26 Message from our CEO Report Highlights About Franco-Nevada Responsible Capital Allocation Community Contributions Good Governance and Shareholder Alignment Corporate Governance Integrity and Compliance Shareholder Alignment Cyber and Technological Security Diversity, Inclusion and Well-Being Climate Action Transparency and Guiding Principles About this ESG Report Appendices C Y B E R A N D T E C H N O L O G I C A L S E C U R I T Y We have an Information Security Policy that sets out our principles for the protection of information assets and our proper controls needed to ensure compliance with our standards and external regulations. The policy is intended to define the principles and requirements of acceptable use of information assets for our personnel and describe how these will be implemented across our global operations. It also informs our personnel of our expectations and requirements for acceptable use of information assets and the role of our personnel in protecting the security and integrity of our information. The Information Security Policy is comprised of a number of policies, including our: • Password Policy • Acceptable Computer Use Policy • Removable Media Policy • Email Policy • Remote Access Policy • AI Tools in the Workplace Policy Several members of our Board of Directors (eight of nine, or 89% of our Board, as of our May 1, 2024 annual general and special meeting) have skills and competencies in cybersecurity and the Board engages with management in matters relating to Franco- Nevada’s information and cybersecurity strategy. Our Audit and Risk Committee oversees the Information Security Policy and has designated our Chief Financial Officer as the executive responsible for: establishing and maintaining the practices and procedures necessary to implement the Information Security Policy, providing training to our personnel on the substance of the Information Security Policy at least once annually, and reporting to the Audit and Risk Committee on the operation of and compliance with the policy. In light of escalating global cyber threats, we continue to improve our cyber and information security measures to mitigate risks of potential cyber threats and attacks. In 2023, we made the following improvements: Related Policies and Statements: • Information Security Policy Franco-Nevada's Finance team (2023) “In light of escalating global cyber threats, we continue to endeavour to improve our cyber and information security measures to mitigate risks of potential cyber threats and attacks.” • strengthened cybersecurity risk management processes, with more frequent security updates to the Audit and Risk Committee; • enhanced password security; • updated and tested our disaster recovery plan; and • collaborated with third-party companies to assess risk and test our security and access controls. In 2024, ISS ESG released a new Cyber Risk Score, which rates an organization's level of cyber readiness and resilience based on its ongoing actions to identify, manage, and mitigate cyber risk across its Internet-accessible networks and domains. Franco-Nevada scored a 789 out of a maximum 829, indicating a low risk of a material cybersecurity breach.