Intellectual Capital as Institutional Machinery

As First Gen advances its decarbonization strategy while managing the requirements of system reliability, value creation depends on more than physical assets. It also depends on the institutional systems that shape how decisions are made, risks are evaluated, and capabilities are built. Intellectual capital—governance architecture, digital infrastructure, risk frameworks, and codified operational knowledge—forms the machinery through which strategic intent is translated into disciplined execution. These systems enable the organization to operate with consistency and foresight, ensuring that operational decisions, capital allocation, and long-term planning remain aligned with our strategies.

Furthermore, the risks surfaced in the operating environment— including climate volatility, evolving asset conditions, policy implementation gaps, market infrastructure readiness, and social license considerations—do not remain abstract exposures. They pass through structured decision gates before capital is committed. In 2025, First Gen strengthened this machinery through governance mechanisms, digital platforms for asset and risk visibility, cybersecurity processes, and structured capability-building initiatives, supporting both resilience and transformation as the organization advances toward a regenerative energy portfolio.

At the center of this architecture is the continuous development of intellectual capital—knowledge, technical expertise, and operational insight that are cultivated within the organization over time. Through years of experience managing a portfolio of assets, First Gen has developed the competencies to deliver value to stakeholders.

Governance Architecture: Embedding Multi-Criteria Discipline

In 2025, First Gen reinforced its governance architecture with a multi-criteria evaluation to ensure that these considerations are evaluated before capital is committed, not after outcomes are reported.

IT risk governance operates within the Enterprise Risk Management (ERM) structure, with oversight extending to the Board Risk Oversight Committee. IT risk is treated as a subset of operational risk, following the Information Security Management System (ISMS)—a structured lifecycle of identification, assessment, mitigation, monitoring, and reporting. This integration reinforces the reliability and resilience of systems that underpin plant operations, customer engagement, and corporate functions.

To ensure that our digital evolution remains strategically aligned and financially disciplined, the IT Governance Council (ITGC) serves as the primary oversight body for Information Technology (IT) and Internet of Things (IoT) investments. The Council evaluates the viability and strategic fit of proposed IT projects and solutions, ensuring they support the Company’s organizational strategies, are cost-effective, and enhance the efficiency and resiliency of our processes and operations.

Technical Expertise: Leading Geothermal from Exploration to Development

First Gen’s Geothermal Operations under EDC are vertically integrated, an end-to-end platform that spans exploration and survey activities, drilling operations, steam resource and field management, and power plant operations. This integrated approach has enabled us to develop deep technical expertise below ground, gaining a comprehensive understanding of reservoir behavior, long-term steam sustainability, and optimal resource utilization. This output includes digitalized models of the reservoir, drilling data, and other site-specific knowledge. Through years of disciplined operations and continuous learning, this capability has become a distinctive expertise, allowing us to manage geothermal resources responsibly while maximizing their reliability as a renewable energy source.

This mastery has positioned us among the leaders in geothermal development worldwide. We continue to refine and expand this expertise, recognizing geothermal’s properties and critical role in the energy transition, while also extending this beyond our shores to pursue partnerships and collaboration opportunities.

First Gen believes in the value of business excellence—that continuous learning and operational discipline will strengthen our capabilities across all assets of the portfolio, beyond geothermal but into other renewable energy sources as well. The Company continues to innovate, adapt, and keep knowledge of operational processes to enable consistent performance and create lasting value for our stakeholders.

Digital Intelligence: Scaling Reliability Through Structured Visibility

Cybersecurity and Information Resilience: Protecting Digital Infrastructure as Core Operational Capital

As generation assets, risk systems, and customer platforms become increasingly digital, system integrity becomes a critical component of operational reliability. Cybersecurity must be treated not as a technical back-office function, but as a capital protection discipline embedded within enterprise risk management.

Aligned with the Information Security Management System (ISMS), the IT risk lifecycle process—encompassing structured identification, assessment, mitigation, monitoring, incident response, and reporting—is facilitated by the ERM Group under the leadership of the Chief Risk Officer. Line Management Units and System Owners are accountable for identifying and managing IT-related risks within their areas, including information security, system availability, regulatory compliance, and third-party exposure. This approach is designed to safeguard information assets, maintain system reliability, and enable timely response to evolving threat conditions.

In 2025, no material cybersecurity incidents impacting critical systems or data were recorded, and minor incidents were contained and resolved in accordance with incident response procedures. High-risk vulnerabilities were addressed in accordance with defined remediation timelines, and cybersecurity training and awareness initiatives were conducted to strengthen phishing awareness and reporting behavior. Critical systems maintained high availability, with no prolonged unplanned outages attributable to cybersecurity events.

To protect our intellectual capital and operational integrity, First Gen implemented multi-layered security controls designed to mitigate cyber threats and social engineering risks. Our initiatives focused on three strategic pillars:

• Employee Awareness: We strengthened our “human firewall” through phishing simulations and enhanced incident reporting protocols, significantly reducing our exposure to social engineering and reputational risk.
  
  
• Continuous Monitoring and Response: We maintained uninterrupted security monitoring, utilizing endpoint and network protection controls. Our response posture has been reinforced by timely incident procedures and the regular review of global threat intelligence.
  
  
• System Vulnerability Management: We conducted periodic vulnerability assessments and implemented rigorous system-hardening measures. Remediation has been prioritized based on risk severity, with progress tracked through regular management reviews to ensure a robust and secure technological environment.

As operational processes and asset management systems become more interconnected, the resilience of digital infrastructure directly supports plant reliability, regulatory compliance, and investor confidence. Cybersecurity in this context is an enabler of continuity—protecting the digital backbone that underpins asset performance, customer engagement, and strategic execution.

Management Systems and Institutional Memory: Codifying Operational Discipline at Scale

As portfolio complexity increases, institutional memory must be preserved beyond individuals. First Gen’s management systems formalize operational knowledge into documented processes, audit mechanisms, and standardized controls that ensure consistency across subsidiaries and asset types.

First Gen maintains its Quality Management System (QMS) certified with ISO 9001:2015, and its Environmental Management System (EMS) and Occupational Safety and Health Management System (OSHMS) aligned with ISO 14001:2015 and ISO 45001:2018, respectively. These management systems guide operational procedures, reinforce process discipline, and support compliance with defined quality, environmental, and safety requirements.

At the subsidiary level, Integrated Management Systems (IMS) certifications extend across asset operations, ensuring that documented procedures govern operational processes, environmental safeguards, and occupational health and safety. FG Hydro maintains ISO 55001:2014 certification for asset management, reinforcing lifecycle discipline for critical infrastructure. EDC Head Office Integrated Laboratory Services (EDC-HOILS) is accredited to PNS ISO/ IEC 17025:2017, providing accurate and reliable laboratory services and results.

Process effectiveness is verified through layered assurance mechanisms: internal audits conducted by subsidiaries, corporate-level audits from First Gen’s Head Office, and third party certification audits by independent bodies. This structured verification framework institutionalizes accountability and reduces operational variance across the portfolio.

Beyond compliance, these management systems preserve organizational knowledge in plant operations, risk control, environmental stewardship, and safety practices. As First Gen advances toward renewable expansion and asset redevelopment initiatives, codified processes support continuity, reduce key-person risk, and enable scalable execution without compromising operational standards.

Innovation and Future Capability: Building Transition Readiness under Structured Guardrails

In 2025, First Gen formalized the Generative Artificial Intelligence (GenAI) Policy, which establishes principles for ethical use, data protection, accountability, and oversight. Enterprise GenAI systems require review and approval, and the use of company and personal data in public GenAI platforms is restricted. Accountability for AI-assisted processes remains with designated process owners and management.

To complement governance safeguards, an Artificial Intelligence (AI) Proof of Concept program was conducted to test feasibility and operational alignment prior to broader deployment. This initiative assessed technical viability, potential use cases, and strategic fit, providing structured evaluation before scaling AI solutions across the organization. An AI curriculum was introduced to strengthen employee literacy and readiness for responsible AI adoption.

Further, we ensure that sustainable solutions are considered in our IT services and operations:

• Sea Freight Mode of Transport: Leveraging sea freight over air transport to increase carbon savings
  
  
• Bulk Packaging: Reducing packaging materials per device and decreasing the overall transport weight of purchased computers
  
  
• Premier Support: Providing extensive software and hardware support to extend device lifespans and mitigate issues early, resulting in potential carbon savings
  
  
• CO2 Offset Service: Offsetting the estimated carbon emissions of devices over their entire lifecycle—from manufacturing to daily use and end-of-life—to support verified climate action projects verified climate action projects through the United Nations, CDM, Gold Standard, and Climate Action Reserve
  
  
• Asset Recovery Service: Utilizing the Lenovo Asset Recovery service to ensure the secure and responsible disposal of end-of-life computers, servers, printers, and other peripherals, focusing on three primary goals: security, sustainability, and value recovery

Beyond digital capability, First Gen continues to assess technologies relevant to long-term decarbonization pathways, including carbon capture, utilization, and storage (CCUS) and hydrogen as potential supplements to operating assets. These initiatives are currently under research and viability assessment, consistent with the Company’s Net Zero ambition and evolving portfolio strategy.

Transition readiness in this context does not imply immediate deployment of all emerging technologies. Rather, it reflects a structured approach to experimentation—combining governance oversight, technical evaluation, workforce capability-building, and risk assessment before capital commitments are made.

Capital Movement and Interdependencies: Strengthening Institutional Capacity to Enable Disciplined Transition

In 2025, Intellectual Capital was strengthened through the formalization of governance gates, expanded digital oversight of assets and risks, structured cybersecurity controls, and the introduction of AI governance frameworks. These developments enhanced institutional capacity to evaluate complexity before capital is deployed and to maintain system reliability as portfolio initiatives advance.

The strengthening of Intellectual Capital supports and interacts with other capitals:

• Manufactured Capital: Asset exploration, assessment, development, optimization, and day-to-day operations including lifecycle systems and cybersecurity controls reinforce technical expertise toward plant efficiency, reliability, and maintenance discipline
  
  
• Financial Capital: Multi-criteria technical governance and risk evaluation inform investment and project commitment decisions prior to approval
  
  
• Natural Capital: Structured monitoring systems and environmental management standards support emissions tracking and resource stewardship
  
  
• Human Capital: AI curriculum and governance literacy initiatives strengthen workforce capability and responsible technology adoption
  
  
• Social & Relationship Capital: Institutionalized risk oversight and compliance frameworks reinforce credibility with regulators, partners, and investors

Intellectual Capital therefore functions as connective infrastructure—translating observed risks into structured evaluation, supporting operational resilience, and enabling measured experimentation as the organization advances toward a regenerative energy portfolio.

Summary of Our Intellectual Capital Performance, Impacts, and Plans