Risk Management

Enterprises are increasingly facing diverse and complex risks. With globalization, geopolitical conflicts, diseases, and climate change threats, systematically identifying and managing the impact of major risks on operations and profitability has become a critical issue.
The Company identifies opportunities and risks specific to the medical device industry. Each relevant department is responsible for recognizing opportunities and risks within its scope of work, leveraging advantages, and implementing appropriate strategies and actions.

The Board of Directors serves as the highest guiding authority for the Company's risk management initiatives. In 2025, the Company established an ESG Task Force and a dedicated "Risk Management Team" with a team leader to systematically oversee and integrate all risk management issues. According to the Company's "Risk Management Policy and Procedures," the Risk Management Team is composed of heads of responsible departments, led by the General Manager's special assistant as convener, to assist in developing and promoting risk management systems. Regular risk management meetings are held where responsible personnel report on risk identification, mitigation measures, risk trends, and response strategies. The results are documented and, at least annually, a summary report on the year’s risk management implementation is submitted to the Sustainability Committee and the Board of Directors.

Directors and Officers Liability Insurance (D&O Insurance)

The Company has obtained Directors and Officers Liability Insurance from Fubon Life Insurance Co., Ltd. By purchasing this insurance, the Company mitigates unknown risks and transfers potential damages arising from directors’ and key officers’ performance of duties, thereby protecting the interests of all stakeholders and further strengthening corporate governance.

Management Procedures and Risk Identification

Management Procedures	Risk Identification
The Company's risk management procedures include goal setting and strategic planning, risk identification, risk appetite, risk analysis, risk assessment, risk response, risk monitoring, and risk reporting and disclosure. The Risk Management Team references the "Best Practice Guidelines for Risk Management of Listed Companies," other international risk management standards, and best practice models to formulate risk appetite and risk analysis measurement standards. These standards are approved by the Sustainability Committee and serve as the basis for risk analysis, assessment, and response execution.	Each responsible department shall, based on the Company’s strategic objectives and risk management policies and procedures, identify risks associated with the short-, medium-, and long-term goals and operational duties of their units. Various analytical tools and methods may be used for risk identification, relying on historical experience and information while considering internal and external risk factors and stakeholder concerns. This process aims to comprehensively identify potential risk events that may prevent the Company from achieving its objectives, cause losses, or have negative impacts. The Company's risk sources include, but are not limited to, operational risk, market risk, environmental, health and safety risk, financial risk, human resources risk, information security risk, and other emerging risks that may result in significant company losses.

Management Procedures

Risk Identification

The Company's risk management procedures include goal setting and strategic planning, risk identification, risk appetite, risk analysis, risk assessment, risk response, risk monitoring, and risk reporting and disclosure.

The Risk Management Team references the "Best Practice Guidelines for Risk Management of Listed Companies," other international risk management standards, and best practice models to formulate risk appetite and risk analysis measurement standards. These standards are approved by the Sustainability Committee and serve as the basis for risk analysis, assessment, and response execution.

Each responsible department shall, based on the Company’s strategic objectives and risk management policies and procedures, identify risks associated with the short-, medium-, and long-term goals and operational duties of their units.

Various analytical tools and methods may be used for risk identification, relying on historical experience and information while considering internal and external risk factors and stakeholder concerns. This process aims to comprehensively identify potential risk events that may prevent the Company from achieving its objectives, cause losses, or have negative impacts.

The Company's risk sources include, but are not limited to, operational risk, market risk, environmental, health and safety risk, financial risk, human resources risk, information security risk, and other emerging risks that may result in significant company losses.