A sound governance framework and well-defined management responsibilities provide strong support for the efficient operations of VNET. The Group has established a governance structure comprising the general meeting of shareholders, the Board and Board committees, and the management. The Board of Directors offers guidance and suggestions on the management, including strategy formulation and implementation oversight, monitoring operational and financial performance, and ensuring effective internal control and risk management systems are in place. Each Board committee is responsible for overseeing and reviewing matters within their respective domains to ensure stable corporate operations. The terms of reference for each committee are published on the Group’s website and are available to shareholders upon request. The Board convenes meetings regularly, and in 2024, the average attendance at Board meetings was 100%.
We attach great importance to the independence and diversity of our Board of Directors. The Audit Committee, the Nomination & Corporate Governance Committee, and the Compensation Committee under the Board are all chaired by independent non-executive directors. When selecting and appointing directors, the Board emphasizes diversity and considers multiple dimensions, including but not limited to professional expertise, industry experience and qualifications, educational and cultural backgrounds, gender, ethnicity, etc. This ensures that comprehensive perspectives and profound insights can be brought to the company across skills, experiences, knowledge, and viewpoints.
We encourage our directors to participate in appropriate professional training and courses, as well as provide them with legal and regulatory updates for reference and study. By doing this, we aim to enhance the Board's compliance awareness and capabilities to perform duties and improve the operational efficiency of the Board of Directors.
As of the release of this Report, the Board of Directors consisted of six members, including two executive directors and four independent directors. Independent directors account for 67% of the Board.
The Group has established an ESG governance structure with the Board of Directors assuming the responsibility and the management taking the lead, enhancing cross-functional cooperation and cross-level collaboration. The Group has incorporated ESG management into its major decisions to promote the high-quality development of the enterprise. The Board of Directors serves as the highest decision-making body for the Group's ESG matters, being responsible for providing comprehensive guidance and supervision over ESG initiatives, and for ensuring the effectiveness of the ESG management processes to support the continuous optimization and improvement of the ESG performance.
VNET takes the significance of risk management and internal control to the Group's operations. In compliance with the requirements of the Sarbanes-Oxley Act, we have established and continuously optimized our risk management and internal control systems based on the Integrated Framework for Internal Control (hereinafter referred to as the "Framework") issued by the Committee of Sponsoring Organizations of the Treadway Commission (hereinafter referred to as “COSO”), while integrating the characteristics of our business. We identify and provide early warnings for both financial and non-financial risks during operations, thereby forming an effective risk prevention and control mechanism. We have implemented the three-lines-of-defense structure for risk management, integrating risk management into corporate governance and operational processes. By clearly defining the roles and responsibilities of the Board of Directors, management, internal control teams, and external audit institutions within the risk prevention system, we ensure the integrity and effectiveness of our risk management framework.
Under the guidance of the COSO framework, VNET has formulated the internal Guidelines on Risk Management to conduct annual risk assessments on key risk factors that may impact the Group's business development. We implement a structured risk management process through the steps of "risk information collection - risk assessment - risk management strategy – risk control and response – and risk monitoring and improvement" to enhance the ability to identify and respond to risks.
We annually conduct testing and self-evaluation of the design and execution effectiveness of our internal control system. The internal audit department independently performs special audits regularly, with a focus in 2024 on operational risks, risk control management reviews, cybersecurity, and information security risks. Additionally, we annually engage external auditors to audit the Group’s financial statements and related internal controls. The auditors issue evaluations on whether there are any material deficiencies and provide insights to support the Group’s continuous improvement of internal control practices. The full text of the audit conclusions is published on the Group's website for the review and supervision of all relevant stakeholders.
We foster a risk management cultural environment across all organizational levels and instill risk management principles as core values. The Board of Directors prioritizes the cultivation of risk culture, with directors and senior executives leading these efforts across the Group. Managers and business operators of key management and business processes and risk control points serve as the backbone of this cultural initiative. Risk factors are systematically incorporated into all business operations and key processes (including strategic planning, product development, procurement, production safety, labor rights, environmental protection, and climate change, etc.), ensuring rigorous adherence to the risk management process.
We integrate risk management cultural development with compensation and human resources systems to strengthen risk awareness among all management levels, preventing behaviors such as reckless expansion, obsessively performance chasing, and risk neglect. Cybersecurity, anti-corruption, occupational health and safety, and other risk-related metrics are incorporated into performance evaluations and incentives for senior executives, managers, and frontline employees. Assessment results directly impact incentives, bonuses, compensation, and promotions, ensuring effective implementation of risk management practices.
The Group regularly provides specialized risk management training to all directors, including non-executive directors, to keep them updated on emerging trends and practices. Through diverse channels such as training sessions, internal communications, and posts, we extend risk-related education to all employees, covering critical areas such as anti-corruption and workplace safety. Additionally, we have established a pre-employment risk management training program for managers and business operators of key management and business processes and risk control points. Diverse training methods are adopted to reinforce risk management principles, knowledge, procedures, and core controls, nurturing a pipeline of risk management professionals. In 2024, the Group achieved 100% coverage for risk-related training and published 15 risk management communication materials.
VNET adheres to the business principles of integrity and honesty and is committed to jointly creating a harmonious and fair business environment with its partners. We strictly comply with the relevant laws and regulations of where we operate and have established a sound business ethics and compliance management system tailored to the Group. This system explicitly addresses fair competition, anti-monopoly, and anti-corruption practices, while systematically defining departmental responsibilities, reporting lines, and accountability mechanisms. The Board of Directors assumes ultimate oversight and responsibility for ethics-related matters.
The Group has formulated and issued the Code of Business Conduct and Ethics to provide detailed business ethics standards and guiding principles. All employees and third parties associated with the Group are required to fully comply with this Code during commercial activities. Mandatory ethics training is conducted for all employees (including part-time employees) and suppliers. The Code undergoes periodic reviews, with policy implementation overseen by the Board of Directors to ensure ongoing effectiveness.
VNET maintains a "zero-tolerance" stance toward all forms of corruption and is committed to preventing and combating corrupt practices through effective measures that safeguard an ethical operating environment.
The Group has established and continuously enhanced its anti-corruption management system by referring to the Anti-bribery Management Systems (ISO 37001). Internal frameworks, such as the Integrity Inspection System and the Gift Registration System have been implemented to strengthen accountability mechanisms. In 2024, the Group introduced a "Dual Responsibility" system for senior executives, requiring all executives to sign anti-fraud accountability agreements to reinforce the execution of anti-corruption efforts.
A Supplier Code of Conduct has been developed to ensure supplier alignment with the Group's values and ethical standards. Suppliers are required to adopt policies, codes of conduct, and operational procedures to eliminate bribery, corruption, and fraud, with compliance audits conducted as needed. We also require all employees, third-party suppliers, and customers to sign the Anti-bribery Commitment Letter, pledging adherence to relevant laws, regulations, and Group policies to collectively maintain an integrity-based ecosystem.
We integrated anti-corruption risks into the enterprise-wide risk management system. Annual risk identification processes—including business process analysis, historical case reviews, and external whistleblower reporting—are conducted to pinpoint potential corruption risks and management vulnerabilities. Relevant departments investigate, assess risk likelihood and impact, and formulate mitigation strategies tailored to risks of different natures or levels. The relevant departments track the risks and ensure the effective implementation of the measures taken, with the integrity department overseeing the implementation.
The Group emphasizes robust anti-corruption audit and monitoring mechanisms, employing formal audit procedures encompassing risk assessments, internal control testing, contract reviews, analytical procedures, and interview protocols. Anti-corruption audits are conducted regularly across procurement and sales, human resources, construction activities, etc. The Group's anti-corruption audits cover all office operation locations every year and all business segments at least every three years. The Group has been certified to the ISO 37001, with full coverage across all office operation locations. In 2024, there were no concluded legal cases regarding corrupt practices brought against the Group or its employees.
VNET is committed to creating an open and transparent working environment and encourages employees, customers, suppliers, and other stakeholders to report any suspected violations. The Group has established formal whistleblowing and grievance procedures, along with a dedicated department and personnel responsible for overseeing these mechanisms, ensuring timely and professional handling of all reports. We provide accessible and secure reporting channels, including email and a 24/7 whistleblowing hotline, to all stakeholders (including employees and suppliers), allowing them to submit reports either anonymously or non-anonymously. This safeguards effective oversight of the Group’s ethical business practices. Additionally, we provide training to educate employees on the use of reporting channels, ensuring they understand how to access and use these resources.
The Group prioritizes the respect and protection of whistleblowers and complainants, strictly controlling access to internal reporting and complaint information. Investigative materials are kept confidential and rigorously safeguarded through technical encryption, physical segregation, and other measures. Personal information is not disclosed without the consent of the complainant or whistleblower, ensuring their rights and interests are fully protected. The Group adopts a zero-tolerance policy toward investigators who breach confidentiality obligations, fail to perform their duties properly, or retaliate against complainants/whistleblowers, as well as individuals who take hostile actions against investigators. Such violations will be met with severe disciplinary action in accordance with the law, with egregious cases referred to judicial authorities for prosecution.
To build a transparent and ethical integrity culture and comprehensively enhance the ability of all employees to prevent anti-corruption risks, the Group conducts multi-dimensional training and awareness programs on anti-corruption. This year, the coverage rate of anti-corruption training for directors and employees reached 100%.
