1. Introduction and Context

Company Background

Cloudphysician International Pte. Ltd., including its subsidiaries and affiliates (hereinafter referred to as the “Company” or “Cloudphysician”) is engaged in the business of providing tele-ICU services and a clinical management technology platform to its clients. The Company is headquartered in Singapore with subsidiaries operating from India.

Context

Whistleblowing is an essential tool to strengthen accountability and combat corruption. Whistleblowing refers to the act of reporting or disclosing information about illegal, unethical, or wrongful activities, typically occurring within an organization, to authorities or the public in order to bring attention to and address these issues.

The purpose of this Whistleblower Policy (“Policy”) is to create a robust whistleblowing system fostering reports of corruption, fortifying oversight, and curbing corruption in the long term. The policy also ensures that employees are protected from any adverse consequences for reporting corrupt practices.

2. Scope and Applicability

Cloudphysician is committed to maintaining compliance with applicable laws, regulations, and established policies. This Cloudphysician Policy is applicable to Cloudphysician and all its subsidiaries.

This Policy applies to everyone working for the Company worldwide regardless of location, role or level of seniority. It includes all activities conducted directly or indirectly on its behalf by all Employees working at all levels and grades, including directors, senior managers, officers, other employees (whether permanent, fixed-term, or temporary) as well as third parties associated with Cloudphysician such as consultants, contractors, interns, agency staff, and agents.

Every non-wholly-owned subsidiary and joint venture which the Company controls must adopt a similar sanctions policy. Where we participate in but do not control a joint venture relationship, we will encourage our partners to meet the requirements of the Policy in both the joint venture and their own operations.

Additional Guidelines

The guidelines in this policy should be read in conjunction with:

• Employee Code of Conduct
• Anti-Bribery and Anti-Corruption Policy
• Any additional documents that Cloudphysician deems necessary

3. Definitions

Whistleblower: A whistleblower is defined by this policy as an Employee or any third party who reports, to one or more of the parties specified in this policy, an activity that he/she considers to be illegal, dishonest, unethical, or otherwise improper.

Employee: Means a person who performs a service for wages or other remuneration under a contract of hire, written or oral, express or implied, for Cloudphysician.

Protected Disclosure: Means a concern raised by an employee or group of employees of the Company, through a written communication and made in good faith which discloses or demonstrates information about an alleged wrongful conduct or unethical or improper activity under the title “Scope of the Policy” with respect to the Company. However, the Protected Disclosures should be factual and not speculative or in the nature of an interpretation/conclusion. They should contain as much specific information as possible to allow for proper assessment of the nature and extent of the concern.

Subject: means a person or group of persons against whom or in relation to whom a Protected Disclosure is made or evidence gathered during the course of an investigation.

4. Procedures

Reporting

There are times when maintaining compliance involves questioning, in good faith, whether a policy, practice, or other activity might be a violation of law or policy. There also may be occasions in which a concerned person might feel it necessary, in good faith, to go beyond mere questioning and file a protest or complaint about an activity.

If any Employee or any third party involved in Cloudphysician’s business activities believes, in good faith, that some practice or activity is being conducted in violation of national or state law or Cloudphysician’s internal policies or otherwise constitutes an improper or illegal or dishonest financial or employment practice, that person must report the matter to the Compliance Officer.

If an Employee is unsure whether a violation has occurred, they should discuss the matter with the Compliance Officer immediately.

All reports or concerns of illegal and dishonest activities should be promptly communicated to the Compliance Officer of the Company in writing using Cloudphysician’s Whistleblowing Template describing in detail the specific facts. The completed document can be dropped off in person at:

The Compliance Officer Cloudphysician Healthcare Pvt Ltd 7 Bellary Road, Ganganagar Bangalore, Karnataka, India - 560 032

Or sent via email to whistleblower@Cloudphysician.net.

If there is an issue or concern with the Compliance Officer, Employees should contact the Independent Director on the board of Cloudphysician. The concerns may be made under this policy on a confidential or anonymous basis. However, those employees expressing concerns must recognize that Cloudphysician may be unable to fully evaluate a vague or general concern that is made anonymously.

The Compliance Officer is Dhruv Joshi and the Compliance Committee consists of the following members:

• Dhruv Joshi, Co-founder and Chief Executive Officer
• Dileep Raman, Co-founder and Chief of Healthcare
• Dhruv Sud, Chief Information Security Officer and Director - Technology

5. Protection

Whistleblower protections are provided in two important areas: confidentiality and retaliation.

No unfair treatment will be meted out to a Whistleblower by virtue of his/her having reported a protected disclosure under this policy. The Company, as a policy, condemns any kind of discrimination, harassment, victimization, or any other unfair employment practice being adopted against Whistleblowers.

Complete protection will, therefore, be given to Whistleblowers against any unfair practice like retaliation, threat or intimidation of termination/suspension of service, disciplinary action, transfer, demotion, refusal of promotion, or the like—including any direct or indirect use of authority to obstruct the Whistleblower’s right to continue to perform his duties/functions, including making further Protected Disclosures.

The Company will take steps to minimize difficulties that the Whistleblower may experience as a result of making the Protected Disclosure. Thus, if the Whistleblower is required to give evidence in criminal or disciplinary proceedings, the Company will arrange for the Whistleblower to receive advice about the procedure, etc.

Exclusions to Protection

The provisions of this Policy do not apply to the following types of complaints:

• Matters that are pending before a court of law, State, National Human Rights Commission, Tribunal, or any other judiciary or sub-judiciary body.
• Issues related to service matters, personal grievances (e.g., increment, promotion, appraisal), or any customer/product-related grievances, which will be handled through the grievance redressal processes of the Company.
• POSH-related complaints, which will be handled under the POSH policy.

6. Investigation and Action by the Investigation Committee

Cloudphysician has appointed individuals from the senior management to be on the investigation committee who will carry out the investigation with the support of the Compliance Officer.

For the reported concern(s) of potential or actual violation(s) of this policy:

• The Compliance Committee will conduct the inquiry/investigation of the reported concern for potential violation of this Policy. The objective of such inquiry or investigation would be to determine the facts.
• In case the concern does not fall within the ambit of the Whistleblower Policy, the sender shall be informed that the concern is being forwarded to the appropriate department/authority for further action, as deemed necessary.
• Each employee shall cooperate with the investigation team and promptly respond to all requests for information.
• If necessary, experts with the right knowledge and skills may be appointed to investigate the reported concern.
• The investigation process and the report will be kept confidential and shall be shared only with such persons who have a “need to know” under applicable law or Cloudphysician’s standard investigation process.
• The identity of a Subject will be kept confidential to the extent possible given the legitimate needs of the investigation. The Subject will be informed of the allegations at the outset of a formal investigation and shall be given an opportunity to explain their side.
• Subjects shall have a duty to cooperate with the Compliance Officer during the investigation to the extent that such cooperation sought does not merely require them to admit guilt. Subjects shall have a right to be informed of the outcome of the investigation. If allegations are not sustained, the Subjects shall be consulted as to whether public disclosure of the investigation results would be in the best interest of the Subject and the Company.
• Unless there are compelling reasons not to do so, the Subject will be given the opportunity to respond to material findings contained in an investigation report. No allegation of wrongdoing against the Subject shall be considered maintainable unless there is good evidence supporting the allegation.
• The investigation shall be completed normally within 90 days of the receipt of the Protected Disclosure and is extendable by such period as the Compliance Officer deems fit. The Board will be kept informed on all ongoing matters on a regular basis.
• Any member of the Investigation Committee, Board, or other officer having any conflict of interest with the matter shall disclose his/her concern forthwith and shall not deal with the matter.

7. Decisioning and Reporting

• If an investigation leads to a conclusion that an improper or unethical act has been committed, the committee shall take such disciplinary or corrective action as it may deem fit.
• Any disciplinary or corrective action initiated against the Subject as a result of the findings of an investigation pursuant to this Policy shall adhere to the applicable personnel or staff conduct and disciplinary procedures. The Company may also opt to reward the Whistleblower, based on the merits of the case.
• The investigation shall be deemed as closed upon conclusion of the inquiry and disciplinary action, recovery proceedings, initiation of extant legal proceedings, or reporting as required by the policies, after which the investigation shall be reported as closed to the Board.
• A semi-annual report with the number of complaints received under the Policy and their current status/outcome shall be placed before the Board. All reports on Whistleblowing are to be maintained by the Board Secretariat as per the record retention procedures of the company.

8. Corrective Action

If necessary, the committee will prescribe/suggest corrective actions to appropriate managers, officers, and employees for implementation.

Disciplinary Action

The Whistleblower, before making a complaint, must have a reasonable belief that an issue exists and they acted in good faith. If the Compliance Committee determines that the complaint is malicious, reckless, or false, it will be viewed as a serious offense and may result in disciplinary action (including without limitation termination of employment and civil or criminal liability).

9. Confidentiality

The Whistleblower, Compliance Officer, the Board, the Subject, and everybody involved in the process shall:

• Maintain confidentiality of all matters under this Policy.
• Discuss only to the extent or with those persons as required under this Policy for completing the process of investigations.
• Do not keep the papers unattended anywhere at any time.
• Keep the electronic mails/files under password.

In the event of the identity of the WhistleBlower being disclosed, the Board is authorized to initiate appropriate action as per extant regulations against the person or agency making such disclosure.

10. Communication and Training

This Policy is to be read in conjunction with the existing policies of Cloudphysician and will be communicated to all Employees and stakeholders on a regular basis, including during onboarding.

Regular training and awareness sessions shall be made available in relation to this Policy and related company procedures. Training will be conducted either online or in-person or a combination of both by the Compliance Officer. All individuals are expected to keep themselves up to date by undergoing repeat training at regular intervals or each time a training program is updated. As necessary, Cloudphysician may also extend training programs to third parties to ensure compliance with this Policy.

11. Documentation/Maintaining Records

Accurate and complete record-keeping is essential to the successful operation of Cloudphysician, as well as to our ability to meet our legal and regulatory obligations. All documents generated in compliance with this Policy will be retained as per statutory requirements and/or internal requirements of Cloudphysician.

12. Monitoring and Reporting

The Compliance Officer will monitor the effectiveness of this Policy and will report whistleblower reports to relevant stakeholders as per formats/frequencies requested by them.

An Internal Audit will be carried out on a quarterly basis to assess the operational effectiveness of the company’s whistleblower systems. The assessment will cover the following components:

• Implementation of the Policy in the businesses of Cloudphysician
• Capacity/effectiveness of this Policy including resourcing, training, and documentation

All material findings and actions taken will be reported to the Board on a quarterly basis.

13. Roles and Responsibilities

Board of Directors

• The Board of Directors of Cloudphysician shall have oversight of governance and compliance with this Policy
• The Board of Directors will be responsible for approving any changes in the Compliance Committee and appointment of a Compliance Officer.

Compliance Officer

• Conducting training and education of Employees and Third parties at Cloudphysician.
• Responsible for investigating and coordinating any necessary corrective action.
• Provide quarterly and annual compliance reports to the Board of Directors regarding this Policy.
• Will prepare an annual report on the implementation of this Policy for the Board of Directors and promptly report any non-compliance to them.

Investigation Committee

• Responsible for conducting a thorough investigation on any whistleblower report and coordinating any necessary corrective action with the Compliance Officer.

Employees/Third parties

• Familiarize themselves with this Policy and any related policies, procedures and controls through participation in training sessions in the required timeframe.
• If in doubt on this Policy or act of potential breach, immediately consult the Compliance Officer.
• Provide full cooperation for any inquiry or investigation conducted by Cloudphysician for potential violation of this Policy.

Whistleblower

• Every whistleblower must read and comprehend this Policy and adhere to its guidelines. It is advised that individuals who intend to report an issue should do so after gathering sufficient factual evidence to support the complaint, avoiding baseless complaints based on hearsay or rumors.

14. Amendment/Update

The Board of Directors will review the implementation of this Policy on an annual basis, considering its suitability, adequacy, and effectiveness. If revisions are necessary, the updated Policy document will be presented to the Board of Directors for approval before implementation.

‍