Governance

Denis Asia Pacific (DAP) has progressively developed a structured ESG framework to support responsible business conduct, long-term value creation and transparent reporting. This framework integrates internationally recognised standards, regulatory expectations and internal governance mechanisms to ensure consistency, credibility and continuous improvement.

DAP's ESG reporting scope has evolved over time to reflect the development of the business and the increasing maturity of its sustainability approach:

• Initial ESG reporting scope (2017): Denis Asia Pacific Pte Ltd and its fully consolidated subsidiaries; SFI Supplies Management Pte Ltd and its subsidiaries; and entities in which these companies hold a majority stake and over which DAP exercises operational control.
• Extension of the reporting scope (2019): Inclusion of Denis China Co. Ltd and its subsidiaries, reflecting the growing scale and relevance of these activities within the Food & Beverage business.
• Current ESG reporting perimeter: Food & Beverage activities conducted under Denis Asia Pacific, SFI Supplies Management and Denis China.

Entities excluded from the reporting scope include entities in which DAP does not hold a majority stake, and certain small entities that together represent less than 1% of total Food & Beverage activities.

United Nations Global Compact (UNGC)

DAP has been a signatory of the United Nations Global Compact (UNGC), Network Singapore, since 1 January 2016. By joining the UNGC, DAP committed to embedding the Ten Principles relating to human rights, labour standards, environmental responsibility and anti-corruption into its strategies, policies and operations.

Sustainable Development Goals (SDGs)

DAP has identified five United Nations Sustainable Development Goals (SDGs) that closely align with its ESG priorities and business activities:

• SDG 5 – Gender Equality: with a focus on equal opportunities and leadership participation.
• SDG 9 – Industry, Innovation and Infrastructure: supporting sustainable industrialisation and resource efficiency.
• SDG 12 – Responsible Consumption and Production: integrating sustainability into business practices and reporting.
• SDG 14 – Life Below Water: addressing sustainable fisheries and marine resource management.
• SDG 15 – Life on Land: focusing on forest protection, biodiversity and land-use impacts.

Corporate Sustainability Reporting Directive (CSRD)

Since the publication of the European sustainability reporting requirements, we have actively worked on understanding and anticipating their implications. Following recent updates to the applicability criteria, our company no longer falls within the mandatory scope of this regulation. Nevertheless, we chose to continue using the contextual analysis and the double materiality as a key reference for structuring our ESG reporting, as it provides a robust, coherent and forward-looking approach to sustainability disclosures.

Our ESG governance is structured to ensure clear oversight, shared responsibility and effective integration of sustainability considerations into decision-making processes. Key governance principles include:

• ESG oversight: The ESG Committee supervises ESG priorities, reviews progress and validates key methodologies, including the contextual analysis and the double materiality assessment.
• Cross-functional responsibilities: ESG implementation relies on the involvement of multiple departments across the organisation, ensuring that environmental, social and governance topics are addressed through existing operational processes.
• Management and strategic integration: ESG topics are regularly discussed within management and strategic forums, ensuring alignment between sustainability priorities, business strategy and risk management.
• Review and continuous improvement: The ESG governance framework is reviewed on a regular basis by the relevant governance bodies to ensure continued relevance and alignment with evolving regulatory and stakeholder expectations.
• Transparency and reporting: DAP communicates on its ESG commitments, actions and progress through the publication of an annual ESG Report and the submission of an annual UNGC Communication on Progress (CoP).

Strong governance and effective oversight are essential to Denis Asia Pacific's ESG framework. The Board of Directors of Denis Asia Pacific Pte Ltd, composed of eight members including the CEO, is responsible for strategic oversight, investment decisions and overall performance.

At the operational level, ESG and governance matters are supported by the Governance, Risk & Regulatory (G2R) Committee, which operates through three dedicated sub-committees:

• the Audit Sub-Committee, overseeing internal controls and audit processes;
• the Risk Sub-Committee, identifying, monitoring and mitigating key business risks;
• the Regulatory Sub-Committee, monitoring regulatory developments, particularly in the food sector.

DAP has established an ESG Committee at the highest level of management. The Committee provides strategic direction, oversees ESG priorities and monitors the implementation of sustainability initiatives across the reporting perimeter.

Composition

The ESG Committee is chaired by Mr. Daniel Denis, Vice Chairman of Maison Denis, with Mr. Nicolas Denis, Chairman, and Mr. Fabien Reyjal, Chief Executive Officer, serving as Vice-Chairmen. The Committee is coordinated by Mr. Hervé Simon, Group Marketing Director, and is composed of the ESG manager, Mr. Pablo Merino, and senior executives representing key business functions including finance, human resources, operations, quality, procurement, strategy, digital, research and development, and industrial operations.

Responsibilities

• Defining the ESG strategy and priorities.
• Identifying and assessing ESG-related impacts, risks and opportunities.
• Reviewing and validating the outcomes of the Double Materiality Assessment (DMA).
• Designating project leaders and allocating responsibilities.
• Setting and monitoring key performance indicators (KPIs).
• Providing strategic validation of the ESG Report prior to final approval.
• Reviewing progress and ensuring accountability.

The Ethics Committee plays a central role in DAP's governance framework by ensuring that ethical standards are upheld consistently across all entities. Its responsibilities include:

• Establishing ethics policies applicable to all DAP entities, unless superseded by local legal requirements.
• Approving subsidiary-specific ethics and behavioural guidelines.
• Reviewing severe ethical violations and recommending appropriate disciplinary actions to the CEO.

The Ethics Committee comprises shareholder representatives, the CEO and senior management, and includes at least one independent external expert to ensure objectivity and credibility. Currently, Mrs. Ai Ming Lee serves as the external member, bringing extensive experience from legal practice, public service and board-level roles.

In addition to the dedicated governance and ethics bodies, several cross-functional committees contribute indirectly to ESG-related decision-making:

• The Digital Transformation and Security Committee oversees digital strategy, information systems and cybersecurity matters, supporting governance objectives related to data protection, system resilience and the responsible use of digital tools.
• The Innovation Committee focuses on product development, process improvement and innovation initiatives, with outputs potentially contributing to sustainability-related improvements in product quality, resource efficiency and operational performance.

DAP's Code of Ethics is outlined in the printed employee handbook and is accessible via the company intranet. The Code defines the company's commitment to ethical business conduct, regulatory compliance and responsible corporate behaviour.

DAP applies a zero-tolerance policy with respect to severe ethical, legal and compliance breaches. This policy covers, in particular:

• Human rights violations, forced labour and child labour.
• Modern slavery and human trafficking.
• Corruption, bribery and unethical business conduct.
• Illegal environmental pollution.

To support implementation and oversight, DAP relies on preventive and control mechanisms including a Supplier Code of Conduct, supplier audits conducted by the Quality Assurance function, a company-wide anti-corruption training programme, an anti-modern slavery programme, and an anonymous whistleblowing mechanism.

DAP encourages employees, suppliers, customers, contractors, and other stakeholders to report suspected misconduct through DG-report.net, a secure and anonymous reporting platform. Reportable concerns include:

• Corruption and bribery.
• Regulatory non-compliance.
• Harassment or discrimination.
• Theft, forgery, or misappropriation of funds.
• Abuse of power or authority.
• Suspected modern slavery within DAP or its supply chain.

Whistleblowers are protected against retaliation. Reports are assessed by the Ethics Committee, which assesses their relevance and seriousness.

Employees are categorized into three commitment levels based on risk exposure:

• Factory and warehouse workers: Receive training and sign an anti-corruption pledge every three years (last conducted in 2023, next scheduled for 2026).
• Office employees: Complete mandatory e-learning on anti-corruption and bribery every two years, obtaining certification aligned with stringent legal frameworks across markets.
• Higher-risk employees (sales, procurement, marketing, etc.): Besides the mandatory e-learning, they undergo specialized training conducted by professional consultants every two years.

DAP is committed to fighting modern slavery, including slavery, servitude, forced marriage, forced labour, debt bondage, deceptive recruiting for labour services and the worst forms of child labour. The policy is structured around three pillars:

• Full Commitment: Zero tolerance for modern slavery. The Ethics Committee has the authority to dismiss implicated or negligent staff and ban stakeholders, including suppliers, and to report to authorities when alleged facts contravene local laws.
• Awareness & Training: Employees in roles that may encounter modern slavery undergo training every two years and sign an anti-modern slavery pledge.
• Duty to Report: Employees must report suspected modern slavery cases to senior management or via the whistleblower platform.

The Ethics Committee met on 27 February 2026 to review ethical matters related to the 2025 reporting period.

Whistleblowing Mechanism

In 2025, DAP received five reports through its whistleblowing platform (DG-report.net). All reports were reviewed by the Ethics Committee in accordance with established procedures. None of the reports fell within the Ethics Committee's jurisdiction; where relevant, matters were redirected to the appropriate departments for follow-up.

Policy Implementation and Training in 2025

Anti-corruption and anti-bribery:

• Office employees: 192 employees passed the e-learning validated by a test (74 new joiners, 118 re-certification). A total of 412 employees have been trained to date.
• Non-office employees: 1,081 employees signed a paper-based declaration. Refresher training will be carried out in 2026.

Anti-modern slavery:

• 89 staff members identified as higher-risk exposed employees completed their training and signed the anti-modern slavery pledge in 2025.
• Anti-modern slavery information has been added to company handbooks through a DAP Human Rights & Labour guidelines annex.
• Anti-modern slavery obligations are now included in the updated Supplier Code of Conduct.

Human Rights & Labour Initiatives:

• DAP regionally organised an International Women's Day programme on 8 March for the second consecutive year.
• Focus was placed on creating and finalising a template of guidelines on Human Rights & Labour, to be rolled out to HR teams across the different entities in 2026.

We are committed to ensuring the accuracy and reliability of ESG data through internal verification processes:

• As a privately held company, the ESG Committee defines the reporting scope and boundaries, ensuring relevance, consistency and alignment with our sustainability goals.
• ESG disclosures are prepared using verified internal data and established sources. Where assumptions or estimations are used, this is stated transparently.
• When a project or initiative does not achieve its expected KPIs within the reporting period, provisional data may be disclosed alongside an explanation of the context, limitations or challenges encountered.

The ESG report is published within three months following the end of the calendar year. It is publicly available through the following channels:

• Company Websites: Denis.com and MaisonDenisESG.net and our main branded websites.
• Issuu Digital Library: issuu.com/denisbrands
• United Nations Global Compact (UNGC) Website, as part of the annual Communication on Progress (CoP).

The ESG website leverages Google Neural Translation to make the report available in 10 languages. Since 2022, an audio version of the English report has been made available to support accessibility for visually impaired individuals. In line with our environmental objective, the ESG report is distributed exclusively in digital format.

Feedback & Contact Information

Questions or comments related to ESG disclosures and reporting may be submitted in writing to:

ESG Committee
Denis Asia Pacific Pte Ltd
151 Lorong Chuan, Lobby G 05-07
Singapore 556741
Email: ESG@denis.com

DAP's Food & Beverage activities operate in an environment where cybersecurity risks are increasing. Cyber-attacks targeting organisations are becoming more frequent and increasingly sophisticated as new technologies emerge. These risks can directly threaten operational continuity, financial performance, stakeholder trust and regulatory compliance. As a result, cybersecurity is recognised as a key governance and risk management topic requiring board-level oversight.

DAP's Board of Directors and executive leadership recognise cybersecurity as a strategic imperative requiring active oversight and accountability. At entity level, designated Cybersecurity Committees maintain oversight through quarterly reporting on risk posture, incident trends and strategic initiatives.

DAP's cybersecurity governance framework is aligned with ISO 27001 standards for systematic information security management. The framework covers key domains including:

• Identity and Access Management
• Data Protection
• Vulnerability Management
• Third-Party Risk Management
• Business Continuity

These policies establish mandatory requirements while allowing flexibility for entities to implement controls appropriate to their specific risk profiles and operational contexts. The policy framework is reviewed regularly by senior management and through independent audits.

DAP has implemented comprehensive security awareness training programmes designed to build a security-conscious culture across all levels of the organisation. All employees receive mandatory security awareness training upon joining the organisation and participate in ongoing education throughout their employment. Training covers essential topics including:

• Phishing and social engineering recognition.
• Password management and multi-factor authentication.
• Data protection and classification.
• Malware awareness and prevention.
• Incident reporting procedures and secure remote working practices.

Multiple delivery methods are used, including interactive scenario-based training, simulated phishing campaigns and gamified learning experiences, to maximise engagement and knowledge retention.

DAP operates a multi-layered technical security infrastructure designed to protect against evolving cyber threats. Key components include network security, endpoint protection, access controls and application security.

In addition, DAP operates a Security Operations Centre (SOC) that provides continuous monitoring, threat detection and incident response capabilities. The SOC follows a tiered operational model, with specialised analysts responsible for alert triage, incident investigation, threat hunting and strategic oversight.

Physical security controls complement these technical measures, reinforcing overall protection of systems, facilities and data.