Risk Management and Strategy

We have implemented robust processes for assessing, identifying and managing material risks from cybersecurity threats and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incident. We have also integrated cybersecurity risk management into our overall enterprise risk management system.

We have established a comprehensive cybersecurity defense system to effectively mitigate both internal and external cyber threats. This system spans multiple security domains, including network, host, and application layers. It integrates a range of security capabilities such as threat defense, continuous monitoring, in-depth analysis, rapid response, as well as strategic deception and countermeasures. Our approach to managing cybersecurity risks and safeguarding sensitive data is multi-faceted, involving technological safeguards, procedural protocols, an extensive program of surveillance on our corporate network, continuous testing of our security posture both internally and with third parties, a solid incident response framework, and regular cybersecurity training sessions for our employees. Our IT department is actively engaged in continuous monitoring of our applications, platforms and infrastructure to ensure prompt identification and response to potential issues, including emerging cybersecurity threats.

As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.

Governance

The cybersecurity committee of our board of directors, or cybersecurity committee, is responsible for overseeing our cybersecurity risk management. Our cybersecurity committee shall (i) maintain oversight of the disclosure related to cybersecurity matters in current reports or periodic reports of our company, (ii) review updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, presented by our chief executive officer, chief financial officer and cybersecurity officer on a regular basis, and (iii) review disclosure concerning cybersecurity matters in our annual report on Form 20-F presented by our chief executive officer, chief financial officer and cybersecurity officer.

At management level, our chief executive officer, chief financial officer and cybersecurity officer, or the Cybersecurity Risk Management Officers, are responsible for assessing, identifying and managing material risks from cybersecurity threats to our company and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incident. Our Cybersecurity Risk Management Officers report to our cybersecurity committee on (i) a regular basis on updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, and (ii) on disclosure concerning cybersecurity matters in our annual report on Form 20-F.

If a cybersecurity incident occurs, our Cybersecurity Risk Management Officers will promptly organize relevant personnel for internal assessment and if it is determined that the incident could potentially be a material cybersecurity event, our Cybersecurity Risk Management Officers will promptly report the incident and assessment results to our disclosure committee, our cybersecurity committee, and other members of senior management and external legal counsel, to the extent appropriate. Our Cybersecurity Risk Management Officers shall prepare disclosure material on the cybersecurity incident for review and approval by the disclosure committee and cybersecurity committee, and other members of senior management (if necessary), before it is disseminated to the public.

As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.

Governance

The cybersecurity committee of our board of directors, or cybersecurity committee, is responsible for overseeing our cybersecurity risk management. Our cybersecurity committee shall (i) maintain oversight of the disclosure related to cybersecurity matters in current reports or periodic reports of our company, (ii) review updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, presented by our chief executive officer, chief financial officer and cybersecurity officer on a regular basis, and (iii) review disclosure concerning cybersecurity matters in our annual report on Form 20-F presented by our chief executive officer, chief financial officer and cybersecurity officer.

At management level, our chief executive officer, chief financial officer and cybersecurity officer, or the Cybersecurity Risk Management Officers, are responsible for assessing, identifying and managing material risks from cybersecurity threats to our company and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incident. Our Cybersecurity Risk Management Officers report to our cybersecurity committee on (i) a regular basis on updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, and (ii) on disclosure concerning cybersecurity matters in our annual report on Form 20-F.

If a cybersecurity incident occurs, our Cybersecurity Risk Management Officers will promptly organize relevant personnel for internal assessment and if it is determined that the incident could potentially be a material cybersecurity event, our Cybersecurity Risk Management Officers will promptly report the incident and assessment results to our disclosure committee, our cybersecurity committee, and other members of senior management and external legal counsel, to the extent appropriate. Our Cybersecurity Risk Management Officers shall prepare disclosure material on the cybersecurity incident for review and approval by the disclosure committee and cybersecurity committee, and other members of senior management (if necessary), before it is disseminated to the public.