Regulatory

Ornn AI, Inc. ("Licensor") grants you ("Licensee") a non-exclusive, non-transferable, non-sublicensable, limited license to access the Ornn Compute Price Indices (OCPIs) as a streamed price feed, subject to the terms in this Agreement.

You will have access only to the index values (defined as the real-time price data points provided via the API feed) and not to any underlying data, methodologies, algorithms, or proprietary processes used to calculate or compile the OCPIs.

• You must reference Ornn's corporate name and logo (choose one of: "Ornn", "Ornn.ai", "Ornn.trade", "Ornn Compute", or "Ornn Compute Exchange") when presenting or discussing data obtained from our services.
• You may not copy, distribute, relicense, sublicense, transfer, publish, or otherwise redistribute the index or price stream, in whole or in part, to any third party in any form.
• You may not modify, create derivative works from, reverse engineer, or decompile the index.
• You may record or store price data from the API feed for internal use. However, you may not share, publish, sell, or otherwise distribute such recorded data to generate revenue or commercial advantage.
• You are solely responsible and liable for any unauthorized sharing or monetization of data, whether by you or any third party who gains access through your credentials or systems.

You may not exploit the index directly or indirectly for profit or commercial purposes without explicit prior written consent from Licensor. Any monetization, sale, or use for generating revenues is prohibited.

If you receive any grants, venture capital funding, investment, or other financial support that results from or is substantially attributable to the use of the OCPIs, you must disclose such funding to Licensor in writing within thirty (30) days of receipt. Failure to disclose may result in termination of your license and Licensor reserves the right to pursue all available legal remedies.

All rights, title, and interest in and to OCPIs, and any trademarks, logos, or other proprietary materials of Ornn AI, Inc., are and shall remain the sole property of Licensor. You acquire no ownership rights under this Agreement.

Licensor may terminate your access immediately if you breach any term of this Agreement. Upon termination, you must immediately:

• Cease all use of the index and any data obtained through the API feed
• Delete or destroy all copies of index data in your possession or control
• Certify in writing to Licensor, within five (5) business days of termination, that all such data has been deleted or destroyed

You agree to treat the index stream and all associated data as confidential proprietary information and not disclose it except as expressly permitted. You must take reasonable measures to prevent unauthorized access to or copying of the data.

Licensor provides the index stream "AS IS" and disclaims all warranties, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement. Licensor shall not be liable for any direct, indirect, incidental, consequential, or punitive damages arising from your use of the index, even if advised of the possibility of such damages.

This Agreement is governed by and construed under the laws of the State of New York, without regard to its conflicts of law principles. The parties irrevocably consent to the exclusive jurisdiction and venue of the state and federal courts located in New York County, New York, for any dispute arising out of or relating to this Agreement.

No waiver, amendment, or modification of this Agreement will be effective unless in writing and signed by both parties. This Agreement constitutes the entire agreement and supersedes all prior agreements, understandings, and communications, whether written or oral, relating to the subject matter hereof. If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

This Acceptable Use Policy governs Customer's access to and use of the services, software, infrastructure, APIs, websites, documentation, and related offerings provided by OrnnX LLC as part of Ornn Compute under the applicable agreement, order form, online terms, or other written agreement between Customer and OrnnX. Capitalized terms not defined in this Policy have the meanings given in the Agreement.

Customer is responsible for all activity under its accounts and for all use of the Services by its Authorized Users and any person or entity that gains access through Customer's systems, credentials, accounts, networks, or resources.

Customer shall not, and shall not permit any Authorized User, end user, contractor, agent, or third party to:

• Use the Services for any unlawful, fraudulent, deceptive, harmful, abusive, or infringing purpose.
• Violate, misappropriate, or encourage the violation of any intellectual property, privacy, publicity, contractual, confidentiality, export control, sanctions, or other legal rights.
• Sell, resell, rent, lease, sublicense, timeshare, outsource, provide service bureau access to, or otherwise make the Services available to any third party, except as expressly permitted in an Order Form.
• Allow any person other than Customer’s employees, contractors, or expressly authorized users to access or use the Services.
• Access or use any portion of the Services not expressly made available to Customer under the applicable Order Form, Documentation, or Agreement.
• Use the Services in a manner that interferes with, burdens, degrades, disrupts, or threatens the integrity, availability, security, or performance of the Services or any third-party system.
• Conduct load testing, stress testing, penetration testing, vulnerability scanning, benchmarking, scraping, crawling, or automated probing of the Services without OrnnX’s prior written approval.
• Attempt to gain unauthorized access to the Services, accounts, systems, networks, facilities, data, credentials, or infrastructure of OrnnX, its service providers, customers, suppliers, or any third party.
• Bypass, disable, defeat, abuse, or circumvent any technical, security, billing, metering, rate-limit, quota, authentication, authorization, encryption, or access-control mechanism.
• Introduce, upload, transmit, execute, or distribute malware, viruses, worms, Trojan horses, spyware, ransomware, botnets, command-and-control software, spam tools, credential-harvesting tools, or other malicious code.
• Send, facilitate, or enable spam, unsolicited bulk communications, phishing, spoofing, pharming, fraudulent messages, deceptive routing information, or impersonation.
• Use the Services to attack, disrupt, scan, probe, overload, intercept, monitor, or impair any network, device, account, system, or service without authorization.
• Operate open proxies, open mail relays, public VPNs, anonymization services, tunneling services, abusive scraping infrastructure, or other public network services unless expressly approved by OrnnX.
• Use the Services for cryptocurrency mining, staking, validation, token generation, blockchain transaction processing, or similar digital-asset activity unless expressly permitted in an Order Form.
• Use the Services to develop, train, host, distribute, or facilitate malware, cyber abuse, credential theft, unauthorized surveillance, evasion tooling, or other offensive security activity, except for legitimate defensive security work expressly authorized by OrnnX.
• Use the Services to create, host, transmit, or distribute content or activity involving child sexual abuse material, sexual exploitation, terrorism, violent extremism, credible threats, harassment, hate, non-consensual intimate imagery, human trafficking, or unlawful goods or services.
• Use the Services for weapons development, chemical, biological, radiological, nuclear, or explosive applications, autonomous lethal systems, or other high-risk safety-critical uses unless expressly approved in writing by OrnnX.
• Use the Services for medical, legal, financial, employment, housing, insurance, credit, law enforcement, migration, education, critical infrastructure, or other high-impact decisions without all legally required safeguards, qualified human review, notices, consents, and approvals.
• Submit, store, process, or transmit sensitive personal data, payment card data, protected health information, government identification numbers, biometric identifiers, children’s data, export-controlled data, or similarly regulated data unless expressly permitted in the Agreement and supported by required security, privacy, and compliance terms.
• Copy, modify, translate, adapt, create derivative works of, reverse engineer, decompile, disassemble, or otherwise attempt to derive source code, underlying models, architecture, non-public APIs, or trade secrets from any OrnnX property, except to the extent applicable law prohibits this restriction.
• Remove, obscure, or alter any copyright, trademark, proprietary rights, attribution, confidentiality, or other notices associated with the Services or OrnnX property.
• Access or use the Services to build, train, benchmark, evaluate, or improve a competing product or service, or publish performance comparisons without OrnnX’s prior written approval.
• Use the Services in violation of applicable sanctions, export controls, anti-corruption laws, anti-money laundering laws, or restrictions applicable to embargoed countries, prohibited parties, or restricted end uses.
• Misrepresent Customer’s identity, affiliation, authorization, usage, billing information, workload purpose, or compliance status.
• Use free trials, promotional credits, multiple accounts, aliases, automation, or other means to avoid fees, limits, quotas, eligibility requirements, enforcement actions, or account restrictions.
• Use the Services for any purpose not expressly permitted by the Agreement, Order Form, Documentation, or written approval from OrnnX.

Customer shall maintain the confidentiality and security of all credentials, keys, tokens, consoles, APIs, virtual machines, operating systems, workloads, storage, network configurations, firewall rules, and other resources under Customer's control.

Customer shall promptly notify OrnnX of any known or suspected unauthorized access, security incident, policy violation, abuse report, or misuse of the Services.

Customer shall ensure that its Authorized Users and end users comply with this Policy, the Agreement, and all applicable laws and regulations.

Customer shall not assist, enable, or facilitate any person or entity in engaging in activity that would violate this Policy if performed by Customer.

OrnnX may investigate any suspected violation of this Policy. OrnnX may suspend, limit, disable, remove, quarantine, or terminate access to the Services or any affected resources if OrnnX reasonably believes that use of the Services violates this Policy, creates risk to OrnnX, its customers, service providers, or third parties, or may subject any person to legal liability.

Where practical, OrnnX may provide notice and an opportunity to cure. OrnnX may act immediately without notice where necessary to protect security, availability, legal compliance, the Services, or third parties.

Customer shall cooperate with OrnnX in investigating and remediating suspected violations. OrnnX may report suspected illegal activity to law enforcement, regulators, affected third parties, or service providers as permitted by law and the Agreement.

This Policy is not exhaustive. OrnnX may update this Policy from time to time by posting a revised version or otherwise providing notice as set out in the Agreement. Customer's continued use of the Services after the effective date of an updated Policy constitutes acceptance of the updated Policy to the extent permitted by applicable law and the Agreement.

Questions, notices, and abuse reports regarding this Policy should be sent to OrnnX LLC at contact@ornn.com, unless the Agreement states a different notice method.

The purpose of this policy is to ensure that Ornn AI, Inc. (the "Company") complies with all applicable economic and trade sanctions laws and regulations. As a financial infrastructure provider, the Company is committed to preventing its platform and services from being used to facilitate transactions involving sanctioned individuals, entities, or jurisdictions.

This policy applies to all Company personnel, including directors, officers, employees, and contractors. It also applies to all business activities, including customer onboarding, vendor management, and financial transactions.

• Policy Owner (CTO): Responsible for the technical implementation of screening controls and oversight of the sanctions compliance program.
• Legal/Compliance: Responsible for monitoring changes to global sanctions lists and advising on high-risk jurisdictions.
• Operations/Personnel: Responsible for ensuring due diligence is performed during onboarding and reporting any potential sanctions hits.

Ornn AI, Inc. complies with the following jurisdictional sanctions programs:

• United Nations Security Council (UNSC): All Company activities must adhere to the consolidated sanctions list maintained by the UNSC.
• United States (OFAC): The Company complies with all sanctions programs administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), including the Specially Designated Nationals (SDN) list.
• Regional Laws: The Company also monitors and adheres to applicable sanctions in any other jurisdiction where it operates or maintains legal obligations.

5.1 Screening

The Company utilizes automated and manual screening processes to verify:

• Customers: All new customers and partners are screened against the jurisdictional lists above prior to platform access.
• Third Parties: As defined in the Third-Party Management Policy, significant vendors and agents undergo due diligence including sanctions screening.
• Ongoing Monitoring: Periodic re-screening is performed to identify any changes in the status of existing participants.

5.2 Prohibited Activities

No Personnel shall:

• Engage in business with any individual or entity identified on a sanctioned list.
• Facilitate transactions involving jurisdictions subject to comprehensive embargoes.
• Export software, technology, or encryption in violation of regional export control laws as defined in the Information Security Policy (AUP).

All employees with responsibilities in customer onboarding, finance, or vendor management will receive specific training on sanctions compliance. General awareness training will be provided to all Personnel during onboarding.

Any potential "match" or "hit" discovered during screening must be immediately escalated to the Policy Owner. No further business activity with the flagged party may occur until the match is investigated and cleared by Legal/Compliance.

Exceptions to this policy require written approval from the CEO and Legal Counsel. Violations of sanctions laws can result in severe legal penalties for the Company and individuals. Personnel who violate this policy are subject to disciplinary action, up to and including termination of employment.

This policy and the effectiveness of its associated controls will be reviewed at least annually as part of the Company's overall Risk Management Policy and compliance program.

Ornn AI, Inc. (the "Company") is committed to the highest standards of financial integrity and regulatory compliance. The purpose of this policy is to establish a comprehensive framework to prevent the Company's financial infrastructure and services from being used for money laundering, terrorist financing, or other financial crimes. This policy is designed to ensure compliance with the U.S. Bank Secrecy Act (BSA), the USA PATRIOT Act, and other applicable international AML/CFT regulations.

This policy applies to all Company Personnel, including directors, officers, employees, and contractors. It covers all business units involved in customer onboarding, payment processing, financial operations, and product development.

• Compliance Officer (CTO): Responsible for the design, implementation, and maintenance of the AML/CFT program.
• Executive Management: Provides oversight and ensures the Company maintains a risk-based approach to financial crime prevention.
• Operations & Sales Teams: Responsible for collecting required customer information and identifying red flags during the onboarding process.
• All Personnel: Required to report any suspicious activity to the Policy Owner without delay.

The Company maintains a "Know Your Customer" (KYC) program. No customer relationship shall be established until the following due diligence is completed:

• Identification and Verification: Verification of the legal identity of all customers (individuals or entities) using reliable, independent source documents.
• Beneficial Ownership: Identification of ultimate beneficial owners (UBOs) for corporate clients to ensure transparency.
• Risk Rating: Customers are assigned a risk rating (Low, Medium, High) based on their jurisdiction, industry, and intended use of the platform.
• Enhanced Due Diligence (EDD): High-risk customers, including Politically Exposed Persons (PEPs), are subject to additional scrutiny and senior management approval.

In alignment with the Sanctions Compliance Policy, all customers, partners, and related parties are screened against global sanctions lists (including US OFAC and UNSC) at onboarding and on a recurring basis.

The Company monitors transactions and platform usage to identify patterns that may indicate financial crime, such as:

• Structuring transactions to avoid reporting thresholds.
• Unusual or unexplained spikes in compute usage or payment activity.
• Transactions involving high-risk or non-cooperative jurisdictions.

Personnel must report any suspicious activity to the Compliance Officer. If the Company determines that activity is suspicious and meets regulatory thresholds, it will file a Suspicious Activity Report (SAR) or equivalent regulatory notification in accordance with legal requirements. Personnel are strictly prohibited from "tipping off" a customer that a report has been filed.

The Company maintains all AML/CFT related records, including customer identification data and transaction logs, for a minimum of five (5) years following the termination of the customer relationship, or as required by local law.

All Personnel with financial or customer-facing responsibilities must complete AML/CFT training upon hire and annually thereafter. Training includes how to identify "red flags" and the proper procedures for reporting suspicious behavior.

The Company complies with the FATF "Travel Rule" and related international payment transparency standards. For all applicable transfers, the Company ensures the following:

• Information Collection: Obtain and verify required information for the originator (sender) and beneficiary (receiver), including names, account numbers, and physical addresses or unique identifiers.
• Transmission: Securely transmit this information to the counterparty financial institution or service provider immediately and securely during the transaction.
• Retention: Retain all collected originator and beneficiary information in accordance with the Record Keeping requirements of this policy.
• Counterparty Due Diligence: Perform due diligence on counterparty institutions to ensure they maintain adequate security and data protection standards before transmitting sensitive information.

The Company does not:

• Maintain anonymous accounts or accounts in fictitious names.
• Engage in business with "shell banks" (banks with no physical presence in any jurisdiction).
• Facilitate transactions known or suspected to involve the proceeds of criminal activity.

The AML/CFT program is subject to periodic independent testing and review to ensure its ongoing effectiveness and alignment with evolving legal requirements.

The purpose of this policy is to establish Ornn AI, Inc.'s (the "Company") zero-tolerance position on bribery and corruption. Ornn AI, Inc. is committed to conducting its business with the highest level of integrity and in compliance with all applicable anti-bribery and anti-corruption laws, including but not limited to the U.S. Foreign Corrupt Practices Act (FCPA) and any other local laws in jurisdictions where the Company operates.

This policy applies to all directors, officers, employees (whether full-time, part-time, or temporary), contractors, consultants, and any other third parties acting on behalf of Ornn AI, Inc. ("Personnel").

• Executive Management: Responsible for the implementation and oversight of this policy, ensuring adequate resources are allocated for compliance.
• Human Resources: Responsible for communicating this policy during onboarding and managing disciplinary actions for violations.
• Personnel: Responsible for reading, understanding, and complying with this policy, and for reporting any suspected violations.

Personnel are strictly prohibited from:

• Offering, promising, or giving a bribe (money, gifts, or anything of value) to any person to improperly influence a business decision or gain an unfair advantage.
• Requesting, agreeing to receive, or accepting a bribe from any person in exchange for improper performance of a business function.
• Engaging in "facilitation payments" (small payments to government officials to speed up routine administrative actions).

The Company recognizes that occasional, modest gifts and hospitality are a normal part of business relationships. However, these must always be:

• Reasonable and proportionate in value.
• Given or received openly and transparently.
• Not intended to influence a business decision.
• Accurately recorded in the Company’s financial records.

Personnel must obtain written approval from their manager for any gift or hospitality exceeding $100.

Ornn AI, Inc. only makes charitable donations and sponsorships that are legal and ethical under local laws and practices. No donation or sponsorship shall be offered or made as an incentive for a business advantage. All donations must be approved in writing by the CEO.

Ornn AI, Inc. may be held liable for the actions of third parties acting on its behalf. As outlined in the Third-Party Management Policy, the Company performs due diligence on all significant vendors, service providers, and agents to ensure they share our commitment to ethical business practices.

Personnel are encouraged to report any suspected bribery or corruption. Reports can be made through the following channels:

• Notifying a manager or an appropriate member of leadership.
• Using the anonymous whistleblower channel: anonymous Google form: https://docs.google.com/forms/d/e/1FAIpQLSeHkODmLgpDN0xXtk6repWTb1HlHyMoH90B6tsFPep-kgvPg/viewform?usp=header.

Ornn AI, Inc. prohibits retaliation against anyone who makes a report in good faith.

All employees will receive training on this policy during onboarding and at regular intervals thereafter to ensure they understand their obligations and the risks associated with bribery and corruption.

Any requests for exceptions to this policy must be submitted in writing to the CEO for approval. Violations of this policy will result in disciplinary action, up to and including termination of employment or contract, and may lead to legal proceedings.

Ornn Data LLC, a Delaware limited liability company, makes this statement with respect to its administration of the Ornn Compute Price Indices, commonly referred to as OCPI. Based on the policies, procedures, controls, methodology, and records described in this statement, Ornn Data LLC states that it has designed and operates its benchmark administration program in alignment with the IOSCO Principles for Financial Benchmarks, Final Report FR07/13, July 2013.

This statement is a management statement of compliance. It is not a certificate issued by IOSCO, an approval by any regulator, or an independent third-party assurance report. As of the effective date of this statement, Ornn Data LLC has not received an independent third-party auditor's assurance report on this statement. Ornn Data LLC expects this statement and the underlying controls to be made available for independent review in connection with exchange, licensee, auditor, regulatory, or other diligence requests.

Ornn Data LLC is the benchmark administrator and data publisher for the OCPI suite. Ornn Data LLC is a wholly-owned subsidiary of Ornn AI Inc. The principal business address listed in Ornn's diligence materials is 447 Broadway FL 4, New York, NY 10013, United States, and the registered address listed in those materials is 263 Newbury St Apt 2, Boston, MA 02116, United States.

Ornn Data LLC is not, by this statement, representing that it is registered or licensed as a bank, broker-dealer, futures commission merchant, swap dealer, exchange, clearing organization, investment adviser, or other regulated financial institution. Ornn Data LLC operates as a benchmark administrator and data publisher for GPU compute price benchmarks.

This statement applies to the Ornn Compute Price Indices, including the headline OCPI series and related index extensions by GPU model, GPU generation, cluster size, contract tenor, configuration, and geography, to the extent each such series is administered under the OCPI methodology and related policies.

OCPI is a transaction-based price benchmark for GPU compute capacity. The index measures the market price of GPU compute in USD-equivalent per GPU-hour. The underlying input data consists of anonymized executed on-demand GPU rental transactions, including transactions executed on Ornn Exchange and off-venue transactions reported by contributing counterparties under written agreement.

The covered benchmark family includes, or may include, series for GPU generations and models such as A100, H100, H200, B200, RTX 5090, and RTX PRO 6000, as well as regional and configuration-specific series where sufficient eligible transaction data is available.

The objective of OCPI is to provide a transparent, rules-based, settlement-grade benchmark of the market price of GPU compute capacity per GPU-hour. The methodology is designed to reflect completed transactions rather than merely seller-posted offers, surveys, estimates, or unconsummated indications of interest.

For each relevant GPU type or index specification, Ornn collects eligible transaction observations over the applicable observation window. Each observation includes price, quantity, region, and GPU type. The methodology then computes empirical quantiles from eligible trades and fits a metalog distribution to those quantiles. The index value is calculated as the mean of the fitted metalog distribution and published as the applicable USD-equivalent price per GPU-hour.

The methodology is rules-based and deterministic in ordinary operation. Ornn does not apply day-to-day discretion to determine published index values. Limited discretion is reserved for documented methodology reviews, temporary exclusion of unreliable providers under data quality rules, invocation of fallback or indicative status when provider sufficiency thresholds are not met, and correction of material data or calculation errors.

Ornn maintains governance arrangements intended to protect benchmark integrity, including management oversight, methodology governance, separation between commercial activity and index calculation, and escalation procedures for conflicts, incidents, complaints, and methodology changes.

Day-to-day operations are overseen by Ornn's senior management. Engineering owns the index publication and methodology research process. Operations manages provider relationships, control processes, compliance workflows, and incident handling. Methodology reviews are conducted with management and Ornn's Board of Advisors or other designated oversight participants.

Ornn maintains written policies and procedures that include a Code of Conduct and Ethics, Conflicts of Interest Policy, Personal Trading Policy, Data Privacy and Confidentiality Policy, Information Security Policy, Methodology Change Control process, Incident Management process, and Whistleblowing procedure.

Ornn's conflicts framework is designed to identify, disclose, escalate, manage, and, where necessary, eliminate conflicts that could impair benchmark integrity. The framework addresses conflicts involving benchmark personnel, commercial personnel, data contributors, licensees, affiliates, and any person with access to non-public index inputs or pre-publication values.

Personnel are prohibited from using non-public OCPI inputs, pre-publication values, or non-public methodology changes for investment decisions. Ornn's personal trading policy prohibits staff from trading in products whose settlement value references an Ornn index and from trading on non-public information relating to OCPI methodology, data sources, or values.

Access to production data and calculation systems is restricted by role. Material methodology and pipeline changes are subject to review, approval, and documentation. Any conflict affecting index integrity must be escalated to senior management and handled in accordance with Ornn's conflicts procedures.

OCPI is based on anonymized executed-trade data. Ornn does not use generative artificial intelligence tools in the production, calculation, validation, or publication of OCPI values. The underlying data is not collected by web scraping, consumer browser plugins, mobile-device monitoring, expert networks, surveys, or calls with public companies.

Eligible input data is subject to data fidelity filters. These filters include verified counterparties, trade finality, minimum notional thresholds, provider reliability standards, and compute quality thresholds. Canceled, pending, partially matched, or otherwise incomplete transactions are excluded from the eligible data set.

Provider eligibility is monitored through operational thresholds and reliability metrics, including historical reliability, network performance, GPU memory, system memory, storage, CPU cores per GPU, PCIe bandwidth, and CUDA version. Providers with incomplete reporting, excessive latency, or other data quality deficiencies may be temporarily excluded until data quality is restored.

Contributing counterparties report transaction data under written contribution agreements, trading rules, or other direct written terms. These arrangements are intended to confirm that the counterparty has the legal right to contribute transaction data, that contribution does not breach a contractual, fiduciary, confidentiality, or other duty, and that Ornn may use the contributed data to construct and license derived benchmark indices.

Counterparty onboarding includes diligence regarding legal rights, sanctions screening, beneficial ownership review where applicable, and review of relevant adverse events. Counterparties that are subject to relevant regulatory action, public litigation, or known disputes regarding data collection practices may be excluded from contribution. Annual and event-driven recertification is required where applicable.

Ornn's data dictionary defines the fields accepted at the contribution interface. Accepted fields are designed to avoid natural-person identifiers and covered personal information. Counterparty information is limited to legal-entity information and operational fields needed for benchmark construction, validation, audit, and administration.

Ornn monitors data sufficiency through internal dashboards and automated controls. The index methodology uses completed transaction data and includes fallback procedures for periods of data insufficiency, provider outage, stale provider feeds, or other operational disruption.

If provider availability or input data sufficiency falls below Ornn's minimum threshold, the affected index may be marked indicative. If the available data is not representative, Ornn may republish the last fully-informed value in accordance with the documented fallback procedure. Such events are logged with the cause, action taken, timing, and notification history.

Fallbacks are intended to preserve continuity without overstating the representativeness of a value produced under stressed conditions. Where a fallback or indicative value is used, Ornn retains supporting records and communicates material events to licensees in accordance with applicable contractual notice requirements.

Ornn maintains automated and human controls for anomalous and suspicious data. Automated monitoring flags trades outside expected price ranges, sudden volume spikes from a provider or region, repeated identical prints that may indicate wash trading, unusual clustering at specific price points, and provider feed gaps or latency spikes.

Flagged trades are excluded automatically where they fail rule-based filters. Patterns not covered by automated rules may be reviewed manually by Ornn personnel independent of the activity under review. Where a print is determined to be non-representative, it is excluded under documented procedures.

All exclusions, overrides, and manual review outcomes are logged with a timestamp, reason code, and reviewer where applicable. These records form part of the audit trail for the affected benchmark calculation.

All data aggregation, filtering, fitting, verification, and publication occur on Ornn's secure cloud-based analytics infrastructure. Ornn applies pre-publication checks for null values, missing values, large movements, interim measures, unchanged values, and other signals that may indicate a data or calculation issue.

Ornn runs its index computation infrastructure multiple times to verify that outputs are consistent across runs. Published values are verified before release, and calculation artifacts are retained as part of the benchmark record.

OCPI values are published daily at 16:00 Eastern Time, rounded to the nearest tenth of a cent, or $0.001, unless a publication delay, fallback, error correction, or other documented event applies. Published index values may be disseminated through Ornn systems and third-party distribution channels made available to licensees and subscribers.

Ornn documents methodology changes in versioned public releases of the OCPI methodology. Methodology changes are reviewed through Ornn's methodology governance process and are subject to notice to licensees where required by contract or applicable policy.

Historical recalculations are applied only where necessary to correct data errors or structural inconsistencies. Ornn does not recalculate historical values merely to reflect prospective methodology refinements.

Where a historical recalculation is required, Ornn documents the cause and scope of the change, recalculates affected index values on its analytics infrastructure with verification, notifies licensees in writing where commercially reasonable, republishes corrected values, and retains the recalculation record and justification as part of the audit trail.

Ornn retains full trade-level data, intermediate calculation artifacts, published index values, methodology versions, methodology change records, exclusions, error corrections, complaints, incident records, and related benchmark administration records. Full trade-level data and intermediate calculation artifacts are retained for at least seven years on Ornn's secure analytics infrastructure, and published index values are retained indefinitely.

The audit trail includes all relevant data, submissions, other information, judgments, analyses, reason codes, reviewer identities where applicable, and calculation outputs needed to reconstruct and review a benchmark determination.

Records are maintained in secure cloud infrastructure with access controls, encryption in transit, encryption at rest, and logging of access to production data.

Ornn maintains a formal complaints procedure. Complaints may be submitted in writing to Ornn's designated complaints or support contact. Each complaint is logged with a unique reference, acknowledged within five business days, and investigated by personnel independent of the activity complained of where reasonably practicable. Ornn aims to provide a substantive response within thirty days where reasonably practicable.

If Ornn becomes aware that incorrect input data or a calculation issue has materially affected a published index value, Ornn investigates promptly and follows the applicable error correction and historical recalculation process. Material errors and corrections are communicated to licensees in writing in accordance with the applicable notice protocol.

If a daily value fails to publish at the scheduled publication time, Ornn Engineering is alerted automatically. Ornn diagnoses the cause, resolves the issue where possible, invokes fallback or indicative status where necessary, logs the event, and notifies affected licensees according to the applicable contractual or operational escalation procedure.

Ornn maintains a Business Continuity Plan and Disaster Recovery Plan covering the people, processes, and systems required to continue publishing the OCPI suite under stress scenarios. Ornn's analytics, calculation, and API infrastructure runs on enterprise cloud infrastructure with redundancy. Input data, published values, and calculation artifacts are replicated or otherwise protected through Ornn's data resilience controls.

Critical roles have documented backups, and no single individual is intended to be a single point of failure for index calculation, publication, or governance. In the event Ornn is unable to continue providing OCPI, Ornn will notify affected licensees and cooperate on an orderly transition, settlement, delisting, successor benchmark, or cessation process, subject to applicable contracts and confidentiality obligations.

Ornn treats non-public input trade data, licensee information, methodology implementation details, and pre-publication index values as confidential. Personnel are bound by confidentiality obligations in their employment or contractor agreements and by Ornn's Code of Conduct.

OCPI does not contain covered personal information and is not designed to collect natural-person identifiers. Contributing counterparties represent that submitted data is not material non-public information of an issuer of public securities and is not subject to confidentiality obligations that would prohibit contribution.

Ornn uses reasonable best efforts, including counterparty representations, onboarding diligence, sanctions screening, annual and event-driven recertification, and exclusion procedures, to confirm that data used to create OCPI was not obtained through breach of contract, breach of fiduciary duty, deception, misappropriation, or violation of law.

This statement describes Ornn's benchmark administration framework as of the effective date. It does not amend any license agreement, contribution agreement, trading rule, methodology document, or other binding contract. If this statement conflicts with a definitive written agreement or the operative methodology for a specific index series, the definitive written agreement or operative methodology controls.

This statement is not investment advice, legal advice, tax advice, accounting advice, or a recommendation to trade any futures contract, swap, option, security, or other financial instrument. Users should exercise independent judgment and consult their own advisers before relying on OCPI in contracts, trading, risk management, financial reporting, or regulatory submissions.