RISK MANAGEMENT

Mazda makes ongoing efforts to identify and mitigate various internal and external risks in accordance with its Basic Policy on Risk Management, Risk Management Regulations, and other related internal regulations so as to ensure the continuous and stable progress of its business activities. In addition, the Company takes steps to enhance its business continuity plan (BCP) to prevent serious impacts to society due to halts to its operations.

To facilitate appropriate risk management, Mazda implements a plan-do-check-act (PDCA) cycle based on the level of materiality of the identified risks. Risks pertaining to specific businesses are managed by the relevant divisions, while Companywide risks are handled by divisions responsible for Companywide processes. In the event of an emergency, such as a natural disaster or other occurrence with the potential to have serious managerial consequences, Mazda takes appropriate measures based on its internal regulations, which may include establishing an emergency response taskforce to respond to the situation when necessary. Moreover, Mazda has created the Risk & Compliance Committee to further enhance and strengthen risk management at the Company and its affiliates. The committee selects risks to be prioritized in a Companywide manner based on major risks identified by individual departments and information on risk trends and confirms the progress of the related risk countermeasures every six months. Reports on the activities of the Risk & Compliance Committee are submitted to the Executive Committee Meeting and the Board of Directors every six months for use in verifying the effectiveness of risk management frameworks.

Business and Other Risks

Major risks that could affect the Mazda Group's business results or financial position include, but are not limited to, those listed below.

Annual Securities Report for FY March 2025 Corporate Governance (P28)

Mazda has been implementing ongoing and systematic disaster preparedness measures in preparation for major earthquakes, such as the projected potential Nankai Trough earthquake, and the tsunamis that may follow such earthquakes. Infrastructure-related measures include quake-proofing buildings and facilities and raising embankments. Framework-related measures include introducing an employee safety confirmation system, organizing self-disaster defense teams, and conducting system operation training. Furthermore, Mazda holds disaster drills jointly with fire authorities to heighten its ability to respond to disasters. In addition to simultaneous evacuation drills, the Company has been working to enhance its practical disaster response capabilities to prevent the spread of damage to neighboring areas due to a secondary disaster by incorporating disaster simulation exercises to respond to various emergency situations, such as the leakage of high-pressure gas or hazardous substances, as well as practical skills training.

Frameworks

At Mazda, an officer is assigned responsibility for information security on a Companywide basis. Meanwhile, the Information Security Committee*1 tracks cybersecurity measures throughout all areas within the scope of the Company's information security framework and formulates improvement plans in this regard. These plans are proposed to the Executive Committee Meeting to drive ongoing improvements in information security, and reports on improvement measures are submitted to the Board of Directors. Measures are also being advanced to strengthen frameworks for responding to information leaks and cyberattacks from outside of the organization. For this purpose, we research information security vulnerabilities and incidents around the world to prevent incidents at the Company.

Mazda works together with suppliers to enhance the quality of cybersecurity measures and complies with the cybersecurity standards instituted in July 2022 (UN Regulation No. 155). Furthermore, we participate in the automotive information sharing and analysis centers (Auto-ISACs) of Japan and the United States*2 to furnish ongoing responses based on security incidents detected within the industry and best practices.

To raise employee awareness about information security, Mazda conducts IT security training and targeted email drills on an ongoing basis. In addition, the Company provides guidelines and educational tools regarding information security to support Group companies with the goal of raising information security awareness and promoting compliance with relevant regulations throughout the Group.

*1 The Information Security Committee is an organization that manages Companywide information security on a global basis. The committee regularly holds Companywide information security meetings as the decision-making body regarding information security issues on a Companywide level.
*2 In addition to participating in the Auto-ISAC of the United States, Mazda has participated in the establishment and operation of the Auto-ISAC of Japan (J-Auto-ISAC).

Mazda has established the Personal Information Protection Policy together with rules for handling personal information. In addition, regular examination of management records for retained personal data is conducted and the status of personal information management is confirmed once a year. In this manner, the Company is practicing the appropriate management and protection of personal information. In cases in which the handling of personal information is entrusted to outside parties, such contractors are carefully selected based on a checklist for confirming security management and other necessary provisions. The Mazda Call Center responds to customers who wish to inquire about the Company's handling of personal information and those who request disclosure regarding privacy issues. In response to the establishment and revision of relevant laws and regulations in countries of operation and changes to the ways in which personal information is handled through the application of IT, the Company conducts ongoing reviews of its rules and frameworks to facilitate more proper management of personal information.

Personal Information Protection Policy

Basic Policy on Intellectual Property

As its basic policy on intellectual property, Mazda strives to use intellectual property as a management resource in support of its business management and corporate activities based on respect for the intellectual property rights of the Company and of other entities. Based on this policy, Mazda has established the Intellectual Property Committee to discuss and decide important matters regarding intellectual property. The committee is comprised of division general managers from related divisions and chaired by the officer responsible for intellectual property issues. In addition, an invention incentive system* has been put in place to increase motivation for inventions among employees working at the forefront of research and development. The Company provides support to domestic and overseas Group companies for formulating policies and implementing systems for handling intellectual property with the aim of enhancing the intellectual property management functions of the entire Mazda Group.

* Once a year, on the anniversary of Mazda's foundation in January, certificates of commendation, commemorative medals, prize money, and other honors are presented to selected recipients through the manager of their department.

The Intellectual Property Department leads internal activities regarding intellectual properties to prevent infringements upon the intellectual property rights of other companies. The department also conducts strategic activities aimed at fiercely protecting, accumulating, and making optimal use of the intellectual properties generated through in-house activities.

1. Mazda seeks to obtain rights on a global basis concerning intellectual properties created by business activities, including new technologies, marks, model names, and vehicle designs, to protect its technologies, designs, and brand.
2. Extensive surveys are conducted to prevent and resolve any issues regarding intellectual properties that may obstruct business activities, such as infringement of other parties' patent rights, trademark rights, design rights, and copyrights, and violations of the Unfair Competition Prevention Act.

The Mazda Corporate Ethics Code of Conduct, which contains action guidelines for employees, stipulates "Keep confidential information. Never infringe on any intellectual property rights, whether it belongs to Mazda or another party." Intellectual property risks are reviewed periodically based on changes in the operating environment, and awareness-raising and educational activities are tailored to different employee ranks and positions as well as to the specific intellectual properties involved and conducted at Group companies worldwide. Education programs are carried out with a focus on specific risks, such as intellectual property risks associated with the increase in joint technology and service development with internal and external partners and risks pertaining to social media and internet use. By providing information and raising awareness through these efforts, Mazda strives to prevent intellectual property-related issues.

Mazda strives to eliminate the risk posed to customers by the purchase of imitation products. Safety-related components are a top priority in these efforts. We thereby aim to protect the safety of customers while also improving the strength and reliability of the Mazda brand to ensure that it continues to be loved by customers.