2 7 Appendices Transparency & Guiding Principles Climate Action Diversity, Inclusion & Well-Being Good Governance & Shareholder Alignment Community Contributions Responsible Capital Allocation Information Security We have an Information Security Policy that sets out our principles for the protection of information assets and our proper controls needed to ensure compliance with our standards and external regulations. The policy is intended to define the principles and requirements of acceptable use of information assets for our personnel and describe how these will be implemented across our global operations. It also informs our personnel of our expectations and requirements for acceptable use of information assets and the role of our personnel in protecting the security and integrity of our information. The Information Security Policy is comprised of a number of policies, including our: • Password Policy • Acceptable Computer Use Policy • Removable Media Policy • Email Policy • Remote Access Policy • Incident Logging Policy Several members of our Board of Directors (six of nine or 67% of our Board, as of our May 2, 2023 annual general meeting) have skills and competencies in cybersecurity and the Board engages with management in matters relating to Franco-Nevada’s information and cybersecurity strategy. Our Audit and Risk Committee oversees the Information Security Policy and has designated our Chief Financial Officer as the executive responsible for: establishing and maintaining the practices and procedures necessary to implement the Information Security Policy, providing training to our personnel on the substance of the Information Security Policy at least once annually, and reporting to the Audit and Risk Committee on the operation of and compliance with the policy. Given the increased global threat of cyberattacks, we endeavour to improve our cyber and information security, including our processes and infrastructure in place to mitigate risks of cyberthreats and attacks, whenever possible. In 2022, we made the following improvements to our cyber and information security: • We enhanced cybersecurity risk management processes, with more frequent security updates to the Audit and Risk Committee; • We enhanced password security; • We updated and tested our disaster recovery plan; and • We engaged third-party companies to test our security and access. Equinox Gold employees at Greenstone project, Canada “Given the increased global threat of cyberattacks, we endeavour to improve our cyber and information security whenever possible.” • Information and Security Policy Related Policies and Statements: