Governance and Economic

Governance and Economic Sustainability Management Goals

The Company recognizes the importance of managing corporate governance and economic dimensions in an era where businesses face volatility and rapid changes, with a focus on creating shared value throughout the supply chain alongside adherence to good governance principles and business ethics. In 2024, the Company elevated its assessment of key sustainability issues by integrating corporate governance and economic dimensions into systematic organizational development, covering the improvement of definitions and scope of key issues, development of impact assessment methodologies, and prioritization alignment with the growing organizational context, to lead to the development of competitive capabilities, building stakeholder confidence, and sustainable growth.

Good Corporate Governance

Challenges and Opportunities

Maintaining good corporate governance presents an ongoing challenge for the Company, as increasing regulatory complexity, evolving disclosure requirements, and heightened scrutiny from investors and stakeholders demand robust governance structures and consistent accountability at all levels. The growing emphasis on board diversity, anti-corruption measures, and ESG integration within recognised frameworks such as the FTSE Russell ESG Ratings further requires the Company to continuously raise its governance standards. The Company is therefore committed to upholding strong and independent board oversight, rigorous risk management, transparent disclosure, and a culture of integrity — reinforcing investor confidence and sustaining its long-term credibility as a responsible and well-governed organisation.

Corporate Governance Structure

Corporate Governance and Sustainable Development Structure

Click to Enlarge

Medium-Term Goals

Achieve FTSE Russell "Good" level rating in 2026.
Participate in the CAC Change Agent program.
Upgrade FTSE Russell rating to "Best Practice" level in 2027.

Long-Term Goals

Continuously renew CAC certification.
Maintain rating levels and good corporate governance standards sustainably.

Corporate Ethics and Code of Conduct Promotion Project

The Company has developed a Corporate Ethics and Morality Promotion Program to enhance knowledge and understanding of business ethics and moral principles among employees at all levels, enabling them to implement these principles in practice. The key objectives are to conduct business transparently and responsibly, create a valuable and sustainable work environment, and communicate knowledge on important issues to employees throughout the organization. This includes anti-corruption, human rights principles, workplace ethics, and whistleblowing channels. The program is committed to creating an operational framework that respects and honors employees, as well as promoting adherence to good governance principles and morality in every work process.

In October 2025, the Company conducted a "Speedy Quiz" knowledge assessment from 14–31 October 2025, designed to measure understanding of business ethics and code of conduct among directors, executives, and all employees. Of the 1,163 individuals required to complete the assessment, all 1,163 achieved a passing score — representing a 100% completion and pass rate across all levels of the organisation. This result reflects the Company's commitment to fostering a corporate culture grounded in good governance, integrity, and transparency. Should any individual not meet the passing standard, the Company has established a clear follow-up process whereby their direct supervisor is notified, additional training is provided, and a re-assessment is scheduled — ensuring that every member of the organisation maintains a consistent and accurate understanding of ethical business conduct.

Thai Private Sector Collective Action Against Corruption (CAC) Participation Project

The Company implements the Thai Private Sector Collective Action Against Corruption (CAC) participation project to elevate good corporate governance standards and build confidence among all stakeholders, with a commitment to conducting business transparently and free from all forms of corruption. The main objective is to receive certification as a member of the Thai Private Sector Collective Action Against Corruption (CAC) by 2025, which will confirm the Company's commitment to conducting business with good governance and social responsibility.

The Board of Directors resolved to join the project and declared its intent on February 28, 2024, while appointing an Anti-Corruption Sub-Committee as the main management mechanism. The Company has prepared knowledge dissemination documents and provided training for employees at all levels, conducted anti-corruption seminars, promoted policies to all stakeholders, prepared letters to business partners to create cooperation, and established concrete prevention and risk control measures. There is an implementation plan for evaluation from January to May 2025 to apply for CAC certification in May 2025, with the certification results expected to be announced in November 2025.

In 2025, the Company received certification as a member of the Thai Private Sector Collective Action Against Corruption (CAC) for the first time, marking a significant milestone in the Company's commitment to conducting business with transparency, accountability, and zero tolerance for corruption in all forms. This certification affirms the Company's role in strengthening the foundation of good corporate governance within the Thai business sector and reinforces its dedication to sustainable organisational development in alignment with internationally recognised anti-corruption principles.

Anti-Corruption Promotion Project Within and Outside the Organization

The Company implements an anti-corruption promotion project both internal and external to the organization to create a corporate culture free from all forms of corruption and extend good practices to the business chain. The objectives are to raise awareness and commitment to anti-corruption among personnel at all levels, as well as encourage business partners and allies to jointly uphold and practice the same anti-corruption guidelines, in order to create a transparent and well-governed business ecosystem.

The Company focuses on concrete anti-corruption operations both internally and externally by requiring all executives and employees to sign an acknowledgment of the policy, while building awareness through training by speakers and self-learning via Microsoft Sway. In 2025, a total of 736 executives and employees participated, accounting for 50% of the total workforce, including orientation for all new employees to instill a culture of transparency.Regarding the external organization, the Company officially announced the policy to business partners, resulting in 42 new partners signing to acknowledge and comply with the practices. Furthermore, the Company has set a proactive goal for all new partners and Tier 1 suppliers to achieve 100% acknowledgment, with regular progress reports to the Audit Committee to expand the anti-corruption cooperation network across the entire supply chain sustainably.

Cases of Business Code of Conduct Violations (Cases)	2025
Complaints of Business Code of Conduct Violations
Corruption	5
Conflicts of Interest	0
Violations of Internal Company Regulations	9
Obstruction of Trade Competition	0
Other Complaints
Society and Community	0
Environment, Occupational Health and Safety	0
Human Rights Violations	0
Others	0

Actions Taken After Investigation and Confirmation of Business Code of Conduct Violations (Cases)	2025
Termination of Employment	5
Disciplinary Action	9
No Penalty	0
Branch Transfer	0
Others	0

For all 5 corruption cases, after conducting fact-finding investigations and confirming the violations were genuine, the company imposed the maximum penaltyimmediately terminating the employment of the involved employees. This action was in accordance with the company's good corporate governance policy and anti-corruption measures, which are strictly enforced.

Risk Management

Challenges and Opportunities

The Company implements a systematic risk management policy in accordance with the COSO framework, underpinned by a formal Risk Appetite Statement, with direct Board-level oversight through a dedicated Risk Committee. Risk assessments are reviewed quarterly to ensure timely identification and response across six key risk categories: (1) Strategic, (2) Operational — including supply chain and third-party risks, (3) Compliance, (4) Financial, (5) ESG — encompassing climate-related risks, and (6) Anti-Corruption, formally introduced in 2025. The Company also actively monitors emerging risks including cybersecurity, climate transition, and technological disruption, ensuring the risk framework remains robust and responsive to a rapidly evolving business environment.

Environmental, Social, and Governance and Economic Risk (ESG Risk)

Risk from the ability to procure quality products to adequately meet customer demands

Risk from revenue loss due to weather conditions - floods, drought, unseasonable weather conditions

Risk from transition to a low-carbon society, such as laws or taxes related to carbon emissions

Human rights risk in the value chain

Occupational health and/or safety risk in the work environment

Medium-Term Goals

Develop the organization's BCP to comprehensively cover business continuity management risks in all dimensions by 2027.

Long-Term Goals

Develop sustainable organizational culture in risk management.
Completely integrate risk management into all organizational work processes.

Business Continuity Enhancement Project

In 2025, the Company implemented a business continuity enhancement project to strengthen sustainability by focusing on reviewing and testing the Business Continuity Plan (BCP) to prepare for and enhance capabilities in responding to emergency situations that may impact business operations.

Warehouse Flood Response Plan

Fire Emergency Response Plan

Information Security and Cybersecurity Plan

These actions align with the objective of reviewing and developing the Business Continuity Plan (BCP) to comprehensively cover the organization's key risks, thereby strengthening stability and confidence in continuous and sustainable business operations.

Supply Chain Management

Challenges and Opportunities

Managing a responsible and resilient supply chain presents a significant challenge for the Company, as the complexity of multi-tier supplier networks increases exposure to risks related to labor standards, environmental impact, product quality, and business continuity. Growing expectations from investors and regulators for supply chain transparency and human rights due diligence further require the Company to look beyond its direct operations and take accountability for practices across its entire value chain. The Company is therefore committed to engaging suppliers on responsible business conduct, promoting fair labor practices and environmental standards throughout the supply chain, and maintaining robust supplier assessment and monitoring processes — reducing supply chain risk, ensuring product integrity, and strengthening the Company's long-term resilience and stakeholder confidence.

Supplier Code of Conduct

The Company has established a comprehensive Supplier Code of Conduct covering both social and environmental dimensions, with a focus on preventing human rights violations, prohibiting child labour and forced labour in all forms, ensuring environmental responsibility, and promoting transparent and ethical business conduct. All suppliers are required to formally acknowledge and sign the Code of Conduct as a condition of doing business with the Company, ensuring a clear and binding commitment to these standards. The Code is publicly accessible via the Company's website and communicated through multiple channels to ensure broad awareness across the supply chain. Compliance is monitored through a structured supplier audit and assessment process, and suppliers found to be in breach of the Code are subject to defined consequences, including corrective action requirements and, where necessary, termination of the business relationship. The Company is committed to continuously strengthening its supply chain standards to ensure that its values of integrity, sustainability, and respect for human rights are upheld at every tier of its supply chain.

Supplier Classification and Management

The Company categorizes suppliers into 4 tiers based on transaction value and product importance to assist in prioritizing management:

Tier 1 (Key Suppliers): Annual purchases exceeding 10 million baht with no substitute products. Must sign acknowledgment of the Supplier Code of Conduct
Tier 2: Annual purchases exceeding 10 million baht but with available substitute products
Tier 3: Annual purchases between 1-10 million baht
Tier 4: Annual purchases not exceeding 1 million baht

This classification helps the Company appropriately prioritize and allocate resources for management, starting with Tier 1 suppliers before expanding to other groups sequentially.

Evaluation and Monitoring System

The Company has developed a supplier evaluation system with clear criteria, requiring suppliers to have a total score of no less than 50% and an ESG score of more than 60%, along with regular monitoring and verification of code of conduct compliance, including tracking improvement results for identified deficiencies to ensure suppliers continuously implement improvements.

Supplier Relationship Development

The Company emphasizes positive supplier relationship development by creating understanding of sustainability operational approaches, supporting capability development, and promoting knowledge exchange and best practices sharing. These operations help strengthen close relationships and elevate supplier’s operational standards.

The Company systematically collects evaluation data and code of conduct compliance information for use in long-term business cooperation decision-making and development, while continuously reviewing and improving supplier management to align with changing situations and create greater efficiency in building sustainability throughout the supply chain.

Medium-Term Goals

All suppliers must pass minimum evaluation criteria.
Initial supplier evaluation score of no less than 50%.
ESG evaluation score of more than 60%.

Long-Term Goals

100% of both domestic and international suppliers must have no violations of environmental laws and social laws.
Purchase volume from companies in Thailand for distribution at 30% per year.
80% of key suppliers (Tier 1) in Thailand to receive ESG on-site audits by 2027.
Create a completely sustainable supply chain.
Develop strategic partnerships with suppliers in creating sustainability innovations.

Supplier Ethics Training and Communication Program

The Company has established a project to promote knowledge and understanding of business ethics principles with suppliers, create awareness in complying with laws and ethical standards, and strengthen sustainable relationships based on fairness and transparency.

Main Activities

Practical training workshops in both online and On-site Training formats to enhance knowledge of ethics and best practices.
Development of a Supplier Code of Conduct Handbook that compiles clear and comprehensive practice guidelines.
Systematic internal organizational communication to create shared understanding at all levels.

2025 Performance Results

Key domestic suppliers signed the Supplier Code of Conduct in full at

(Tier 1)

Suppliers have increased knowledge and understanding regarding

the importance of business ethics

Created sustainable business relationships and enhanced

long-term credibility

The Company achieved success in implementing its sustainable supply chain management policy, with suppliers (Tier 1) having signed acknowledgment and confirmed compliance with the Supplier Code of Conduct in full, representing 100%, which is considered a significant achievement in the Company's value chain management and reflects the establishment of solid cooperation with suppliers. In terms of supplier performance evaluation, throughout 2025, it was found that all suppliers passed the evaluation criteria in both operational and sustainability aspects, with no suppliers found to have scores below the established standard criteria. Furthermore, from close monitoring and coordination with suppliers in Thailand, no cases of violations or risks that might lead to environmental law violations were found. This success confirms the Company's commitment to developing and maintaining sustainability within the supply chain, both in social and environmental aspects.

Cyber Security and Personal Data Protection

Challenges and Opportunities

Cyber security and personal data protection present a growing challenge for the Company, as increasing digitalisation of retail operations and the collection of large volumes of customer and employee data heighten exposure to cyber threats, data breaches, and privacy risks. Evolving data protection regulations and growing expectations from customers, investors, and regulators for robust information security governance further require the Company to continuously strengthen its cyber resilience and data management practices. The Company is therefore committed to maintaining rigorous cyber security controls, ensuring full compliance with applicable data protection laws, promoting a culture of data privacy awareness across the organisation, and responding swiftly and transparently to any security incidents — safeguarding stakeholder trust, protecting business continuity, and reinforcing the Company's reputation as a responsible custodian of personal data.

Medium-Term Goals

1. Cybersecurity.

Zero cases of system breaches or information security threats or other cybersecurity incidents.
Zero cases of data breaches, including leaks, theft, and loss of personal data.

2. Personal Data Protection.

Zero complaints regarding personal data leaks.
Zero complaints regarding personal data leaks from regulatory authorities.

3. Implement and develop ISO/IEC 27001 standard system to achieve certification of this standard.

4. Upgrade data storage by migrating 100% of data from Server to Cloud to enhance operational efficiency and prevent data loss from unexpected events.

5. 100% of target group employees receive training to build knowledge and understanding of cybersecurity and personal data protection.

Long-Term Targets

1. Cybersecurity.

Zero cases of system breaches or information security threats or other cybersecurity incidents.
Zero cases of data breaches, including leaks, theft, and loss of personal data.

2. Personal Data Protection.

Zero complaints regarding personal data leaks.
Zero complaints regarding personal data leaks from regulatory authorities.

3. Pursue ISO/IEC 27701:2019 Privacy Information Management certification (or newer version that may be officially announced in the future), to be implemented after obtaining ISO/IEC 27001 certification as it is a standard that extends from ISO/IEC 27001.

4. Develop an efficient personal data management system with the goal of having no complaints regarding customer privacy violations and customer data loss.

Cyber Security Awareness Training Program

The Company has organized cyber security awareness training courses to enhance knowledge, understanding, and awareness of various forms of cyber threats, leading to proper use of information systems and organizational networks in accordance with company policy. In 2025, 400 employees participated in the training, representing 99.50% of all employees, with 100% of participants able to pass the understanding assessment criteria, reflecting the effectiveness of the course in enhancing cybersecurity knowledge.

The Company is committed to continuously developing and improving training courses to ensure personnel are ready to deal with ever-changing cyber threats, while supporting the creation of a cybersecurity culture within the organization, emphasizing the commitment to sustainably enhancing the security of data and information systems.

Vulnerability Assessment and Penetration Testing Project

In 2025, the Company implemented a vulnerability assessment and penetration testing project to evaluate security risks in the organization's critical network systems and applications. This covered examination of network systems, servers, and critical applications, along with preparing assessment reports and recommendations for improving protective measures. The Company conducted 2 assessments along with 2 Phishing Simulation exercises to evaluate the level of information technology security awareness among personnel.

The performance audit identified a total of 4 security vulnerabilities, 1 of which was classified as high risk. The Company has already completed the remediation of the high-risk vulnerability and has utilized the audit results to continuously improve internal control measures and enhance system security to mitigate risks that could impact business operations.

Firewall System Enhancement Project for Greater Efficiency

In 2024, the Company implemented firewall system improvements to enhance the efficiency of network security protection within the organization. The upgraded firewall system has capabilities to monitor and filter data entering and exiting the network system, prevent unauthorized external access to the system, detect and prevent abnormal activities on the network system, control access to undesirable websites and applications, and prevent connections to malicious content.

The system improvement was completed in 2024, which helped increase efficiency in preventing cyber threats, strengthen network security, and elevate the organization's information security measures to comply with international standards. This investment in security infrastructure improvement reflects the Company's commitment to comprehensively and sustainably protecting data and digital assets.

Click to Enlarge

2025 Performance Results

Click to Enlarge

Training to enhance cybersecurity knowledge and understanding for

400

target group

No cases

of all employees are cared for under the occupational health and safety management system

The Company has systematically implemented cybersecurity and personal data protection plans by conducting training to enhance cybersecurity knowledge and understanding for 400 target group employees along with vulnerability assessments in information systems and firewall system improvements to increase threat prevention efficiency. The 2025 performance results reflect the effectiveness of proactive measures, with no cases of security system breaches or personal data leaks found, which resulted from the implementation of modern technology such as high-performance firewall systems, encryption of critical data, regular risk assessments, and strict management of data access rights.

The Company places importance on creating awareness among employee groups through training on cyber threats and practices according to personal data policies. These measures help reduce risks from cyber threats and build confidence among stakeholders. Furthermore, the Company aims to obtain cybersecurity standard certification to elevate long-term operations and create confidence in international-level data security protection standards.

Cybersecurity	2023	2024	2025
Number of information security system violations or other cybersecurity incidents.	0	0	0
Number of data breaches, including leakage, theft, and loss of personal data.	0	0	0

Personal Data Protection	2022	2023	2024
Number of complaints about personal data leakage. incidents.	0	0	0
Number of complaints about personal data leakage from regulatory agencies.	0	0	0

Process Innovation Development

Challenges and Opportunities

Process innovation and development present a significant challenge for the Company, as rapidly evolving technology, shifting consumer behaviours, and increasing competitive pressure require continuous investment in modernising operations and improving efficiency across all business functions. Managing the pace of change while maintaining service quality, controlling implementation costs, and ensuring workforce readiness for new ways of working adds further complexity to the innovation journey. The Company is therefore committed to driving systematic process innovation through the adoption of modern technologies, digital transformation, and continuous improvement practices — enhancing operational efficiency, reducing costs, improving the customer experience, and strengthening the Company's long-term competitiveness and capacity to deliver sustainable business growth.

Software Development Process

Click to Enlarge

The Company has assigned the Information Technology Department as the main responsible party for managing and developing the organization's technology systems. In 2024 and 2025, the focus is on developing and implementing software to enhance internal organizational management efficiency. The Company has established a 5-step system development and integration process as follows:

Project Goal Setting and Planning

The Company begins by setting project goals focused on improving work process efficiency and responding to stakeholder needs. The Information Technology Department collaborates with relevant departments to plan projects, allocate resources, budget, and implementation timelines.

Requirements Analysis

The technology development team collects and analyzes requirements from all departments, covering system improvements, bottleneck problem solving, and developing necessary new functions to prepare technical specifications. In cases where systems are under external service provider management, operations involve collaboration between the technology development team and service providers in preparing specifications and system development plans.

Design and Development

External service providers are responsible for designing and developing systems according to technical specifications that have been analyzed and confirmed jointly with the Company, covering technology architecture design and functional operations, while considering compatibility with existing systems and future scalability capabilities.

Testing

Developed systems undergo comprehensive testing to ensure performance efficiency according to specifications without errors or vulnerabilities, including User Acceptance Testing (UAT) from actual users.

Implementation

After testing, the Information Technology Department installs systems and conducts employee training to enable full-efficiency system usage, while monitoring and evaluating initial usage results to improve and fix potential problems and ensure systems can efficiently meet organizational needs.

This 5-step development process is a crucial mechanism that enables the Company to develop the most efficient information technology systems, aligned with sustainable process innovation development goals in 2024 and the long term.

Medium-Term Goals

Develop data management and analytics capabilities so that all departments can efficiently access and utilize data, developing automated reporting systems that respond to the specific needs of each department.
Develop Data Transformation and Analytics systems to enhance the Data Center so that the business can access necessary data to create new revenue opportunities, reduce costs in various processes, or create innovations and quickly adapt to market changes.
Develop appropriate and modern technology media or online systems (E-Learning) to continuously enhance employee skills and knowledge.
Develop warehouse management systems to increase operational efficiency in inventory management and reduce product shortages or overstocking.
Increase the use of automation technology in Supply Chain operations to make work processes faster and more accurate, reduce human dependency in managing various processes, including reducing costs and increasing efficiency in management from procurement to product delivery.

Long-Term Targets

Develop AI-powered systems to enhance organizational work process efficiency for convenience, speed, and accuracy in operations, and use AI to improve various processes such as data analysis, production process management, customer support, and business planning.
Develop real-time transportation dashboard systems to immediately track and monitor transportation status and improve delivery planning for maximum efficiency.

Process Innovation Development Project

Data Analytics and Management Platform Development Project

Point of Sale System Development Project

SAP Accounts Payable System Development Project

Park Invoice without PO Development Project (Non-PO Invoice Management System)

Transfer Deferred Input VAT Development Project (VAT Management System)

SAP Asset Management System Development Project

SAP Financial Statement Preparation System Development Project

SAP Import Planning System Development Project

E-commerce Order Management System Development Project

e-Tax Invoice Electronic Tax Invoice System Project

Product Quality to Meet Consumer Needs

Challenges and Opportunities

Consistently delivering product quality that meets evolving consumer needs presents an ongoing challenge for the Company, as changing consumer preferences, rising quality expectations, and increasing demand for transparency around product ingredients, sourcing, and nutritional information require continuous investment in product development, quality assurance, and supplier management. Tightening regulatory standards on product safety and labelling further add to the complexity of maintaining compliance across a broad and diverse product range. The Company is therefore committed to upholding rigorous quality standards throughout the product lifecycle, investing in consumer insights to anticipate and respond to changing needs, and working closely with suppliers to ensure consistent product quality and safety — delivering products that customers can trust, strengthening brand loyalty, and supporting the Company's long-term commercial performance.

Medium-Term Goals

1% of complaints regarding non-quality products per annual sales volume.
Establish a timeframe for fact verification to be completed within 30 days after accepting quality complaints.
Develop a system for analyzing causes and approaches to prevent quality complaints.

Long-Term Targets

1% of complaints regarding non-quality products per annual sales volume.
Establish and announce quality and product recall policies.
Develop a preventive quality management system that covers the entire production process.

Supplier Quality Assessment Project for Quality Products

The Company implements a supplier quality assessment project to select and evaluate suppliers according to established standards to obtain quality, safe raw materials and products that comply with legal requirements. This covers inspection of production standards, relevant certifications, and sustainability principles to ensure suppliers operate to standard, create confidence in product quality, and promote responsibility throughout the supply chain. The Company requires all suppliers to be evaluated according to established criteria, considering both business potential and sustainability dimensions.

The Company has a process for evaluating all new suppliers according to standard assessment forms before beginning business relationships, focusing on business potential assessment, product quality, and verification of standard certifications according to legal requirements such as Thai Industrial Standards (TIS) and Food and Drug Administration (FDA) standards. In 2024, the Company evaluated all prospective suppliers according to established criteria and conducted business only with suppliers who passed the assessment, ensuring confidence that all suppliers have the potential to deliver quality products according to standards and support sustainable business operations.

The Company implements a comprehensive supplier quality assessment programme encompassing production standards, legally required certifications including TIS (มอก.) and FDA (อย.), ESG criteria, and human rights screening — evaluated across both business capability and sustainability dimensions. All prospective suppliers are required to undergo a standardised assessment prior to the commencement of any business relationship, whilst existing suppliers are subject to periodic re-assessments to ensure ongoing compliance with the Company's standards. Suppliers of strategic significance are identified and subject to enhanced levels of scrutiny, and any supplier failing to meet the defined criteria is required to implement a formal Corrective Action Plan. The Company conducts business exclusively with suppliers that have successfully completed all assessments. In 2025, a total of 151 suppliers were assessed, reflecting the Company's unwavering commitment to responsible and sustainable supply chain management.

Product Return Process Development Project

The Company has developed and established systematic and standardized product return procedures to define clear practice guidelines for managing product returns from customers. The main objectives are to create maximum customer satisfaction, reduce potential conflicts, and strengthen confidence in the organization's service standards. The product return process covers everything from store-level product management to warehouse returns, supporting various situations such as exchanging or returning defective products, correcting credit card processing errors, and managing cases where credit card or QR Payment transactions fail.

The Company has established systematic work processes in 3 main steps as follows:

1. Product Receipt Inspection - Verify price and product quantity information, symbols and certification standards from the Office of the Consumer Protection Board, and packaging quality.

2. Defective Product Management - Immediately coordinate with suppliers to analyze causes and determine corrective approaches.

3. Supplier Coordination - Report problem details, send photographs of defective products, and proceed according to established return or claim conditions.