Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

To maintain a consistently high level of service experience for our clients, preserve the confidentiality, integrity, and availability of our information systems, safeguard our assets, data, intellectual property, and network infrastructure, while meeting regulatory requirements, it is crucial to effectively manage cybersecurity risks. To achieve this, we have implemented a comprehensive cybersecurity risk management framework, which is integrated in our overall enterprise risk management system and processes and is internally managed.

Our dedicated cybersecurity staff is tasked with assessing, identifying and managing risks related to cybersecurity threats and, under the leadership of our chief operating officer, is responsible for:

●

risk assessments designed to help identify material cybersecurity risks to our critical systems, information, services, and our broader enterprise IT environment;

●

development of risk-based action plans to manage identified vulnerabilities and implementation of new protocols and infrastructure improvements;

●

cybersecurity incident investigations;

●

monitoring threats to sensitive data and unauthorized access to our systems;

●

secure access control measures applied to critical IT systems, equipment and devices, designed to prevent unauthorized users, processes, and devices from assessing IT systems and data;

●

developing and executing protocols to ensure that information regarding cybersecurity incidents is promptly shared with the board of directors, as appropriate, to allow for risk and materiality assessments and to consider disclosure and notice requirements; and

●

developing and implementing training on cybersecurity, information security and threat awareness.

As of the date of this Annual Report, we have not experienced cybersecurity incidents during the year ended December 31, 2025, that resulted in an interruption to our operations, known losses of any critical data or otherwise had a material impact on our strategy, financial condition or results of operations. However, the scope and impact of any future incident cannot be predicted. For more information regarding the risks the Company faces from cybersecurity threats, see “Item 3D. Risk Factors––Risks Related to Our Business and Industry––We are increasingly dependent on information technology, and our systems and infrastructure face certain risks, including cybersecurity and data leakage risks.”

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our board of directors is responsible for overseeing risks related to cybersecurity. Our board of directors shall (i) maintain oversight of the disclosure related to cybersecurity matters in current reports or periodic reports of our company, (ii) review updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the disclosure issues, if any, presented by our management on a quarterly basis, and (iii) review disclosure concerning cybersecurity matters in our annual report on Form 20-F presented by our management.

At the management level, our cyber security team is responsible for monitoring and mitigating cybersecurity risks, including those associated with third-party service providers. The team investigates and responds to any suspicious activities within our data environment. Upon detecting any material cybersecurity threat or cybersecurity incident, our cyber security team will report the threat or incident to our head of information technology and cybersecurity functions, who will assume the responsibility for managing the risks from such material cybersecurity threat or cybersecurity incident and monitoring the prevention, mitigation and remediation measures. Our head of information technology and cybersecurity functions is required to update our board of directors regarding the status of any material cybersecurity threats, material cybersecurity incidents or other associated risks, and they are also required to discuss with our board of directors with respect to disclosure of any material cybersecurity threat or incident, if any. Our head of information technology and cybersecurity functions has extensive experience working in the field of cybersecurity, with pertinent background and expertise in cybersecurity risk management and compliance.

If a cybersecurity incident occurs, our cyber security team will promptly organize personnel for internal assessment. If it is further determined that the incident could potentially be a material cybersecurity event, our cyber security team will promptly report the incident and assessment results to our head of information technology and cybersecurity functions, and, to the extent appropriate, involve external legal counsels to provide advice. Our management shall prepare disclosure material on the cybersecurity incident for review and approval by our board of directors before it is disseminated to the public.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

At the management level, our cyber security team is responsible for monitoring and mitigating cybersecurity risks, including those associated with third-party service providers. The team investigates and responds to any suspicious activities within our data environment. Upon detecting any material cybersecurity threat or cybersecurity incident, our cyber security team will report the threat or incident to our head of information technology and cybersecurity functions, who will assume the responsibility for managing the risks from such material cybersecurity threat or cybersecurity incident and monitoring the prevention, mitigation and remediation measures. Our head of information technology and cybersecurity functions is required to update our board of directors regarding the status of any material cybersecurity threats, material cybersecurity incidents or other associated risks, and they are also required to discuss with our board of directors with respect to disclosure of any material cybersecurity threat or incident, if any. Our head of information technology and cybersecurity functions has extensive experience working in the field of cybersecurity, with pertinent background and expertise in cybersecurity risk management and compliance.

Cybersecurity Risk Management Third Party Engaged [Flag]

true