Risk Management and Strategy

We have implemented comprehensive cybersecurity risk assessment procedures to ensure effectiveness in cybersecurity management, strategy and governance and reporting cybersecurity risks. We have also integrated cybersecurity risk management into our overall enterprise risk management system. We have ensured that our employees have full access to the basic knowledge and principles of information security, established a sound responding process and disposal mechanism for system security, external attacks and violations, and safeguarded the confidentiality of information and data of the enterprise, employees and customers, making sure information and data can only be obtained and used when necessary. By taking those actions, we have identified the cybersecurity risk management as a core task of our enterprise risk management system and been making efforts to make sure our overall risk assessment can sufficiently cover cybersecurity risks.

We have developed a comprehensive cybersecurity threat defense system to address both internal and external threats. This system encompasses various levels, including network, host and application security and incorporates systematic security capabilities for threat defense, monitoring, analysis, response, deception and countermeasures. We strive to manage cybersecurity risks and protect sensitive information through various means, such as technical safeguards, procedural requirements, an intensive program of monitoring on our corporate network, continuous testing of aspects of our security posture internally, a robust incident response program and regular cybersecurity awareness training for employees. Our IT department regularly monitors the performance of our infrastructure to enable us to respond quickly to potential problems, including potential cybersecurity threats.

As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.

We have implemented comprehensive cybersecurity risk assessment procedures to ensure effectiveness in cybersecurity management, strategy and governance and reporting cybersecurity risks. We have also integrated cybersecurity risk management into our overall enterprise risk management system. We have ensured that our employees have full access to the basic knowledge and principles of information security, established a sound responding process and disposal mechanism for system security, external attacks and violations, and safeguarded the confidentiality of information and data of the enterprise, employees and customers, making sure information and data can only be obtained and used when necessary. By taking those actions, we have identified the cybersecurity risk management as a core task of our enterprise risk management system and been making efforts to make sure our overall risk assessment can sufficiently cover cybersecurity risks.

Governance

Our board of directors is responsible for overseeing our cybersecurity risk management. Our board of directors shall (i) maintain oversight of the disclosure related to cybersecurity matters in current reports or periodic reports of our company, (ii) review updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, presented by our chief executive officer, principal financial officer and cybersecurity officer on a quarterly basis, and (iii) review disclosure concerning cybersecurity matters in our annual report on Form 20-F presented by our chief executive officer, principal financial officer and cybersecurity officer.

At management level, our chief executive officer, principal financial officer and cybersecurity officer are responsible for assessing, identifying and managing material risks from cybersecurity threats to our company and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incident. These officers report to our board of directors on (i) a quarterly basis on updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, and (ii) on disclosure concerning cybersecurity matters in our annual report on Form 20-F.

Our board of directors is responsible for overseeing our cybersecurity risk management. Our board of directors shall (i) maintain oversight of the disclosure related to cybersecurity matters in current reports or periodic reports of our company, (ii) review updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, presented by our chief executive officer, principal financial officer and cybersecurity officer on a quarterly basis, and (iii) review disclosure concerning cybersecurity matters in our annual report on Form 20-F presented by our chief executive officer, principal financial officer and cybersecurity officer.