Corporate Governance Process

1. Introduction

This Corporate Governance Process outlines the internal governance framework applied by SIRELIS AI LIMITED in connection with the operation and oversight of its technology and AI platform. The document describes how responsibilities, decision-making authority, and control functions are structured within the Company to ensure the lawful, transparent, and orderly management of its activities.

For the purposes of this document, corporate governance refers to the system of principles, roles, and procedures through which the Company is directed and controlled. It defines how strategic objectives are set, how operational and compliance matters are supervised, and how accountability is maintained across management and internal functions. The framework is designed to support ethical conduct, sound decision-making, and the effective management of operational, legal, and reputational risks arising from the Company's activities.

The governance framework covers the responsibilities of senior management and, where applicable, the governing body in overseeing business operations, internal controls, and organisational integrity. It also reflects the Company's responsibilities toward users, business partners, service providers, employees, and other relevant stakeholders. Emphasis is placed on clarity of roles, consistency of internal processes, and proportional oversight aligned with the nature and scale of the Company's technology-driven services.

This Corporate Governance Process supports a structured approach to risk awareness and internal control, ensuring that the Company's activities, product offerings, and operational decisions remain aligned with its stated business model and internal policies. The framework is intended to evolve as the Company grows, while preserving transparency, accountability, and effective internal governance.

2. Board of Directors

The Board of Directors is the primary corporate body responsible for the strategic oversight and general management of SIRELIS AI LIMITED. The Board exercises overall supervision of the Company's activities, approves key internal policies, and oversees senior management to ensure that operations are conducted in a lawful, transparent, and orderly manner consistent with the Company's business model as a technology and AI platform.

The Board may consist of up to three members. Where practicable, the Board may include at least one non-executive director who is not involved in the Company's day-to-day operations, for the purpose of supporting independent oversight. All directors are required to possess the professional competence, integrity, and judgment necessary to discharge their fiduciary duties. Relevant experience may include corporate governance, technology platforms, risk management, legal oversight, data protection, or operational control environments.

Upon appointment, directors are provided with information regarding the Company's business model, governance framework, internal control environment, and risk profile. Directors are expected to be aware of and comply with their duties and responsibilities under applicable corporate law, including the obligation to act honestly, in good faith, and in the best interests of the Company. Where a director has limited prior experience in governance roles within technology-driven or compliance-sensitive environments, appropriate onboarding and internal familiarisation may be provided.

An internal induction process is maintained to ensure that newly appointed directors are introduced to the Company's internal policies, governance procedures, key operational processes, and relevant personnel. The content and delivery of the induction process may involve senior management and relevant internal functions. While administrative aspects of the process may be delegated, the Board remains collectively responsible for ensuring that the induction process is adequate and proportionate.

2.1. Role of the Board of Directors

The Board of Directors is the highest governing authority within the Company's governance structure and bears ultimate responsibility for strategic oversight, organisational performance, and internal accountability. The Board is accountable to the shareholders and is responsible for ensuring that the Company is managed prudently and in accordance with applicable legal and contractual obligations.

The Board oversees the identification, assessment, and management of operational, legal, technological, and reputational risks associated with the Company's activities. This includes assessing whether the Company's products, services, and internal processes remain aligned with its stated strategic objectives and risk tolerance. The Board ensures that internal risk assessments are reviewed periodically and that material risks are addressed in a timely and proportionate manner.

Strategic decisions are taken with a view to supporting sustainable development and long-term value creation. While commercial outcomes cannot be guaranteed, the Board ensures that risks arising from business activities are appropriately identified, assessed, and managed. Board decisions are intended to reflect a balance between oversight and innovation within the Company's defined risk framework.

The Board is responsible for promoting a culture of integrity, transparency, and accountability within the Company. Board meetings are conducted in a manner that allows for informed discussion and the exercise of independent judgment.

The Board maintains appropriate channels of communication with shareholders and, where relevant, external stakeholders. Information communicated through such channels is expected to be accurate, timely, and reflective of material developments. The Board may define and review key performance indicators and governance metrics for the purpose of monitoring organisational effectiveness.

Board meetings are held as required to discharge the Board's responsibilities. Minutes are prepared for each meeting and record decisions taken and material matters discussed. Records are maintained in an orderly manner.

2.2. Role of the Ultimate Beneficial Owner

The Ultimate Beneficial Owner does not hold a formal governance role unless appointed as a director or officer of the Company. Any involvement of the Ultimate Beneficial Owner in strategic discussions or corporate oversight is conducted transparently and in a manner consistent with generally accepted principles of corporate governance.

The Ultimate Beneficial Owner may provide high-level strategic input or a long-term perspective but does not participate in the day-to-day management of the Company unless formally mandated. Interactions with the Board or senior management are conducted in a manner that respects the separation of ownership and management functions and the independence of governance structures.

Where the Ultimate Beneficial Owner participates in shareholder or Board meetings, such participation is documented in the relevant records. Meetings are conducted in a structured manner and in accordance with applicable procedures.

The Ultimate Beneficial Owner may recommend candidates for Board appointment based on skills and experience relevant to the Company's activities and governance requirements. Any such involvement remains advisory in nature unless otherwise provided by law or corporate documentation.

Any involvement of the Ultimate Beneficial Owner in governance or management matters is proportionate, documented, and aligned with applicable corporate governance standards.

2.3. Role of Executive and Non-Executive Directors

The governance framework distinguishes between executive and non-executive directors based on their involvement in the Company's operations.

Executive directors are directors who are employed by the Company and are involved in the management of day-to-day activities. Their responsibilities may include oversight of operational functions, implementation of Board-approved strategies, and management of internal teams or processes.

Non-executive directors are directors who are not involved in day-to-day operations and do not hold executive positions within the Company. Their role is to provide independent oversight and contribute to Board deliberations, particularly in relation to governance, risk management, and internal controls.

The Board seeks to maintain an appropriate balance between executive and non-executive directors to avoid undue concentration of influence. All directors are subject to the same fiduciary duties under applicable corporate law, including duties of good faith, care, skill, and diligence.

2.4. Approval of New Services and Products

The introduction of any new service or product requires prior approval by the Board of Directors. Proposals are subject to a structured internal assessment process to evaluate alignment with the Company's strategic objectives, operational capabilities, and risk framework.

Proposed services or products are assessed for operational, legal, technological, and reputational risks. Consideration is given to factors including complexity, reliance on third-party providers, data processing implications, and scalability.

Where relevant, internal reviews may address data protection, system reliability, and cybersecurity considerations. The Board may require phased implementation, pilot testing, or post-launch review measures.

Senior management is responsible for submitting proposals and supporting assessments to the Board. Final approval is reserved to the Board and is based on documented analysis.

Approved services and products are subject to ongoing monitoring to ensure continued alignment with internal expectations and intended use. Remedial measures may be implemented where necessary.

2.5. Compliance and Internal Control Measures

The Company maintains compliance and internal control measures proportionate to the nature and scale of its activities as a technology and AI platform. These measures support lawful operation, internal accountability, and risk awareness.

A designated compliance function oversees adherence to internal policies and applicable legal and contractual obligations and reports material matters to senior management and, where appropriate, the Board. The compliance function operates independently from operational activities.

Internal procedures include risk-based assessments, monitoring of platform usage, and periodic reviews of internal controls. Additional measures may be applied where elevated risk is identified.

Employees receive training to ensure awareness of internal policies, data protection requirements, and expected standards of conduct. Training is reviewed periodically.

2.6. Technology Risk and Cybersecurity Governance

The Company maintains a structured framework for technology risk and cybersecurity governance to protect the confidentiality, integrity, and availability of systems and data.

Risk assessments are conducted to identify vulnerabilities within the Company's digital infrastructure. Appropriate preventive and detective controls are implemented to mitigate risks relating to unauthorised access, data loss, and system disruption.

An incident response framework is maintained, setting out procedures for the identification, escalation, and management of cybersecurity incidents. The framework is reviewed periodically.

Security monitoring and reviews are conducted to assess the effectiveness of controls and identify areas for remediation. Remedial actions are implemented in accordance with assessed risk.

3. Conflict of Interest

A conflict of interest arises where a direct or indirect personal interest interferes, or could reasonably be perceived to interfere, with an individual's ability to act objectively and in the best interests of the Company. The identification and management of conflicts of interest are essential to maintaining trust among shareholders, users, business partners, and other stakeholders.

Conflicts of interest may arise in various circumstances, including transactions or arrangements involving the Company and its directors, senior managers, shareholders, or persons closely associated with them. Such circumstances may result in actual or perceived bias in decision-making. In all cases, the interests of the Company shall prevail over any personal, financial, or other private interests.

The Board of Directors requires all individuals subject to this governance framework to act with integrity and to avoid situations in which personal interests conflict, or may conflict, with their duties to the Company. Where avoidance is not practicable, individuals are required to exercise appropriate caution and transparency. Situations that could reasonably give rise to the perception of a conflict of interest shall be addressed with the same level of diligence as actual conflicts.

Any actual or potential conflict of interest must be disclosed promptly and in full to the Board of Directors. Disclosure shall be made as soon as the conflict is identified and, where appropriate, recorded in an internal register maintained for this purpose. Transparency in disclosure forms a fundamental element of the Company's governance framework.

Following disclosure, the Board of Directors will assess whether, and to what extent, the individual concerned may participate in discussions or decision-making relating to the relevant matter. In making such determinations, the Board will consider the nature and materiality of the conflict, the potential impact on the integrity of the decision-making process, and the overall interests of the Company.

Where a conflict of interest is ongoing and material, the individual concerned is expected to consider whether continued participation in the Board or the relevant governance role remains appropriate. The Board may determine that mitigating measures or other corrective actions are necessary to protect the integrity of the governance framework and the interests of the Company.

4. Board Meetings

Members of the Board of Directors are expected to attend all scheduled and ad hoc Board meetings, either in person or by means of appropriate remote communication tools, including video or teleconferencing platforms. Participation through remote means is deemed equivalent to physical presence for the purposes of discussion and decision-making.

Where non-executive or independent directors are appointed, their participation is recognised as an element supporting balanced governance and independent oversight. The absence of a non-executive or independent director does not, of itself, invalidate a meeting or prevent the formation of a quorum. However, the Board may determine that the participation of such a director is appropriate for certain matters.

Attendance at each Board meeting is formally recorded. Minutes are prepared following each meeting and record the names of directors present, any absences, and, where relevant, explanatory notes. The minutes reflect the matters discussed, decisions taken, and material considerations raised.

Draft minutes are submitted for review and approval by the Board at a subsequent meeting or through an agreed approval process. Once approved, the minutes form part of the Company's official governance records and are retained in accordance with applicable internal recordkeeping procedures.

5. Delegation to Management

The Board of Directors delegates the day-to-day management of the Company to executive management, while retaining overall responsibility for strategic oversight, governance, and internal control. Such delegation is formalised through defined roles, authorities, and reporting lines intended to ensure accountability, clarity of responsibility, and effective execution of the Company's objectives.

5.1. Role of the Chief Executive Officer

The Chief Executive Officer is appointed by the Board of Directors and serves as the most senior executive officer of the Company. The CEO is responsible for leading the executive management team and for implementing the strategy approved by the Board. Authority delegated by the Board is exercised through the CEO, who remains accountable to the Board for management performance and operational outcomes.

Together with other senior executives, the CEO oversees the development and operation of the Company, ensures alignment between strategic objectives and operational execution, and supports a governance culture based on transparency, accountability, and appropriate risk awareness.

5.2. Role of the Head of Operations

The Head of Operations reports to the CEO and is responsible for the effective management of the Company's day-to-day operational activities. This role includes operational planning, coordination of internal resources, and the maintenance of efficient business processes across relevant functions.

The Head of Operations oversees internal workflows, facilitates cross-functional coordination, and ensures that operational activities are conducted in accordance with approved strategies and internal policies. Regular communication with the CEO and, where appropriate, the Board supports informed oversight and operational continuity.

5.3. Role of the Head of Risk

The Head of Risk is responsible for the identification, assessment, and management of risks arising from the Company's activities. This role supports the establishment and maintenance of internal controls designed to identify and mitigate operational, legal, technological, and reputational risks.

The Head of Risk works in coordination with executive management and relevant internal functions to maintain a structured risk management framework proportionate to the nature and scale of the Company's operations. Identified risks are documented, monitored, and escalated to senior management where material or emerging risks are identified.

Regular risk reporting supports management awareness and informed oversight. The Head of Risk collaborates with operational, compliance, and technology functions to ensure that risk considerations are integrated into business processes and decision-making.

5.4. Role of the Head of Information Technology

The Head of Information Technology is responsible for the planning, implementation, and maintenance of the Company's technology infrastructure. This role supports the reliability, security, and scalability of systems used in connection with the Company's technology and AI platform.

The Head of Information Technology works with executive management to ensure that technological capabilities remain aligned with business requirements and internal governance standards. Responsibilities include oversight of system performance, support for cybersecurity measures, and the implementation of safeguards designed to protect data and platform integrity.

6. UBO Rights

The Ultimate Beneficial Owner holds rights arising from their ownership interest in the Company. The Board of Directors recognises these rights and ensures that they may be exercised in accordance with applicable law and the Company's constitutional documents. The governance framework reflects the role of the Ultimate Beneficial Owner as a shareholder and does not confer any additional management or governance authority beyond that provided by law or corporate documentation.

The Ultimate Beneficial Owner is entitled to participate in shareholder meetings, whether annual or extraordinary. Appropriate notice and information are provided to enable participation in matters requiring shareholder consideration, approval, or consent, in accordance with applicable corporate law and the Company's governing documents.

For matters submitted for shareholder approval, the Board ensures that information is provided in advance to enable an informed assessment of proposed resolutions. Such information includes a description of the nature and purpose of the proposed actions and their potential impact on the Company.

The rights of the Ultimate Beneficial Owner are exercised in accordance with applicable corporate law and the Company's constitutional documents. These rights may include the right to vote on matters reserved to shareholders, including matters relating to governance arrangements, capital structure, and material corporate actions.

Where provided by law or the Company's governing documents, the Ultimate Beneficial Owner may hold pre-emptive rights in respect of new issuances of shares, allowing the preservation of proportional ownership. Any such rights are exercised in accordance with applicable legal requirements.

The Ultimate Beneficial Owner may access the Company's corporate books and records to the extent permitted by applicable law and subject to reasonable limitations necessary to protect confidentiality, operational integrity, and the legitimate interests of the Company.

The Board ensures that the Ultimate Beneficial Owner receives information regarding the Company's financial position and material developments to the extent required by law and consistent with good corporate governance practices.

Where dividends are declared, the Ultimate Beneficial Owner is entitled to receive distributions in proportion to their ownership interest, subject to the Company's financial position, dividend policy, and applicable legal requirements.

In the event of corporate actions affecting ownership interests, the Ultimate Beneficial Owner may be entitled to seek an independent valuation of their interest where such entitlement arises under applicable law or the Company's governing documents.

7. Audit

The internal audit function operates as an independent and objective assurance activity intended to support the effectiveness of the Company's governance framework, internal control environment, and risk management processes. Its purpose is to provide structured and impartial assessments that assist the Board of Directors and management in evaluating the adequacy and effectiveness of internal arrangements.

Responsibility for the internal audit function rests with an appointed Internal Auditor or, where applicable, with an external audit service provider engaged for this purpose. Where audit activities are outsourced, oversight of the engagement, including monitoring of scope, performance, and follow-up actions, is retained by the designated responsible person within the Company. Audit activities are conducted in accordance with agreed objectives and appropriate professional standards.

The Board of Directors oversees the Company's audit arrangements, including the appointment or recommendation of external auditors where shareholder approval is required, and determines whether changes to audit appointments are necessary. Management supports the audit process by facilitating coordination between audit functions and by ensuring reasonable access to relevant information, systems, and personnel.

Coordination between internal and external audit activities is encouraged in order to promote consistency, reduce unnecessary duplication, and enhance the overall effectiveness of assurance activities. Such coordination may include the exchange of audit plans, findings, and management responses, subject to applicable confidentiality requirements.

Audit fee arrangements are structured to preserve the independence and objectivity of the audit process. Financial considerations do not influence audit scope, methodology, or conclusions. The independence of auditors is maintained at all times, and audit judgments are not subject to commercial or cost-related pressures.

The Company avoids arrangements under which external auditors perform internal audit functions or other services that could impair their independence. Any additional services provided by audit firms are assessed to ensure that they do not create conflicts of interest or undermine the effectiveness of assurance activities.

The Board may assign specific oversight responsibilities for the internal audit function to an Audit Committee or, where appropriate, to an independent external party with relevant expertise and independence. Internal audit reports are provided to the Board to support informed oversight and the timely consideration of identified findings and recommendations.

The internal audit function provides the Board with independent assurance regarding the design, implementation, and effectiveness of internal controls and risk management practices. Direct and unrestricted access between the internal audit function and the Board is maintained to ensure that material findings are communicated without undue delay.

All auditors engaged by the Company are required to comply with applicable professional standards, confidentiality obligations, and ethical requirements. Auditor independence is a fundamental condition of engagement and is preserved throughout the audit process.

8. Reporting and Disclosure

The Board of Directors is responsible for overseeing the Company's approach to reporting and disclosure and for ensuring that information provided to shareholders and other relevant stakeholders is accurate, clear, and not misleading. The reporting framework is intended to support transparency, informed oversight, and confidence in the Company's governance and internal control arrangements.

In discharging this responsibility, the Board ensures that reports and disclosures appropriately reflect the Board's oversight of internal controls, risk management, and organisational accountability. Disclosures are intended to explain how oversight responsibilities are exercised and how internal structures support decision-making, asset protection, and operational integrity.

Disclosures relating to internal controls describe, in a proportionate manner, the systems and processes implemented to establish, maintain, and monitor effective internal controls across the Company. This includes an overview of governance procedures, risk assessment methodologies, and internal monitoring mechanisms, as well as the manner in which these elements are reviewed and updated.

The Board also ensures that reporting addresses how assurance is obtained regarding the effectiveness of internal controls. This may include references to independent reviews, internal or external audit activities, and structured reporting from management concerning the operation of key control functions.

Where an internal audit function is established, disclosures reflect its role within the governance framework and its interaction with the Board. Where no internal audit function exists, reporting may describe alternative review arrangements and the frequency with which the effectiveness of internal controls is assessed.

Reporting further considers whether any material areas of the Company's activities fall outside the scope of established internal controls or review processes. Where applicable, such areas are identified at a high level, together with an explanation of how related risks are monitored or mitigated.

The Board is also responsible for ensuring appropriate disclosure of the Company's approach to risk management. Such disclosure describes the structures and processes used to identify, assess, and manage risks arising from the Company's activities, including operational, technological, legal, and reputational risks.

Disclosures explain how risk management and internal control processes are integrated and how they collectively support the secure and efficient operation of the Company. Reporting reflects how these processes operate in practice rather than as isolated mechanisms.

Finally, the Board ensures that disclosures provide a balanced overview of the Company's key risks and the measures applied to manage them. Where relevant, emerging risks are acknowledged together with the processes in place to monitor and mitigate their potential impact.

9. Code of Ethics

The Code of Ethics sets out the principles and standards governing the conduct of SIRELIS AI LIMITED in its internal operations and external interactions. It establishes an ethical framework applicable to directors, officers, employees, and, where relevant, third parties acting on behalf of the Company.

The Company conducts its activities in a manner intended to support integrity, transparency, and accountability. Decisions and actions are expected to be taken responsibly, in good faith, and with due regard to their potential impact on stakeholders. Ethical conduct supports sustainable operations and organisational trust.

Individuals are required to act honestly, fairly, and consistently in the performance of their duties. Personal responsibility for actions and decisions is an essential component of the Company's ethical framework. Any breaches of ethical standards are addressed in accordance with applicable internal procedures. The Company conducts its activities in compliance with applicable laws and internal policies.

Confidentiality is a core ethical requirement. Individuals with access to confidential or sensitive information are required to protect such information from unauthorised use or disclosure. This includes personal data, proprietary information, and intellectual property. Information is used solely for legitimate business purposes and handled in accordance with applicable data protection requirements.

The Company seeks to maintain a professional working environment. Individuals are expected to treat others fairly and with respect. Discrimination, harassment, or other forms of inappropriate conduct are not permitted. Ethical conduct includes maintaining an environment in which individuals are treated with dignity and professionalism.