Report from the Risk Management Committee

Dear Shareholders of TVD Holdings Public Company Limited,

The Risk Management Committee has been appointed by the board of directors, which consists of 3 members: one independent director and two executive directors. There were 2 Risk Management Committee meetings in 2025. The list of members of the Risk Management Committee and the number of times each member attended the meeting are as follows:

TVD Holdings Public Company Limited places great importance on risk management, particularly managing risks that impact the achievement of the company's business objectives and goals. This involves reducing the likelihood of potential risks and seizing business opportunities, ultimately creating added value for shareholders and stakeholders.

In 2025, the Risk Management Committee fulfilled its duties as assigned by the Board of Directors and the Risk Management Committee Charter. Its responsibilities included defining and reviewing enterprise-wide risk management policies, goals, and frameworks to ensure suitability for the company's business operations, as well as monitoring and evaluating risks and their management effectiveness at both the departmental and organizational levels. Two meetings were held, the key points of which are summarized as follows:

1. Overseeing and monitoring risk management operations at two levels:

• Strategic risk management

• Operational risk management

Establishing working groups for risk management at both the strategic and operational levels to ensure comprehensive operations that meet international standards. These groups have clear operational mechanisms and are consistent with the company's policies and the enterprise risk management approach.

2.Considering and monitoring the company's key risks (Key Risk Monitoring) based on the current situation affecting the company. The scope of consideration includes:

Strategic Business Risk:

In 2025, the company will continue to focus on restructuring its business into a Super Holding Company format to diversify risk and meet the needs of customers in the digital age. This approach aims to mitigate risk as the traditional home shopping business failed to meet revenue targets in 2024 due to changes in consumer behavior. Beyond the above, the company continues to prioritize seeking strategic partners to invest in new business segments (New S-Curve), including expansion into technology and finance. Thorough feasibility studies and specialized expertise, along with clear risk management plans, must be conducted before any new investment projects are undertaken.

Furthermore, the company will focus on expanding revenue by increasing the proportion of revenue from online channels (E-commerce) and service businesses (B2B Outsourcing) to reduce reliance on TV shopping and strengthen its financial position. This will be achieved by leveraging Data Analytics and AI to develop products and services that better meet the specific needs of consumers (Personalization).

The company recognizes the importance of Environmental, Social, and Governance (ESG) and is committed to conducting business responsibly. Risk assessments and preventative and corrective measures have been implemented at the strategic level. To mitigate ESG risks and build investor trust:

Operational Risk

The company continues to emphasize risk awareness to management and employees through the development of policies, guidelines, and measures. This includes providing training to employees, monitoring and verifying compliance with policies and procedures, and amending policies to align with current business operations. This ensures that operational risks are managed at a controllable and systematic level. Furthermore, emphasis is placed on safety at service locations, the availability of necessary facilities, and employee training to handle various emergencies, ensuring the company's business operations are efficient and that the safety of employees, customers, and stakeholders is maintained.

Financial Risk

The company has implemented strict cost control measures, particularly regarding the management of reserve funds, various investments, organizational restructuring, and appropriate resource planning to maintain financial liquidity and cash flow, and continuously control expenses in all aspects.

Compliance Risk

Compliance risk has been increased to develop an action plan for the company, educate employees, and emphasize compliance. Compliance with all laws, regulations, company policies, code of conduct, and orders from government agencies; policies prioritized by public companies, such as business ethics, conflict of interest policies, anti-corruption policies, policies on giving and receiving gifts, sponsorship, and entertainment, policies on charitable donations, policies on political support, and personal data protection policies, etc., that affect company directors, customers, business partners, investors, and employees. Employees are required to adhere to these policies to maintain overall internal order.

Regarding Information Technology (IT Risk)

In the era of rapid digital technology development (digital disruption), which can become a significant risk factor such as cyber risk, the company has implemented a cyber risk policy, a VPN access policy, improved and revised IT workflows, established a security working group to meet compliance standards to mitigate potential IT risks, and has developed a cyber risk prevention plan and conducted an assessment of its readiness to respond to cyber threats.

Corruption Risk

All forms of corruption damage development and pose a significant obstacle to the sustainable growth of organizations. The company has declared its intention and received certification as a member of the Private Sector Collective Action against Corruption (CAC). Furthermore, it focuses on training employees to understand the importance of being a transparent organization free from all forms of corruption, leading to sustainable growth.

Therefore, risk mitigation measures have been considered, both preventive and corrective, to ensure comprehensive and appropriate implementation on an ongoing basis.

3.Consideration is given to risk assessment criteria in two aspects: assessing the likelihood and assessing the impact of each risk to determine the risk level. This ensures sound principles and sufficient supporting data for risk assessment, reflecting the reality of the key risks that the company prioritizes and monitors, leading to accurate, appropriate, and highly effective management.

4.Consideration is given to implementing risk management according to international mechanisms and standards, starting with monitoring current risks and identifying new risks, assessing risks, and defining risk management measures. And monitoring for risk reporting, by storing risk information in the form of a risk register, including the establishment of an operational risk management manual that must define clear plans and procedures that can be immediately implemented.

5.Review the Risk Management Committee Charter to ensure that the guidelines for performing duties are appropriate and consistent with the current situation.

6.Conduct annual performance evaluations of the Risk Management Committee, both as a committee and individually, for the year 2025, with an overall evaluation result at the "Excellent" level, and report the evaluation results to the Board of Directors for use in developing efficient operations, as well as disclosing the evaluation results in the annual report.

In summary, the Risk Management Committee is of the opinion that by 2025, the Company will have a sufficiently effective risk management system to oversee the Group's key risks and that it is appropriate for the Company's and the Group's business operations and activities. Each core department and subsidiary continuously manage its risks to adapt to changing circumstances and maintain them at an acceptable level, supporting the company and the Group's organizational and business operations to proceed according to plan.