Code of Conduct

1.1 Purpose

This Code of Conduct ("Code") has been adopted by the Board of Directors of Orisium Pty Limited ("Orisium" or "the Company") in accordance with ASX Corporate Governance Council Principles and Recommendations (4th Edition), Recommendation 3.1. This Code articulates and discloses the Company's values and the standards of conduct expected of all Personnel in their dealings with stakeholders and the broader community.

The purpose of this Code is to provide a framework for ethical decision making and to ensure that the Company, through its Personnel, acts with integrity in all business dealings. The Board is committed to maintaining the highest standards of corporate governance and ethical conduct, recognising that such standards are fundamental to the long term success and sustainability of the Company.

1.2 Application and Scope

This Code applies to all directors (both executive and non-executive), officers, employees (whether permanent, part-time, fixed term, or casual), contractors, consultants, secondees, and any other person engaged by the Company or any of its subsidiaries to perform services (collectively referred to as "Personnel").

All Personnel are required to comply with this Code in the performance of their duties and in their interactions with colleagues, customers, suppliers, business partners, competitors, government officials, regulators, and members of the public. This Code operates in conjunction with, and does not replace or diminish, any obligations arising under applicable laws, regulations, or the terms and conditions of employment or engagement.

1.3 Board Commitment Statement

The Board of Directors is committed to conducting the business of Orisium with honesty, integrity, and in accordance with the highest ethical and legal standards. The Board recognises that the reputation of the Company depends upon the conduct of all Personnel, and that ethical business practices are essential to sustainable commercial success.

The Board expects all Personnel to embrace this Code and to conduct themselves in a manner that upholds the Company's values, protects its reputation, and fosters trust among all stakeholders. The Board will take appropriate action to enforce this Code and address any breaches in accordance with the provisions set out herein.

2.1 Company Values

The Company's values form the foundation of its culture and guide the conduct of all Personnel. These values are:

• Integrity: Acting honestly, transparently, and ethically in all business dealings. Personnel must be truthful and forthright in their communications and must not engage in deceptive, misleading, or fraudulent conduct.
• Honesty: Providing accurate, complete, and timely information. Personnel must not make false or misleading statements and must correct any misunderstandings or errors promptly upon becoming aware of them.
• Fairness: Treating all stakeholders equitably and with respect. Personnel must not take unfair advantage of others through manipulation, concealment, abuse of privileged information, misrepresentation, or any other unfair dealing practice.
• Accountability: Taking responsibility for actions and decisions. Personnel must stand by their commitments and accept responsibility for the consequences of their conduct.
• Respect: Valuing diversity and treating all individuals with dignity and consideration. Personnel must foster an inclusive environment that respects the rights and perspectives of others.

2.2 Professional Conduct Standards

All Personnel are expected to:

• Perform their duties diligently, competently, and to the best of their abilities;
• Act in good faith and in the best interests of the Company;
• Exercise sound judgment in all business decisions;
• Maintain professional competence through ongoing education and development;
• Cooperate fully with internal and external audits, investigations, and reviews;
• Avoid conduct that could bring the Company into disrepute; and
• Report any known or suspected breaches of this Code or other Company policies.

2.3 Ethical Decision Making

When faced with an ethical dilemma, Personnel should consider the following questions:

• Is the proposed conduct legal and in compliance with applicable laws and regulations?
• Is it consistent with this Code and other Company policies?
• Does it align with the Company's values?
• Would I be comfortable if my conduct were publicly disclosed or reported in the media?
• Could this conduct harm the Company's reputation or stakeholder relationships?

If the answer to any of these questions gives cause for concern, Personnel should seek guidance from their supervisor, the Company Secretary, the Legal team, or through the reporting channels described in Section 11 of this Code.

3.1 General Legal Compliance

The Company is committed to conducting its business in compliance with all applicable laws, regulations, and standards in all jurisdictions in which it operates. All Personnel must comply with the letter and spirit of all applicable laws and regulations, including but not limited to:

• Corporations Act 2001 (Cth) and related regulations;
• ASX Listing Rules and Guidance Notes;
• Competition and consumer protection laws;
• Employment and workplace health and safety laws;
• Anti-money laundering and counter-terrorism financing laws;
• Environmental laws and regulations; and
• Taxation laws and requirements.

3.2 Industry-Specific Requirements

As a provider of enterprise technology and media asset management solutions, the Company and its Personnel must comply with all industry-specific laws and regulations applicable to the technology sector, including requirements relating to software licensing, intellectual property protection, export controls, and telecommunications regulations.

Personnel engaged in the provision of services to clients in regulated industries must also ensure compliance with any sector-specific requirements applicable to those clients, including financial services, healthcare, government, and media regulations.

3.3 Privacy and Data Protection

The Company is committed to protecting the privacy of personal information and complying with all applicable privacy and data protection laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles, the General Data Protection Regulation (GDPR) where applicable, and other relevant data protection legislation.

All Personnel must:

• Collect personal information only for legitimate business purposes and by lawful means;
• Use and disclose personal information only in accordance with the Company's Privacy Policy and applicable law;
• Take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, or disclosure;
• Report any actual or suspected data breaches immediately in accordance with the Company's data breach response procedures; and
• Complete all required privacy and data protection training.

4.1 Definition

A conflict of interest arises when a person's private interests, or the interests of a related party, interfere or appear to interfere with the interests of the Company. Conflicts of interest may be actual, potential, or perceived. All forms of conflict must be identified, disclosed, and appropriately managed.

4.2 Examples of Conflicts

Examples of situations that may give rise to a conflict of interest include:

• Having a financial interest (direct or indirect) in a supplier, customer, or competitor of the Company;
• Being in a position to influence decisions that could benefit a family member, friend, or business associate;
• Engaging in outside employment or business activities that compete with the Company or interfere with the performance of duties;
• Serving as a director, officer, or consultant to another company whose interests conflict with those of the Company;
• Using Company resources, information, or relationships for personal gain; and
• Receiving improper personal benefits as a result of one's position with the Company.

4.3 Disclosure Requirements

All Personnel have an obligation to disclose any actual, potential, or perceived conflicts of interest promptly upon becoming aware of them. Directors must disclose conflicts to the Chair or the Board. Officers and employees must disclose conflicts to their supervisor or the Company Secretary.

Disclosures must be made in writing and must provide sufficient detail to enable an assessment of the nature and extent of the conflict. The Company maintains a register of disclosed interests, which is reviewed periodically by the Board.

4.4 Management Procedures

Upon disclosure of a conflict of interest, appropriate measures will be implemented to manage the conflict. These measures may include:

• Recusal from discussions and decisions relating to the matter;
• Restricting access to relevant information;
• Restructuring duties or reporting lines;
• Independent review or oversight of transactions;
• Divestment of the conflicting interest; or
• In serious cases, termination of employment or engagement.

4.5 Related Party Transactions

The Company recognises that transactions between the Company and related parties present heightened conflict of interest risks. Related party transactions must be conducted at arm's length and on terms no more favourable than those available to unrelated parties.

All related party transactions must be disclosed and approved in accordance with the Corporations Act 2001 (Cth), the ASX Listing Rules, and the Company's Related Party Transaction Policy. Directors must abstain from voting on matters in which they have a material personal interest, unless permitted by law.

5.1 Protection of Proprietary Information

Confidential information is a valuable asset of the Company. Personnel must protect all confidential, proprietary, and trade secret information belonging to the Company, its customers, suppliers, and business partners. Confidential information includes, but is not limited to:

• Business strategies, plans, and projections;
• Financial information and forecasts;
• Technical data, source code, algorithms, and software designs;
• Product development information and roadmaps;
• Customer lists, contracts, and pricing information;
• Supplier and vendor information;
• Marketing and sales strategies; and
• Information relating to mergers, acquisitions, or other corporate transactions.

5.2 Customer and Employee Data

Personnel must treat all customer and employee data as confidential and must only access, use, or disclose such data for legitimate business purposes. Customer data includes any information provided by or relating to customers, including the content of media assets stored on the Company's platform.

Employee data includes personal information, performance records, compensation details, and health information. Access to employee data must be limited to Personnel with a legitimate need to know and must be handled in accordance with the Company's Privacy Policy.

5.3 Non-Disclosure Obligations

Personnel must not disclose confidential information to any third party, except as authorised by the Company or required by law. Where disclosure is necessary, Personnel must ensure that appropriate confidentiality agreements are in place and that disclosure is limited to what is strictly necessary.

Personnel must not use confidential information for personal gain or for any purpose unrelated to the performance of their duties. Personnel must take reasonable precautions to prevent inadvertent disclosure, including securing physical and electronic documents, using encryption where appropriate, and avoiding discussions of confidential matters in public places.

5.4 Post-Employment Obligations

Obligations of confidentiality survive the termination of employment or engagement with the Company. Upon departure, Personnel must return all Company property, including documents, files, devices, and any materials containing confidential information.

Former Personnel must not use or disclose any confidential information obtained during their engagement with the Company. Any ongoing obligations, including non-compete and non-solicitation provisions, as set out in employment or engagement agreements, continue to apply following termination.

6.1 Prohibition Overview

The Company prohibits all Personnel from engaging in insider trading. Insider trading involves dealing in the Company's securities while in possession of material non-public information, or communicating such information to others who may deal in those securities. Insider trading is a serious criminal offence under the Corporations Act 2001 (Cth) and can result in substantial fines and imprisonment.

6.2 Material Non-Public Information

Material information is information that a reasonable person would expect to have a material effect on the price or value of securities. Examples of information that may be material include:

• Financial results or changes in financial forecasts;
• Proposed mergers, acquisitions, or divestments;
• Significant new contracts or loss of major customers;
• Changes in senior management or the Board;
• Significant litigation or regulatory action;
• Major product developments or technology breakthroughs; and
• Capital raising or restructuring activities.

6.3 Trading Restrictions

Personnel must not deal in the Company's securities, or the securities of other companies, while in possession of material non-public information. Personnel must also not advise, procure, or encourage another person to deal in securities on the basis of such information, or communicate material non-public information to any person who may use it for trading.

Certain Personnel designated as "Restricted Persons" under the Company's Securities Trading Policy are subject to additional trading restrictions, including blackout periods and pre-clearance requirements. All Personnel must familiarise themselves with and comply with the Company's Securities Trading Policy.

7.1 Zero Tolerance Statement

The Company has a zero tolerance policy towards bribery and corruption in any form. All Personnel are strictly prohibited from offering, promising, giving, soliciting, or accepting any bribe, kickback, or other improper payment or benefit, whether directly or through intermediaries.

This prohibition applies to dealings with government officials, regulators, customers, suppliers, business partners, and any other third parties. Violations of anti-bribery laws can result in severe criminal penalties for both individuals and the Company, as well as significant reputational harm.

7.2 Gifts and Entertainment

Personnel may give or receive modest gifts and entertainment in the ordinary course of business, provided that such gifts and entertainment:

• Are of nominal value and proportionate to the business relationship;
• Are not given with the intention of influencing a business decision;
• Do not create an obligation or expectation of reciprocity;
• Are lawful and comply with the recipient's policies;
• Are provided openly and transparently; and
• Are recorded in accordance with the Company's policies.

Cash or cash equivalents must never be given or received. Gifts and entertainment exceeding the thresholds specified in the Company's Anti-Bribery and Corruption Policy require prior approval.

7.3 Political Contributions

The Company does not make political contributions or donations to political parties, candidates, or elected officials. Personnel must not make any political contribution on behalf of the Company or use Company resources for political purposes.

Personnel who engage in personal political activities must do so in their individual capacity and must not represent or imply that they are acting on behalf of the Company.

7.4 Facilitation Payments

Facilitation payments are payments made to expedite routine government actions. Such payments are prohibited by law in Australia and many other jurisdictions. The Company prohibits all facilitation payments without exception. If Personnel are asked to make such a payment, they must refuse and report the request immediately.

8.1 Respect and Dignity

The Company is committed to fostering a workplace where all Personnel are treated with respect and dignity. Personnel must treat colleagues, customers, suppliers, and all other stakeholders professionally and courteously. Behaviour that is demeaning, intimidating, offensive, or otherwise disrespectful is unacceptable.

8.2 Anti-Discrimination

The Company prohibits discrimination on the basis of race, colour, national origin, ethnicity, gender, gender identity, sexual orientation, age, disability, religion, marital status, family responsibilities, pregnancy, political opinion, or any other characteristic protected by applicable law.

All employment decisions, including recruitment, selection, promotion, training, compensation, and termination, must be made on the basis of merit, qualifications, and business needs, without regard to protected characteristics.

8.3 Anti-Harassment

The Company prohibits all forms of harassment, including sexual harassment, workplace bullying, and any other conduct that creates a hostile, intimidating, or offensive work environment. Harassment includes, but is not limited to:

• Unwelcome sexual advances, requests for sexual favours, or other verbal or physical conduct of a sexual nature;
• Offensive comments, jokes, or slurs based on protected characteristics;
• Displaying or distributing offensive material;
• Bullying, intimidation, or threats;
• Exclusion or isolation from work activities; and
• Unreasonable criticism or humiliation.

8.4 Equal Opportunity

The Company is an equal opportunity employer and is committed to providing a workplace free from discrimination and harassment. The Company strives to create an inclusive environment where diversity is valued and all Personnel have equal opportunity to contribute, develop, and advance based on their skills and abilities.

The Company's commitment to equal opportunity extends to all aspects of employment and is supported by policies and programs designed to promote diversity and inclusion.

9.1 Proper Use of Resources

Personnel are responsible for the proper use and protection of the Company's assets, including physical assets, financial resources, intellectual property, information systems, and business relationships. Company assets must be used efficiently, responsibly, and solely for legitimate business purposes.

Limited personal use of Company resources may be permitted where such use is reasonable, does not interfere with work performance, does not violate any Company policy, and does not result in significant cost or risk to the Company.

9.2 Intellectual Property

The Company's intellectual property, including patents, trademarks, copyrights, trade secrets, and proprietary technology, represents significant value. Personnel must protect the Company's intellectual property and must not infringe upon the intellectual property rights of others.

All intellectual property created by Personnel in the course of their employment or engagement belongs to the Company, unless otherwise agreed in writing. Personnel must promptly disclose any inventions, discoveries, or developments made during their engagement with the Company.

9.3 Physical Assets

Personnel must safeguard the Company's physical assets, including equipment, supplies, inventory, and facilities. Assets must not be removed from Company premises without proper authorisation. Any loss, theft, damage, or misuse of Company assets must be reported immediately.

9.4 Digital Assets and Cybersecurity

Personnel must comply with the Company's information security policies and take appropriate measures to protect digital assets, including data, systems, networks, and software. Personnel must:

• Use strong passwords and authentication measures;
• Not share login credentials or access tokens;
• Be vigilant against phishing and other cyber threats;
• Report suspected security incidents immediately;
• Not install unauthorised software or connect unapproved devices; and
• Complete required cybersecurity awareness training.

10.1 Media and Public Statements

Only authorised spokespersons may make statements on behalf of the Company to the media, analysts, investors, or the public. Personnel must not respond to media inquiries, participate in interviews, or make public statements about the Company, its business, or its affairs without prior authorisation from the Chief Executive Officer or the Director of Corporate Communications.

All media inquiries should be directed to the Corporate Communications team. Personnel who receive unsolicited media contact must decline to comment and promptly notify the appropriate personnel.

10.2 Social Media Guidelines

Personnel who use social media in a personal capacity must be mindful that their online presence can affect the Company's reputation. When using social media, Personnel must:

• Not disclose confidential or proprietary information;
• Not speak on behalf of the Company unless authorised;
• Clearly indicate that personal views are their own and not those of the Company;
• Not make disparaging or defamatory comments about the Company, its Personnel, customers, suppliers, or competitors;
• Not engage in conduct that could damage the Company's reputation; and
• Comply with applicable laws and the Company's policies.

10.3 Authorised Spokespersons

The following individuals are authorised to speak on behalf of the Company:

• The Chair of the Board;
• The Chief Executive Officer;
• The Chief Financial Officer (for financial matters);
• The Director of Corporate Communications; and
• Other individuals specifically authorised by the Chief Executive Officer for particular purposes.

11.1 Duty to Report

All Personnel have a responsibility to report any known or suspected violations of this Code, other Company policies, or applicable laws and regulations. Prompt reporting enables the Company to address issues before they escalate and to maintain the integrity of its operations.

11.2 Reporting Channels

Personnel may report concerns through any of the following channels:

• Direct supervisor or manager;
• Human Resources department;
• Company Secretary;
• Legal and Compliance team;
• Chief Executive Officer;
• Chair of the Board or Chair of the Audit and Risk Committee; or
• The confidential whistleblower hotline, as detailed in the Company's Whistleblower Policy.

Personnel may report concerns anonymously if they wish. All reports will be treated confidentially to the extent possible while allowing for proper investigation.

11.3 Whistleblower Protections

The Company is committed to protecting individuals who report concerns in good faith. In accordance with the Corporations Act 2001 (Cth) and the Taxation Administration Act 1953 (Cth), the Company has adopted a Whistleblower Policy that provides protections for eligible whistleblowers who make qualifying disclosures.

Protections available to eligible whistleblowers include protection of identity, protection from detrimental conduct, compensation and remedies, and civil, criminal, and administrative liability protection. For full details, refer to the Company's Whistleblower Policy.

11.4 Non-Retaliation Commitment

The Company strictly prohibits retaliation against any person who, in good faith, reports a concern or participates in an investigation. Retaliation includes, but is not limited to, termination, demotion, suspension, threats, harassment, discrimination, or any other adverse action.

Any person found to have engaged in retaliation will be subject to disciplinary action, up to and including termination of employment or engagement. If any Personnel believes they have been subjected to retaliation, they should report this immediately through the channels described above.

12.1 Disciplinary Actions

Violations of this Code will be taken seriously and may result in disciplinary action. The nature of the disciplinary action will depend on the circumstances, including the severity of the violation, whether it was intentional or negligent, the individual's conduct history, and the impact on the Company and its stakeholders.

Disciplinary actions may include:

• Verbal or written warning;
• Mandatory training or counselling;
• Performance improvement plan;
• Suspension of duties;
• Demotion or reassignment;
• Reduction or forfeiture of incentive compensation;
• Termination of employment or engagement; and
• Referral to law enforcement authorities.

12.2 Legal Consequences

In addition to internal disciplinary action, violations of this Code may also give rise to legal consequences. Depending on the nature of the violation, individuals may face civil liability (including claims for damages), criminal prosecution (which may result in fines or imprisonment), regulatory sanctions (including bans from acting as a director or in other roles), and professional disciplinary action.

The Company reserves the right to pursue all available legal remedies against individuals who cause harm to the Company through violations of this Code.

12.3 Termination Provisions

Serious violations of this Code may constitute grounds for summary termination of employment or engagement without notice or payment in lieu of notice. Serious violations include, but are not limited to:

• Fraud, theft, or embezzlement;
• Bribery or corruption;
• Insider trading;
• Serious breach of confidentiality;
• Harassment or discrimination;
• Violence or threats of violence;
• Falsification of records or reports; and
• Conduct that seriously damages the Company's reputation.

13.1 Initial Acknowledgment

All Personnel are required to acknowledge receipt and understanding of this Code upon commencement of their employment or engagement with the Company. This acknowledgment confirms that the individual has read and understood the Code, agrees to comply with its provisions, and understands the consequences of non-compliance.

13.2 Annual Certification

All Personnel are required to complete an annual certification confirming their ongoing compliance with this Code. The annual certification requires Personnel to confirm that they have reviewed the current version of the Code, they continue to understand and comply with its provisions, they have disclosed any actual or potential conflicts of interest, and they are not aware of any unreported violations of the Code.

The annual certification process is coordinated by the Human Resources department. Failure to complete the annual certification may result in disciplinary action.

13.3 Training Requirements

The Company provides training on this Code and related policies to all Personnel. Training is mandatory and includes initial training upon commencement of employment or engagement, annual refresher training, and additional training as required based on role, responsibilities, or changes to the Code or applicable laws.

Training covers the key provisions of this Code, how to identify and respond to ethical dilemmas, reporting procedures and whistleblower protections, and specific topics such as anti-bribery, insider trading, and data protection.

Personnel are required to complete all assigned training within the specified timeframes. Completion of training is recorded and monitored by the Human Resources department.

Responsibility

The Board has overall responsibility for this Code and delegates day-to-day administration to the Company Secretary and the Legal and Compliance team. The Chief Executive Officer is responsible for ensuring that the principles embodied in this Code are communicated to all Personnel and reflected in the Company's operations.

Review and Amendment

This Code will be reviewed at least annually by the Board to ensure it remains current and effective. The Code may be amended by the Board from time to time as necessary to reflect changes in applicable laws, best practices, or the Company's circumstances. Personnel will be notified of any material amendments.

Waivers

Any waiver of this Code for directors or officers may only be granted by the Board and will be disclosed as required by applicable law and the ASX Listing Rules. Waivers for other Personnel may be granted by the Chief Executive Officer in exceptional circumstances, subject to any requirements of applicable law.

Interpretation and Guidance

Questions regarding the interpretation or application of this Code should be directed to the Company Secretary or the Legal and Compliance team. The Company encourages Personnel to seek guidance before taking any action about which they are uncertain.