Our Corporate Code of Conduct (“the Code”) applies to every employee, officer and director of the Company and its subsidiaries. It sets out the operating principles underpinning our management approaches to a range of issues, including:

Under the Code, all employees have a responsibility to report concerns about any suspected or actual improprieties relating to the Company and/or its subsidiaries. Employees found to be in breach of the Code will be subject to disciplinary action.

Since 2023, Swire Properties has obtained third-party assurance regarding the number of breaches of our Corporate Code of Conduct, in accordance with the International Standard on Assurance Engagement (“ISAE”) 3000. This assurance covers our operations in Hong Kong, the Chinese Mainland and the U.S.A., further demonstrating our commitment to upholding integrity and ethical conduct throughout our organisation. In 2025, there were three confirmed cases of breaches of the Code, none of which were related to corruption or bribery, customer privacy data, conflicts of interest, money laundering or insider trading. Two confirmed cases of breaches of the Code concerned business ethics while the remaining case concerned harassment (falling under the Code’s “Respect in the Workplace” category).

Our adherence to the principles and requirements of ISAE 3000 covers the accuracy and integrity of the number of breaches of the Code, and the effectiveness of our internal processes in terms of managing and reporting any breaches. The assurance provider reviews the structure and design of these processes and examines the Company’s incident reporting mechanisms to ensure that they are well-established, clearly communicated and accessible to employees.

Additionally, the assurance process reviews the monitoring and investigation procedures that the Company has in place and evaluates the corrective and disciplinary actions taken in response to breaches. By evaluating the effectiveness of our internal processes, we hope to gain insights that will further strengthen our compliance mechanisms and reinforce a culture of ethical behaviour within the Company.

Our Whistleblowing Policy sets out our procedures on whistleblowing, including the protection of whistleblowers from reprisal or disadvantage.

If an employee wishes to report concerns, they may contact either our Director, Human Resources, or the Swire Group Internal Audit department (“GIAD”); or make a report through our whistleblowing platform which is hosted by a third-party service provider and includes a 24-hour hotline service. Third parties that deal with Swire Properties, such as customers and suppliers, are also encouraged to report their concerns either directly to GIAD or through the whistleblowing platform. Anonymous reports may be submitted.

We also ensure that our contractors are aware of our Whistleblowing Policy and the different reporting platforms that are available to them.

In 2025, we received a total of 21 whistleblowing reports. Sixteen cases were related to operational issues, and the rest were related to the Corporate Code of Conduct. Eighteen of the whistleblowing cases were evaluated and fully resolved, while the remaining three cases are still under investigation.

We are committed to the fair treatment of any person who makes a genuine and appropriate report. In addition to making every effort to keep the identity of whistleblowers confidential, all reported information is treated in confidence, except where Swire Properties is required by law or regulation to disclose it, for legal or audit purposes, or where the Company refers the matter to the relevant regulators or law enforcement authorities.

In 2022, Swire Properties issued a standalone Anti-Bribery and Corruption Policy (“ABC Policy”), setting out the standards of behaviour expected from Swire Properties staff and the compliance procedures adopted by the Company, and reaffirming our commitment to providing guidance to all relevant parties about compliance with global anti-bribery laws. In August 2025, the ABC Policy was replaced by the Anti-Fraud and Anti-Corruption (“AFAC”) Policy. Our Corporate Code of Conduct was also updated to reflect the new AFAC policy.

According to the AFAC policy, all employees of the Company must comply with anti-bribery laws in every applicable jurisdiction. Our employees are not permitted to offer or accept advantages for the purpose of influencing business decisions, to make any form of payment to officials, or to grant, guarantee or accept loans from any person or organisation with whom we have business dealings.

To avoid the perception of improper conduct, our employees are expected to exercise caution when making or soliciting contributions to charitable causes and when providing entertainment and corporate hospitality or reimbursing bona fide expenses for legitimate business purposes. In 2025, there were no concluded legal cases regarding corrupt practices brought against the Company or its employees.

All our employees are required to confirm on an annual basis that they have read and have agreed to be bound by our Corporate Code of Conduct, which includes our anti-bribery practices. It is compulsory for our employees in Hong Kong and the Chinese Mainland (including those who have been seconded to other offices) to receive anti-bribery refresher training on an annual basis at a minimum.

In 2025, we continued our commitment to upholding integrity by providing our employees with refresher training on anti-bribery and corruption. As the ABC Policy was replaced in August 2025 with the more comprehensive AFAC Policy, time was taken to evolve the existing anti-bribery and corruption training into a new AFAC training course, which was launched in [insert launch date]. Approximately 9,365 hours of anti-bribery-related training was provided to employees across the Company. Additionally, anti-bribery and anti-corruption training materials were provided to the Board of Directors in 2025.

Swire Properties is committed to providing fair and competitive staff compensation programmes that will attract, motivate, retain, and reward employees at all levels, including our Executive Directors. Our Remuneration Policy documents key remuneration principles developed to support the Company’s strategy and is aligned with the Company’s corporate values. This policy ensures that the Company has a consistent, transparent and clear approach to remuneration considerations.

The policy is founded on the following key principles:

The Remuneration Committee reviews and approves remuneration proposals that concern our relevant senior management (including Executive Directors), making reference to the Remuneration Policy and the Board’s corporate goals and objectives. The remuneration proposals of our Executive Directors and strategic leaders are reviewed annually based on market data and peer comparison prepared by independent external consultants. No Executive Director or strategic leader takes part in any discussion about his or her own remuneration. The remuneration of individual Executive Directors and strategic leaders by band is disclosed in the Annual Report of the Company.

We conduct our business in a manner which respects the human rights and dignity of our employees, those employed in our supply chains and the communities in which we operate, in line with the principles and guidance contained in the United Nations Guiding Principles on Business and Human Rights.

Our Human Rights Policy is informed by the International Bill of Human Rights and by the International Labour Organization’s Declaration of Fundamental Principles and Rights at Work. We comply with national laws where they conflict with human rights standards but still do our best to respect the latter. The policy sets out the expectations we have for how our operations and supply chains should operate. The policy addresses diversity and inclusion practices, labour standards, health and safety, and employment conditions. Well-established channels are provided to our employees and stakeholders through which they may report human rights-related issues.

The Swire Group Internal Audit department conducts regular assessments of the Company’s adherence to the principles of the policy. Our business units are required to provide annual self-declarations on any non-compliance with human rights-related issues, including but not limited to child and forced labour, workplace discrimination and workplace health and safety within our operations and along our supply chain.

In 2024, we conducted a human rights assessment to improve our understanding of general human rights issues. The assessment evaluated our potential exposure and impacts across our business activities and operating regions, and identified the associated risks to our businesses. The assessment gathered insights from international sustainability and human rights-related frameworks, sustainability indices and the best practices of our peers. From these, we developed a list of human rights risks, augmenting our research with a dataset using machine learning and extensive civil society research to provide insights on country-level and operational level human rights issues.

The assessment consisted of:

An in-depth review, identification and benchmarking of human rights issues, referencing global standards, sustainability indices, and peer organisations.

An analysis of Swire Properties’ potential exposure to key human rights issues across different countries and business operations to understand the context of adverse impacts on affected stakeholders.

Prioritise human rights issues with reference to the UN Guiding Principles on Business and Human Rights’ criteria on severity (scale, scope and irremediability) and likelihood, in order to develop a greater understanding of the issues.

The assessment will inform regular reviews of our Human Rights Policy, providing insights on how we can enhance the implementation, monitoring and communication of the Policy across our operations going forward.

We are committed to ensuring that our marketing and communications materials comply with the relevant government regulations and industry guidelines, including the Residential Properties (First-hand Sales) Ordinance in Hong Kong and the Consent Scheme of the Hong Kong Lands Department.

We respect property rights, including intellectual property rights, and require that our employees comply with applicable legal requirements relating to the collection, holding, processing, disclosure and use of personal data, and that they respect the privacy of others and the confidentiality of information received during the course of our business operations.

Please refer to the Partners section of this report for information about our Data Management and Protection Policy.

We are committed to complying with all applicable competition and antitrust laws, including the Competition Ordinance in Hong Kong.

To help our employees understand the legal requirements of the Competition Ordinance, we have guidelines in place on conducting dealings with competitors and third parties, avoiding the abuse of market power, and participating in trade associations and industry bodies. We have also developed and implemented a Competition Law e-training programme for our relevant Hong Kong and Chinese Mainland employees.

In 2025, there were no legal actions related to anti-competitive behaviour brought against Swire Properties.

Under our risk management framework, the Board and management are responsible for identifying and analysing the risks related to information and cyber security, and for determining how such risks should be managed and mitigated.

We have implemented a “three lines of defence model” for cyber security and data protection risk governance. In the first line of defence, our Digital and IT department identifies, analyses and reports the risks for which it is responsible. The first line of defence is supervised by the functional heads.

The second line of defence is our Information Technology Digital Steering Committee, which is responsible for:

The Information Technology Digital Steering Committee reports to the Executive Committee which leads the second line of defence. EXCOM is comprised of the Chief Executive and seven executive directors and executive officers, and provides assurance to the Board that risks are being managed effectively.

The third line of defence is provided by the Group Internal Audit Department, which conducts regular independent audits of the effectiveness of the Company’s information and cyber security controls, IT infrastructure, information security management systems, and risk management processes.

We are committed to complying with our Information Security Policy and Guidelines. These are applicable to all Swire Properties workplaces. We have adopted the National Institute of Standards and Technology (“NIST”) cyber security framework, ISO 27001 Information Security Management System and ISO 27701 Privacy Information Management Systems. In 2025, we successfully achieved our NIST cybersecurity maturity assessment target.

Swire Properties is also committed to robust governance and control over personal data and sensitive information, minimising risk exposure through our comprehensive data privacy governance framework. This framework allows us to remain vigilant regarding the evolving landscape of data privacy regulations in the regions where we operate, ensuring compliance with both regulatory requirements and our internal policies.

We regularly conduct independent information security governance assessments to identify opportunities for improvement and ensure continuous enhancement of our practices. Our ISO 27001 and 27701 certifications help us maintain a robust information security management system, and we are well-equipped to protect our information assets while upholding the highest standards of cybersecurity. In 2025, these certifications encompassed all managed sites in our Hong Kong, the Chinese Mainland and the U.S.A. portfolio and were applicable to all workplaces.

Swire Properties has appointed a Managed Security Operation Centre (“MSOC”) that offers 24/7 cybersecurity monitoring and response services to safeguard our information assets. We also conduct regular phishing email drills and regular e-training to foster awareness among our staff and provide accessible channels to report phishing incidents. This year, we introduced a “report suspected phishing” function in our email system and organised a “Human Firewall Phishing Challenge” allowing employee to report incidents, vulnerabilities or suspicious activities.

We maintain a comprehensive cyber incident response plan and playbook that outline clear procedures and guidance for managing and addressing potential threats from cyber-attacks that could disrupt our business operations. To ensure continuous awareness, we conduct scenario-based drills annually. Our Business Continuity Plan covers major IT services and external providers, with defined authorisation and notification protocols.

Our IT Business Recovery Team, Corporate Business Recovery Team and Information Security team coordinate recovery efforts based on business impact assessments, recovery time and recovery point objectives. In case of disasters or emergencies, structured reporting, recovery and reconstitution procedures are to be followed. Regular scenario-based drills and disaster recovery tests ensure ongoing readiness.

In alignment with our Threat Vulnerability Management Policy, we actively gather threat intelligence and regularly perform detection and identification, severity rating, prioritisation, remediation resolution and monitoring for internal vulnerabilities, and promptly address any identified issues.

Our Digital Project Governance (“DPG”) Policy applies to all digital and information technology projects. The policy ensures that these projects comply with our applications and cloud architecture, cyber security, data privacy and operational standards by design and by default.

We regularly implement security and cyber security awareness training for our employees. In 2025, we offered 9,205 hours of such training. We also held personal data refresher training sessions for our departmental leaders and strategic leaders in Hong Kong and the Chinese Mainland. This training is conducted every two years.

Recognising the growing significance of data privacy and security management, Swire Properties implements a number of security control protection measures. These include:

In 2025, there were no confirmed information security breaches.

This year, we hosted a legal seminar, “2025 Cyber Trends for the Real Estate Sector”, that identified key regional cybersecurity trends, focusing on the real estate sector and its unique vulnerabilities. Participating experts discussed the importance of cybersecurity in real estate, including common attack surfaces and the evolving threat landscape such as ransomware and targeted malware. They also covered the impact of IoT and smart building technologies on property management and the associated cybersecurity challenges; and best practices in incident response planning, including what to expect during a cyber incident and how to respond effectively.