Risk Management and Strategy

We have implemented comprehensive cybersecurity risk assessment procedures to ensure effectiveness in cybersecurity management, strategy and governance and risk identification. We have also integrated cybersecurity risk management into our overall enterprise risk management system.

We have developed a comprehensive cybersecurity threat defense system to address both internal and external threats. This system encompasses various levels, including network, host and application security and incorporates systematic security capabilities for threat defense, monitoring, analysis, response, deception and countermeasures. We strive to manage cybersecurity risks and protect sensitive information through various means, such as technical safeguards, procedural requirements, an intensive program of monitoring on our corporate network, continuous testing of aspects of our security posture internally and with outside vendors, a robust incident response program and regular cybersecurity awareness training for employees. Our IT department regularly monitors the performance of our website, platforms and infrastructure to enable us to respond quickly to potential problems, including potential cybersecurity threats.

As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.

Governance

We are committed to appropriate cybersecurity governance and oversight.

Our board of directors has oversight of our strategic and business risk management, including cybersecurity risk management. Our board of directors is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which we are exposed and to implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Management is responsible for identifying, assessing, and managing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures, maintaining cybersecurity policies and procedures, and providing regular reports to our board of directors.

For additional information on our cybersecurity risks, please see “Item 3. Key Information—D. Risk Factors.”

As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.