Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We have implemented robust processes for assessing, identifying and managing material risks from cybersecurity threats, including processes to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers. These processes mainly include:

(i)Preparation stage: During this stage, we determine the targets and scope of our cybersecurity risk assessment and set up different levels of cybersecurity risk and our general response to each level of risk;

(ii)Risk identification: We identify the nature and source of the cybersecurity risk and assess the vulnerability of our relevant system and technology;

(iii)Risk analysis: We determine the level of cybersecurity risk by analyzing the cause and severity of such risk, the possibility of any potential cybersecurity incident resulting from such risk, and the potential consequences of such cybersecurity incident;

(iv)Risk assessment: Depending on the level of cybersecurity risk, we determine whether to deal with such risk, the priority of our risk management, and our risk management plan; and

(v)Risk management: Based on the severity of the cybersecurity risk and the potential impact of such risk on our business operations, we implement mitigating measures to address such risk and evaluate the effectiveness of these measures.

We have integrated these cybersecurity risk management processes into our overall enterprise risk management system. In addition, we have in place the handling processes and management policies for cybersecurity incidents. We also engage third-party assessors, consultants and auditors in connection with our cybersecurity risk management processes when our cybersecurity management team deems necessary or appropriate. Our cybersecurity management team has the necessary resources and authority to select, retain, terminate and approve the fees and other retention terms for these third parties.

As of the date of this annual report, to our best knowledge, no risk from current or previous cybersecurity threats has materially affected or is reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.

Cybersecurity Risk Management Processes Integrated [Text Block]

processes mainly include:

(i)Preparation stage: During this stage, we determine the targets and scope of our cybersecurity risk assessment and set up different levels of cybersecurity risk and our general response to each level of risk;

(ii)Risk identification: We identify the nature and source of the cybersecurity risk and assess the vulnerability of our relevant system and technology;

(iii)Risk analysis: We determine the level of cybersecurity risk by analyzing the cause and severity of such risk, the possibility of any potential cybersecurity incident resulting from such risk, and the potential consequences of such cybersecurity incident;

(iv)Risk assessment: Depending on the level of cybersecurity risk, we determine whether to deal with such risk, the priority of our risk management, and our risk management plan; and

(v)Risk management: Based on the severity of the cybersecurity risk and the potential impact of such risk on our business operations, we implement mitigating measures to address such risk and evaluate the effectiveness of these measures.

We have integrated these cybersecurity risk management processes into our overall enterprise risk management system.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our board of directors is responsible for the oversight of risks from cybersecurity threats, including making major decisions and overall planning with respect to cybersecurity risk management, overseeing the risk management process, reviewing the reports from the cybersecurity management team, and evaluate the effectiveness of our cybersecurity risk management program.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our cybersecurity management leading group is responsible for monitoring and coordinating our cybersecurity risk management processes, including preparing internal policies and remediation plans with respect to cybersecurity risk assessment and management, regularly reporting the progress and results of cybersecurity risk management to our board of directors, and promptly reporting any material cybersecurity risk or incidents to our board of directors.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our cybersecurity management leading group is led by our chief executive officer and chief financial officer and consists of heads of various departments, including the head of our information security department, who are specialized or experienced in managing information security, compliance and risk management. For example, the head of our information security department, who is a key member of our cybersecurity management team, has over 20 years of experience in information security and is familiar with recent developments in technologies, laws and regulations in information security.Our cybersecurity risk assessment team is led by the head of our information security department and consists of dedicated staff from various departments, including our information security department, in-house legal department and internal control department. Members of our cybersecurity risk assessment team generally have extensive experience in dealing with cybersecurity issues. For example, one of the key members of our cybersecurity risk assessment team has over ten years of experience in information security and is familiar with network protocols and the construction of information security system for enterprises. Another key a member of our cybersecurity risk assessment team has five years of experience in information security and is proficient in cybersecurity technologies.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true