruption cases or potential corruption issues in the Company;

* Oversee the implementation and issuance of the Company's internal integrity and anti-corruption policies and procedures;

* Review the Company's integrity and anti-corruption policies and procedures on an annual basis;

* Propose recommendations for optimizing the integrity and anti-corruption compliance management structure;

* Advocate the integrity and anti-corruption policy of the Company, and organize studies on corporate integrity and anti-corruption; and

* Prepare budgets for the Company's integrity and anti-corruption expense.

The Company strictly prohibits any form of bribery and corruption and firmly creates a good corporate culture of integrity and honesty, and has prepared the Regulations on Anti-Corruption and Bribery Management applicable to all member companies of the Group, their employees and all other staff (such as agency's employees, consultants, independent contractors, secondees, trainees, operation and maintenance providers, etc.) and all employees, contractors, consultants, directors and commissioners of any entity actually controlled by Bohao. According to the relevant management regulations, individuals taking the important positions of the Company must sign the Integrity and Self-Discipline Commitment with the Company, and only the employees of the Company who have signed this Commitment Letter and obtained relevant authorizations have the rights to externally sign contracts and agreements on behalf of the Company; all customers, suppliers, service providers and contractors who have business dealings with the Company also must sign the Anti-Commercial Bribery Agreement with the Company. The Company will severely punish the personnel and business units who have violated relevant regulations in the economic activities according to the Regulations on Anti-Corruption and Bribery Management, the Commitment Letter of Integrity and Self-discipline and Anti-Commercial Bribery Agreement. The Company's email address for reporting complaints is abc@bhds.cn. All stakeholders can reasonably exercise the right to report under the umbrella of the Company's whistleblower protection system, either by using their real name or anonymously. We will take reports of verified corruption seriously. Those suspected of committing crimes will be handed over to the judicial authorities for handling according to law. Simultaneously, we collaborate with suppliers and other partners to foster a fair and honest business environment.

The Ethics and Discipline Committee under the Company's management is established with the approval of the Board of Directors and is authorized by the Board to report to the Board on a regular basis on the process of the Company's integrity and anti-corruption efforts and is accountable to the Board. The Ethics and Discipline Committee consists of five members, three secretaries and a convener. The Ethics and Discipline Committee takes the lead in resolving issues related to the Company's integrity and anti-corruption efforts, oversees the investigation of relevant issues or violations that do not involve any member of the Ethics and Discipline Committee, and implements preventive and corrective measures. The responsibilities of the Ethics and Discipline Committee are detailed in the Notice on the Establishment of the Ethics and Discipline Committee of Bohao, whose main responsibilities include but are not limited to the following:

* Oversee compliance status of the Company's integrity and anti-corruption policies and procedures, review overall integrity compliance practices and significant issues (if any) in the Ethics and Discipline Committee meetings;

* Report to the Board on significant issues, including reported cases related to integrity and anti-corruption;

* Organize the investigation and handling of all corruption cases or potential corruption issues in the Company;

* Oversee the implementation and issuance of the Company's internal integrity and anti-corruption policies and procedures;

* Review the Company's integrity and anti-corruption policies and procedures on an annual basis;

* Propose recommendations for optimizing the integrity and anti-corruption compliance management structure;

* Advocate the integrity and anti-corruption policy of the Company, and organize studies on corporate integrity and anti-corruption; and

* Prepare budgets for the Company's integrity and anti-corruption expense.

The Company is committed to creating a good corporate culture so that employees, customers, investors, shareholders, government and regulatory authorities, suppliers, contractors, communities and other stakeholders can report their concerns with confidence and without fear of retaliation. Company-protected concerns must involve reasonable suspicion of misconduct or improper developments, or situations related to entities within the Company, and can be reported through the Company's publicly available email address (abc@bhds.cn / AML@bhds.cn), by phone (+86 400-1068-616) or by contacting the appropriate Company officer directly. The Company will take the relevant protected concerns seriously, handle and investigate the concerns with due diligence and efficiency, keep the identity of the whistleblower confidential, and provide the whistleblower with the opportunity to report anonymously. The Company will take appropriate action to prevent subsequent misconduct and limit the scope of potential financial, reputational and other impacts.

As a responsible corporate citizen, we strictly abide by the laws and regulations of the places where we operate, and participate in political activities in a legal and compliant manner.The Company's general policy is not to make donations of any kind to political organizations or individual politicians . The specific requirements are shown in the Company's Integrity and Self-Discipline Commitment.

The sole purpose for the Company to engage in political lobbying is to conduct its business legally and in compliance with relevant local laws. The Company will engage in lobbying activities transparently, if necessary, and will never influence lobbying activities through improper or corrupt means. The Company believes that responsible political engagement helps maintain trust in political lobbying and ensures that public decision makers are able to hear legitimate perspectives in order to make effective policy decisions that are in the interests of all stakeholders.

The Company believes that building a high-quality, professional and highly independent Board of Directors is the key to enhancing the level of corporate governance. As a non-listed Company, we strictly follow the relevant laws and regulations as well as the M&A to continuously optimize the structure of the Board of Directors and gradually enhance the independence and effectiveness of the Board. In 2023, the Group's Board of Directors consisted of five directors, including two executive directors and three non-executive directors, with a tenure of three years and eligible for re-election, and 40% of whom were female directors. In the future, the Company will continue to enhance the independence of the Board of Directors in accordance with the marketization process, introduce independent non-executive directors, and further optimize the structure of the Board of Directors to enhance the Board effectiveness.

Our Board members have diversified professional backgrounds and rich management experience, have a profound understanding of the Company's business and development strategies, and can provide valuable advice to the Company's decision-making from different perspectives. The nomination of director candidates is conducted in strict accordance with relevant regulations and the M&A, and is elected by the Shareholder Meeting. We provide necessary working conditions and information support for directors to perform their duties, and organize business training for directors to enhance their professional capabilities. At the same time, directors must strictly comply with the laws and regulations and the M&A, be diligent and responsible, and ensure sufficient time and energy to fulfill their duties.

We thoroughly understand the importance of independent directors for enhancing corporate governance. With the continuous development of the Company and the advancement of marketization process, we will introduce the independent director system in due course. By recruiting independent director candidates who possess expertise and extensive experience in the IDC industry, management, finance, law, ESG, and other fields, the Company will further strengthen the independence and professionalism of the Board of Directors, gives full play to the supervisory role of the independent directors in the areas of strategic planning, risk management, related-party transactions, and selection and appointment of senior management, and safeguards the legitimate rights and interests of all shareholders, especially the minority shareholders.

The Company attaches great importance to data protection and privacy. The Company has established the Information Technology Leading (ITL) Group under the management, which is authorized by the Board of Directors to comprehensively coordinate the Company's information technology (IT)-related work, and regularly report to the Board on the progress of the work on cybersecurity and data privacy and protection, and is accountable to the Board. The Group's ITL Group is responsible for the Group's IT planning, IT budgeting and execution, IT team building and management, IT project implementation and promotion, IT system and standards development. At the same time, with the support of IT technical experts throughout the Group, the ITL Group also oversees the Group's prevention measures for cybersecurity and data protection and privacy. The ITL Group monitors the threat situations faced by all businesses of the Company, provides guidance to various functional departments, and ensures that the Group as a whole effectively manages cybersecurity risks and data protection and privacy, providing high-level promotion and resource guarantee for the Company's information security.

The Company follows the requirements of national policies, regulations and the ISO 27001 Information Security Management System to establish and improve the IT management system. We have formulated a series of specialized systems, such as the IT Management System and the Confidentiality Management System to clarify the data protection and privacy management requirements and operational standards within the Group. In respect of the Company's operation of data centers, as the Company only rents the cabinets to its clients and provides data center operation and maintenance (O&M) services, the servers are managed by the client-side users themselves, while the Company does not directly or indirectly access the data and information within the clients' servers. Therefore, in the field of data center business, the Company focuses on strengthening the physical security protection of the server rooms, providing high-quality cabinet rental and O&M services, and safeguarding the physical security and operational continuity of clients' servers. In terms of the management of internal information systems and data assets within the Group, the Company strictly implements the requirements of the systems related to cybersecurity and data protection and privacy to ensure the security of the Group's internal information systems and data assets. We continuously revise and improve the management system in accordance with the needs of business development and changes in the external situation to ensure its applicability and effectiveness. The Company regularly conducts inspections on the implementation of the system, promptly identifies and rectifies deviations in system implementation, and promotes the formation of a regularized closed-loop management mechanism.

The Company strictly complies with the requirements of laws and regulations such as the Cybersecurity Law of the People's Republic of China, the Data Security Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China, and actively complies with domestic and international regulatory trends to continuously improve the level of data protection compliance and enhance the awareness of data protection and privacy among all employees through training. We fully assess the data compliance risks of our own business and systematically sort out compliance in the collection, storage, use, entrusted processing and cross-border transmission of personal information. We have built a data security classification and grading system, conducted data security risk assessment and implemented data classification and grading control measures. In addition, based on the requirements of information security level protection certification and ISO 27001 Information Security Management System certification, we regularly conduct third-party compliance audits to identify potential data compliance risks and rectify problems in a timely manner, so as to continuously improve the standardization of operation and management. We have also incorporated data protection and privacy as a risk control point into our comprehensive risk management system, and have engaged a third-party consultant to conduct assessments of relevant risks on a regular basis to ensure effective control of relevant risks. Meanwhile, the Company continues to strengthen the security operation capability. We have continuously improved our ability to monitor, assess, alert, respond and handle security incidents to build an active security defense system. As of the end of December 2023, we have completed the information security management system assessments of the national Internet Data Center (IDC) business and Internet Service Provider (ISP) business, obtained 9 Multi-Level Protection of Information Security (MLPS) Level 3 certifications, and obtained 6 ISO 27001 Information Security Management System certifications at both group level and site level.

The Company believes that establishing a reasonable and effective remuneration incentive mechanism is a key initiative to attract, retain and motivate excellent talents. The Remuneration and Performance Management Committee under the Board of Directors reports to the Board and is accountable to the Board for the leadership and supervision of performance appraisal, examination and approval of the performance appraisal content and results, and the adjudication of material issues, so as to ensure the standardization, objectivity and effectiveness of performance management operations within the Company's various organizations, and to implement performance management-related work. Details of the duties of the Remuneration and Performance Management Committee are set out in the Notice on the Establishment of the Remuneration and Performance Management Committee of the Company, in which ESG-related duties mainly include:

* Formulate human resources (HR) strategies and objectives that incorporate ESG considerations in accordance with the Company's strategies, and conduct work allocation and deployment for remuneration and performance appraisal;

* Review the annual non-operating or management performance objectives of the Company's management and departments (metrics such as teamwork, skill improvement and training, cultural consistency, ESG, etc.);

* Ensure that the Company's remuneration, welfare and benefits, performance incentive-related systems and programs incorporate ESG considerations.

In the future, the Company will further optimize the structure of the Remuneration and Performance Management Committee, increase the proportion of non-executive independent directors among the committee members, and ensure the independence, professionalism and impartiality of the Company's remuneration management.

The Company attaches great importance to the effectiveness of internal control processes and actively evaluates the effectiveness of its internal control. It has engaged a third-party consultant to conduct a preliminary review on key internal control processes (e.g., ESG management process, sales and collection process, procurement and payment process, etc.).

In addition, the Company has established three lines of defense for risk prevention and control, including internal audit, management departments and functional departments, and is committed to promoting ESG risk identification, assessment, response, and monitoring of the whole process of risk management. Since 2021, Boho began to refer to the internationally recognized Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management (ERM) framework, and gradually incorporated ESG into the Company's comprehensive risk management system. So far, the Company's comprehensive risk management system has undergone three rounds of upgrades and progressively integrate consideration of climate-related risks and opportunities.

The Board of Directors is the highest responsible and decision-making body and supervisory organization for the Company's ESG efforts, assuming overall ESG strategy development and reporting responsibilities. The Board of Directors formulates high-level strategies for the Company's ESG work to support the sustainable development of the Company's business, whose main responsibilities include:

* Study and formulate the Company's ESG management policy and sustainable development strategy;

* Review the implementation of the Company's sustainable development strategy at least on an annual basis, and make adjustments as needed;

* Review and approve the Company's ESG objectives, and regularly review the Company's ESG performance on the progress of objective realization;

* Oversee the assessment, prioritization, management and internal monitoring of material ESG issues and risks, and ensure the effective implementation and timely update of the Company's comprehensive risk management system that incorporates ESG factors;

* Oversee the integration of ESG policies and regulations, climate-related risks with the Company's business operations and strategies;

* Authorize and supervise the Company's Remuneration and Performance Management Committee, Ethics and Discipline Committee, ESG Committee, HSE Management Committee and the ITL Group, and receive their reports on a regular basis; and

* Review and approve the Company's ESG report, oversee and ensure that all material ESG issues have been disclosed in the report, and supervise, inspect and evaluate the Company's fulfillment of the Environmental, Social and Governance Reporting Guide.

In addition to the above, the Board of Directors will also approve the management to regularly engage external service providers to provide ESG-related assessment and consultancy services for the Company according to the needs, so as to ensure the smooth implementation of the Company's ESG initiatives.