Environmental, Social and Governance Report 2022 Tuya Inc.塗鴉智能 Stock Code: NYSE: TUYA; HKEX: 2391 Global IoT Development Platform Globa l IoT Develop m en t Pla tfo rm Service Provider AI
About this Report 3 18 17 26 64 94 27 65 4 19 39 67 7 21 59 69 91 98 13 14 25 About Tuya Chairman's Statement The Company's Honors 2022 ESG Performance Highlights Responsibility as Foundation of Enterprise for Steady and Long-term Development Corporate Governance Risk Management and Control ESG Governance Business Ethics 76 79 82 Community Co-construction, Industry Co-creation 75 Creating Smart Communities and Industry Scenarios Assisting in Public Welfare and Charity Promoting Industrial Development Superior Quality for Digital and Intelligent Future People-oriented, Walking Together Hand-in-hand Appendix Data Security and Privacy Protection Employee Rights and Interests Products and Services Employee Development Appendix II:ESG Performance Intellectual Property Rights Protection Supplier Management 60 Care for Employees 84 85 90 Green Development, Low-carbon Operations Practicing Green Operations Responding to Climate Change Appendix I: Hong Kong Stock Exchange ESG Contents Index Appendix III: Contributions to United Nations Sustainable Development Goals CONTENTS
ABOUT THIS REPORT This report is the first environmental, social and governance report (hereinafter referred to as the “ESG” report) issued by Tuya Inc. and its subsidiaries (hereinafter referred to as the “Company”, “Tuya”, “Tuya Inc.” or “we”) , which is aimed at all stakeholders of the Company, and focuses on disclosing Tuya’s management, practices and performance in terms of environmental, social and governance aspects. Reporting Timeframe Unless otherwise stated, the period covered by this report is from January 1, 2022 to December 31, 2022 (the “Reporting Period”), while certain information and activities pertain to 2023 and prior to 2022. Reporting Scope and Boundaries This report defines the scope of organization based on the principle of materiality. Since the proportion of revenue from overseas companies is not material, the environmental data disclosed in this report does not include those of overseas companies. Unless otherwise specified, all substantive content involved in this report is consistent with the disclosure scope of the Company’s Annual Report. This report has been mainly prepared in accordance with the Environmental, Social and Governance Reporting Guide contained in Appendix 27 of the Listing Rules of The Stock Exchange of Hong Kong Limited (the “Hong Kong Stock Exchange”). The preparation of this report is through the process of identifying important stakeholders, identifying important issues related to ESG, understanding the opinions of various stakeholders, and determining the materiality of issues, so as to determine the boundaries of the ESG report, collect the relevant report information and data, collate and aggregate such information, and review the information appeared in the report. Basis of Preparation of the Report The information and data disclosed in this report come from the Company’s statistical data, relevant documents and internal communication files or system records. The Company assures that this report does not contain any false records or misleading statements, and is responsible for the authenticity, accuracy and completeness of the contents. Source of Information and Assurance of Reliability Upon confirmation by the management, this report was approved by the board of directors (the “Board”) on March 1, 2023. Confirmation and Approval This report has been written in traditional Chinese and English, and the electronic version is published on the “HKEX Fillings section of the Company’s official website (ir.tuya.com/financials/HKEX-Fillings/) and the website of the Hong Kong Stock Exchange (www.hkexnews.hk). In case of any inconsistency between the traditional Chinese and English versions of this report, the English version shall prevail. We attach great importance to the opinions of relevant parties and welcome readers to email to ir@tuya.com. Your comments will help us further improve this report and our ESG performance. Acquisition of the Report About this Report 3
CHAIRMAN’S STATEMENT 2022 was a very challenging year for global enterprises and terminals. Since late 2021, we have seen high global inflation, soaring energy prices, sluggish economy, and weak consumption. Such an environment has caused a serious supply-demand mismatch in the global discretionary consumer electronic sector, resulting in a severe backlog of downstream inventories. The upstream and downstream enterprises in the global supply chain have entered a severe destocking cycle, which also brought more uncertainties to the realization of sustainable development goals of various economies. Against this backdrop, as a world-leading Internet of Things (“IoT”) cloud development platform provider, Tuya is committed to bringing more cost-effective green and smart solutions to downstream enterprises, ecosystem partners and the IoT industry through technological development and product iteration, and taking more responsibilities. The 2022 ESG report is our first ESG report. ESG is a prominent keyword for companies, businesses, capital markets and other fields around the world. A question that all companies are thinking about is: how to better practice ESG. In 2022, we took a new step in terms of ESG, and was committed to continuously improving the ESG governance level of the Company, laying a solid foundation for our long-term business mission and green vision in the future. In terms of our system, we have established an ESG governance structure to carry out systematic assessment, management and control work based on the identified ESG issues. In terms of business, we strictly abide by business ethics, put forward the same requirements for employees of the Company, suppliers and other partners, and improve the customer and supplier management, striving to create a healthy and clean business environment. In terms of corporate compliance, with the dual primary listing on the Main Board of Hong Kong, our Board approved the amendments and implementation of more than 10 management principles and policies relating to various compliance issues, covering corporate governance, director nomination, information disclosure and related party transactions. We adhere to the orientation of the needs of stakeholders, and through the establishment of a diversified communication mechanism, sincerely listen and respond to the expectations and concerns of different stakeholders. In particular, we respond in the following aspects. We are committed to providing users with solid assurance in all aspects of our products and services and establishing industry quality benchmarks. Facing customers, we adhere to the “customer first” philosophy, efficiently promoting product management and innovation work to drive smart living. We have built a safe, reliable and compliant IoT platform by strictly regulating information security and customer privacy protection. We comply with domestic and international information security standards and industry requirements, integrating compliance requirements and standards into Tuya’s internal control framework and cloud development platforms and products. At the same time, Tuya also cooperates with independent third-party security services, consulting and audit institutions to verify and assure the compliance and security of Tuya’s cloud development platforms. Chairman's Statement 4 Chairman Tuya Inc. Xueji ( Jerry) Wang
In 2022, we again passed all heavyweight security compliance certifications and annual reviews. For example, TrustArc, a world-renowned authoritative certification body, certified that Tuya complies with GDPR, CCPA, and PIPEDA. Ernst & Young, one of the “Big Four” accounting firms in the world, issued an unqualified opinion about Tuya’s SoC2/3 compliance. Moreover, Tuya obtained multiple information security and privacy protection certifications for the ISO/IEC system from BSI, a globally recognized management system standard issuing organization, as well as certifications involving data security, cloud service security, and smart hardware security including CSA STAR, EPC Enterprise Privacy Protection, ioXt, etc. Our cloud platforms and smart product solutions have passed the security assessment or penetration test verification by independent third-party security institutions such as Rapid7 and Underdefense, testing our products and solutions in terms of continuous security and reliability. In addition, we continued to update version 5.1 of the Tuya Security Compliance White Paper, and jointly released the IoT Solution White Paper with Amazon Web Services. Facing the industry, we are driven by sustainable development to create a high-quality IoT value chain. We are committed to promoting smart society by building a better world. We promote the construction of digital factories to help traditional OEM manufacturers switch to smart equipment and products while upgrading their production efficiency. We focus on exploring the implementation of smart solutions in the community. In response to the demands and pain points of the traditional community industry in the process of digital transformation, we have launched targeted and user-friendly smart solutions, working with enterprises to co-build the future community with the entry point of “hardware support, group support, and spiritual support”. In 2022, our platforms, products and services served approximately 7,600 customers and nearly 4,000 brands around the world, empowering the sustainable development of our partners in many aspects. Our smart solutions have been widely used in various scenarios, including hotels, rentals, business districts, buildings, schools, communities. We are committed to practicing green products and operations and achieving sustainable corporate development. Through the launch and continuous iteration of various comprehensive solutions for energy conservation and carbon reduction, we provide IoT device empowerment with advanced functions of energy and power management and energy-conservation platforms and small programs to help corporate customers and downstream terminals practice green life. Within the Company, we advocate the concepts of low-carbon travel and green office, attach importance to the effective use of various resources, and promote the work philosophy of energy conservation, consumption reduction, green and environmental protection in every detail of the operation process. For instance, in 2022, we processed a total of 866,000 vouchers, 98.45% of which were paperless. Chairman's Statement 5 We actively create a diverse, inclusive, fair and impartial working atmosphere, and are committed to growing together with our employees. Our team includes 40 ethnic minority employees. In addition, we cooperated with the Hangzhou Disabled Persons’ Federation to recruit 4 disabled employees, actively fulfilling our corporate social responsibility. We attach great importance to the training of employees’ skills and qualities by providing them with targeted and systematic employee training, with a training coverage rate of 97%. We provide employees with a remuneration incentive mechanism featuring performance bonuses, special bonuses, excellent project bonuses, equity incentive scheme, as well as a variety of employee benefits and care measures, hoping to share the results of long-term development with employees. We won the “Best HR Program of 2022 Flag Awards”, and will continue to stay true to our original aspiration and work hard together with employees.
In the capital market, Tuya was listed on the New York Stock Exchange (“NYSE”) in early 2021 and completed its dual primary listing on the Main Board of Hong Kong on July 5, 2022. The listing in Hong Kong provides an additional assurance for all shareholders of Tuya to respond to uncertainties brought by the uncontrollable external environment, as well as an alternative trading channel option. The listing in Hong Kong has also put forward higher requirements for Tuya in terms of corporate management, operation and transparency, demonstrating our continuous commitment to providing all-round and full-effort support and assurance for shareholders and investors. In addition, as an enterprise with a heart of public welfare and great love, we actively participate in social and public welfare activities, continuously contributing to the society through practical actions. We deeply responded to the calls from the society by participating in the Hangzhou-Ganzi “east-west cooperation” project. We donated a batch of smart devices such as smart air conditioners, sweepers and switches to Zhoupo Primary School in Caojiang Town, Gaozhou for its construction of educational facilities. In order to better help prevent natural disasters in Henan, we donated smart products worth approximately RMB1.5 million to Kaifeng, Henan for flood control and disaster relief. We also donated materials worth approximately RMB0.6 million to affiliated organizations of local science and technology associations to help rural revitalization. Up to the end of the Reporting Period, our cumulative charitable donations were worth approximately RMB4.79 million. In the future, Tuya will continue to be a leader and deep cultivator in the IoT industry, adhere to our original aspiration, fully support the digital and intelligent transformation and accelerated upgrades of enterprises and the society with our open and neutral IoT ecosystem, always focus on customers with our employees as the basis, and through forward-looking strategic deployment and market planning, provide each IoT ecosystem partner, brand and original equipment manufacturer (“OEM”) customer with value proposition of better and more cost-effective product, vigorously promoting sustainable development of the industry and the Company. We still have a long way to go in the emerging area of ESG. We will strive to make more progress to achieve long-term development with a more ambitious vision. We also look forward to working with everyone to experience the technological and stylish way of practicing ESG. Chairman Tuya Inc. Xueji ( Jerry) Wang Chairman's Statement 6
ABOUT Tuya Introduction to the Company Tuya (NYSE: TUYA, HKEX: 2391) is a global leading IoT cloud development platform and a technology-driven enterprise. Established in June 2014, we completed our U.S. listing on the NYSE on March 18, 2021, and subsequently completed our dual primary listing on the Main Board of the Hong Kong Stock Exchange on July 5, 2022. As a technology company committed to making life smarter, we continue to innovate by providing a cloud platform that can connect with numerous smart things, creating interoperable development standards to connect smart needs of various industries, and providing cloud-based software experience for smart devices of customers and end users. At the same time, the comprehensive solutions of Tuya have created a closed-loop of scenarios and businesses that combines software and hardware to further empower partners and customers to enhance product value, enabling end users and consumers to enjoy a more convenient and efficient smart life. According to the research completed and published in 2022 by CIC, a well-known research institution, Tuya was the largest IoT PaaS provider in the global market of IoT PaaS market in terms of the volume of smart devices empowered in 2021, and according to the same source, Tuya ranked first with a market share of 14.9% in the global market of IoT PaaS for smart home and smart business in terms of revenue in 2021. Our Vision Global IoT development platform Our Mission Build an IoT Developer Ecosystem, Enable Everything to be Smart Our Values Customer Success, Purity and Dedicated, Win-win Cooperation, Backward from Goal, Self-driven Growth, Results First About Tuya 7
Adhering to the corporate mission of “Build an IoT Developer Ecosystem, Enable Everything to be Smart”, we implement localized operations worldwide with subsidiaries in the United States, Europe, India, China, Japan, Australia and Singapore, and serve customers in different markets in a targeted manner, carrying out our global strategy. With industry-leading technologies and products, all-round empowering channels, and a neutral and open IoT ecosystem, as of the end of the Reporting Period, our IoT PaaS enables businesses and developers in more than 200 countries and regions around the world to develop smart devices in about 2,700 categories, and had a total of more than 708,000 registered IoT device and software developers. Powered by Tuya (“PBT”) smart devices empowered by us are available in approximately 120,000 stores all over the world. We have served for more than 50 of Fortune Global 500 customers. In the future, we will continue to adhere to our original aspiration, keep on promoting and achieving for our vision of “global IoT development platform”, focus on cutting-edge technologies, and comprehensively connect customers, suppliers, and ecological partners across the value chain, striving to promote the development of the IoT sector to jointly build a better world with sustainable development brought about by IoT. Regional Data Center Media Acceleration Node 2,700 Product categories 708,000 IoT device and software developers 120,000 stores all over the world 200+ countries and regions Businesses and developers across PBT smart devices available in 7,600 Customers served in 2022 About Tuya 8 *The above data is as of December 31, 2022 Virginia Oregon Shanghai Amsterdam Mumbai Frankfurt
History of the Company’s Development 2014 2015 2016 2019 2018 2017 2020 2021 2022 Tuya founded B Release of IoT publi@ @lou? B The U.S. subsidiary established B First Fortune 500 @ustomee B Release of IoT @loud platform, designed to enable development of IoT app interfa@e in 1 minute, OEM app in 10 minutes and smart devi@es for mass produ@tion in 15 days 1+ million peak monthly deployments of IoT PaaS B 4+ million peak monthly deployments of IoT Paa™ B Release of self-servi@e portal for IoT PaaS B 10+ million peak monthly deployments of IoT Paa™ B Established subsidiaries in Japan, India, Germany and Colombia B 1+ million peak daily deployments of IoT Paa™ B Release of the latest IoT @loud platfor× B Introdu@tion of Industry SaaS B Listing on the New York Sto@k Ex@hang B 184 million smart devi@es deployment of IoT PaaS throughout the year, be@oming the world s largest IoT PaaS provider B Offi@ial laun@h of the Cube Smart Private Cloud Solutio? B Listing on the Main Board of the Hong Kong Sto@k Ex@hange to @omplete the dual primary listing Future Start Tuya Tuya Global IoT SaaS About Tuya 9
Products and Services of the Company We have pioneered a purpose-built IoT cloud development platform that delivers a full suite of offerings, including Platform-as-a-Service, or PaaS, and Software-as-a-Service, or SaaS. Through our IoT cloud development platform, we deliver a variety of offerings. Our IoT PaaS offering enables businesses, including original equipment manufacturer (“OEM”) and brands, and developers to develop, launch, manage and monetize software-enabled smart devices and services. Our Industry SaaS offering enables businesses to deploy, connect, and manage large numbers and different types of smart devices. We also offer businesses, developers and end users a diverse range of cloud-based value-added services to improve their ability to develop and manage IoT experiences. Through our IoT cloud development platform, we have activated a vibrant IoT developer ecosystem, empowering players including brands, OEMs, partners and end users to interact through a broad range of smart devices. We also believe the efficient distribution of Tuya-powered smart devices to target audiences benefits our long-term competitive edge and sustainability. To this end, we strategically assist specific customers, mainly brands and system integrators, who prefer not to directly deal with multiple OEMs in selecting smart devices, so that customers can purchase directly from us finished smart devices powered by Tuya. These customers typically place purchase orders directly with us by specifying the type of smart devices. We then source devices for these customers from qualified OEMs selected based on the type of products, specifications and other metrics. Tuya IoT Development Platform About Tuya 10 Developer Kits IoT Cloud Infrastructure Capabilities TuyaIoT Cloud IoT PaaS IndustrySaaS Value added Services Cube Private Cloud Public Cloud Infrastucture TuyaIoT Cloud Development Platform Developing SmartDevices Using SmartDevices For Business Customers For All Business Customers and End Users
Our IoT PaaS is an integrated all-in-one product that helps brands and OEMs to build and manage smart devices quickly, easily and cost-effectively. Our IoT PaaS product combines the most fundamental elements of a series of IoT capabilities such as “cloud-based connectivity and basic IoT services”, “edge capabilities”, “application development” and “device optimization solutions”. For business customers developing smart devices - IoT PaaS To make devices smarter, each smart device needs to have IoT edge capabilities (basic functions such as device connectivity, storage, and data processing). Tuya offers a library of edge capabilities for customers to choose from, as well as visualized, simple tools for them to quickly find what they need. Tuya IoT PaaS supports mainstream communication protocols, such as Wi-Fi, Bluetooth and ZigBee, as well as a wide variety of IoT device edge capabilities. Compatibility between software and hardware is crucial to the user experience of the device. Tuya assists customers by helping them optimize the design, manufacture and configuration of Tuya-powered devices to ensure the fit of hardware and software to deliver desired use cases and functionality. We also provide developers with a set of analysis and debugging tools to help them independently identify root causes and troubleshoot problems. Cloud-based connectivity and basic IoT services Application ("App") development IoT edge capabilities ("Edge") Device optimization solutions Our cloud assigns an unique virtual ID to each PBT device, and creates a corresponding and unique cloud-based virtual device model, the “Digital Twin”. Through the “Digital Twin”, smart devices can implement closed-loop data exchange with the cloud platform throughout their life cycle. As the command is issued or the status of the device changes, the Digital Twin interacts with it synchronously to realize various device functions and scenarios. An easy-to-use App is the key to a superior IoT experience. Tuya provides customers with the “white label”App to help customers achieve the launch of complete IoT products in the shortest possible time. This “one-app-for-all”approach enables end users to manage and control multiple devices, even devices from different brands and categories, using only one App. Our customers may choose to involve us in designing tailor-made applications or, in more cases, can use the development tools we provide to customize applications by themselves or through third-party developers. Tuya s IoT PaaS product < > About Tuya 11
We offer industry SaaS, vertical-focused software solutions that enable businesses to easily and securely deploy, connect, and manage large numbers and different types of smart devices. We design Industry SaaS as plug-and-play everyday tools for people to interact with and harness the power of IoT. We offer customers with a series of smart solutions including but not limited to smart commercial lighting & building SaaS, smart hospitality/ residential SaaS, and smart community SaaS. Industry SaaS makes lives easier, healthier and more enjoyable, and drives efficiency, cost saving and productivity for businesses of all sizes across industries. Our Industry SaaS is built to be brand-agnostic and is compatible with PBT devices across brands and categories. We provide a variety of cloud-based value-added services that are compatible with IoT PaaS for business customers developing smart devices (such as brands and OEMs), including Tuya Mall, AI-powered virtual voice assistants, and more than 50 other value-added services. We also provide end users using smart devices with value-added service functions such as App push messaging, cloud storage, content service, etc. For business customers using smart devices - Industry SaaS Cloud-based value-added services AI-powered virtual voice assistants Data Analysis Phone Notification App push messaging Tuya Mall More... More... cloud storage Business Customers End Users Cloud-based value-added services About Tuya 12
THE COMPANY’S HONORS 2017 OFweek Best IoT Platform Solution Award in China 2017 CSHIA Smart Home Innovations 2017 IoT Lightning Conference “Zhiguang” Outstanding Cross-Border Enterprise 2017 36Kr Most Innovative Award 2018 Mobile Smart Terminal Summit METIS Awards for Intelligent Terminals 2018 IFA 2018 Smart Interconnected Platform Innovation 2018 China IoT Conference 2018 Most Growth-oriented IoT Enterprise Award 2018 Davos Forum AI Enterprise Technology Innovation Platform 2019 AWE 2019 Smart Innovation Award 2019 HURUN Research Institute Artificial Intelligence Industry Unicorn 2019 CES 2019 AI+IoT Technology Innovative Platform 2019 Forbes Global Top 25 IoT Companies List 2021 AWE 2021 Eppland Smart Technology Award 2020 New Industry Economy Summit Industry Leading Brand 2022 Sustainability Summit 2022 Evergreen Award: Most Valued IPO Tech Company 2022 Mobile IoT Congress 2022 2022 Mobile IoT Advanced Enterprise Award 2022 Microsoft Inspire China Best Data and AI Partner of the Year 2022 HRFlag Best HR Program of 2022 Flag Awards 2022 National Top 500 Zhejiang Merchants Summit National Top 500 Zhejiang Merchants 2022 BOSS Zhipin King s Ark Favorite Talent Employer 2022 High Value Patent Cultivation Competition Winner of China Haidian High Value Patent Cultivation Competition The Company's Honors 13
Established a top-down ESG governance framework of “Board of Directors-ESG Management Committee-ESG Work Implementation Group” ESG governance framework 2 females 100% Business ethics related policies covering 100% of employees, customers, suppliers, partners and other relevant parties 2 female directors on the Board, accounting for more than 20% 4 females 4 females in the senior management, accounting for 20% 0 0 litigation cases of corruption, bribery, money laundering, monopoly and other violations of business ethics Cyber security compliance governance structure Established a cyber security compliance governance structure, and set up the Compliance Committee comprising senior management such as the CFO, CTO and CIO which holds a formal meeting every six months Responsibility as Foundation of Enterprise for Steady and Long-term Development Superior Quality for Digital and Intelligent Future 2022 ESG PERFORMANCE HIGHLIGHTS Tuya Security Compliance White Paper, Tuya General Data Protection Regulation (GDPR) White Paper, and Brazil s Lei Geral de Proteção de Dados (LGPD) White Paper external network security certifications 6 ecurity management system certifications 4 data security review reports 123 security testing reports 412 The above data is as of December 31, 2022 2022 ESG Performance Highlights 14
Established a multi-layer employee caring system, including the provision of overseas travel insurance for employees, subsidies for employees staying in Hangzhou during the Spring Festival, anniversary celebration etc. Multi-layer employee caring system People-oriented, Walking Together Hand-in-hand A total of 7,344 employee-times participated in employee training 7,344 training coverage rate 97% Team includes more than 40 ethnic minority employees 40+ Won the Best HR Program of 2022 Flag Awards Best HR Program of 2022 Flag Awards The customer satisfaction rate of the platform technical service center reached 93.46% 93.46% patents obtained in total (of which: 101 invention patents, 145 utility model patents) 449 copyrights obtained in total (of which: 125 software copyrights) 135 Successfully passed the annual audit of ISO 9001 certification with the audit result of “zero non-conformity items’” 0 Superior Quality for Digital and Intelligent Future The above data is as of December 31, 2022 Participated in the formulation of 7 relevant standards of the IoT 7 data security training sessions 7 2022 ESG Performance Highlights 15
Community Co-construction, Industry Co-creation Up to the end of the Reporting Period, charitable donations were worth approximately RMB4.79 million RMB4.79 million Tuya IoT smart educational lighting solution empowered over 500 classrooms 500+ Green Development, Low-carbon Operations vouchers produced are paperless 98.45% saving about 4.26 tons of paper 4.26 tons environmental violation incidents 0 *The above data is as of December 31, 2022 2022 ESG Performance Highlights 16
Adhering to integrity and compliance, and strictly abiding by business ethics are the foundation of Tuya. We actively create a clean and honest corporate culture, incorporate environmental, social and governance issues into the top-level planning and design of the enterprise, continuously improve the corporate governance structure, strengthen risk management and control measures, and protect the rights and interests of all stakeholders, firmly building a corporate foundation for sustainable development. RESPONSIBILITY AS FOUNDATION OF ENTERPRISE FOR STEADY AND LONG-TERM DEVELOPMENT 02 Responsibility as Foundation of Enterprise for Steady and Long-term Development 17
Tuya has established a corporate governance mechanism with clear responsibilities, so as to discipline itself with high standards. We have set up a standardized and orderly governance structure composed of the shareholders’ general meeting, the Board and its subordinate special committees, and the management, forming a governance mechanism with clear powers and responsibilities, mutual coordination and mutual checks and balances, and ensuring efficient and compliant corporate governance. We attach importance to the diversity and professionalism of the Board. The factors we consider include but are not limited to Board members’ skills, industry experience, background, gender, etc., so as to improve the level of corporate decision-making with comprehensive perspectives and concepts. The current Board members have extensive industry experience, covering professional capabilities in including information and technology science, cloud computing and computer applied technology, international business and economics, business administration, law, finance, accounting, investment, engineering, physics, history, and chemistry, etc. As of the date of this report, the Board of Tuya is composed of 9 directors, including 4 independent directors, accounting for more than 40%; 2 female directors, accounting for more than 20%. Besides, there are 4 females within the senior management team which consists of 20 personnel, accounting for 20%. As the highest decision-making body of the Company, the Board of Tuya has established the Audit Committee, the Compensation Committee, the Nomination Committee, and the Corporate Governance Committee. In accordance with the respective articles of these committees, the Standards for Business Behaviors and Ethics and other internal documents, these committees oversee the management of affairs of the Company. In 2022, the Company held 1 shareholders’ general meeting, 7 Board meetings (or resolutions), 4 meetings (or resolutions) of the Audit Committee, 4 meetings (or resolutions) of the Compensation Committee, 1 meeting (or resolution) of the Nomination Committee, 1 meeting (or resolution) of the Corporate Governance Committee, and 1 meeting of the chairman and non-executive directors. The convening and voting procedures of all meetings or resolutions were in compliance with the relevant provisions of the laws and regulations, the Company’s articles of association, and the rules of procedure. All voting results were legal and valid, providing a solid foundation for the Company’s standardized operation. In addition, we established a top-down ESG framework system and management mechanism in 2022, details of which are set out in the following ESG governance section. CORPORATE GOVERNANCE *“Senior management team” consists of team leaders (“TL”) of Level 1 department of the Company. 1 *Some 2022-related meetings or resolutions (such as “2022 Board of Directors”, etc.) were actually held in early 2023. 2 1 2 Qiu Changheng Huang Sidney Xuande Kuok Meng Xiong Qiu Changheng Xueji (Jerry) Wang Kuok Meng Xiong Kuok Meng Xiong Kuok Meng Xiong Qiu Changheng Liaohan (Leo) Chen Qiu Changheng Tuya Inc. Board of Directors Compensation Committee Nomination Committee Corporate Governance Committee Audit Committee computer applied technology international business cloud computing </> business administration MBA economics accounting investment Responsibility as Foundation of Enterprise for Steady and Long-term Development 18
RISK MANAGEMENT AND CONTROL Adhering to the basic concept that risk management serves the strategic goals and involves all employees, Tuya systematically carries out risk management work. In order to ensure the effectiveness of risk management and internal control systems, we have established a risk management organizational structure covering all employees, forming three lines of defense for risk control. Various business teams undertake daily business, operation management and internal supervision functions First line of defence Second line of defence Third line of defence Financial, legal, information security, risk management, compliance and other teams provide support and supervision for risk-related affairs Internal audit conducts continuous monitoring and evaluation from a perspective independent of management, and conducts regular internal audits Take actions (including risk management and internal controls) to achieve strategic goals Management Business teams Risk management teams Internal audit team Management Level Operation Level Board of Directors Evaluate and formulate the nature and degree of risk that the company accepts in achieving its strategic objectives Formulate and evaluate the company s corporate governance policies, monitor the company s compliance with the governance manual and disclosure Report to the Board of Directors and supervise the effectiveness of management s design, implementation and monitoring of risk management and internal control systems Corporate Governance Committee Audit Committee Ensure that the company establishes and maintains effective risk management and internal control systems Continuously supervise the design, implementation and monitoring of the company s management on risk management and internal control systems Governan ce Level Responsibility as Foundation of Enterprise for Steady and Long-term Development 19
Risk management practice matrix of 2022 With reference to the Corporate Governance Code of the Hong Kong Stock Exchange, the Internal Control - Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission and the Sarbanes-Oxley Act of 2022 (“SOX” Act), we engaged one of the Big Four accounting firms in the world as our consultants to assist us in continuously improving our risk management, internal control and operational effectiveness systems. We have formulated management policies such as the Tuya Risk Management Policy and the Tuya Internal Audit Policy, forming a whole-process risk management and control system covering risk classification and identification, risk control, risk assessment, risk response measures, monitoring and improvement, which effectively provide assurance to control the risks of the Company’s operations. We regularly conduct risk assessments and in-depth interviews with the personnel in charge of risk management, and further clarify risk management priorities and corresponding internal control measures based on the potential impact of identified risks and possibility of occurrence. During the Reporting Period, we identified five major risk management areas: strategy, operation, finance, information technology and compliance, along with multiple risk management factors. In 2022, we actively carried out multi-frequency and multi-dimensional internal and external audit work, and continued to monitor and evaluate risks. In addition to completing the SOX-related internal control self-assessment with the assistance of external consultants, we conducted various speical internal audit projects as needed, including financial audits, employee departure audits, procurement audits. Moreover, we engage PricewaterhouseCoopers (“PwC”) to audit our annual financial statements who issues an audit opinion each year, and we also maintain comprehensive communication with our auditors during the preparation and release of quarterly financial statements. After evaluation, the Board of Tuya was of the view that the internal control system of Tuya was sound and effective in the year of 2022, and no major defects have been found in the Company’s internal control design or implementation. While formulating the annual business objectives, the Company’s management and management team shall complete the risk level assessment, provide suggestions and measures for response to risk,which forms an important basis for guiding the annual risk management and internal monitoring work. Risk management team comprising representatives from internal control, finance, legal, quality control, safety and other departments shall provide risk control technical capability support from their respective professional perspectives, conduct daily supervision of the work of the first line of defense, and ensure the effective implementation of risk response measures. In view of various risks in the business process, we shall improve the operation process and related support system of the main business and management activities, forming and optimizing the relevant system standardization. We shall provide employees with risk-related training covering various systems and standards of business processes, business codes of conduct, business-related laws and regulations, and data security management to promote risk management culture and enhance employees’ awareness of risk management. Formulate annual risk management plan Improve standardization of the risk management process Improve employee risk management awareness Strengthen risk management team building Responsibility as Foundation of Enterprise for Steady and Long-term Development 20
ESG GOVERNANCE ESG Governance Structure We are well aware that good ESG governance is the cornerstone of achieving sustainable development of Tuya, and is of great significant importance to the Company’s stable operation of emergency crisis response and seizing opportunities. By continuously improving the top-level design of ESG governance and actively engaging in communication with various stakeholders, helping the Company better respond to the concerns of all parties. In order to better promote the Company’s ESG work, Tuya has initially established an ESG governance structure to further promote the supervision, review and management of the Company’s sustainable development effort by the Board and the management of the Company. Our top-down ESG governance structure consists of the Board, the ESG Management Committee and the ESG Work Implementation Group. ESG governance structure of Tuya Board of Directors ESG Management Committee ESG Work Implementation Group œ The Board is responsible for assessing, determining and managing ESG riskŸ œ Ensure that the Company has established a suitable and effective ESG management and internal monitoring syste œ Review and approve ESG policies and reports œ Supervise the Company's ESG matterŸ œ Advise on the Company’s ESG strategy and identify major ESG risks and opportunitieŸ œ Approve and review ESG-related policieŸ œ Review the Company’s annual ESG report, properly disclose the ESG risks faced by the Company, the measures taken and the progress of achieving the goals, and recommend the Board to approve the ESG report œ Responsible for acting on daily ESG matterŸ œ Regularly report to the ESG Management Committee of the Company Responsibility as Foundation of Enterprise for Steady and Long-term Development 21
Board’s statement The Board of Tuya is responsible for supervising the Company’s ESG matters, and participates in promoting the Company’s ESG work. In order to improve its ESG system construction, the Company has established a top-down ESG governance structure during the Reporting Period by setting up the ESG Management Committee composed of senior management, and the ESG Work Implementation Group under it, clarifying the management responsibilities of each level. The ESG Work Implementation Group is responsible for participating in the assessment of the Company’s key ESG risks, considering the possibility and impact of key ESG risks, and formulating risk response measures. The Board reviews the Company’s key ESG risks, understands the management measures taken, and makes recommendations. During the reporting period, in accordance with the framework of the Task Force on Climate-related Financial Disclosures (“TCFD”), the Company initially carried out climate change risk identification and formulated response measures. In addition, during the Reporting Period, Tuya carried out ESG performance improvement work such as setting ESG qualitative goals and improving the ESG information collection system, integrating ESG management into daily work, and continuously improving sustainable development performance. The Board has checked and reviewed the establishment of the ESG target, and will regularly review the progress of such target. This report also discloses the above-mentioned ESG-related matters in detail, and has been reviewed and approved by the Board. Communication with Stakeholders We attach great importance to the expectations of stakeholders, and actively understand and listen to their concerns about ESG management and practice of Tuya. During the Reporting Period, we conducted multi-channel, multi-platform and multi-frequency communication with internal and external stakeholders through online and offline meetings, interviews, opinion surveys and business visits to enhance stakeholders’ understanding and recognition of the Company, and improve the corporate governance standards and overall corporate value. We incorporate the opinions of stakeholders including those of employees, customers, investors, suppliers, regulatory and competent authorities, community, downstream end users and public into the ESG governance and decision-making process, and respond to the concerns of stakeholders through this report. Responsibility as Foundation of Enterprise for Steady and Long-term Development 22
Major stakeholders Employees Customers Investors Suppliers Regulatory and competent authorities The community, downstream end users and the public Issues of concern b Employmlsk b Divlrhity asd isclchior b Laoor practiclg b Employll occcpatiosal hlalth asd hafltn b Employll traisisg asd dlvllopmlst b Isformatios hlccrity asd privacy protlctior b Cchtomlr hlrvic‹ b Prodcct haflty asd qcalitn b Esvirosmlstal impact of prodccth asd hlrviclg b Rlhposhioll markltisg b Bchislhh modll asd prodccth asd hlrviclg b Corporatl govlrsascl asd compliascl isformatios dihclohcr‹ b Employllh, orgasizatios ocildisg asd corporatl ccltcr‹ b Isformatios hlccrity asd privacy protlctior b Bchislhh lthich b Bchislhh lthicg b Scpply chais masaglmlst b Compliast oplratiosg b Bchislhh lthicg b Laoor practiclg b Istllllctcal proplrty righth protlctior b Esvirosmlstal masaglmlsk b Climatl chasgl asd grllshochl gah lmihhiosg b Îahtl masaglmlst b Commcsity isvlhtmlst asd dlvllopmlsk b Promotios of isdchtry dlvllopmlsk b Prodcct haflty asd qcalitn b Esvirosmlstal impact of prodccth asd hlrviclg b Rlhocrcl ctilizatios Communication channels and response methods b HR mailoox asd istlrsal commcsicatios hoftwarl (HR hlrvicl dlhk b Tcya ccltcrl colcms (hcch ah “Yoc Yi Shco Yi , “Tcya Biwllkly , ltc. b Employll commcsicatios mlltis( b “Osl to osl commcsicatios oltwlls TL asd lmployllh, istlrsal tlam mlltisgg b Tlam ocildisg activitilg b Employll traisisg asd oslisl cocrhlh b “Iros Triasgll modll for cchtomlr hlrvicl asd hcppork b Cchtomlr hlrvicl chassllh hcch ah platform oslisl hcppork b Sitl vihik b Daily commcsicatios oy mlash of tlllphosl, lmail asd commcsicatios hoftwar‹ b Exhioitiosh asd ochislhh lvlsth b Tlllphosl, commcsicatios hoftwarl, isvlhtor rllatiosh lmaiq b Thl Compasy h official wlohitl, slw mldia platfora b Exchasgl sltwork isfrahtrcctcrl platfora b Qcartlrly, hlmi asscal asd asscal rlhclth cosflrlscl callg b Sharlholdlrh glslral mlltisgh, roadhhowh, asalyht mlltisgh, os hitl hcrvlyh asd lxchasgl hlmisarh b Os hitl hcrvlyh asd lvalcatior b A hlrilh of complltl proclhhlh isclcdisg hcpplilr ahhlhhmlsk b Day to day commcsicatios asd mlltisgh b Prlhh rlllahlh/prlhh assocsclmlstg b Rlgclar commcsicatior b Policy coshcltatior b Isformatios dihclohcrl b Prlhh rlllahlh/prlhh assocsclmlstg b Charity lvlstg b Isdchtry cooplratior b Markltisg activitilg b Isformatios dihclohcr‹ b Social mldiº b Thl Compasy h official wlohitl, slw mldia platform Rlhposhioility ah Focsdatios of Estlrprihl for Stlady asd Losg tlrm Dlvllopmlst 23
ESG Material Issues During the Reporting Period, we carried out the identification of material issues with reference to the disclosure guidelines of the Stock Exchange, sustainable development issues that capital market rating agencies pay attention to, and issues disclosed by peers. We distributed and collected 115 survey questionnaires on material issues to internal and external stakeholders to understand the expectations of internal and external parties on Tuya’s response to and disclosure of ESG issues, so as to sort out, analyze and summarize the issues of concern to major stakeholders. According to the analysis results, we ranked the materiality of each issue from two aspects - the materiality to the sustainable development of Tuya and the materiality to external stakeholders, and identified 12 issues of high importance, 8 issues of medium importance, and 2 issues of low importance. Tuya 2022 Materiality Matrix Issues of medium importance Issues of high importance Supply chain management Employee occupational health and safety Promotion of industry development Corporate governance Community investment and development Employee training and development Environmental management 13 15 17 19 14 16 18 20 Climate change and greenhouse gas emissions Issues of low importance Waste management Resource utilization 21 22 Data security and privacy protection Customer service Intellectual property rights protection Product safety and quality Compliant operations Employment Diversity and inclusion Business ethics Responsible marketing Employee communication Labor practices 1 3 5 2 4 6 7 9 11 8 10 12 Environmental impact of products and services Low Materiality to the sustainable development of Tuya High Materiality to external stakeholders High 13 14 15 16 17 19 20 18 21 22 1 2 3 4 9 10 6 7 11 12 5 8 Social issues Governance issues Environmental issues Analysis of material issues of Tuya Identify potentially material issues Analysis of issues of concern to the capital marke Focus on compliance requirement, Conduct peer benchmarking analysis Conduct interviews with management and employee, Develop Tuya stakeholder questionnaire Conduct stakeholder surveys Form a matrix of material issues Understand the priority issues of concern to all parties and form a matrix of material issue, Focus on the disclosure of relevant issues in the report Responsibility as Foundation of Enterprise for Steady and Long-term Development 24
BUSINESS ETHICS Tuya strictly abides by the relevant laws and regulations of each place of operation, and integrates business ethics and compliance management into the Company’s day to day operations through the construction of a business ethics system and a compliance culture. We have formulated a business ethics code system consisting of internal policies such as the Employee Business Code of Conduct, the Integrity Management Standards, and the Tuya Anti-bribery and Anti-corruption Compliance Policy, covering anti-corruption, anti-monopoly, anti-money laundering, anti-discrimination, conflict of interest and independence, whistleblowing, insider trading, information protection, fair trade, and environment, health and safety requirements, and specified in the Employee Business Code of Conduct sanctions and penalties of violation to further guide and restrain the behavior of employees. We formulated the relevant management process in the early years. In 2021, the Board reviewed such internal policies, management processes and measures. In particular, the Board approved a series of policies including the Anti-corruption Policy, and re-examined and approved them before the listing in Hong Kong in 2022. The business ethics code system of Tuya not only covers all our employees, but also puts forward basic requirements for compliant operations to our customers, suppliers and partners, so as to jointly create an atmosphere of integrity and honesty. We have signed integrity agreements with all major suppliers, covering product’s environmental friendliness, integrity commitments, quality assurance, social responsibility, etc. During the Reporting Period, our business ethics policies covered 100% of employees, customers, suppliers, partners and other relevant parties. Tuya adopts a “zero tolerance” attitude towards any retaliation for whistleblowing. We strictly abide by the relevant regulations on the reporting of violations and the protection of whistleblowers in the Employee Business Code of Conduct and the Basic Human Resources Policy of Tuya, and maintain unobstracted channels for compliance whistleblowing. Relevant internal and external parties of the Company can report with real names or anonymously through our public whistleblowing mailbox integrity@tuya.com. We have established a complete reporting process, and any information involved in the whistleblowing and investigation process is kept strictly confidential. Any person or unit is strictly prohibited from retaliating against whistleblowers in any form. Tuya regularly organizes business ethics training to raise employee awareness and promote the construction of an internal business ethics culture. We have promoted courses such as anti-corruption compliance, anti-money laundering, information security and compliance awareness training as compulsory courses to all employees of the Company. In addition, 9 Board members of Tuya participated in training related to compliant operations. During the Reporting Period, according to the information available to us, there was no lawsuit related to corruption, bribery, money laundering, monopoly and other violations of business ethics against the Company or the employees of the Company. 100% of employees, customers, suppliers, partners and other relevant parties Business ethics policies covered Responsibility as Foundation of Enterprise for Steady and Long-term Development 25 Whistleblowing handling process of Tuya Receive reports The human resources department and the internal audit and internal control department are responsible for managing the Tuya whistleblowing mailbox and responding to the reported matters A reported matter handling team is formed by one management member from each of the human resources department, the legal department, the finance department, and the internal audit and internal control department to conduct detailed investigation on the reported matter Handle investigation Record and track The internal audit and internal control department is responsible for recording and tracking the investigation results and subsequent handling plans of all reported matters
Technological innovation has changed people’s lives and brought new business opportunities to Tuya with a more open, inclusive and integrated technology design philosophy, as well as high-standard data security and privacy protection measures, Tuya brings intelligence into thousands of households and creates the ultimate experience for consumers. We take continuous iterating innovation as the core competitiveness of the enterprise, solid product quality as the basic driving force of the enterprise, and satisfying customer needs as the highest innovation force, empowering the digital and intelligent transformation of customers and the society, and promoting the sustainable development of the society. SUPERIOR QUALITY FOR DIGITAL AND INTELLIGENT FUTURE 03 Superior Quality for Digital and Intelligent Future 26
DATA SECURITY AND PRIVACY PROTECTION Data security and privacy protection is one of the highest priorities for Tuya in the smart industry ecology. We are always committed to providing customers with consistent, reliable, secure and compliant services, effectively protecting the security, confidentiality and integrity of the data of our customers and their users, and building a comprehensive cloud platform security system. We are constantly enhancing our technical capabilities in data security and privacy protection, and safeguard security compliance requirements for Tuya’s global business layout through comprehensive management and control measures, with a view to deliberately coping with the global security challenges amid the progress of the Internet of Everything, technological iteration, and the development of the times. During the Reporting Period, Tuya has further comprehensively improved its data security protection capabilities. We have achieved outstanding results in our research and development (R&D) security, operation safety, security compliance, business security, security emergency response and security awareness improvement. Based on the deep promotion of DevSecOps (“Development, Security, Operation”) progress, Tuya has comprehensively improved the overall standard of quality of R&D security in terms of the following aspects. Research and Development security Tuya’s self-developed black box scanner can effectively realize monitoring of historical vulnerabilities. Currently, Tuya's self-developed scanner conducts scans of: the public network once a day, the online intranet once a month, and the office network once a week. Additionally, the security tools in DevSecOps cover 100% of the applications released through the DevOps platform. Moreover, Tuya also adopts other scanning and defense tools and measures. During the Reporting Period, Blackduck, code audit and image scanning have realized full component upgrades, with the ability for research and development (“R&D”) to handle normal matters on its own. During the Reporting Period, we produced 123 security review reports. with a passing rate of 99.18% with more than 260 participants 260+ more than 360 participants took the Java security coding exam 360+ 99.18% Organized 7 professional security skill training sessions 123 7 During the Reporting Period, we produced 412 security testing reports. 412 R&D of tools Operation with rules Security review Security training </> Superior Quality for Digital and Intelligent Future 27
Tuya has independently developed security protection tools, comprehensively improving the safe operation of each platform and the security protection capabilities. During the Reporting Period, Tuya launched a self-developed security product - Security Orchestration, Automation and Response (SOAR). This product is based on the analysis of incidents in the early stage of orchestration and automation, and integrates existing security technologies to the greatest extent through intelligent orchestration and response, improving the life cycle management of security incidents and the ability and efficiency of security incident resolution. Operation Safety WAF RASP Wazuh 3 4 5 defended against network attacks with a year-on-year growth rate of 393.9% 393.9% added 26 new rules 26 added 32 new rules 32 added 3 new rules 3 optimized 33 rules 33 optimized 59 rules 59 optimized 20 rules 20 the number of nodes covered increased by approximately 100% year-on-year 100% Our detection capability of abnormal requests has been further enchanced significantly further enchanced significantly During the Reporting Period During the Reporting Period During the Reporting Period Superior Quality for Digital and Intelligent Future 28 WAF (Web Application Firewall) is a type of firewall that helps protect web applications from attacks. It is designed to protect against common web application vulnerabilities. 3 RASP (Runtime Application Self-Protection) is a security tool that is designed to protect applications from various security threats by adding security controls directly into the application runtime environment. 4 Wazuh is a popular open-source security tool that provides host and endpoint security monitoring and threat detection for public and private cloud environments, as well as local environments. 5
Security awareness improvement, industry security development in practice published 64 articles 64 epresenting a year-on-year growth rate of 113.3% 113.3% with a year-on-year growth rate in reading volume of about 50% 50% representing a year-on-year increase of over 1 million over 1 million with a total reading volume of over 3 million over 3 million published 11 articles 11 published 24 technical articles on external mainstream security media 24 The internal official account of Tuya Security The external official account of Tuya Security Superior Quality for Digital and Intelligent Future 29 ¢ Tuya verification code has been integrated with its IoT platform, voice services, building SaaS, community SaaS, SaaS development frameworks, “quick-to-build” programming platforms and other businesses to provide verification services for Tuya ›loud and Appš ¢ The certificate management platform has supported security management of internal and external certificates, including support for Matter project. At present, the certificate management platform has integrated hundreds of security management certificatesš ¢ The privileged account and confidentiality management platform provides multiple access methods to promote the connection of cloud platform accounts, operation and maintenance of privileged accounts, business ak/sk, etc., through SDK or privileged account system for operation and maintenance of applications and online services. At present, hundreds of third-party accounts have been connected. During the Reporting Period, the Tuya security team successively launched the Tuya verification code, certificate management center, third-party account management platform, and confidentiality management center management platform, effectively reducing the occurrence of risk events such as credential stuffing, fake registration, information theft, and “wool-pulling (i.e. unfairly benefiting from various vulnerabilities)”, and effectively reducing the risk of business loss. Business security
Ensuring Cyber Security We strictly abide by the laws and regulations related to cyber security applicable to where we operate, including but not limited to the Network Security Law of the People’s Republic of China, the EU’s General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act, the U.S. Cybersecurity Information Sharing Act, etc. We fully identify various cyber security legal risks, and have formulated a series of cyber security management policies and strategy documents such as Internal Audit Management Policy, Application Security Management Policy, and the Data Security Management Policy, to protect the information and data security of our software platform. Tuya is committed to providing customers with IoT access services that are consistent, reliable, safe, and in compliance with regulatory requirements. In order to better protect user information security, we think from the perspective of consumers and have established a complete security assurance system at the technology foundation to ensure that our information security support meets local compliance requirements. We have successively released and continuously updated the Tuya White Paper on Information Security & Compliance, the Tuya General Data Protection Regulation (GDPR) White Paper, and the Brazil’s Lei Geral de Proteção de Dados (LGPD) White Paper to provide customers and users with a more comprehensive and systematic understanding of the information security compliance management measures of Tuya, and a deep security insight into the Tuya cloud platform. The professional technical experience of attack protection of Tuya’s security team and well-known security service providers around the world provides security operation and maintenance services for our cloud platforms, effectively protecting the safe operations of Tuya Cloud, and ensuring the privacy and data security of customers and users . Tuya Network Security Commitment Tuya Smart White Paper on Information Security & Compliance Tuya GDPR White Paper Brazil’s Data Protection Law LGPD White Paper Superior Quality for Digital and Intelligent Future 30
Basic Service Security of Cloud Platform Tuya uses world-renowned and technologically advanced hosting service and cloud computing providers (such as Amazon Cloud, Microsoft Cloud, Tencent Cloud, etc.) to build its own cloud security management model, fully covering the security of data, access control, and cloud services, ensuring the full-chain security of data for users and customers when using, accessing, and storing information. Cyber Security Compliance Governance In order to ensure the information security of cloud, we have established a professional and complete security compliance team at the executive level, with full-time dedicated personnel supporting Tuya Cloud’s cyber security assurance, data security, privacy compliance, security assessment, and operation and maintenance. We also cooperate deeply with external and authoritative security privacy consultants and world-renowned law firms to ensure that the Tuya cloud network and compliance system architecture is controllable, credible and reliable at every level of data security assurance. Tuya has established the Compliance Committee, which is chaired by our key founder. Members of the committee include senior management such as the CFO, CTO, and CIO. Together they are committed to ensuring the information security and compliance of Tuya, and providing Tuya (including its operations and business stakeholders) with guidance and support on the aspect of information compliance. The Security Compliance Committee holds a formal meeting every six months to discuss the realization of security compliance goals and the main goals of the next stage, and to review, evaluate and summarize information security and compliance work. Security compliance team Compliance Committee Information security Privacy compliance Security of data Security management of customers’ business data in the cloud computing environment, including collection and identification, classification and grading, permission and encryption, privacy compliance, etc. Security management of business-related application systems in the cloud computing environment, including the design, development, release, configuration and use of application and service interfaces Management of access control Security of cloud services Management of access rights to resources and data, including user management, permission management, identity verification, etc. Superior Quality for Digital and Intelligent Future 31
Scope of cloud security management of Tuya Edge Acceleration Nodes São Paulo, Brazil Bogotá, Colombia Stockholm, Sweden Nairobi, Kenya Singapore Querétaro, Mexico Melbourne, Australia Osaka, Japan Global Data Centers AZURE (Amsterdam) Data Centre TencentCloud (Shanghai) Data Center AWS (Mumbai) Data Centre AZURE (Virginia) Data Centre AWS (Frankfurt) Data Centre AWS (Oregon) Data Centre Superior Quality for Digital and Intelligent Future 32 AWS (Oregon) Data Centre AZURE (Virginia) Data Centre AZURE (Amsterdam) Data Centre AWS (Mumbai) Data Centre TencentCloud (Shanghai) Data Center AZURE（法兰克福）数据中心 AWS (Frankfurt) Data Centre
Adhering to the basic principles of data protection, Tya collects data nder the premise of protecting personal privacy rights. Cstomers' athoriation or sers' consent to data collection is or main legal basis. Data are collected while protecting sers’ or cstomers’ right to know and nder the necessary principle of the services. We abide by the principle of minimiing data collection. Dring the design stage, the compliance analysis team condcts risk and compliance assessment on sensitive data to ensre legal compliance of data collection. Tya Clod provides different data storage services for different bsiness scenarios, and ses AES256 to encrypt and store cstomer or ser data. Sensitive data are desensitied as necessary. We select different local data service data centers in varios operating locations arond the world, and provide corresponding data services according to the regions where sers are located, ensring high reliability and high availability of data and services at the physical level. Tya strictly implements data classification and grading to clarify the scope of data assets, and distingishes personal information, platform information and data and enterprise internal data according to the Tya Information Classification, Grading and Management Policy, imposing corresponding secrity reqirements and treatments according to different data types and levels. We strictly prevent and control data access rights and leakage risks throgh data access control, data filtering, data aditing, display desensitiation, and personal information psedonymiation measres. Tya abides by the principle of minimiing data retention period. The personal information retention period is the shortest time necessary to achieve the prpose. If the retention period is exceeded, we shall delete or anonymie the ser data at the reqest of cstomers, and retrn sch data to the cstomers safely. Cstomers have the right to decide on data retention strategy and inform Tya in a timely manner that sch data are for service prpose, etc. When cstomers reqest to delete the data or have the data retrned, we shall follow sch clear instrction. We se the world’s top encryption algorithm to ensre the commnication and transmission of data between terminals, inclding between devices and clod, between APP and clod, and between devices. The data transmission process in the Tya's soltion ndergoes strict integrity verification and commnication certificate verification. For special contents inclding passwords, they are transmitted sing irreversible encryption or desensitiation technologies. Data collection Data storage Data processing Data retention Data transmission Tya’s management measres in the entire life cycle of data Tya practices the bsiness philosophy of “prioritiing ser vale in all aspects of operation”, and pays special attention to establishing a long-term and sstainable mtal trst relationship with cstomers. Starting from the perspective of the entire life cycle of data, or data secrity system adopts both “management” and “technical” means to carry ot comprehensive and systematic constrction to ensre data secrity in all links in the life cycle of data. We have formlated a comprehensive data leakage emergency plan and emergency response mechanism. In accordance with the Tya Secrity Incident Emergency Plan, the Information Leakage Incident Emergency Plan, the Emergency Response Plan and Handling Policy, systems and reglations, we have the capabilities to make correct, orderly and efficient emergency response to varios types of asset and secrity risk events, effectively ensring the normal operation of bsiness. We reglarly carry ot offensive and defensive drills as simlations to the occrrence of data leakage incidents, so as to improve the blocking, detection and response capabilities of or secrity protection system. Sperior Qality for Digital and Intelligent Ftre 33
Tuya complies with domestic and international information security standards and industry requirements, integrates compliance requirements and standards into our internal control framework, as well as our cloud development platform and products. We regularly carry out internal and external audits and certification work related to cyber security on the cloud service platform and internal systems. During the Reporting Period, the internal and external audit projects that have been carried out and passed during the Reporting Period are as follows: B Regularly carry out an internal security audit project every yeaL B Test contents include 2 offensive and defensive drills and 2 network-wide asset penetration tests B SO 27001, ISO 27017, ISO 27701, CSA STAR, CSPEC level 3 protection annual auditsf B AICPA SOC2 TYPE II & SOC3 auditsf B App security privacy compliance detection Internal audits External audits External Audit and Certification Superior Quality for Digital and Intelligent Future 34
The certifications of security management system that Tuya has obtained include ISO/IEC 27001:2013, ISO/IEC 27017:2015, and ISO/IEC 27701:2019, and CSA Star gold medal. We regularly conduct information security-related audits and assessments every year to improve our supervision and protection levels in terms of cyber security system operation, information security and privacy protection. ISO 27001 certification ISO 27017 certification ISO 27701 certification CSA STAR certification Tuya has obtained and renewed numerous external cyber security certifications: EU’s General Data Protection Regulation (GDPR) Certification California Consumer Privacy Act (CCPA) compliance audit China Cyber Security (Level 3) Protection Filing Certification Privacy policy and privacy-related controls – TRUSTe Certified Privacy AICPA SOC 2&3 compliance control measures and targeted audit The Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and QuébecBill 64 Superior Quality for Digital and Intelligent Future 35
Employee Cyber Security Training Tuya attaches great importance to the construction of internal cyber security culture and the cultivation of security awareness. We actively carry out training related to cyber security, and update and publicize data security-related legal risks, preventive measures, technical means and other related knowledge in a timely manner. Upon the promulgation of latest laws and regulations related to data security, the security compliance team and legal team will timely identify and analyze the requirements and the impact thereof, and interpret and publicize relevant laws and regulations in the compliance information bi-monthly newsletter through Tuya’s internal security compliance service account in WeCom.Every year, we carry out various security compliance learning, launch training courses, and conduct a security compliance awareness exam covering all employees. Tuya’s compliance information bi-monthly newsletter Tuya’s security and compliance awareness training and exam During the Reporting Period, Tuya cyber security training activities reached 1,738 number of participants 96.41 100 participation rate passing rate % % Superior Quality for Digital and Intelligent Future 36
Protection of Personal Information and Privacy Tuya attaches great importance to the protection of personal privacy of end users, and complies with the relevant laws and regulations applicable to where we operate, explicitly defined that the ownership of data belong to individual users. Based on the core principle of minimizing retention period of users’ personal information, we have formulated the Tuya Data Retention Strategy. Tuya promises that the retention period of users’ personal information is the shortest time necessary to achieve the purpose. If the retention period is exceeded, we shall delete or anonymize the user data on request. We have issued public policies on privacy protection such as the Privacy Policy and the Third-Party Information Sharing List to further clarify and inform end users and customers of Tuya’s commitment and practices in terms of personal information and privacy protection. The Privacy Policy of Tuya Superior Quality for Digital and Intelligent Future 37
Opt-in principle Principle of least sufficient, that is, pricinple of data minimization Principle of openness and transparency Disclose the scope, purpose, rules, etc., of processing personal information in a clear, understandable and reasonable manner, and accept external supervision. Principle of security assurance Have security capabilities that match the security risks to be faced with, and take adequate management measures and technical means to protect the confidentiality, integrity, and availability of personal information. Principle of subject participation Provide users with the means to access, correct, and delete their personal information, as well as withdraw consent, cancel their accounts, etc. Take responsibility for any damage to the users’legitimate rights and interests, which are caused by our activities of processing personal information. Have a legal, legitimate, necessary, and clear purpose of processing personal information. Clearly state the purpose, method, scope, rules, etc., of processing personal information to users, and seek their authorization and consent. Unless otherwise agreed with users, only the minimum types and amount of personal information required to meet the purpose authorized by the users shall be processed, and no information that is unrelated to the service shall be collected, stored, requested, provided, or transmitted. Upon the purpose is achieved, personal information shall be deleted promptly according to the agreement. Principle of consistency in rights and responsibilities Principle of clear purpose C Tuya strictly follows the principles of lawfulness, justifiability, necessity, and integrity and has formulated the “seven principles of user information processing , ensuring the rights and autonomy of user rights to the greatest extent while providing high quality services. Users are provided with the right to know, the right to access, the right to be forgotten, the right to delete information, the right to rectify, the right to restrict processing, etc., to build a comprehensive personal privacy protection system. Superior Quality for Digital and Intelligent Future 38 Tuya s seven principles of user information processing
PRODUCTS AND SERVICES Innovative Products As a pioneer in the wave of IoT, Tuya actively explores the best industry practices for business, product, and scenario intelligent transformation amid increasingly prosperous industry development and competition. With the protection of intellectual property rights as the core, we continue to promote product innovation, wholeheartedly provide our users with smart products and services, and convey the power of technology to the public. Through its self-developed cloud platform with high scalability and high value, and the complete product models and solutions covering the cloud, user end, and device end at the same time, Tuya empowers customers, brands, channels and other ecological partners in their respective sector field to grow and develop rapidly or consolidate their market share, supports terminal enterprises and consumers to enjoy a more simple and convenient software-based experience of smart scenarios and life, and actively promotes the long-term development of the IoT sector through continuous technological iteration. Superior Quality for Digital and Intelligent Future 39
IoT PaaS Green Device Solution Under the background of global response to climate change and vigorous promotion of green and sustainable development, the demand for low-carbon and smart transformation of enterprises is becoming more and more pressing. With sensitive market insight, Tuya has created a variety of smart and green product solutions including smart gateways, circuit breakers, smart lighting, energy-saving electrical products such as smart sockets with low power consumption or with power statistics functions based on the capabilities and standards of the Tuya IoT cloud platform, which help customers quickly realize the development of green and smart products and seize market opportunities. Tuya helps customers and partners achieve green, low-carbon, energy saving and environmentally friendly solutions in more vertical industries by empowering various consumer electronics categories across household, commercial and industrial fields. In 2022, Tuya has created a series of IoT solutions for energy-saving and efficiency-improving products, covering categories such as smart meters, charging piles, green energy solar inverters, and energy storage lithium batteries. The smart charging pile solution created by Tuya includes all-round intelligent capabilities and product service support such as device access, IoT basic cloud service, business middle platform, SaaS and application system, after-sales and installation and maintenance services, etc., enabling charging pile products to realize a number of intelligent functions, empowering customers to charge on demand, saving energy and costs, and improving operating efficiency. Tuya new energy charging pile solution ¦ Quantitative charging: charge according to the preset power on demand, stop when the set power is reached, better protect devices and meet personalized energy need‹ ¦ Scheduled charging: schedule off-peak charging according to the price difference between peak and off-peak electricit ¦ Delayed charging: switch on charging pile after a delay of 0-12 hour‹ ¦ Provide detailed time specified warning queries in the rime dimension and conduct remote diagnosis of fault‹ ¦ Realize demand response management side and avoid peak hour‹ ¦ Export electricity consumption data and electricity bill data report, provide data insight to better plan electricity consumption Superior Quality for Digital and Intelligent Future 40
Smart Industry SaaS – “4+1” integrated solution Xtep’s new ninth-generation image store project is located in the core business district of Shenzhen. Surveys found that offline stores generally face the following difficulties: J high daily operating costs for physical store9 J inability to repair equipment damage in a timely manneA J large power consumption High operating costs J uninspiring physical stores image; few customers entering the store; low purchase conversion rat` J the dull lighting environment that fails to stimulate customers’ purchase desir` J poor customer shopping experience that shortens customers' staying time Low conversion rate of marketing and promotion J fragmented store sales and operational dat£ J inability to obtain insights of consumer behavior preference9 J hinder effective solutions for business decision-making Fragmentation of behavior data Tuya Smart Business provides four standard SaaS, namely Smart Residential, Smart Hospitality, Smart Commercial Lighting & Building, and Smart Home & Community, as well as a comprehensive solution based on the product capability components of the above four standard SaaS, namely the “4+1” integrated solution. On the other hand, we have prepared a rich hardware product portfolio for our customers to help them select their products quickly and form the best fit with our SaaS products. The “building block” product architecture design of such an integrated software and hardware solution not only supports various vertical business smart scenario needs of different customers such as hotels, apartments, buildings, homes, and properties, but also meets the horizontal needs of their energy management categories by adopting the energy management model independently developed by Tuya. While realizing the intelligent transformation of the whole scenario, it achieves personalized energy saving and consumption reduction, more accurately meeting the needs of various indicators and goals in their own business scenario operations. Case: Smart commercial lighting solution for Xtep flagship store 1 2 3 To echo the features of the business district, the customer planned to integrate cutting-edge elements such as fashion, technology, and intelligence to create an immersive shopping experience, attracting precise customer groups and increasing consumption frequency. At the same time, they aimed to achieve the goals of green, energy-saving, emission reduction, and cost reduction through smart systems. In order to create a benchmark store with a new image of Xtep, the customer decided to upgrade the store with intelligent transformation - using Tuya's smart commercial lighting solution. Superior Quality for Digital and Intelligent Future 41
After the project customer used Tuya’s smart commercial lighting solution 21.1 the energy consumption of the store was reduced 72kWh the average daily power consumption was reduced % Transformation highlights: k Manage devices through the remote system on the mobile terminal, and create a comfortable shopping experience k Automatic execution of scenario-based energy-saving strategy to set up scenario templates such as day and night, peak hours, etc., according to needs and operating models k Smart linkage and efficiency-enhancing marketing of store customers to monitor customer flow and distribution area, focusing on consumer groups k Visualized management of energy consumption data; large-screen data notification management; one click for reports k Customer flow analysis to upgrade consumption experience：Smart Jack-o’-lantern lights are installed in the store, which can count the customer flow and its distribution area within the store, assisting in tracking future consumer demographics and upgrading their shopping experience. k Lighting atmospheres to create an immersive shopping experience：The store uses smart lighting systems, such as the spotlights on the top of ceiling, which can be connected to mobile devices to intelligently control the brightness of the lights, and use different lighting atmospheres at different times to continuously optimize shopping experience and environment, improve consumers’ shopping experience, and save energy and reduce emission. Superior Quality for Digital and Intelligent Future 42
Himalaya 24h Urban Study Room raised their need to build smart and unattended chain stores and manage the status of all operating stores at the headquarters. Tuya’s smart commercial lighting solution provides a smart and flexible operation scenario for Himalaya 24h Urban Study Room, which can automatically adjust the brightness of lighting and operation status according to customer flow, and monitor energy consumption data, providing great convenience for digital operation management. Tuya’s smart commercial lighting system can also be integrated with smart facilities for convenience services such as shared power banks, shared charging piles, and vending machines by flexibly selecting multiple scenarios, which greatly improves user experience. As a complete commercial lighting IoT control system supporting multi-protocol compatibility, Tuya’s smart commercial lighting solution greatly satisfies the device management and energy management needs of green buildings. In the future, Tuya Smart Business will continue to use the form of integrated software and hardware solutions to help more partners lead the trend in creating smart commercial scenarios, incorporating organic linkages between smart stores, smart buildings, smart communities, smart digital business circles, and smart hotels, playing more active roles in the field. f Visual device managemenn f Energy consumption classification and sub-item statistic‚ f Alarm and abnormal alern f Automated permission control managemenn f App SDK docking and API interface integratiox f A variety of application scenario APIs to meet user insight analysis need‚ f App control and flexible management Smart commercial lighting can help achieve: Case: Smart commercial lighting solution for Himalaya 24h Urban Study Room Superior Quality for Digital and Intelligent Future 43
A three-end (cloud, device end, and APP end) integrated solution On-sales After-sales Dedicated Expert Teams Powerful Technical Support Robust Operation Support One-stop Hosting Service Pre-sales Pre-Sales Services Complete Emergency Mechanisms The Cube smart private cloud product of Tuya can help developers build a scalable private IoT platform that handles device connection and management, application development, and data analysis, becoming the “best assistant” for customers’ digital and intelligent transformation. As a smart private cloud software product, Cube provides enterprises with a digital base incorporating multi-channel device connection platform, device management platform, scenario visualization platform, AI functions and other capabilities to enhance the independent IoT management capabilities of enterprises. Brand, channel and industry customers can carry out secondary development and develop their own IoT platform applications by leveraging Tuya’s rich open platform OpenAPI (Open Application Programming Interface), App software development kit (“SDK”) and other open source software. For large-scale corporate customers with complex businesses and high data security requirements, Cube can help them build IoT platforms and business independently, flexibly and cost-effectively, save R&D costs, create intelligent scenarios connecting all things, build a rich and exclusive smart ecology, and gain a competitive edge amid fierce market competition. Corporate-level IoT solution - Cube smart private cloud (“Cube”) Superior Quality for Digital and Intelligent Future 44
Quality Assurance Software Quality and Delivery Tuya has always been committed to providing high-quality software products and services. Whether it is software and technology for in-house use, such as Tuya IoT cloud platform, or customer-oriented software delivery, we have been following the highest standards to ensure the Tuya quality. In order to efficiently and accurately execute the above-mentioned R&D process, Tuya has self-developed relevant assurance tools: Automated change and deployment of the production environment by means of platform tools to ensure accurate software release operations. The software environment is regularly maintained and updated manually, and the stable operation of production environment is assured at all times through monitoring and alarm configuration. To ensure the accuracy and completeness of development requirements through detailed analysis and confirmation of requirements. R&D personnel conduct detailed design of the software, including architecture design, module design, interface design, etc., to ensure the maintainability and scalability of the software. To follow the programming specifications formulated by the Company to ensure the readability and maintainability of coding, and conduct code review and unit testing at the same time to ensure the correctness and stability of the code logic. In this stage, our team ensures software quality and stability through functional testing, performance testing, security testing, etc. Requirements analysis Design stage Coding stage Testing stage Release stage Maintenance stage Project management platform In order to ensure the strict execution of the process, Tuya builds and uses a self-developed project management platform, and tracks the implementation of the project process throughout the chain from demand collection to software development and delivery, so as to ensure every stage of software development can complete the set goals accurately and on time. In the software testing stage, Tuya uses the self-developed research and testing platform to return automated test cases to avoid the impact of functional changes on the original business; at the same time, track testers enter and manage the use cases of functional changes to ensure test case coverage and improve software quality. Research and testing platform Operation and maintenance platform The Company s self-developed DevOps platform can realize automatic code submission, review and release of the entire software during the software development and maintenance stage, automatically monitor the production environment according to the configured alarms of the system configuration after the software goes live, and notify the relevant person in charge in real time through text messages, emails, etc., to achieve 7*24 assurance of stable operation of production environment. To sum up, we will carry out strict control and management at all stages of software development to ensure the quality and stability of software. We put assurance on software quality through the following software development process mechanisms: Superior Quality for Digital and Intelligent Future 45
Hardware Component Quality As an all-in-one complete product, apart from cloud deployment and App end developing capabilities, our IoT PaaS product includes an IoT cloud module embedded with Tuya OS operating system software. In addition, our smart device distribution business that “provides convenience to customers” also includes the purchase and sale of smart hardware devices. Besides assuring the security of Tuya’s cloud platform and software delivery, we recognize that in integrating products, the delivery quality of excellent hardware components also enables Tuya to provide corporate customers with high-value and excellent IoT integrated products and ensure the best IoT device experience for end users and stability as our core business barrier. We have established a complete quality management system, an assurance system centered on quality which deepens the concept of quality control. We empower the industrial production line of upstream and downstream through technological means to improve the delivery quality of finished smart devices, and at the same time join hands with industry partners to create high-quality standards in the IoT industry. Tuya strictly abides by the Product Quality Law of the People’s Republic of China, the Consumer Rights Protection Law of the People’s Republic of China, the ISO 9001 Management System Standards and Specifications and other relevant laws and regulations in each place of operation or international standards and specifications. We have formulated a series of staged quality control documents including the Quality Manual, the Product Strategy and Program Management Process, the Product Design and Development Process, and the Product Delivery Process to provide for vertical management and product quality assurance. We passed the ISO 9001:2015 quality management system certification in 2018, and have always been committed to continuously improving and refining our quality system and product quality. During the Reporting Period, we successfully passed the annual audit of ISO 9001 certification with the audit result of “zero non-conformities”. Tuya’s ISO 9001 quality management system certificate Product Full Life Cycle Management We integrate quality control measures and management details into the full life cycle process of products, and create quality assurance measures based on the two dimensions of product R&D and product manufacture. Quality control measures for product R&D R&D project management È Product pre-R&D and feasibility analysisÃ È Implement the full life cycle control process comprising engineering verification test (EVT), design verification test (DVT), small batch process verification test (PVT), mass production phase (MP), end of life cycle (EOL) full life cycle control process È Create tasks with task templates, push forward to responsible persons, and track project progress to ensure quality and quantityÃ È Conduct design review, printed circuit board (PCB) design review, trial mass production review and other review management through the platform, strictly controlling each node of project È Build a reliability use case librar È Carry out aging tests to prevent product quality problems caused by design and R&D risks Project task platform management Design issue databse management Superior Quality for Digital and Intelligent Future 46
As an IoT cloud development platform that helps enterprises to realize the intelligent transformation of devices , the cloud, App, and edge software capabilities provided by Tuya need to be closely integrated with various hardware including IoT chips. The prerequisite for IoT devices to provide end users with various software and scenario capabilities is: safe and reliable device use, real-time and stable connection and response. These aspects will be affected by software and hardware compatibility, hardware performance, hardware design, factory production technology and process and other aspects. Therefore, Tuya has been active in obtaining various certifications for smart hardware products to ensure the best delivery and reputation of our products and functions. As of the end of the Reporting Period, we have passed ioXt certification for 2 Apps and 9 cloud modules, as well as the Capability Maturity Model Integration (CMMI) Level 3 certification. Our smart IoT products fully comply with the ETSI EN 303645 consumer electronics IoT product security technical standard and the following standard certifications. Tuya Inc. has established an on-site team for production factories comprising engineers, Quality Assurance (QA) and Quality Control (QC) personnel, who are responsible for solving production technical problems, analyzing production test abnormalities, and controlling product quality, respectively On-site team for outsourced factory management Tuya uses the self-developed production management platform PMS to empower outsourced factories to perform system information interaction and production operations. On the PMS, the factories can realize functional modules such as material specification and process file download, work order management, production process tracing and fault prevention, quality management, factory performance assessment and confirmation Tuya's self-developed production management platform Production Management System (PMS) empowers factories Quality assurance for product hardware component manufacture Superior Quality for Digital and Intelligent Future 47
ioXt certification is the world’s authoritative and only industry-led global IoT security certification program. The ioXt Alliance is jointly initiated by technology and device manufacturing giants such as Google, Amazon, T-Mobile, and Comcast, aiming to, through products and Apps with ioXt SmartCert, boost confidence of consumers and retailers in this highly interconnected world. ETSI EN 303645 is a consumer electronics IoT product security technical standard issued by the European Union. This technical standard mainly stipulates the cyber security of consumer IoT products and related services, and also includes some commercial IoT products into its scope, with an aim to establish a security line of defense for consumer IoT products and protect user privacy. The standard also helps IoT products comply with design security requirements and standards, and supports global IoT product cyber security and European GDPR compliance. The IoT law currently being promoted in the U.K. is also based on the technical requirements of this standard. The Capability Maturity Model Integration (CMMI) is the latest version of the CMM model, and was developed by experts in software process improvement and software development management across the globe organized by the Software Engineering Institute of Carnegie Mellon University in the United States in a span of four years. CMMI is a kind of software capability maturity assessment standard that is promoted and implemented all over the world, and is mainly used to guide the improvement of software development process and evaluate software development capability. Tuya has obtained the certification of CMMI Capability Level 3: Defined, which clearly demonstrate that Tuya has the ability to establish this management system and process according to its own customized circumstances and standard process. ioXt certification ETSI EN 303645 product security technical standard audit Product Standard Certifications CMMI Level 3 certification Superior Quality for Digital and Intelligent Future 48
Other Hardware Certifications CE (Conformity of Europe) certification is a certification that meets European requirements. The CE logo is a compulsory certification logo in the EU market. All products with the CE logo can be sold in the EU member states without the need to further meet the requirements of each member state, so as to realize free circulation of goods within the EU member states. RoHS certification is a certification for testing hazardous substances in electronic and electrical products, and is a mandatory standard established by EU legislation. The standard has officially been implemented since July 1, 2006, and is mainly used to standardize the material and process standards of electronic and electrical products, making them more conducive to human health and environmental protection. Tuya has passed the “Smart Hardware (IT) Open Platform” certification testing, and was awarded the Credible Hardware (IT) Certification by the China Academy of Information and Communications Technology and the Mobile Smart Terminal Technology Innovation and Industry Alliance. FCC certification is also known as the U.S. Federal Communications Commission certification, and is the threshold for products with radio application, communications products and digital products to enter the U.S. market. FCC certification must be tested and approved by laboratories authorized by the government in accordance with FCC technical standards. REACH certification is an environmental certification for the registration, evaluation, authorization and restriction of chemicals contained in products. The main content of REACH is to require proof that daily-use products do not contain chemical substances that are hazardous to the human body. Therefore, all daily-use products produced in the EU or imported into the EU market must pass the registration, testing and approval of the content of hazardous chemical substances. Products with content exceeding the limit may not be sold in the EU market. IC is the abbreviation for Industry Canada. As a government agency, it stipulates the testing standards for analog and digital terminal devices, and is responsible for the certification of electronic and electrical products entering the Canadian market. Imported electronic products are required by IC to pass the relevant EMC certification. CQC logo certification is one of the voluntary product certifications carried out by the China Quality Certification Center. CQC logo certification focuses on safety, electromagnetic compatibility, performance, restriction of hazardous substances and other indicators that directly reflect product quality and affect consumers’ personal and property safety. It aims to safeguard the interests of consumers, promote product quality, and strengthen the international competitiveness of products of enterprises. SRRC certification is a mandatory certification requirement of the Office of State Radio Regulatory Commission. Since June 1, 1999, the Ministry of Industry and Information Technology of the PRC has mandated that all products with radio component sold and used in China must obtain the Radio Type Approval Certification. CCC certification refers to the China Compulsory Certification, the compulsory product certification system of China. Except for some products that are no longer subject to compulsory product certification management, other products must pass CCC certification before they can be sold externally. It is a product conformity assessment system implemented in China in order to protect the personal safety of consumers and strengthen product quality control. CE certification RoHS certification Smart Hardware (IT) Open Platform FCC certification REACH certification IC certification CQC certification SRRC certification CCC certification For the quality control of the manufacture process of products, we have issued 35 corporate standards, requiring production suppliers to strictly implement, and control the uniform high-quality standards of cloud modules and finished smart devices of various products such as smart home appliances, energy-saving products, sensor, gateways, lighting, electrical, etc. We prevent quality issues of products caused by design defects, substandard production and improper use of hardware components by following standards such as the Product Protection Process, the Identification and Traceability Management Process, the Monitoring and Measurement Resource Management Process, the Product Inspection and Test Process, and the Unqualified Product Control Process. We have formulated a complete recall process for unqualified products in the After-sales Customer Complaint Handling Process. During the Reporting Period, Tuya did not experience any product recalls due to safety concern or impact on user’s health. Superior Quality for Digital and Intelligent Future 49
Quality Training In order to continuously improve the knowledge reserve of the quality management team of Tuya, we have created the Tuya Academy and the Tuya WIKI Platform. The production quality personnel of Tuya will regularly learn at the Tuya Academy to enhance their understanding of the Company’s products and new technologies. We upload and regularly update relevant text materials such as production quality process, production cases and customer complaint cases involving product launch, software delivery and hardware components on the Tuya WIKI Platform, which can be accessed and viewed in real-time by the quality team personnel. When needed, we also conduct quiz assessments for all quality control personnel through the questionnaire system. For instance, during the Reporting Period, we carried out assessments and quality-themed training with respect to the Production Inspection Items for all employees of the quality team, with a total of 263 participants. Our software is self-developed by software development engineers, and hardware components are purchased from external suppliers. Therefore, Tuya attaches great importance to the product quality of suppliers. We empower them to improve product quality and quality control awareness by sharing our quality control philosophy. For example, as a part of Tuya’s rich smart ecology, the quality of the finished smart devices selected by TuyaGo in terms of craftsmanship, performance, and appearance also represents Tuya’s unique ingenuity and responsible attitude. Diversified quality training modes of Tuya + At the Tuya Academy, we have released many courses about the Company’s products and new technologies. The production quality personnel are required to learn and sign in the Tuya Academy on a regular basis in order to improve quality control awareness For the factory-based team of the Quality Control Department, QA will also conduct regular skill training for the QC stationed in the factory, and conduct blind spot tests to ensure that the personnel’s ability meets the requirements Superior Quality for Digital and Intelligent Future 50
Quality Standard Formulation Tuya has joined the China Communications Standards Association and participated in the formulation of IoT-related standards, constantly leading the IoT industrialization into a new stage of development, and making positive contributions to the healthy and orderly development of the IoT industry. During the Reporting Period, we formulated the following industry standards (among others): *This standard was jointly formulated with the Shanghai Pudong Intelligent Lighting Association in 2022 T-CHEAA 0001.2-2019 Smart Home Appliances Cloud Interconnection Part 2: Information Security Capability Requirements T-CHEAA 0001.2-2020 Smart Home Appliances Cloud Interconnection Part 2: Information Security Technical Requirements and Evaluation Methods T-CHEAA 0001.3-2020 Smart Home Appliances Cloud Interconnection Part 3: User Interface Design Guidelines T-ZSPH 03-2020 Internet of Things Smart Home Security Technical Requirements T-CHEAA 0019-2021, T-CCSA 328-2021 Smart Home System Cross-platform Access and Authentication Technical Requirements T-SILA 003-2021 Bluetooth Mesh Smart Home Lighting Interconnection Specifications T-SILA 001-2022 Power Line Communication (PLC) Whole-House Interconnection Specifications (This standard was jointly formulated with the Shanghai Pudong Intelligent Lighting Association in 2022) On April 20, 2022, TuyaGo Quality Control Department joined hands with the suppliers production department, quality department and process department to hold an offline training lecture on the Supplier Product System Operation Standards, which aimed at helping the factories of TuyaGo to establish a uniform product quality standard and improve the awareness of quality control. Training on the Supplier Product System Operation Standards TuyaGo finished smart devices system operation training Superior Quality for Digital and Intelligent Future 51
Responsible Marketing Tuya attaches great importance to the external image of the Company, and strictly regulates its own marketing behavior, aiming to establish a good communication and interaction mechanism with customers and consumers. We strictly abide by the Anti-Unfair Competition Law of the People’s Republic of China, the Consumer Rights Protection Law of the People’s Republic of China and other applicable laws and regulations of the places of operation by ensuring that all external marketing activities are subject to strict compliance review, and that we are responsible for every customer, ecological partner and end user with a true and transparent attitude. In terms of marketing and promotion, we have formulated a complete marketing publicity management approval policy including the Exhibition Hall Management Policy, the Publicity Approval Process Policy, and the Media Interview Standard Process, strictly stipulating the publicity standard of “no exaggeration, and interpretation based on facts”. In order to further standardize the accuracy and compliance of external publicity of various business departments, we strictly follow the Tuya Visual Assets Guideline, the PBT Marking Authorization Guidelines and other publicity standards to ensure that all external publicity activities and promotional materials of Tuya have been approved by the dedicated department and filed for record. Accurate and compliant publicity Feedback and modification Review of market, content and brand dimensions Activity and material filing External publicity events to make reference to the marketing department bulletin board and marketing communication database Customer Service Platform Team “Customer first” is the concept that Tuya adheres to and implements. We take solving customer needs as our own responsibility by setting up a full-time professional service platform team to be responsible for receiving inquiries from customers. We have formulated and complied with the Code of Conduct for Customer Service, the Customer Service Customer Complaint Handling Process and other standards and policies, so as to think from the perspective of customers, pay close attention to the quality of pre-sales, sales and after-sales services of products, and enhance service value and business advantages. Approval process of Tuya’s external publicity events Superior Quality for Digital and Intelligent Future 52 Prepare information Submit Review Feedback Publicize
“Iron Triangle” Customer Sales/Service/Delivery Model The macro situation in 2022 was both a challenge and an opportunity. Under this environment, enterprises that can provide customers with higher-quality and complete closed-loop services are more able to stand out, seize customers, and establish a stable cooperative relationship. In this regard, we actively carry out organizational reforms and model adjustments. Drawing on the successful experience of To-B corporate services, we have quickly built a back-to-back “iron triangle” structure with Tuya’s characteristics. Our “iron triangle” structure comprises three roles, namely sales, SA solutions, and delivery. The role of “sales” is customer exploration, development, relationship maintenance and commerical affairs, the role of “SA solution” is undertaking the intelligent transformation needs of customers and providing targeted services and solutions, and the role of “delivery” has the task of ensuring the delivery and execution of established plans or projects in a rigorous manner. Although the three roles have different responsibilities, there is no hard boundary, and they complement each other according to the frontline situation. The goals of the “iron triangle” structure are consistent. From planning to go-to-market, the “iron triangle” jointly participates in various stages such as target customer groups, plan design, R&D scheduling, input and delivery, etc., until a consensus is reached. We ensure that each new plan targets customer needs effectively, and follow up on its implementation to ensure the efficiency and value of input and output. Iron Triangle Sales Customer relationship maintenance and commerical affairs Customized services and solutions SA solutions Ensuring project and plan execution Delivery Superior Quality for Digital and Intelligent Future 53
Tuya’s “trinity” customer service system Customers Sales Products We provide dedicated service teams for key customers, the members of which comprise senior technical support personnel. Project managers and dedicated teams serve simultaneously. Service channel: Customer chat group Customers Sales Products Tuya’s global service hotline, online service platform, and technical work order answers provide comprehensive one-stop 7*24-hour services Service channel: Customer service consultation Product technical services shall be divided into different levels and streams according to the type of issues, ensuring timely closure and resolution of product requirements, de-bugging and product upgrades Service channel: IoT platform technical work order Customer Service System Based on Tuya’s in-depth understanding of customer needs, we have created a customer experience improvement project based on the trinity of “sales, products and customers” with guarantee of customer flexibility as the first key element of service. The project ensures that customers can get a consistent service experience no matter which channel they are from. We have established a tiered and categorized customer service system. For key customers of Tuya, we have a dedicated service team to establish a barrier-free communication and coordination mechanism between platform technical service personnel and project managers. When we receive customer demands related to product requirements, de-bugging and product upgrades, the project managers can directly synchronize the necessary information with the technical support personnel to jointly ensure rapid response and closed-loop follow-up of technical services. For other customers, we shall provide targeted services according to the type of issues. During the Reporting Period： 533 the number of participants in our internal customer service-related training reached Superior Quality for Digital and Intelligent Future 54
Customer Complaint Handling Channels and Process We focus on building a “full-process, high-satisfaction” customer service response system, and provide customers with multi-channel service support, including but not limited to customer groups, platform work order feedback and other service forms. Customers may use hotlines, online consultation, e-mail, technical work orders, direct connect with business personnel and other ways to feed back their appeals. 400-881-8611 (Mainland China, Mandarin service)/ 1-844-672-5646 (non-Mainland China regions, English service) Hotlines Email to service@tuya.com to contact customer service personnel directly Online consultation at Tuya’s official website service support portal Customers login to the IoT platform to submit a technical work order, and a dedicated staff member will carry out technical service docking Online consultation E-mail Technical work orders Customers may get in touch through one-to-one service with Tuya business personnel Business contact Superior Quality for Digital and Intelligent Future 55
Customer Complaint Handling Process Tuya adheres to the concept of customer first, and solves the demands of customers in terms of hardware, software, and services. We have established a complete customer complaint handling and feedback improvement mechanism, and formulated the Customer Complaint Handling Process, the Customer Complaint Rating Standards and other policies and guideline documents. Responsible persons shall be assigned to drive the responsible teams to implement solutions, and collate service cases into the service logs for filing. Our closed-loop service process not only guarantees customer satisfaction, but also promotes the improvement of Tuya’s own service quality. We have developed a comprehensive customer service assessment mechanism. Through quarterly or semi-annual dual-track assessment of values and performance or separate performance assessment, we improve service capabilities of personnel in terms of processing efficiency, satisfaction rate, quality inspection passing rate, rate of resolution in 24 hours and other dimensions. During the Reporting Period, Tuya received a total of 136 complaints, with . All complaints received from customers have been properly resolved. a response and resolution rate of 100% Smart device distribution 27 100% Business line Number of complaints Response rate Services 44 100% 100% 100% IoT PaaS 65 100% 100% Resolution rate 1 Receipt of customer complaint 2 Understand the appeal and determine the responsibility 3 Rate the complaint and assign a responsible person of the responsible team 4 Collaborative work of internal resources to push on the resolution of complaints 5 Review the case and summarize rectification opinions 6The responsible person instructs the relevant team to implement the rectification 7 Verify and review the rectification situation 8File the case Superior Quality for Digital and Intelligent Future 56 Customer complaint handling process
Training and Awareness Raising Tuya attaches great importance to the improvement of employees’ customer service capabilities. We regularly provide relevant training and learning courses for employees to ensure the best service for customers. The training adopts a combination of online and offline methods, covering all stages from pre-job training for new employees, on-job training, to skill advancement, so as to ensure the improvement of overall service capabilities. Pre-job training for new employees On-job training for employees u Before new employees joins the Company, they receive training on business knowledge, service standards, service skills, etc., with 100% coverage rate of new employeem u During the Reporting Period, a total of 9 sessions of new employee training were conducted, and each training session lasting for 5 working days u We regularly conduct information security and work skills on-job training courses for employees, covering all employees on the job. Whenever new business is launched, we shall conduct the business knowledge training immediately so as to cover the mindset of dealing with problems related to the new business.– u During the Reporting Period, the service center conducted 4 diversified skills training sessions Tuya Learning Center u Special courses and training on business and product dynamic synchronization, marketing plan promotion, system process, etc., for all employeem u 4 online courses per month on average 涂鸦智能员工培训活动 Employee training of Tuya Superior Quality for Digital and Intelligent Future 57
Customer Satisfaction Survey and Results We attach great importance to customers’ satisfaction with Tuya’s services and products. In the process of customer service, we have set up an instant service evaluation survey. After the platform technical service is completed, customers can directly evaluate the technical support service online based on the service response speed, professionalism, service attitude, and clarity of thinking. We also comprehensively collect opinions and feedback from product users and customers through monthly satisfaction surveys, hotline satisfaction surveys, online satisfaction surveys, and annual satisfaction surveys. During the Reporting Period, our customer service center and platform technology service center were highly recognized by customers. for customer work order service of the platform technical service center . As a leader in the IoT industry, Tuya will continue to improve our service capabilities and product quality as we always do, and constantly optimize the customer service and technical service process to create the best experience for customers. The satisfaction rate reached 93.46% Platform project satisfaction surveys Every month, Tuya sends satisfaction survey questionnaires in relation to completed projects, covering all customers who have completed their project in the current month. We collect satisfaction information in all aspects, including the business stage, demand communication stage, project process, project implementation stage, and after-sales technical service stage, and timely feed back to the project team for rectification and improvement. Annual satisfaction questionnaire surveys Every year, we send questionnaires to customers who have logged on to the platform in the past year to collect their feedback and suggestions on our various service dimensions. Hotline satisfaction surveys Online satisfaction surveys When customers call the global service hotline of Tuya, they can evaluate the service call after hanging up. Customers can evaluate the service after their online consultation conversation ends. In 2022, the satisfaction rate of various types of customers who submitted online consultation on the official website reached 94.01%. 89.24 annual hotline satisfaction rate 94.01 satisfaction rate % % Superior Quality for Digital and Intelligent Future 58
A good intellectual property rights protection mechanism is the foundation of the Company’s innovation management. Tuya puts independent innovation and intellectual property rights at the core of enterprise development, and comprehensively protects intellectual property rights of the Company in various fields such as patents and trademarks through the Intellectual Property Rights Management Regulations and other internal management systems. Employees are required to sign intellectual property rights declaration and confidentiality agreement when they join the Company, providing for the protection standards and ownership of intellectual property rights during and after their employment with the Company. We continue to improve the intellectual property rights management system, and carry out classification and heirachy management according to the importance and frequency of use of the Company’s trademarks and patents, so as to improve the effectiveness of the Company’s intellectual property rights management. At the same time, we have adopted further strategies to mitigate intellectual property risks: In order to enhance the Company’s awareness of intellectual property rights protection, we have established an intellectual property training system for different positions and levels of employees, and formulated training plans based on weaknesses in intellectual property rights, providing training for employees in all departments at least quarterly. INTELLECTUAL PROPERTY RIGHTS PROTECTION Tuya’s strategies to avoid intellectual property risks In the stage of project establishment, we analyze the infringement risks of the existing project plan, and adjust it in time to avoid risks. We timely evaluate the novelty and creativity of R&D projects, apply for patents to protect the technical solution in a timely manner, and at the same time apply for overseas patents in countries and regions that may be at risk in due course. Clarify the key contents of Tuya’s application for patent protection according to Tuya’s own technical characteristics and service contents R&D and product personnel R&D personnel Sales and R&D personnel Intellectual property risk assessment: carry out risk assessment in advance on the intellectual property risks that may be encountered in the product development and marketing process Standards for writing patent technical disclosure documents Conduct training on the process and steps of dealing with intellectual property risk issues encountered by customers or the Company Training target Main training contents Superior Quality for Digital and Intelligent Future 59 In addition, we have formulated patent reward standards in accordance with the relevant laws and regulations to encourage employees to continue to explore and innovate. As of December 31, 2022, Tuya has obtained a total of 449 patents, including 101 invention patents and 145 utility model patents; and a total of 135 copyrights, including 125 software copyrights, and has received several recognitions for its performance in intellectual property protection, for example, the Winner of China Haidian High Value Patent Cultivation Competition (2022), Patent Demonstration Enterprises, etc.
Tuya attaches great importance to the sustainable development of our own supply chain, continuously strengthen the supply chain management system, and provide extensive chances and business opportunities for the development of the IoT industry from multiple dimensions such as supplier onboarding, procurement, cooperation, assessment, and empowerment. We classify and record the data of suppliers according to various dimensions and statistical perspectives. As of the end of the Reporting Period, Tuya had a total of suppliers, of which suppliers are located in Mainland China, Hongkong, Macau and Taiwan regions, and the other suppliers are located in overseas regions.The distribution of suppliers by region is as follows: 947 816 131 Supplier Onboarding With reference to the product quality control system, Tuya has established a complete supplier review and onboarding system, and formulated a series of introduction programs and management standards such as the Supplier Management Program, the New Product Introduction Control Program, and the Inspection Control Program, so as to standardize supplier review, product introduction, and product inspection process. Tuya’s suppliers include suppliers of chip, hardware component, suppliers of cloud, software and other operating expenses. For instance, we use first-class cloud computing platforms of world-renowned cloud service providers such as Amazon Cloud, Microsoft Cloud and Tencent Cloud, and incorporate suppliers’ environmental, social and governance performance into the scope of review and examination. We constantly drive suppliers of various kinds to improve their own ESG management awareness and provide green and low-carbon products, so that we can co-create a sustainable IoT supply chain. During the Reporting Period, we conducted onboarding reviews on 108 new suppliers, with . coverage of 100% We set up a professional audit team to conduct on-site audit of suppliers, inspecting the performance of suppliers in terms of production management, quality control, supply chain management, and environmental control, and inform suppliers of the audit results via the Tuya Supplier Review Form Supplier onboarding process of Tuya Review of supplier qualifications On-site audit of suppliers Business ethics agreement Through issuing the Supplier Questionnaire, and collecting data from the credit investigation platform, we conduct a qualification review of the work teams, and examine the quality, delivery, and operation capabilities of suppliers Suppliers which have passed the qualification review and on-site audit will be required to sign an environmental protection agreement and a social responsibility agreement before commencing business cooperation 1 2 3 816 131 Other international regions Mainland China, Hong Kong, Macao and Taiwan regions Supplier distribution by region SUPPLIER MANAGEMENT Superior Quality for Digital and Intelligent Future 60
Supplier Assessment Supplier Communications During daily operations, Tuya evaluates and assesses various suppliers in different ways. In terms of amount, compared with software and operating expenses service providers, hardware components suppliers account for a relatively larger proportion of our overall product and service procurement due to their product characteristics, and as described in the “Product Quality” section, their nature is important. We conduct monthly performance assessments based on quality, delivery, cost and other dimensions for suppliers of hardware components and TuyaGo finished smart devices, and incorporate them into the annual performance assessment indicators. We formulate an annual audit plan for suppliers every year, and divide suppliers into four levels of management according to the assessment results of comprehensive dimensions. During the Reporting Period, we implemented the special annual audit exclusively on 17 core hardware suppliers, so as to assist the core hardware suppliers in reviewing and improving their annual performance. The results of the annual performance assessment would become an important indicator for the selection of excellent suppliers, and some low-quality suppliers failing to meet the audit standards would be terminated. During the Reporting Period, a total of 7 suppliers were selected as excellent suppliers of Tuya. Tuya attaches great importance to communications, collaboration and technological empowerment with suppliers. As mentioned earlier, due to the special nature of hardware components such as chips, our extensive communication with suppliers mainly occurs between Tuya and hardware suppliers. We actively communicate with suppliers through various methods such as telephone calls, offline meetings, and on-site guidance to exchange each other’s needs, and listen to suppliers’ opinions, promoting the establishment of long-term mutually beneficial and win-win cooperative relations with suppliers. We regularly hold quality bi-weekly meetings with key suppliers to communicate and discuss topics such as new product management, finished product target achievement rate, after-sales customer complaints, summary of abnormalities, and environmental protection, greatly improving the high quality of delivery ability of suppliers. Superior Quality for Digital and Intelligent Future 61
Supplier Training As mentioned earlier, due to the special nature of hardware components such as chips, our training with suppliers mainly occurs between Tuya and those of hardware components. Tuya formulate quarterly training plans for suppliers every year, mainly involving general standard training, similar component quality profile training, excellent improvement case training, etc. During the Reporting Period, we carried out special training for 37 major product suppliers who did not meet expectations in their monthly assessment, which contains suppliers with weak quality control of various materials and suppliers of key materials. The purpose of the training was to assist suppliers in improving their own product quality and management capabilities. During the Reporting Period, Tuya conducted special quality improvement training for 3 flashing fixture suppliers, and carried out supplier awareness sessions to ensure that the presentations were in place. The training mainly focused on the structure, line sequence, missing parts and components, wrong installation, and defective labels in the process of processing and assembly. Unified training and question-and-answer sessions were carried out. After the training, the product delivery passing rate of these tooling suppliers in 2022 was 95%, which was 6.3% higher than that before the training. Special quality improvement training for tooling suppliers Superior Quality for Digital and Intelligent Future 62
Smart Empowerment by Tuya Software While maintaining close communication and exchange with suppliers, Tuya also combines its own value propositions and technological capabilities to explore technological empowerment, working hand in hand with our suppliers. During the Reporting Period, we maintained close contact and communication with suppliers by holding quarterly regular meetings to exchange production needs and technical weaknesses, explore technological solutions, and develop and reinforce improvement projects. Tuya actively communicates with core production suppliers. For the problem of patch quality inspection that cannot be solved in the production process, Tuya has independently developed and designed the SMT Scada system equipped with the Auto Optical Inspection (AOI) system full-process inspection module, which is able to collect device data and process parameters, upload them to the cloud for analysis and processing immediately, and control production tools and production auxiliary materials in real time through the data dashboard. This solution enables suppliers to realize smart manufacturing, strengthens full coverage of quality testing and traceability of production information, and effectively reduces product defect rates. We conducted SMT capability diagnosis and improvement for a production-related supplier, and provide skill training for the personnel assigned on the test side, effectively improving the production capacity of the factory. After continuous training and guidance, the production capacity of the factory has been increased from 2 million pieces per month to 4 million pieces per month. SMT Scada system workshop dashboard Automatic test label printing Testing and packaging all-in-one machine Surface Mounting Technology (SMT) process capability improvement project Superior Quality for Digital and Intelligent Future 63
Tuya always implements the “people-oriented” talent concept, activates the vitality of talents through an all-round talent development system, and encourages employees to grow together with the Company. We attach great importance to employee rights and benefits, and are committed to creating an equal, diverse, and inclusive workplace atmosphere, so that every employee can enjoy “working at Tuya, growing at Tuya, and living at Tuya”. PEOPLE-ORIENTED, WALKING TOGETHER HAND-IN-HAND 04 People-oriented, Walking Together Hand-in-hand 64
Attracting Talents Tuya makes reasonable plans for the types and quantity of talents to be recruited according to the business development direction and business needs of the Company. We have formulated internal policies such as the Tuya Recruitment Management Policy and the Basic Human Resources Policy to systematically manage the entire recruitment process. We have established diverse recruitment channels. According to the Company’s recruitment needs, we carry out targeted recruitment work to build a professional and diverse talent team. EMPLOYEE RIGHTS AND INTERESTS Tuya is committed to creating an equal, inclusive, fair and just employment environment for employees. We strictly abide by the Labor Law of the People’s Republic of China, the Labor Contract Law of the People’s Republic of China, the International Labor Convention, the Declaration of Human Rights, and other relevant labor and employee rights laws and regulations applicable to the places of operation as well as international conventions. Recruitment of talents is carried out in accordance with clear standards for talent selection and appointment. Main recruitment channels of Tuya 校园招聘 Internal transfer Experienced hire Campus hire People-oriented, Walking Together Hand-in-hand 65
Labor Rights Tuya upholds the values of inclusion, diversity and equality, and is always committed to creating a friendly, equal and inclusive workplace environment for employees, and ensuring that all employees enjoy equal pay for equal work and equal development opportunities. Tuya adopts a zero-tolerance attitude towards the use of child labor and forced labor, and strictly controls the recruitment process. If child labor or forced labor is found, the Company shall deal with it in strict accordance with the relevant laws and regulations. During the Reporting Period, we did not find any use of child labor or forced labor. Our commitment to diversity and inclusion goes beyond compliance and is an integral part of our value system. We uphold the principle of fairness and justice, strongly oppose any form of discrimination and unequal competition, and clearly stipulate in the Employee Handbook that it is strictly prohibited to treat employees differently due to ethnicity, age, gender, race, nationality, marital status, health condition and religion. In addition, we strongly oppose any form of workplace harassment, including but not limited to offenses, insults, gender or racial discrimination, sexual harassment, etc. In addition, Tuya actively undertakes social responsibilities, recruits disabled persons in a targeted manner during the recruitment process, establishes cooperative relations with provincial and municipal-level disabled persons’ federations, and actively participates in the job fair organized by the Hangzhou Disabled Persons’ Federation to support their employment and livelihood improvement. As of the end of the Reporting Period, Tuya had a total of 1,803 full-time employees and 26 contract workers, including 4 disabled employees (two of them were severely disabled). In terms of ethnicity, we had 40 minority employees. 6 Female: 547 Male: 1256 Aged below 30: 617 Unknown: 4 Aged 30 and above: 1,182 Number of full-time employees by gender Number of full-time employees by age Senior level management: 20 Middle level management: 70 Primary level management: 221 General employees: 1,492 Mainland China, and Hong Kong, Macao and Taiwan regions: 1,781 Overseas regions: 22 Number of full-time employees by regions Number of full-time employees by rank The classification of full-time employees was as follows: People-oriented, Walking Together Hand-in-hand 66 The statistic scope of the number of employees is different to the salaried employees’ data of the annual report. 6 *Note: Tuya fully respects and protects the right of employees to maintain their personal privacy, so the data classified by age includes some employees who are not willing to disclose their age.
EMPLOYEE DEVELOPMENT Adhering to the concept of common development with employees, Tuya provides all employees with sufficient room for development. Through transparent talent promotion management and a complete talent training system, we constantly stimulate the potential of employees and encourage them to grow rapidly while embracing changes. Employee Training Talent cultivation is one of the engines for the sustainable development of an enterprise. We have formulated the Training Management Policy, constantly improved the internal training mechanism, and designed a talent training system that meets the positioning of employees at all levels using the Tuya Academy as a platform to satisfy different training needs and build a solid talent echelon. Leadership training Professional ability training New employee training For newly recruited employees: the main contents include the Company's basic information introduction, and through a varietv of activities and a graduation ceremony we help newcomers integrate into the corporate culture better and faster. § Sales ability training: "Star Project" training activities for sales personnel of the Company to enhance their business capabilities through business learning and introduction, real case practices and other formsž § Technical ability training: Tuya Matter special training mainly for product R&D. business and operation employees, including key strategies of technology companies, and introduction of Tuya Matter solutions. For Team Leader (TL) employees: training around the ability model to improve management capabilities, including daily communication, team building performance management, recruitment and dismissal skills, etc. Tuya’s employee training project examples: Employee training at Tuya People oriented, Walking Together Hand in hand 67
We actively innovate training methods and provide all employees with an e-learning platform – the Tuya Academy. As of the end of the Reporting Period, the Tuya Academy has launched a total of 727 courses, covering product training, security compliance, leadership, personal development, technology, etc. In addition, we encourage employees to pursue self-growth and improvement by providing financial support for reimbursement of tuition fees, application fees, and qualification textbooks to eligible employees who participate in external training and further education. Performance Management We have formulated a set of standardized, clear, open and transparent performance management procedures, and carried out performance management work in an orderly manner. Through the two-way communication between the Company and the employees, employees are evaluated in terms of their performance level, learning ability, leadership skills, execution capabilities, knowledge and experience, and comprehensive appraisal to ensure the rigor and accuracy of the performance evaluation results and help employees achieve self-understanding and self-improvement. In addition, we also provide opportunities for internal transfers to stimulate employees to explore their potential, and further guarantee and encourage the positive flow of internal talents. During the Reporting Period, we actively implemented the relevant provisions of the “Rules for Performance Management”, and carried out performance appraisal of all employees every six months. During the Reporting Period: 7,344 employee-time participated in training conducted by Tuya 97 Coverage rate of Tuya’s employee training % People-oriented, Walking Together Hand-in-hand 68
CARE FOR EMPLOYEES Tuya firmly believes that cherishing and caring for employees is the key to building a harmonious enterprise. We actively protect employee welfare and occupational health, continuously expand and deepen employee communication channels, and strengthen employee communication exchanges. In addition, we organize a variety of employee activities to improve team cohesion. Remuneration, Benefits and Equity Incentives We have formulated and thoroughly implemented the internal management policies such as the “Rules for Remuneration Management” to provide all employees with industry-competitive remuneration packages and comprehensive welfare protection. In order to stimulate the vitality of employees, a complete remuneration and incentive mechanism is established and core employees are rewarded through equity incentives to share the Company’s development achievements with employees. Distributed to the employees participated in excellent projects The basic remuneration of employees is formulated according to the position value, employee ability, employee performance and market remuneration level Fixed remuneration Annual performance bonus Special bonus Excellent project bonus Determined after taking into account the Company’s operating conditions, departmental performance and individual employee performance Including internal referral bonus, bonus for training provider and rewards for patent application Tuya’s Remuneration and Incentive Mechanism Best HR Program of 2022 Flag Awards During the Reporting Period, the Compensation and Benefits Team of the Human Resources Department of Tuya led the project of the “Remuneration and Employment Compliance Support for Launching New Overseas Locations” to support the sales team for candidates in new countries and regions (including the Asia-Pacific region, the Eurasia region, and the America-Africa regions) to quickly get on board, and ensure compliance in remuneration and employment management. With the major innovation and effectiveness of the project in the field of human resources management, we won the “Best HR Program of 2022 Flag Awards”. People-oriented, Walking Together Hand-in-hand 69
In accordance with the applicable laws and regulations of the place where we operate, such as the Social Security Law of the People’s Republic of China, we have contributed to various kinds of social securities for employees, and set up a series of additional employee benefits such as holiday benefits, travel allowances, and housing subsidies. During the Reporting Period, we actively responded to the society needs by adding full-paid leave categories such as maternity leave, parental leave and single-child care leave to protect the legitimate rights and interests of employees. In addition, we have developed a variety of employee care measures according to the needs of different employees, and built a multi-level welfare system in Tuya. We help non-Zhejiang household registered employees apply for subsidies for staying in Hangzhou during the Chinese New Year holidays, and provide Chinese New Year goodies Maternity leave is provided for female employees according to the law during which wages are paid in full. A nursery room is set up for postpartum mothers in the Company. In addition, we provide female employees with exclusive welfare benefits, such as medical beauty discount, lectures for female employees during pregnancy, onsite Chinese medicine consultation, etc. Female employees Fresh graduates Employees on overseas business trip Employees staying in Hangzhou during the Chinese New Year holidays Housing allowance We provide overseas travel insurance for employees with an insured amount of RMB500,000 (accident insurance) and RMB300,000 (medical insurance) at the Company’s expense to protect employees from accidental losses during overseas travel Tuya’s Multi-level Welfare System People-oriented, Walking Together Hand-in-hand 70
Employee Communication Tuya attaches great importance to employee communication, and has established a multi-channel communication mechanism to listen to employee opinions and feedback, thereby enhancing corporate cohesion and jointly creating a democratic and equal workplace atmosphere. In addition to various conventional online and offline communication channels, we have launched the column “You Yi Shuo Yi” on the Tuya WeChat official account. All employees can submit questions anonymously, and senior management will answer directly. Tuya organizes a variety of employee activities to increase employee communication and interaction, help employees develop hobbies after work, expand their social circle, and achieve work-life balance. In addition, Tuya has organized internally a variety of employee clubs. In addition to traditional sports clubs such as basketball, football and badminton, there are also board games and other club activities that meet the interests of young people. Tuya’s Major Employee Communication Channels Company's WeChat official account Voice of Tuya "Free talk" seminar with core employees "Free Talk" seminar voice@tuya.com Public email WeChat official account: T Mei (T妹） Company's WeChat HR channel Daily communication and interview with HR department HR interview People-oriented, Walking Together Hand-in-hand 71
After the Chinese New Year holidays in February 2022, Tuya held the “Have a Good Start” event, explaining the strategy of Tuya in 2022 to all employees through live broadcast; commending outstanding employees and projects in 2021; and sending gifts to employees in the form of online lucky draw. “Have a Good Start” event June 16, 2022 marked the 8th anniversary of Tuya’s establishment. On that day, Tuya organized an event for all employees to share exclusive stories about Tuya. While presenting anniversary souvenirs to long-service employees, we collected employees’ blessings and expectations for the Company. Tuya’s 8th anniversary People-oriented, Walking Together Hand-in-hand 72
In the course of development of the Company, Tuya is grateful for the trust and long-term dedication of its employees. We are grateful to the employees and reward their contributions with caring gifts and exclusive commemorative gifts at different stages at Tuya. Paying back to long-term service employees It is not easy for a new joiner in the first year upon joining a company as employees need to adjust and adapt to the new company culture and team atmosphere, etc. It is worth a medal if employees can survive for one year. First-year anniversary gift: A medal As the saying goes, “Don’t take on a job without the right tool”. In our hearts, the employees who have been with us for three years are Tuyaers with the right tool. In terms of professional ability, a Tuyaer can carve out a niche. In terms of cultural understanding, a Tuyaer is an excellent practitioner of Tuya’s values. Third-year anniversary gift: Diamond-cut Tuya duck display Over the past eight years, Tuya has been striving to grow its business, make breakthroughs and march forward. We hope that those who have been with us over five years will continue to march on the journey with us. Fifth-year anniversary gift: Running Tuya duck display People-oriented, Walking Together Hand-in-hand 73
Ensuring employees’ work safety and occupational health is Tuya’s basic commitment to employees. We always pay attention to the physical and mental health of our employees, and apart from the general labor-related laws and regulations, we also strictly abide by the Production Safety Law of the People’s Republic of China, the Fire Protection Law of the People’s Republic of China and other applicable laws and regulations of the place where we operate, so as to comprehensively protect the health and safety of our employees. Annual health check Annual health check is provided to all eligible employees Commercial health insurance Tuya purchased commercial health insurance for all employees at the end of 2022 to provide further health protection for employees Mental health coaching Coaching about mental health is provided to the HR department so that they can better resolve any mental health issues that the employees may have Occupational health and safety events Chinese medicine consultation: External agencies are invited to the office onsite for Chinese medicine consultation Health seminar for female employees during pregnancy: We organize health seminars for female employees during pregnancy Employee Health and Safety Initiatives Occupational Health and Safety People-oriented, Walking Together Hand-in-hand 74
IoT products offer a more convenient, broader, and smarter living space for human life. At the same time, they also provide a wide range of opportunities for building smart cities and building resilient communities in the post-pandemic era. As the leader and explorer of the IoT industry, Tuya delves into the homes of ordinary people, captures their diverse needs with acute insight, and brings warmer and cozier smart solutions and IoT products to the society. With our in-depth experience in the IoT industry, we have imagination and possibilities without boundaries, and actively carry out external cooperation and communication exchanges, aiming to work together with global partners to create a better world. COMMUNITY CO-CONSTRUCTION, INDUSTRY CO-CREATION 05 Community Co-construction, Industry Co-creation 75
CREATING SMART COMMUNITIES AND INDUSTRY SCENARIOS Tuya’s smart solutions help many industries, communities, and commercial scenarios realize building of a full-scenario intelligent transformation, and promote the interconnection and collaboration of smart devices of different brands and categories, bringing warmth to the society. For instance, we actively explore and promote the implementation of green and smart solutions in communities, educational or public areas, and realize the smart control of energy consumption and power through our exclusive smart devices and SaaS software management platform, so as to create a comfortable, humane, warm, low-carbon and energy-saving smart scenarios, and contribute to the sustainable development of the society. Tuya focuses on the field of education premises. By empowering a complete set of smart education lighting solutions including smart lights, air conditioners, air purifiers and curtain panels, it helps schools, classrooms, laboratories and other educational premises to realize an intelligent light environment and intelligent voice control as well as helps students relieve eye fatigue and prevent myopia. Tuya’s solution empowers the Lighting Cognition Laboratory of Fudan University, which tackles the stringent requirements of refinement, digital lighting and light environment control in optical lighting experiments. Researchers only need to tap a few times on the mobile App, and the lights in the whole laboratory can be adjusted to the desired brightness and color temperature, which is suitable for various scenario needs such as assisted teaching under weak light and optical experiment teaching. Tuya’s smart educational lighting solution provides another possibility for the prevention and control of myopia among the youth and the improvement of the classroom lighting. At Beijing City Haidian District North New District Experimental School, relying on the lighting sensor empowered by Tuya, the classroom lights can automatically adjust the brightness and color temperature according to the change in natural light, so that the classroom lighting is always within the most comfortable range for students’ eyes. The project has helped the school solve the problems of insufficient classroom lighting, serious light flicker and high color temperature, and realized the automatic switching of lighting scenarios in different modes such as class, recess, self-study, and lunch break, meeting the different needs of different scenarios for lighting. As of the end of the Reporting Period, Tuya’s IoT smart educational lighting solution has empowered more than 500 classrooms. Smart scientific research laboratory Tuya leads smart educational lighting with focus on the visual health of children and youth Community Co-construction, Industry Co-creation 76
Traditional industrial parks are in urgent need of smart transformation. Tuya cooperated with a leading brand in the smart energy industry - CYG Sunri, a wholly-owned subsidiary of an A-share listing group CYG (Stock Code: 600525.SH), to jointly create a “zero-carbon management solution for smart parks”, which keenly identified the urgent needs of the electricity market for low-carbon and smart transformation, and provided professional energy use services for parks and industrial and commercial enterprise customers. Based on the self-owned park at the headquarters of CYG Sunri in Shenzhen, Tuya and CYG Sunri have created a zero-carbon smart park benchmark project. In the end, the park realized a reduction of 1,588 tons of voluntary carbon emission, which is equivalent to 1.5 million square meters of forest plantation on the earth or an area equivalent to about 210 football fields. In the future, the park is expected to save approximately 400,000 kWh of electricity and 288.46 tons of carbon emission annually. Tuya actively explores many fields such as elderly communities, industrial parks, and professional premises Elderly Communities Industrial Parks In the smart renovation project of Caihe Residential District, Jianggan District, Hangzhou, Zhejiang Province, China, Tuya and Sundy Service Group (Stock Code: 9608.HK) jointly created a “Smart Community IoT Platform”. As more than 30% of the residents in the community are elderly people over the age of 60, the smart scenario with respect to elderly care needs has attracted much attention. To address the accident-prone situation of the elderly living alone, Tuya has developed a “smart elderly care” solution. The smart sensor detector can identify the activity status of the elderly living alone at home. For instance, once the door has not been opened or closed for a long time, or there is no movement of people in the house for a long time, the relevant warning information will be sent to the community staff through the community management system, and the staff will pay a visit to check as soon as possible. In addition, when a smart device detects that the elderly living alone has fallen down, the smart back-end of the platform will immediately push the alarm information to relevant personnel, so that the community and family members can take immediate actions to ensure the safety of the elderlies. Community Co-construction, Industry Co-creation 77
Tuya created the first full-scenario smart apartment project on the smart residential platform for Changzhou Binjiang Group – Spring River Parkway Apartment (春江百匯公寓). In the future, Spring River Parkway Apartment will provide tenants with friendly, comfortable and personalized smart services with the help of a myriad of smart scenarios and complete smart systems. This project will become a landmark project of smart “blue collar” apartments in Changzhou. The smart residential platform of Spring River Parkway Apartment integrates smart residential management system, indoor and outdoor smart living environment, water and electricity meter management system and energy consumption management system, setting out the rental procedures for the operator and residents, smart lighting life control, automatic meter reading and settlement, energy consumption and data dashboard analysis and management, etc., to create a comfortable and smart residential community. “Smart Residential” helps create a talent-affordable leasing service ecosystem Professional Fields The maintenance hangar area of Changzhou Benniu Airport is as large as nearly 5 football fields. However, traditional HID lighting was used, which has serious light attenuation and cannot meet the work requirements with high precision requirements. In addition, even when only one aircraft is parked, all the lights throughout the facility must be turned on, resulting in a lot of unnecessary energy consumption. Tuya cooperated with Bilinwei, a leading company in the field of industrial lighting, to carry out smart transformation of lighting equipment, and at the same time created a complete set of IoT smart control system, which saves nearly 55% of the original power consumption. In addition, energy consumption can be monitored centrally by management personnel in the back office through the large energy metering screen to visualize energy consumption data. Community Co-construction, Industry Co-creation 78
PROMOTING INDUSTRIAL DEVELOPMENT The rapid growth of the IoT industry in recent years owes its success to the dedication and effort of every member in the industry. As a leading company in the field, Tuya has joined and formed strong partnerships with many authoritative alliances and associations, actively participating in various projects and establishing deep cooperative relations in the IoT industry. Through these efforts, Tuya has accumulated profound IoT capabilities and a strong global influence, and expanded its reach across multiple fields to drive innovation and accelerate progress in the industry and for enterprises. Tuya leads the implementation of Matter in the global market, with PBT products obtaining the first batch of “Matter 1.0 Certification” in the world and China On November 3, 2022, the CSA Connectivity Standards Alliance (hereinafter referred to as: Alliance) held the Matter 1.0 global media conference in Amsterdam, the Netherlands, and held a Chinese media conference in Shenzhen on November 4, Beijing time. As a member of the Alliance’s board of directors and an early participant of the Matter, Tuya attended these two conferences and brought wonderful speeches and roundtable discussions to developers around the world. Yang Yi, co-founder and COO of Tuya, delivered a speech at the Matter conference Community Co-construction, Industry Co-creation 79
Demonstration platform of Matter solution supported by Tuya As an early participant of the Matter protocol, Tuya has been deeply involved in the research and development and marketing of Matter, and has always provided multi-dimensional support in the field of technology and ecology for the development and iterative operation of Matter. Tuya officially launched the Tuya Matter 2.0 project in October 2022, and obtained the Product Attestation Authority (PAA) certificate during the Reporting Period, becoming one of the first seven companies in the world to be approved by the CSA for product certification, and also the only IoT platform company among them. This shows that Tuya, as a leader in the IoT industry, can help customers, developers and other ecological partners to better use the Matter solution to deploy their own smart products, provide trust endorsement for the Matter devices developed by customers, and help global customers easily and conveniently obtain the PAA certificate, and gain the first-mover advantage in the market faster. On the other hand, Tuya continues to expand a variety of Matter supported device categories, such as sensors, home appliances and switches, and leverage its development capabilities to provide devices using Matter solutions with more and richer smart functional options. In addition, Tuya will also integrate the capabilities of more ecological partners, such as Amazon’s Matter Simple Setup (MSS), etc., enabling customers to provide end users with a smoother smart operating experience. In the future, Tuya will, as always, cooperate with global customers and ecological partners to provide more support for the Matter protocol in terms of application scenarios and technologies, and continue to vigorously promote the development of the industry. Community Co-construction, Industry Co-creation 80
Tuya is a member of the ioXt (internet of secure things) Alliance. The ioXt Alliance is the creator of global IoT security standards and one of the fastest growing IoT security certification bodies. It is composed of more than 200 leading OEMs, wireless operators, standards organizations, compliance laboratories and government organizations, assisted by technology and equipment manufacturing giants including Google, Amazon, T-Mobile, Comcast, etc. It is the only industry-led global IoT device security and certification program. As a member of the ioXt Alliance, Tuya will participate in ioXt’s cross-industry cooperation initiative, establish and advocate best practices and standards in IoT and cyber security with other partners, and continue to lead the general direction of IoT device security. In addition, Tuya’s outstanding achievements in IoT security have been selected as the best practice cases in the global industry into the heavyweight 2022 Global IoT Security White Paper released by the ioXt Alliance and a number of authoritative organizations and authors. Tuya joined the China Household Electrical Appliances Association, successively became a member of the “Smart Home Appliances Cloud Interconnection” working group, the leader of the “Smart Home Appliances Cloud Interconnection” working group security group, and took the lead in formulating the China Smart Home Cloud Interconnection Information Security Standards and the Smart Home Appliances Information Security Standard of the National Technical Committee on Digital Technique of Intelligent Building and Residence Community of Standardization Administration. As a member of the ioXt Alliance, Tuya continues to promote the security of IoT devices Other Industry Associations Community Co-construction, Industry Co-creation 81
Tuya smart product donation cases as of December 31, u0uu < Deeply participate8 in the “ea1t-we1t cooperation” project between Hangzho= an8 Ganzi, an8 8onate8 1mart pro8=ct1 an8 1=pplie1 to the Ganzi area, 1=ch a1 1mart 1ec=rity, electrical1, home appliance1 an8 lighting, with a total val=e o* approximately RMB850,00$ < Donate8 a batch o* 1mart 8evice1 incl=8ing 1mart air con8itioner1, robot vac==m cleaner1 an8 1witche1 to %ho=po Primary School in Caojiang Town, Gaozho= *or it1 8evelopment o* e8=cational *acilitie1, with a total val=e o* approximately RMB 300,00$ < Donate8 1mart pro8=ct1 with a total val=e o* approximately RMB1.5 million to Kai*eng, Henan *or floo8 control an8 8i1a1ter relie) < Donate8 a batch o* 1mart pro8=ct1 with a total val=e o* approximately RMB300,000 to Daye1h= Town, Ch=n’an Co=nty, Hangzho=, %hejiang Province *or in*ra1tr=ct=re con1tr=ction in village1 an8 town0 < Donate8 a batch o* 1mart pro8=ct1 with a total val=e o* approximately RMB200,000 an8 a batch o* heater1 with a total val=e o* RMB30,000 to Qiaozh=ang Town, Qingch=an Co=nty, G=angy=an, Sich=an Province, to 1=pport r=ral revitalization an8 help people 1tay over the 1evere col7 < Donate8 material1 o* approximately RMB600,000 to help the r=ral revitalization o* Hangzho; < P=rcha1e8 1tationery *or teacher1 an8 1t=8ent1 o* Xingzhi School in Daxing Di1trict, Beijing on J=ne 11t Chil8ren’1 Day to 1=pport the e8=cation o* chil8ren o* r=ral migrant worker1 ASSISTING IN PUBLIC WELFARE AND CHARITY O=r original a1piration1 are 1oli8. We practice 1ocial re1pon1ibility with practical action1 by contin=o=1ly participating in the implementation o* vario=1 p=blic wel*are project1, creating val=e with re1pon1ibility, paying back to the 1ociety with p=blic wel*are in an effort to realize the coor8inate8 8evelopment o* enterpri1e1 an8 1ociety, an8 contrib=ting o=r mo8e1t power. As of the end of the Reporting Period： 4.79 Total val=e o* charitable 8onation1 million RMB Comm=nity Co-con1tr=ction, In8=1try Co-creation 8u
During the outbreak of the pandemic in early 2020, Tuya fulfilled its social responsibilities, from warehousing to transportation, from domestic to overseas, quickly organized the deployment of products, purchased supplies, and actively contacted manufacturers and logistics companies. Thanks to efforts by different parties, nearly 600 sets of “Powered by Tuya” Healthlead smart air purifiers, MUID mini heaters and Delixi smart power strips and other supplies with a total value of more than RMB800,000 were sent to Wuhan and Hangzhou respectively to protect the frontline medical staff during the fight against the pandemic. In the following March, after strict selection and deployment, a total of 16,000 masks, protective clothing, goggles and other medical supplies with a total value of approximately RMB200,000 were eventually collected from countries such as Mexico, South Africa and Germany, which were donated to frontline medical staff to provide necessary protection for medical staff fighting against the pandemic. In 2020, Tuya gathered global resources to support the fight against the pandemic Community Co-construction, Industry Co-creation 83
GREEN DEVELOPMENT, LOW-CARBON OPERATIONS 06 Against the background of climate change, energy shortage and serious environmental pollution, Tuya consider environmental protection as an important pillar of sustainable corporate development. During the Reporting Period, Tuya actively promoted a green office environment and implemented a series of low-carbon office initiatives. In addition, it continued to pay attention to the rational use of energy and resources, and established a green business model. Apart from properly handling and recycling wastes generated in the office, it strengthened the management of environmental risks and carried out forward-looking climate change risk identification. Tuya endeavors to explore more environmentally friendly operational models to minimize the impact of business operations on the environment, realize environmentally friendly development from top to bottom, and create green value. Green Development, Low-carbon Operations 84
PRACTICING GREEN OPERATIONS In response to global climate change, leaders of various countries signed the Paris Agreement in 2015, committing to work together to keep global temperatures in this century to below 2°C above pre-industrial times. As a responsible company, Tuya thoroughly implements the concept of green operations and strictly abides by applicable laws of the place where it operates, such as the Environmental Protection Law of the People’s Republic of China, the Emergency Response Law of the People’s Republic of China and the Energy Conservation Law of the People’s Republic of China. We have formulated management systems and operational specifications such as the Enterprise Environmental Policy, the Rules for Waste Management, and the Energy Saving and Consumption Reduction Control Procedures to ensure that the Company’s environmental management is compliant and well in order. During the Reporting Period, Tuya did not have any environmental violation. Tuya has a safety and environmental protection department responsible for various environmental management tasks within the Company, including controlling the generation of domestic sewage and wastes, and improving the efficiency of energy and water use. Due to the business nature of Tuya, no exhaust emission is generated since it is not a heavy-duty production enterprise, and therefore it has a relatively low negative impact on the environment. In addition, Tuya does not purchase packaging materials separately, and the usage of sample packaging materials is negligible. Green Office Tuya actively promotes the low-carbon life of green office and encourages employees to start from the little things to contribute to the sustainable development of the Company and society. We have launched a series of green office initiatives. During the Reporting Period, 98.45% of the vouchers produced are paperless, saving approximately 4.26 tons of paper in total. During the Reporting Period： 98.45 of the vouchers produced are paperless 4.26 saving approximately 4.26 tons of paper in total % tons Green office initiatives: We encourage public transportation and teleconference,thus saving travel expenses and reducing fuel consumption By transforming office equipment and lighting design as well as controlling the temperature of air conditioners, we can ensure that the internal power consumption of the enterprise is within the reasonable range of environmental protection requirements, thus achieving energy saving In the daily office area, we reduce the consumption of disposable paper cups and bottled water, and at the same time transform equipment such as automatic sensor faucets and flushers to save water We comprehensively promote paperless office, improve office efficiency and reduce paper waste Green Development, Low-carbon Operations 85
In addition to the above measures, the Company also encourages employees to reuse paper, take the stairs as much as possible, and share office resources. Tuya believes that full participation in green office initiatives is an important part of achieving low-carbon operations. In order to enhance the environmental protection awareness of all employees, Tuya attaches great importance to environmental protection management regulations and the training of management personnel in various environmental protection-related positions. Based on relevant national laws and regulations, environmental management system and internal environmental management documentation of the Company, we require management personnel in various environmental protection-related positions to study regularly, and incorporate the learning results into performance appraisal to ensure the effective implementation of environmental protection work and jointly create a continuous sustainable operating system. Tuya not only actively creates a green and low-carbon office environment, but is also committed to adopting more environmentally friendly practices and exploring new strategic goals to achieve sustainable operations. In order to further improve the level of green operation, we have formulated targeted environmental goals, aiming to improve carbon emissions, energy, emissions and water resources management through the formulation and realization of environmental goals. ] Gradually build the carbon emission management systemq ] Deeply cultivate low-carbon technology and develop smart product` ] Strengthen the publicity and implementation of low-carbon awareness among employees Carbon emissions targets ] Gradually build the comprehensive energy management systemq ] Pursue green design and adopt energy-saving equipmen• ] Explore the opportunities of renewable energy development Energy management targets ] Increase the recycling rate of recyclable wastesq ] Promote paperless officÅ ] Reduce the use of packaging bags in the office area ] Improve the utilization rate of water resource` ] Actively adopt water-saving device` ] Strengthen the publicity and implementation of water conservation awareness among employees Emissions management targets Water resources targets Green Development, Low-carbon Operations 86
As a responsible enterprise, Tuya is committed to promoting energy saving and consumption reduction. Tuya has formulated and implemented the Energy Saving and Consumption Reduction Control Procedures as the Company’s internal operating procedures in strict compliance with the Energy Conservation Law of the People’s Republic of China to strengthen the rational use of energy. In the course of daily operations, our energy consumption mainly comes from purchased electricity. By using our self-developed commercial lighting IoT control system - smart commercial lighting solution, we can improve energy management efficiency, meet the equipment management requirement of green buildings, and ensure that the goal of energy management and control is achieved. Energy Management Energy Management System and Certification Tuya energy saving and consumption reduction initiatives Smart transformation of Tuya’s office The temperature of air conditioners is controlled between 24°C and 26°C to ensure that the internal power consumption of the enterprise is within the reasonable range of environmental protection requirements Turn off unnecessary power-consuming devices at night to save energy at night Encourage employees to turn off relevant TV power supply in time after the meeting is over, and check whether there is any power supply that is not turned off after work to reduce energy consumption Promote green travel and carpooling, and encourage employees to take public transportation or ride shared bicycles on short-distance business trips or when commuting to and from work The project adopted the smart commercial lighting solution developed by Tuya to carry out smart transformation for Tuya’s office area, providing smart and comfortable lighting experience for approximately 1,000 employees. After the transformation, one-key adjustment of lighting effects, voice control lighting, independent control of lighting in the office area and showroom area, and automatic adjustment of lighting effects according to the timing of the astronomical clock are enabled in the office area. The effective and flexible energy-saving strategy has realized green and energy-saving in the office area. At the same time, lighting data is automatically uploaded and analyzed in real time, which improves energy management efficiency and reduces operational and maintenance costs. 2,866.07 Gross consumption of purchased electricity 13.77 Energy consumption per unit of revenue MWh MWh / USD million Green Development, Low-carbon Operations 87
Tuya strictly abides by the Water Law of the People’s Republic of China and other applicable laws and regulations of the place where it operates, and insists on promoting the concept of rational use of water and water conservation. The main source of water use of Tuya is municipal water. We record the amount of water resources used every month, and carry out renovation and regular maintenance of equipment and facilities such as automatic sensor faucets and flushers to prevent water leakage and waste of water resources. In addition, we actively promote the concept of water conservation and post various slogans in the common area to help employees develop the habit of water conservation. Use of Resources Water Resources Management The wastes generated during Tuya’s operation are mainly office waste, waste materials and equipment. Such wastes generated are sorted and recyclable wastes are centralized for recycling management and records filing. For non-recyclable waste and hazardous wastes, relevant qualified service providers are appointed to dispose of them in compliance with the laws. Tuya strictly abides by the Law of the People’s Republic of China on the Prevention and Control of Environmental Pollution by Solid Waste and other applicable laws and regulations of the place where it operates, and strictly manages the discharge of pollutants. Since we are not a heavy-duty manufacturing enterprise, no exhaust emission is involved. Our wastewater discharge is mainly domestic sewage. Emissions Management 4,736.88 Usage of water resources (2022) 22.75 Usage of water resources per unit of revenue (2022) m³ m³/ USD million 4,263.19 Gross wastewater discharge (2022) m³ 20.48 Wastewater discharge per unit of revenue (2022) m³/ USD million 7 *Excluding water usage in Shenzhen office 7 Green Development, Low-carbon Operations 88
The recyclable wases from each dearmen of he Comany are sored in designaed laces The recyclable wases from each dearmen of he Comany are finally cenralized for sorage in he warehouse. When he recyclable wase reaches a cerain amoun, he adminisraive dearmen will conac he recycler for recycling, and he manufacurer is resonsible for recycling and relacing some scraed IT equimen and comonens The adminisraive dearmen is resonsible for he saisical work of recyclable wases, and he rearaion of monhly and annual wase recycling saisical ables. All non-recyclable wases of he Comany are u ino he designaed rash cans and bins, and he adminisraive dearmen will conac he ousourced cleaning comany for regular collecion and cleaning, and finally handed over o he roery managemen comany for cenralized rocessing. Recyclable waste treatment procedures Non-recyclable waste treatment procedures 48.89 Gross non-hazardous wase (2022) tons 0.23 Gross non-hazardous wase generaed er uni of revenue (2022) tons / USD million 6.55 Recyclable wase (2022) tons 42.34tons Non-recyclable wase (2022) Wase reamen rocedures 140.00 Gross hazardous wase (2022) tons 0.67 Hazardous wase generaed er uni of revenue (2022) tons / USD million Green Develomen, Low-carbon Oeraions 89
Given the increasingly stringent government carbon emission-related policies, laws and regulations, coupled with the development of a national emission trading scheme, higher carbon pricing will lead to higher operating costs for businesses Timely grasp the latest requirements of relevant regulations and further improve the Company’s environmental management system and information disclosure quality to ensure compliance with increasingly stringent laws and regulations Actively promote energy saving and consumption reduction projects to reduce the Company’s greenhouse gas emissions Policies and laws Technology Market Acute Chronic Transition risk Physical risk As the requirements for various low-carbon environmental protection technologies and solutions are constantly increasing, enterprises will need to increase investment in research and development Accelerate low-carbon technology innovation, analyze the suitability of new technologies or solutions developed by the R&D department with Tuya’s business, and conduct a comprehensive evaluation of its investment Pay attention to market dynamics, analyze market environment trends in real time, and maintain the low-carbon characteristics of products, services, and solutions consistent with customer needs Comprehensively analyze and summarize the experience of typhoon and flood control over the years, and improve various emergency plans and early warning systems to deal with natural disasters such as typhoon and rainstorm Closely monitor chronic risks, promptly assess their business impact and take action accordingly, such as expanding the use of renewable energy Extreme weather (rainstorm, typhoon, heavy snow, flood, extreme heat, extreme cold, etc.) Rising average temperature increases energy consumption in data center during summer Consumer preference gradually shift towards products and services with low carbon footprint Risk type Item Risk description Countermeasures RESPONDING TO CLIMATE CHANGE The current global climate has changed dramatically compared to the pre-industrial times. As climate change becomes more pronounced and extreme weather occurs more frequently, in 2015, leaders around the world pushed for the signing of the Paris Agreement to jointly tackle climate change. The Paris Agreement seeks to limit the increase in global average temperature to well below 2°C above pre-industrial levels. In November 2022, it was proposed at the United Nations Climate Change Conference (COP 27) that multilateral collaboration would play an important role in addressing global climate change. Tuya actively responds to the global initiative and diligently practices the concept of green and low-carbon development. During the Reporting Period, with reference to the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD) and taking full consideration of the Company’s operations, industry and geographical factors, we initially identified various climate change-related risks and formulated relevant measures to address the risks brought by climate change to Tuya. 1,634.52 Gross greenhouse gas emissions (2022) 7.85 Greenhouse gas emissions per unit of revenue (2022) tons of CO₂e tons of CO₂e/USD million 8 Tuya’s business operations do not produce direct energy, and the source of greenhouse gas emissions is only from purchased electricity. 8 Green Development, Low-carbon Operations 90
APPENDIX I: HONG KONG STOCK EXCHANGE ESG CONTENTS INDEX Environmental, Social and Governance Areas, General Disclosures and Key Performance Indicators（KPI） Relevant Section Environmental A1 Emissions A2 Use of Resources A3 The Environment and Natural Resources General Disclosure General Disclosure General Disclosure Green Development, Low-carbon Operations Green Development, Low-carbon Operations - Practicing Green Operations- Use of Resources Green Development, Low-carbon Operations Information on: (a) the policies; and (b) compliance with relevant laws and regulations that have a significant impact on the issuer relating to air and greenhouse gas emissions, discharges into water and land, and generation of hazardous and non-hazardous waste. Policies on the efficient use of resources, including energy, water and other raw materials. Policies on minimizing the issuer’s significant impacts on the environment and natural resources. A1.1 A2.1 A3.1 Green Development, Low-carbon Operations - Practicing Green Operations - Emissions Management Green Development, Low-carbon Operations - Practicing Green Operations- Energy Management Green Development, Low-carbon Operations The types of emissions and respective emissions data Direct and/or indirect energy consumption by type (e.g. electricity, gas or oil) in total and intensity Description of the significant impacts of activities on the environment and natural resources and the actions taken to manage them A1.2 A2.2 Green Development, Low-carbon Operations - Responding to Climate Change Green Development, Low-carbon Operations - Practicing Green Operations- Use of Resources Total greenhouse gas emissions and intensity Water consumption in total and intensity A1.3 A2.3 Green Development, Low-carbon Operations - Practicing Green Operations- Emissions Management Green Development, Low-carbon Operations - Practicing Green Operations- Green Office & Use of Resources Total hazardous waste produced and intensity Description of energy use efficiency target(s) set and steps taken to achieve them A1.4 A2.4 Green Development, Low-carbon Operations - Practicing Green Operations- Emissions Management Green Development, Low-carbon Operations - Practicing Green Operations- Green Office & Use of Resources Total non-hazardous waste produced and intensity Description of whether there is any issue in sourcing water that is fit for purpose, water efficiency target(s) set and steps taken to achieve them A1.5 A2.5 Green Development, Low-carbon Operations - Practicing Green Operations- Green Office Green Development, Low-carbon Operations - Practicing Green Operations Description of emission target(s) set and steps taken to achieve them Total packaging material used for finished products and with reference to per unit produced A1.6 Green Development, Low-carbon Operations - Practicing Green Operations- Emissions Management Description of how hazardous and non-hazardous wastes are handled, and a description of reduction target(s) set and steps taken to achieve them A4 Climate Change General Disclosure Policies on identification and mitigation of significant climate-related issues which have impacted, and those which may impact, the issuer. A4.1 Description of the significant climate-related issues which have impacted, and those which may impact, the issuer, and the actions taken to manage them. Green Development, Low-carbon Operations - Responding to Climate Change Green Development, Low-carbon Operations - Responding to Climate Change Appendix 91
Social Environmental, Social and Governance Areas, General Disclosures and Key Performance Indicators（KPI） Relevant Section B5 Supply Chain Management B1 Employment General Disclosure General Disclosure People-oriented, Walking Together Hand-in-hand People-oriented, Walking Together Hand-in-hand - Care for Employees - Occupational Health and Safety Information on: (a) the policies; and (b) compliance with relevant laws and regulations that have a significant impact on the issuer relating to compensation and dismissal, recruitment and promotion, working hours, rest periods, equal opportunity, diversity, anti-discrimination, and other benefits and welfare. Information on: (a) the policies; and (b) compliance with relevant laws and regulations that have a significant impact on the issuer relating to providing a safe working environment and protecting employees from occupational hazards. B1.1 B2.1 People-oriented, Walking Together Hand-in-hand - Employee Rights and Interests – Attracting Talents People-oriented, Walking Together Hand-in-hand - Care for Employees - Occupational Health and Safety Total workforce by gender, employment type, age group and geographical region Number and rate of work-related fatalities occurred in each of the past three years B1.2 B2.2 People-oriented, Walking Together Hand-in-hand - Care for Employees – Employee Communication People-oriented, Walking Together Hand-in-hand - Care for Employees - Occupational Health and Safety Employee turnover rate by gender, age group and geographical region Lost days due to work injury B2.3 People-oriented, Walking Together Hand-in-hand - Care for Employees - Occupational Health and Safety Description of occupational health and safety measures adopted, and how they are implemented and monitored General Disclosure General Disclosure People-oriented, Walking Together Hand-in-hand - Employee Development - Employee Training People-oriented, Walking Together Hand-in-hand - Employee Rights and Interests – Labor Rights Policies on improving employees knowledge and skills for discharging duties at work. Description of training activities. Information on: (a) the policies; and (b) compliance with relevant laws and regulations that have a significant impact on the issuer relating to preventing child and forced labor. B3.1 B4.1 People-oriented, Walking Together Hand-in-hand - Employee Development - Employee Training People-oriented, Walking Together Hand-in-hand - Employee Rights and Interests - Labor Rights The percentage of employees trained by gender and employee category Description of measures to review employment practices to avoid child and forced labor B3.2 B4.2 People-oriented, Walking Together Hand-in-hand - Employee Development - Employee Training People-oriented, Walking Together Hand-in-hand - Employee Rights and Interests - Labor Rights The average training hours completed per employee by gender and employee category Description of steps taken to eliminate such practices when discovered B4 Labor Practices B3 Development and Training B2 Health and Safety Appendix 92 General Disclosure Superior Quality for Digital and Intelligent Future - Supplier Management Policies on managing environmental and social risks of the supply chain. B5.1 Superior Quality for Digital and Intelligent Future - Supplier Management-Number of suppliers by geographical region
Environmental, Social and Governance Areas, General Disclosures and Key Performance Indicators（KPI） Relevant Section General Disclosure General Disclosure General Disclosure Superior Quality for Digital and Intelligent Future Responsibility as Foundation of Enterprise for Steady and Long-term Development Community Co-construction, Industry Co-creation Information on: (a) the policies; and (b) compliance with relevant laws and regulations that have a significant impact on the issuer relating to health and safety, advertising, labelling and privacy matters relating to products and services provided and methods of redress. Information on: (a) the policies; and (b) compliance with relevant laws and regulations that have a significant impact on the issuer relating to bribery, extortion, fraud and money laundering. Policies on community engagement to understand the needs of the communities where the issuer operates and to ensure its activities take into consideration the communities’ interests. B6.1 B7.1 B8.1 B6.4 Superior Quality for Digital and Intelligent Future - Products and Services - Quality Assurance Responsibility as Foundation of Enterprise for Steady and Long-term Development - Commercial Ethics Community Co-construction, Industry Co-creation Superior Quality for Digital and Intelligent Future - Products and Services - Quality Assurance Percentage of total products sold or shipped subject to recalls for safety and health reasons Number of concluded legal cases regarding corrupt practices brought against the issuer or its employees during the reporting period and the outcomes of the cases Focus areas of contribution Description of quality assurance process and recall procedures B6.2 B7.2 B8.2 B6.5 Superior Quality for Digital and Intelligent Future - Products and Services - Customer Service Responsibility as Foundation of Enterprise for Steady and Long-term Development - Commercial Ethics Community Co-construction, Industry Co-creation Superior Quality for Digital and Intelligent Future - Data Security and Privacy Protection Number of products and service related complaints received and how they are dealt with Description of preventive measures and whistle-blowing procedures, and how they are implemented and monitored Resources contributed to the focus area. Description of consumer data protection and privacy policies, and how they are implemented and monitored B6.3 B7.3 Superior Quality for Digital and Intelligent Future - Intellectual Property Rights Protection Responsibility as Foundation of Enterprise for Steady and Long-term Development - Commercial Ethics Description of practices relating to observing and protecting intellectual property rights Description of anti-corruption training provided to directors and staff B5.3 Superior Quality for Digital and Intelligent Future - Supplier Management-Description of practices used to identify environmental and social risks along the supply chain, and how they are implemented and monitored. B5.4 Superior Quality for Digital and Intelligent Future - Supplier Management-Description of practices used to promote environmentally preferable products and services when selecting suppliers, and how they are implemented and monitored. B7 Anti-corruption B8 Community Investment B6 Product Responsibility Appendix 93 B5.2 Superior Quality for Digital and Intelligent Future - Supplier Management-Description of practices relating to engaging suppliers, number of suppliers where the practices are being implemented, and how they are implemented and monitored B5 Supply Chain Management Social
APPENDIX II: ESG PERFORMANCE Gross wastewater discharge m³ 4,263.19 Wastewater discharge per unit revenue Gross greenhouse gas emissions Greenhouse gas emissions per unit revenue m³/USD million 20.48 tons of CO₂e 1,634.52 Gross hazardous waste tons of CO₂e / USD million 7.85 Gross hazardous waste generated per unit revenue Gross non-hazardous waste tons 140.00 tons / USD million 0.67 Recyclable waste tons 48.89 Non-recyclable waste Gross non-hazardous waste generated per unit revenue tons 6.55 tons 42.34 Purchased electricity Usage of water resources per unit revenue tons / USD million Energy consumption intensity Usage of water resources MWh 0.23 2,866.07 MWh / USD million m³/USD million 13.77 m³ 22.75 4,736.88 Name of indicators Unit of indicators 2022 9 9 *Excluding water usage in Shenzhen office Appendix 94
Total number of employees 1,829 Number of employees by employment type people people 1,803 Number of full-time employees by gender people 26 people 1,256 Number of full-time employees by age Number of full-time employees by rank people 547 people 617 people people 1,182 4 people people 70 Number of full-time employees by region Full-time employees Contract workers Male Female Aged below 30 Aged 30 and above Senior level management Middle level management Unknown Primary level management Overseas regions General employees Mainland China, and Hong Kong, Macao and Taiwan regions people 221 people 1,492 20 people people 22 1,781 Name of indicators Unit of indicators 2022 Appendix 95 Turnover Total turnover % 18.1 Turnover by gender Male Female % 18.8 Turnover by region % 16.2 Mainland China, and Hong Kong, Macao and Taiwan regions % 17.5 Aged below 30 Aged 30 and above % Turnover by age Overseas regions % 13.0 % 24.8 61.3
people people 0 0 2020 Health and Safety Number of work-related fatalities 2021 2022 Number of lost-days as a result of work injuries people 0 days 237 Name of indicators Unit of indicators 2022 Appendix 96 Development and Training The percentage of employees trained by gender Male Female Male % % The percentage of employees trained by rank 70 Senior level management Senior level management 30 Female Middle level management The average training hours of employees by rank % Middle level management % % 97 100 90 hour / people Primary level management General employees hour / people hour / people % 4 97 8 2 hour / people The average training hours of employees by gender Primary level management General employees hour / people 0.83 hour / people 0.83 0.27
Supply Chain Management Number of suppliers by region Mainland China, and Hong Kong, Macao and Taiwan regions Overseas regions number number Customer Services 816 Number of product and service-related complaints received 131 Complaint resolution rate case % % 100 136 Complaint response rate 100 Philanthropy Charitable donation RMB’0000 479 Name of indicators Unit of indicators 2022 Appendix 97
APPENDIX III: CONTRIBUTIONS TO UNITED NATIONS SUSTAINABLE DEVELOPMENT GOALS Tuya practices social responsibility around the United Nations Sustainable Development Goals (SDGs). People-oriented, Walking Together Hand-in-hand Community Co-construction, Industry Co-creation Superior Quality for Digital and Intelligent Future Community Co-construction, Industry Co-creation People-oriented, Walking Together Hand-in-hand Community Co-construction, Industry Co-creation People-oriented, Walking Together Hand-in-hand People-oriented, Walking Together Hand-in-hand Superior Quality for Digital and Intelligent Future Superior Quality for Digital and Intelligent Future Superior Quality for Digital and Intelligent Future Green Development, Low-carbon Operations Green Development, Low-carbon Operations Responsibility as Foundation of Enterprise for Steady and Long-term Development Contributions to SDGs Relevant Sections Contributions to SDGs Relevant Sections Appendix 99