PREAMBLE

Akrivia Automation Private Limited ("Akrivia" or "the Company") is committed to conducting business with integrity, transparency, and in compliance with applicable laws and regulations. This Whistle Blower Policy ("Policy") establishes a vigil mechanism that enables directors, employees, contractors, and other stakeholders to report genuine concerns about unethical conduct, violations of the Company's Code of Conduct, fraud, or other irregularities.

This Policy has been formulated in accordance with best practices in corporate governance and information security management, including compliance with ISO/IEC 27001:2022 and ISO/IEC 27701:2019 standards. The Company recognizes the importance of providing a safe and confidential channel for raising concerns without fear of retaliation.

This Policy affirms Akrivia's zero-tolerance approach towards unethical behavior and its commitment to protecting those who report such concerns in good faith.

PURPOSE AND OBJECTIVES

The objectives of this Policy are to:

• Provide a formal mechanism for reporting concerns about unethical practices, violations of law, or breaches of the Company's Code of Conduct
• Ensure confidential and fair treatment of whistle blowers
• Protect whistle blowers from retaliation, victimization, or unfair treatment
• Facilitate independent and impartial investigation of reported concerns
• Promote a culture of transparency, accountability, and ethical conduct
• Preserve the security and integrity of information created, stored, handled, or processed at Akrivia

The Whistle Blower Policy Statement lays down the core vision and objectives of Akrivia Automation Private Limited management towards preserving the security of information created, stored, handled, or processed at Akrivia Automation Private Limited.

SCOPE AND APPLICABILITY

This Policy applies to all directors, employees (permanent, temporary, or contractual), contractors, subcontractors, consultants, vendors, and other third parties who have access to Akrivia's systems, services, or information. This Policy covers concerns related to, but not limited to:

• Violations of applicable laws, regulations, or Company policies
• Fraud, theft, or misappropriation of Company assets
• Corruption, bribery, or conflicts of interest
• Information security breaches or data privacy violations
• Financial irregularities or accounting malpractices
• Harassment, discrimination, or workplace misconduct
• Abuse of authority or gross negligence
• Any other conduct that poses a risk to the Company, its employees, customers, or stakeholders

REPORTING PROCEDURE

How to Report

Timeline for Reporting

Whistle Blowers should report concerns as soon as possible, preferably within 15 days of becoming aware of the alleged violation or unethical conduct.

Anonymous Disclosures

While identification is encouraged to facilitate effective investigation, anonymous disclosures will be considered on a case-by-case basis. The Company may face limitations in investigating anonymous complaints due to lack of ability to seek clarifications.

INVESTIGATION PROCEDURE

Receipt and Initial Assessment

• Acknowledge receipt of the disclosure within 7 working days.
• Determine whether the disclosure falls within the scope of this Policy.
• Assess gravity and decide whether to proceed with an investigation, typically within 15 days.

Investigation Criteria

Considerations include: violation of law/policy, credibility, adequacy of evidence, isolation vs systematic conduct, and cost/consequences of potential investigation.

Conduct of Investigation

Investigation shall be conducted by the Vigilance Committee through a neutral, fact-finding process. Identity of the Whistle Blower shall be kept confidential to the extent possible. All involved parties shall be provided a fair opportunity to present their case.

Investigation Timeline

The investigation is normally completed within 90 days. Extensions require Audit Committee approval.

DECISION AND ACTION

If allegations are substantiated, the Audit Committee may advise Management to: issue reprimands, take Disciplinary Action, impose penalties, terminate contracts, or initiate legal proceedings. The decision is final and binding.

Communication of Outcome: Subject to legal limitations, the outcome will be communicated to the Whistle Blower and Respondent.

PROTECTION AND SAFEGUARDS

Protection from Retaliation

The Company strictly prohibits retaliation. Any employee found retaliating shall be subject to serious Disciplinary Action, including termination.

Confidentiality

The identity of the Whistle Blower shall be kept confidential unless they agree to be identified, identification is required by law, or necessary for effective investigation.

Reporting Retaliation

If a Whistle Blower experiences retaliation, they may file a written complaint with the Audit Committee for investigation and corrective action.

Limitations on Protection

Protection does not shield Whistle Blowers from adverse actions independent of their disclosure (e.g., poor job performance).

EXCEPTIONS AND EXCLUSIONS

This Policy does not apply to: Personal grievances (salary, benefits), interpersonal conflicts, or performance evaluations. These should be addressed through HR channels.

FALSE OR FRIVOLOUS COMPLAINTS

Akrivia takes a serious view of malicious or false complaints. If an investigation reveals false allegations made knowingly, the Audit Committee may recommend Disciplinary Action, including termination.

RECORD KEEPING AND DOCUMENTATION

• Disclosures documented in a Whistle Blower Incident Tracker.
• Records retained for a minimum period of seven years.
• Classified as confidential; access restricted to authorized personnel.

REPORTING TO THE BOARD

The Audit Committee shall submit an annual report to the Board containing statistical information on disclosures received, accepted/rejected, pending investigations, and summary of actions taken.

COMPLIANCE AND ENFORCEMENT

Compliance is mandatory. The CEO, assisted by the CISO/DPO, shall ensure compliance. Regular reviews shall be conducted by Internal Audit.

CONSEQUENCES OF POLICY VIOLATIONS

Violations include: Retaliating against a Whistleblower, unauthorized disclosure, tampering with evidence, or making malicious complaints. These shall result in Disciplinary Action commensurate with severity.

POLICY REVIEW AND AMENDMENT

The Audit Committee is responsible for administration and periodic review. The Board of Directors reserves the right to amend, modify, or replace this Policy at any time.

CONTACT INFORMATION