Audit Committee Charter

AMENDED AND RESTATED
AUDIT COMMITTEE CHARTER

of Audit Committee
of Cogent Communications Holdings, Inc.

This amended and restated Audit Committee Charter was adopted by the Board of Directors (the “Board”) of Cogent Communications Holdings, Inc. (the “Company”) on May 4 2022.

I. Purpose

The purpose of the Audit Committee (the “Committee”) is to assist the Board with its oversight responsibilities regarding (i) the integrity of the Company’s financial statements and audits thereof, (ii) the independent auditor’s qualifications, independence and performance and (iii) the Company’s accounting and financial reporting processes.

Notwithstanding the foregoing, the Committee’s responsibilities are limited to oversight. Management of the Company is responsible for the preparation, presentation and integrity of the Company’s financial statements as well as the Company’s financial reporting process, accounting policies, internal accounting controls and disclosure controls and procedures. The independent auditor is responsible for performing an audit of the Company’s annual financial statements, expressing an opinion as to the conformity of such annual financial statements with generally accepted accounting principles and reviewing the Company’s quarterly financial statements. It is not the responsibility of the Committee to plan or conduct audits or to determine that the Company’s financial statements and disclosure are complete and accurate and in accordance with generally accepted accounting principles and applicable laws, rules and regulations. Each member of the Committee shall be entitled to rely on the integrity of those persons within the Company and of the professionals and experts (including the Company’s independent auditor) from which the Committee receives information and, absent actual knowledge to the contrary, the accuracy of the financial and other information provided to the Committee by such persons, professionals or experts.

The term “review” as used in this Charter is not intended to mean an auditor’s review of financial statements and should not be interpreted to suggest that the Committee members can or should follow the procedures required of auditors performing reviews of financial statements.

II. Membership

The Committee shall have at least three members appointed by the Board, with one member appointed as the Chair of the Committee (“Chair”). The entire Committee shall consist solely of independent directors. In particular, an independent director may not accept, directly or indirectly, any consulting, advisory or compensatory fees from the Company and may not be an affiliate of the Company.

Each Committee member shall be financially literate as determined by the Board in its business judgment at the time of his or her appointment to the Committee. At least one member of the Committee shall have past employment experience in finance or accounting, requisite professional certification in accounting, or any other comparable experience or background that results in the member’s financial sophistication, including but not limited do, being or having been a chief executive officer, chief financial officer or other senior officer with financial oversight responsibilities.

Independence and financial literacy shall be determined pursuant to the standards specified by the SEC and any stock exchange on which the securities of the Company are listed (including an affirmative determination of independent status by the Board).

The members of the Committee, including the Chair, shall be appointed by the Board on the recommendation of a majority of the independent directors. Committee members may be removed from the Committee, with or without cause, by the Board.

III. Meetings and Procedures

The Chair (or in his or her absence, a member designated by the Chair) shall preside at each meeting of the Committee. The Committee shall have the authority to establish its own rules and procedures for notice and conduct of its meetings so long as they are not inconsistent with any provisions of the Company’s bylaws that are applicable to the Committee.

The Committee shall meet at least once during each fiscal quarter and more frequently as the Committee deems desirable. The Committee shall meet separately, periodically, with management with the independent auditor.

The Committee may exclude from its meetings any persons it deems appropriate, including, but not limited to, any non-management director that is not a member of the Committee.

IV. Powers and Responsibilities

1. Appointment and Oversight. The Committee shall be directly responsible for the appointment, compensation, retention and oversight of the work of the independent auditor (including resolution of any disagreements between Company management and the independent auditor regarding financial reporting) for the purpose of preparing or issuing an audit report or related work or performing other audit, review or attest services for the Company, and the independent auditor shall report directly to the Committee.

2. Pre-Approval of Services. Before the independent auditor is engaged by the Company or its subsidiaries to render audit or non-audit services, the Committee shall pre-approve the engagement. Committee pre-approval of audit and non-audit services will not be required if the engagement for the services is entered into pursuant to pre-approval policies and procedures established by the Committee regarding the Company’s engagement of the independent auditor, provided the policies and procedures are detailed as to the particular service, the Committee is informed of each service provided and such policies and procedures do not include delegation of the Committee’s responsibilities under the Exchange Act to the Company’s management. The Committee may delegate to one or more designated members of the Committee the authority to grant pre-approvals, provided such approvals are presented to the Committee at a subsequent meeting. If the Committee elects to establish pre-approval policies and procedures regarding non-audit services, the Committee must be informed of each non-audit service provided by the independent auditor. Committee pre-approval of non-audit services (other than review and attest services) also will not be required if such services fall within available exceptions established by the SEC.

3. Investigations. The Committee may conduct or authorize, if it considers appropriate, investigations into any matters within the scope of the powers and responsibilities delegated to the Committee.

4. Additional delegations of authority. In addition to the powers and responsibilities expressly delegated to the Committee in this Charter, the Committee may exercise any other powers and carry out any other responsibilities delegated to it by the Board from time to time consistent with the Company’s bylaws. The powers and responsibilities delegated by the Board to the Committee in this Charter or otherwise shall be exercised and carried out by the Committee as it deems appropriate without requirement of Board approval, and any decision made by the Committee (including any decision to exercise or refrain from exercising any of the powers delegated to the Committee hereunder) shall be at the Committee’s sole discretion. While acting within the scope of the powers and responsibilities delegated to it, the Committee shall have and may exercise all the powers and authority of the Board. To the fullest extent permitted by law, the Committee shall have the power to determine which matters are within the scope of the powers and responsibilities delegated to it.

5. Independence of Independent Auditor. The Committee shall discuss with the independent auditor its independence from the Company, and obtain and review a written statement prepared by the independent auditor describing all relationships between the independent auditor and the Company, consistent with Independence Standards Board Standard 1, and consider the impact that any relationships or services may have on the objectivity and independence of the independent auditor.

(i) The Committee shall assume the responsibility for taking, or for recommending that the Board take, appropriate action to oversee the independence of the outside auditor.

(ii) The Committee shall assure the rotation of the audit partners of the Company’s independent auditors as required under the Sarbanes-Oxley Act and other applicable standards and any SEC requirements.

(iii) The Committee shall review and discuss with the independent auditors the written independence and other disclosure promulgated under the requirements of the PCAOB or any similar regulatory or quasi-regulatory body that issues accounting standards.

Annual Financial Statements and Annual Audit

6. Meetings with Management and the Independent Auditor.

(i) The Committee shall meet with management and the independent auditor in connection with each annual audit to discuss the scope of the audit, the procedures to be followed and the staffing of the audit.

(ii) The Committee shall review and discuss with management and the independent auditor: (A) major issues regarding accounting principles and financial statement presentations, including any significant changes in the Company’s selection or application of accounting principles; (B) issues as to the adequacy of the Company’s internal controls and any special audit steps adopted in light of material control deficiencies; (C) any analyses prepared by management or the independent auditor setting forth significant financial reporting issues and judgments made in connection with the preparation of the Company’s financial statements, including analyses of the effects of alternative GAAP methods on the Company’s financial statements; and (D) the effect of regulatory and accounting initiatives, as well as off-balance sheet structures, on the Company’s financial statements.

(iii) The Committee shall review and discuss the annual audited financial statements with management and the independent auditor, including the Company’s disclosures under “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

7. Separate Meetings with the Independent Auditor.

(i) The Committee shall review with the independent auditor any problems or difficulties the independent auditor may have encountered during the course of the audit work, including any restrictions on the scope of activities or access to required information or any significant disagreements with management and management’s responses to such matters. Among the items that the Committee should consider reviewing with the Independent Auditor are: (A) any accounting adjustments that were noted or proposed by the auditor but were “passed” (as immaterial or otherwise) and (B) any “management” or “internal control” letter issued, or proposed to be issued, by the independent auditor to the Company. The Committee shall obtain from the independent auditor assurances that Section 10A(b) of the Exchange Act has not been implicated.

(ii) The Committee shall discuss with the independent auditor the report that such auditor is required to make to the Committee regarding: (A) all accounting policies and practices to be used that the independent auditor identifies as critical; (B) all alternative treatments within GAAP for policies and practices related to material items that have been discussed among management and the independent auditor, including the ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the independent auditor; and (C) all other material written communications between the independent auditor and management of the Company, such as any management letter, management representation letter, reports on observations and recommendations on internal controls, independent auditor’s engagement letter, independent auditor’s independence letter, schedule of unadjusted audit differences and a listing of adjustments and reclassifications not recorded, if any.

(iii) The Committee shall discuss with the independent auditor the matters required to be discussed by Statement on Auditing Standards No. 61, “Communication with Audit Committees,” as then in effect.

8. Recommendation to Include Financial Statements in Annual Report. The Committee shall, based on the review and discussions in paragraphs above, and based on the disclosures received from the independent auditor regarding its independence and discussions with the auditor regarding such independence pursuant to paragraphs above, determine whether to recommend to the Board that the audited financial statements be included in the Company’s Annual Report on Form 10-K for the fiscal year subject to the audit.

9. The Committee shall provide the Company with the report of the Committee with respect to the audited financial statements for inclusion in each of the Company’s annual proxy statements.

Quarterly Financial Statements

10. Meetings with Management and the Independent Auditor. The Committee shall review and discuss the quarterly financial statements with management and the independent auditor, including the Company’s disclosures under “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

Hedging, Derivative and Pledging Activity and Related Party Transactions

11. The Committee shall also be responsible for the oversight and review of compliance with the Company’s Hedging, Derivatives and Pledging Policy, including, without limitation, the initial approval and following periodic review of any pledging of Company securities by Company person in conformance with the Hedging, Derivatives and Pledging Policy.

12. The Committee shall review and approve all related party transactions. Related party transactions shall refer to transactions required to be disclosed pursuant to SEC Regulation S-K, Item 404.

Data Privacy and Security and Enterprise Risk Assessment

13. The Committee shall review and discuss with management, at least annually, the Company’s policies and practices with respect to data privacy and security risk exposures and the potential impacts, if any, thereof on the Company’s business operations and financial statements.

14. The Board has also delegated authority to the Committee the oversight and responsibility for the Company’s information technology use and protection, including but not limited to data governance, privacy, compliance and cybersecurity. In this area, the Committee shall be responsible for oversight and review of the following:

Data Handling – the policies, procedures, plans, and implementation of measures intended to provide security, confidentiality, availability, and integrity for information collected and held by the Company.

Information Technology Systems – the quality and effectiveness of the Company’s policies and procedures with respect to its information technology systems, including privacy, data security and security of both the Company’s internal corporate network and production network.

Incident Response – the policies and procedures of the Company in preparation for responding to any material cybersecurity incidents.

Disaster Recovery – the Company’s disaster recovery capabilities, for both internal systems and customer services.

Compliance Risks and Internal Audits – the Company’s management of risks related to its information technology systems and processes, including privacy, network security and data security, and any internal audits of such systems and processes.

Periodic and Annual Reports – the preparation of the Company’s disclosures in its reports filed with the Securities and Exchange Commission relating to the Company’s information technology systems, including privacy, network security, and data security.

15. The Committee shall have oversight of any enterprise risk assessments by management concerning reviews of primary risks facing the Company, including environmental and sustainability risks, and the Company’s associated risk mitigation measures.

16. The Committee shall have oversight of the Company’s compliance with the requirements of the SEC disclosure of the auditor’s services and audit committee members, member qualifications and activities.

17. The Committee shall review management’s monitoring compliance with the US Foreign Corrupt Practices Act and any similar applicable non-US regulations and laws.

Other Powers and Responsibilities

18. The Committee shall consider any correspondence from or with regulators or governmental agencies, any employee complaints, any legal matters or any published reports that raise material issues regarding the Company’s financial statements, financial reporting process, accounting policies or internal audit function.  Where the Committee believes additional review, investigation, or action is necessary it shall do so.

19. The Committee shall have the authority to engage independent counsel and other advisers, as it deems necessary to carry out its duties.

20. The Committee shall establish procedures by which the Company shall provide for appropriate funding, as determined by the Committee, for payment of (i) compensation to the independent auditor for the purpose of rendering or issuing an audit report or performing other audit, review or attest services, (ii) for payment of compensation to any advisors employed by the Committee, and (iii) for ordinary administrative expenses of the Committee that are necessary or appropriate in carrying out its duties.

21. The Committee shall establish procedures for the receipt, retention and treatment of complaints received by the Company regarding accounting, internal accounting controls or auditing matters. The Committee shall also establish procedures for the confidential and anonymous submission by employees regarding questionable accounting or auditing matters. The Committee shall periodically review such procedures to ensure their effectiveness and to ensure the Company’s compliance with such procedures.

22. The Committee, through its Chair, shall report regularly to, and review with, the Board any issues that arise with respect to the quality or integrity of the Company’s financial statements, the performance and independence of the Company’s independent auditor, or any other matter the Committee determines is necessary or advisable to report to the Board.

23. The Committee shall at least annually review and reassess this Charter and submit any recommended changes to the Board for its consideration.