CYBER AND TECHNOLOGICAL SECURITY 26 Message from our CEO Report Highlights “In light of escalating global cyber threats, About Franco-Nevada we continue to Responsible endeavour to Capital Allocation improve our cyber Community and information Contributions security measures Good Governance and to mitigate risks Shareholder Alignment of potential cyber Corporate Governance threats and attacks.” Integrity and Compliance Shareholder Alignment Franco-Nevada's Finance team (2023) Cyber and Technological Security We have an Information Security Policy that • Password Policy Our Audit and Risk Committee oversees the • strengthened cybersecurity risk sets out our principles for the protection of • Acceptable Computer Use Policy Information Security Policy and has designated management processes, with more Diversity, Inclusion information assets and our proper controls • Removable Media Policy our Chief Financial Officer as the executive frequent security updates to the and Well-Being needed to ensure compliance with our • Email Policy responsible for: establishing and maintaining Audit and Risk Committee; standards and external regulations. The • Remote Access Policy the practices and procedures necessary to • enhanced password security; Climate Action policy is intended to define the principles • AI Tools in the Workplace Policy implement the Information Security Policy, • updated and tested our disaster and requirements of acceptable use of providing training to our personnel on the recovery plan; and Transparency and information assets for our personnel and Several members of our Board of Directors substance of the Information Security Policy • collaborated with third-party companies Guiding Principles describe how these will be implemented (eight of nine, or 89% of our Board, as of our at least once annually, and reporting to the to assess risk and test our security across our global operations. It also May 1, 2024 annual general and special Audit and Risk Committee on the operation and access controls. informs our personnel of our expectations meeting) have skills and competencies in of and compliance with the policy. About this ESG Report and requirements for acceptable use of cybersecurity and the Board engages with In 2024, ISS ESG released a new Cyber Risk information assets and the role of our management in matters relating to Franco- In light of escalating global cyber threats, we Score, which rates an organization's level of Appendices personnel in protecting the security and Nevada’s information and cybersecurity strategy. continue to improve our cyber and information cyber readiness and resilience based on its integrity of our information. The Information security measures to mitigate risks of potential ongoing actions to identify, manage, and mitigate Security Policy is comprised of a number of Related Policies cyber threats and attacks. In 2023, we made cyber risk across its Internet-accessible networks policies, including our: and Statements: the following improvements: and domains. Franco-Nevada scored a 789 • Information Security Policy out of a maximum 829, indicating a low risk of a material cybersecurity breach.