{"url_path":"/sec/raasy/10-k/2026/item-16k","section_key":"item-16k","section_title":"Item 16K CYBERSECURITY**","topic":"sec","document":{"doc_type":"20-F","doc_date":"2026-05-08","source_url":"https://www.sec.gov/Archives/edgar/data/1804583/0001493152-26-021875-index.html","accession_number":"0001493152-26-021875","cik":"0001804583","ticker":"RAASY","issuer_name":"Cloopen Group Holding Ltd","edgar_url":"https://www.sec.gov/Archives/edgar/data/1804583/0001493152-26-021875-index.html","primary_entity_key":"0001804583","primary_entity_name":"Cloopen Group Holding Ltd"},"word_count":617,"has_tables":true,"body_markdown":"**ITEM\n16K. CYBERSECURITY**\n\n \n\n**Risk\nManagement and Strategy**\n\n \n\nWe\nhave access to certain data and information of enterprises which use our solutions. We may also have access to certain personal data\nand information of our customers’ end-users. Specifically, for our solutions deployed on public cloud, data and information are\nsafely encrypted and stored in cloud servers, where customers can access on demand only with appropriate authorization. We do not have\naccess to data and information of customers which use our solutions deployed on private cloud.\n\n \n\nWe\nare committed to protecting our customers’ data and privacy and have designed strict protocols on data collection, transmission,\nstorage and usage to ensure compliance with applicable laws and regulations. In addition, our agreements with customers generally include\na confidentiality clause under which we are obligated not to disclose or otherwise misappropriate the data and information of our customers\nor their end-users.\n\n \n\nWe\ntake safety precautions to maintain our technological infrastructure and protect our data and information. We have implemented detailed\npolicies regarding system operation and maintenance, information security and management, and data backup and disaster recovery. Our\ntechnological infrastructure applies safeguards such as web application firewalls to ensure data security. As a general principle, data\nand information in relation to our business operations can only be accessed by our employees with designated authorization level. We\nenter into confidentiality agreements with our employees who have access to our data and information. The confidentiality agreements\nprovide that, among others, these employees are legally obligated not to disclose or otherwise misappropriate confidential data and information\nin possession as a result of their employment. Such employees are also legally obligated to surrender all confidential data and information\nin possession upon resigning and to maintain their confidentiality obligations afterwards. They bear compensation liability if they breach\ntheir confidentiality obligations or otherwise commit misconduct resulting in leakage of our confidential data and information. Furthermore,\nour agreements with business partners generally include a confidentiality clause under which they are legally obligated not to disclose\nor misappropriate confidential data and information in possession as a result of their relationship with us.\n\n \n\nAs\nof the date of this annual report, we have not received any claim from any third party against us on the ground of infringement of such\nparty’s right to data protection as provided by applicable laws and regulations in China and other jurisdictions. As of the same\ndate, we have not experienced any cybersecurity incidents that resulted in an interruption to our operations, known losses of any critical\ndata or otherwise had a material impact on our business strategy, results of operations or financial condition. However, the scope and\nimpact of any future incidents cannot be predicted. See “Item 3. Key Information — D. Risk Factors” for more information\non how material cybersecurity incidents may impact our business.\n\n \n\n**Governance**\n\n \n\nOur\nboard of directors acknowledges the significance of robust cybersecurity management programs and actively participates in overseeing\nand reviewing our cybersecurity risk profile and exposures.\n\n \n\nOur\nchief technology officer leads the overall assessment, identification and management of risks related to cybersecurity threats. He works\ncollaboratively within our Group and receives regular briefings on cybersecurity matters, such as report on cybersecurity incidents and\nresponses and remedial measures. Our chief technology officer has over 20 years of relevant experience in risk management, cybersecurity\nand information technology. Our chief technology officer and dedicated staff are responsible for the daily management of our cybersecurity\nefforts. This includes updates and refinement of cybersecurity policies, execution and management of cybersecurity measures, and the\npreparation of regular reports on cybersecurity execution. Their primary focus is to consistently update our cybersecurity programs and\nmitigation strategies, ensuring they align with industry best practices and procedures.\n\n \n\n141\n\n \n\n \n\n**PART\nIII**"}