Risk Management

Daifuku Group
Risk Management Policy
Promotion System
Major Initiatives
Daifuku Group
Information Security Policy

Daifuku Group Risk Management Policy

Basic Approach

The Group is surrounded by a variety of risks, including natural disasters, law violations, climate change, political unrest, wars and disputes, and cyberattacks. Even in these circumstances, we aspire to be a corporation that continues to achieve sustainable growth and enhance corporate value by tackling each challenge with flexible ideas and the persistence we have cultivated over the Group’s history.
In addition, automated material handling systems are becoming an important social infrastructure that contributes to solving labor shortages and increasing productivity. We recognize that the Group has a social responsibility to provide a stable and continuous supply of such products and services, and we must avoid situations in which the impact of risk causes interruption of the Group’s business activities.
Therefore, based on this policy, we will identify and assess risks, work to prevent them from materializing, and respond promptly and appropriately to minimize damage in the event of a crisis.

1. Objectives

We will engage in risk management with the following objectives:

Secure and maintain the trust of customers and other stakeholders
Implement the Group’s management philosophy and achieve the Group’s management objectives
Ensure sustainable growth of the Group and improve our corporate value

2. Risk management activity principles

We will promote risk management based on the following activity principles in order to achieve our basic objectives:

The Group’s management will be actively involved in the assessment of, response to, and monitoring of risks that may affect the achievement of the Group’s management objectives
The Risk Management Committee will manage Group-wide risks centrally and cross-departmentally, and we will implement a risk management process based on the PDCA cycle
We will establish regulations and manuals related to risk management, and we will continue our efforts to foster risk management awareness among officers and employees
We will operate risk management not only as a defensive measure, but also as an offensive measure to strengthen the management base and ensure sound risk-taking, leading to the Group’s sustainable growth
In considering risk-taking, we will abide by our Group Code of Conduct, and we will not take any risk that would impede compliance with the Code

3. Guidelines for action in the event of a crisis

In the event of a crisis, we will act as follows:

We will act ensuring life, health, and safety as our highest priorities
We will strive to continue and quickly restore the supply of material handling systems, which are part of society’s infrastructure
We will take measures to minimize damage, preserve our assets, and continue our business

Established: April 1, 2024

Promotion System

Based on our risk management activity principles, we have organized a Risk Management Committee chaired by the President and CEO, with members including the heads of corporate functions, global business heads, and group chief officers. The committee meets several times throughout the year and reports to the Board of Directors on the status of the committee's initiatives and other matters as necessary. In fiscal 2025, committee meetings were held three times.
This committee promotes activities during normal times to control risks before they materialize; however, we also have a BCP promotion system in place to respond to crises after risk have emerged in the event of an emergency.
In addition, the Audit Division has been established under the direct control of the Board of Directors, and the Board of Directors receives regular reports from the Audit Division. One of its functions is to verify and evaluate the effectiveness of risk management and the maintenance and operation of internal control systems, and to facilitate their improvement. In the development and operation of the internal control system, the Group refers to a standard framework (COSO).

FY2026 promotion system

The main roles of each committee

In order to strengthen the risk management system, the Central Safety and Health Committee, the Information Security Committee, and the International Trade Control Committee work in cooperation with the Risk Management Committee, effective starting fiscal 2023. The main roles of each committee are as follows.

Risk Management Committee

Planning and development of risk management systems and related regulations
Selection of severe risks based on risk assessment results, and decision making, direction, and progress management of response policies
Determining and directing the action policy for training and awareness activities related to risk management
Determining policies for and direction of education, training, and drills related to crisis response

Central Safety and Health Committee

Promotion and dissemination of efforts to ensure compliance with relevant laws and regulations, elimination of occupational accidents, and elimination of traffic accidents

Information Security Committee

Planning and scheduling of information security management and implementation of in-house training
Establishing and revising information security rules and assessing compliance with them
Studying countermeasures for cyber-attacks and information security risks

International Trade Control Committee

Compliance management system and internal awareness-raising activities to ensure thorough compliance with laws and regulations (including those related to security) regarding all international transactions

Major Initiatives

Risk assessment

The Group conducts regular Group-wide risk assessments, and the Risk Management Committee identifies and evaluates severe risks that may have a significant impact on our business activities. We formulate policies to address the severe risks that are identified, and we systematically promote initiatives while confirming their progress.

Overview of severe risks

The following is a list of risks that we recognize as having the potential to significantly affect our business performance as of May 2026. However, this is not an exhaustive list of all risks to the Group, and there are unforeseen risks other than those listed. While we are taking measures to mitigate each of these risks, it is difficult to completely predict or address all of them.

List of assessments of severe risks

Risk theme	Risk item	Impact	Likelihood	Likely timing of risk materialization
① Changes in the business environment	Changes in the market environment	Large	High	Within one year
	Economic crises and business fluctuation	Large	Medium	Within one year
	Loss of important customers	Large	Relatively high	No specific timing
	Political upheaval, revolution, war, civil war, conflict, riots, terrorism	Large	Low	Within one year
② Procurement/supply chain	Delays, shortages, or inability to procure raw materials, parts, purchased goods, etc.	Relatively large	High	Within one year
③ Growth strategy	New domain creation and technology development	Large	High	Within five years
④ Human resources-related	Lack of human resources development initiatives	Relatively large	High	Within three years
	Shortage of employees (workers)	Relatively large	High	Within three years
	Education of successors (management positions)	Large	Medium	Within five years
	Securing human resources; employee turnover	Relatively large	High	Within one year
⑤ Group governance	Inadequate management of subsidiaries	Large	Relatively high	No specific timing
⑤ Group governance	Scandals involving Group companies	Large	Medium	No specific timing
⑥ Natural disasters	Large-scale natural disasters	Large	Low	No specific timing
⑦ Information security	Leakage of confidential information due to human factors	Large	Medium	No specific timing
⑦ Information security	Cyberattacks	Large	Medium	No specific timing

① Changes in the business environment

Description	The impact of changes in the business environment represented by the following. Global economic trends and business conditions, policy shifts in various countries, conflicts around the world, and deteriorating international relations Trends in customers' capital expenditures and changes in the market environment Changes in demand structure, such as increased semiconductor-related investment driven by the expanding use of AI, and increased international travel.
Countermeasures	Continuously monitor economic conditions, market environment, interest rate trends, trade policies, geopolitical risks, and trends in customers' capital expenditures, and flexibly incorporate these factors into the review of our management and business plans as well as investment decisions

Description

The impact of changes in the business environment represented by the following.

Global economic trends and business conditions, policy shifts in various countries, conflicts around the world, and deteriorating international relations
Trends in customers' capital expenditures and changes in the market environment
Changes in demand structure, such as increased semiconductor-related investment driven by the expanding use of AI, and increased international travel.

Countermeasures

Continuously monitor economic conditions, market environment, interest rate trends, trade policies, geopolitical risks, and trends in customers' capital expenditures, and flexibly incorporate these factors into the review of our management and business plans as well as investment decisions

② Procurement/supply chain

Description	Unexpected events that affect the supply of parts and materials, such as natural disasters, geopolitical risks, and supplier shutdowns Delays in the production of our products, installation operations, and provision of services due to stagnation or failure in the procurement of parts and materials Impact on stable procurement resulting from a decline in the Group’s social credibility and a deterioration in business relationships with suppliers due to insufficient efforts in sustainable procurement and compliance with the Specified Entrusted Business Operators Act
Countermeasures	Establish a system capable of minimizing the impact on business operations in the event of unexpected incidents by continuously monitoring the supply status of parts and materials and exploring options for diversifying suppliers and alternative sourcing Have business partners conduct self-inspections and ascertain the status of their efforts on human rights, environmental protection, and legal compliance to make procurement risks visible Internal communication of the SCM Committee's policies regarding terms of business with business partners, pricing practices, and related matters Supply Chain Management

Description

Unexpected events that affect the supply of parts and materials, such as natural disasters, geopolitical risks, and supplier shutdowns
Delays in the production of our products, installation operations, and provision of services due to stagnation or failure in the procurement of parts and materials
Impact on stable procurement resulting from a decline in the Group’s social credibility and a deterioration in business relationships with suppliers due to insufficient efforts in sustainable procurement and compliance with the Specified Entrusted Business Operators Act

Countermeasures

Establish a system capable of minimizing the impact on business operations in the event of unexpected incidents by continuously monitoring the supply status of parts and materials and exploring options for diversifying suppliers and alternative sourcing
Have business partners conduct self-inspections and ascertain the status of their efforts on human rights, environmental protection, and legal compliance to make procurement risks visible
Internal communication of the SCM Committee's policies regarding terms of business with business partners, pricing practices, and related matters

Supply Chain Management

③ Growth strategy

Description	Loss of medium- to long-term growth opportunities due to overlooking changes in industrial structure and social conditions Delays in developing products and services that keep pace with technological trends in AI and robotics
Countermeasures	Create a new business promotion department; consider new businesses Establish a development department for advanced technologies and promote development Establish a new technology development center to strengthen the research and development system Call for ideas for new technologies and businesses through in-house open appeals

④ Human resources-related

Description	Stagnation of business operations due to insufficient efforts to secure and develop successors (executives, managers) Increasing difficulty of recruitment and the rise in labor mobility in domestic and international labor markets Decline in competitiveness due to a shortage of personnel with specialized knowledge and skills
Countermeasures	Develop and implement succession plans for key positions, and expand successor training programs Carry out organization improvement activities utilizing the engagement survey (research on job satisfaction and ease of work) Diversify the recruitment methods for new graduates and mid-career hires Develop a training program for new employees designed to provide them with knowledge about the Group Talent Development Workplace Environment

Description

Stagnation of business operations due to insufficient efforts to secure and develop successors (executives, managers)
Increasing difficulty of recruitment and the rise in labor mobility in domestic and international labor markets
Decline in competitiveness due to a shortage of personnel with specialized knowledge and skills

Countermeasures

Develop and implement succession plans for key positions, and expand successor training programs
Carry out organization improvement activities utilizing the engagement survey (research on job satisfaction and ease of work)
Diversify the recruitment methods for new graduates and mid-career hires
Develop a training program for new employees designed to provide them with knowledge about the Group

Talent Development

Workplace Environment

⑤ Group governance

Description	Mismanagement of subsidiaries due to expansion of the Group Decline in social credibility and deterioration in business performance due to incidents of fraud or misconduct, or failures in project management
Countermeasures	Establish management philosophy, policies, and regulations, and implement group-wide compliance training Strengthen management systems by reviewing contracts for subsidiary projects, providing support for contract negotiations, and monitoring project progress Verify and improve business practices and the effectiveness of internal controls through subsidiary audits and the establishment and operation of internal reporting channels Compliance

Description

Mismanagement of subsidiaries due to expansion of the Group
Decline in social credibility and deterioration in business performance due to incidents of fraud or misconduct, or failures in project management

Countermeasures

Establish management philosophy, policies, and regulations, and implement group-wide compliance training
Strengthen management systems by reviewing contracts for subsidiary projects, providing support for contract negotiations, and monitoring project progress
Verify and improve business practices and the effectiveness of internal controls through subsidiary audits and the establishment and operation of internal reporting channels

Compliance

⑥ Natural disasters

Description	Disruption of business activities due to large-scale natural disasters such as earthquakes, typhoons, and heavy rains
Countermeasures	Establish a system to gather information and ensure employee safety when special alerts regarding the Nankai Trough earthquake are issued Update the large-scale disaster response manual at the Osaka Headquarters Establish a dedicated organization responsible for supporting the development of BCPs and the conduct of drills in the business divisions Equip each site with emergency stockpile reserves Establish a basic crisis management system at overseas bases that takes into account natural disaster risks and other factors specific to each region Formulate response plans to be implemented in chronological order (timeline) in the event of a natural disaster and conduct drills and training such as safety confirmation

Description

Disruption of business activities due to large-scale natural disasters such as earthquakes, typhoons, and heavy rains

Countermeasures

Establish a system to gather information and ensure employee safety when special alerts regarding the Nankai Trough earthquake are issued
Update the large-scale disaster response manual at the Osaka Headquarters
Establish a dedicated organization responsible for supporting the development of BCPs and the conduct of drills in the business divisions
Equip each site with emergency stockpile reserves
Establish a basic crisis management system at overseas bases that takes into account natural disaster risks and other factors specific to each region
Formulate response plans to be implemented in chronological order (timeline) in the event of a natural disaster and conduct drills and training such as safety confirmation

⑦ Information security

Description	Leakage or misuse of critical information assets, or system outages, resulting from cyber attacks or internal fraudulent acts Delays in the delivery of products and services due to business interruptions caused by system outages, and damage to the Group's social credibility
Countermeasures	【Information leakage countermeasures】 Classify and manage information assets according to their importance, and conduct information security audits globally Check information management status, including that of outsourcing contractors 【Cyber attack countermeasures】 Establish a CSIRT system in advance preparation for cyberattacks Continuously educate and train employees

Description

Leakage or misuse of critical information assets, or system outages, resulting from cyber attacks or internal fraudulent acts
Delays in the delivery of products and services due to business interruptions caused by system outages, and damage to the Group's social credibility

Countermeasures

【Information leakage countermeasures】

Classify and manage information assets according to their importance, and conduct information security audits globally
Check information management status, including that of outsourcing contractors

【Cyber attack countermeasures】

Establish a CSIRT system in advance preparation for cyberattacks
Continuously educate and train employees

Business continuity plan

We have formulated a business continuity plan (BCP) to minimize damage to business assets and to enable business continuity and a rapid recovery in the event of a crisis such as a large-scale disaster, with human life as the top priority. With the aim of enhancing the effectiveness of our BCP, we are conducting regular risk assessments at our business locations, introducing a safety confirmation system, implementing periodic exercises based on the initial response manual, and upgrading our disaster prevention supplies. Daifuku will, if necessary, establish on-site disaster headquarters in the event of an earthquake with an intensity of 5 or higher (per the Japan Meteorological Agency Seismic Intensity Scale), a disaster requiring prolonged recovery efforts, or other events that have or are expected to have a significant impact on business operations. In addition, in order to enable prompt management decisions in the event of a disaster or accident, we have created a disaster and accident reporting route, which will be reviewed annually.

*Clicking on the image will open a new window

Daifuku Group Information Security Policy

Basic Approach

The Daifuku Group regards the information entrusted to us by our customers and business partners as well as trade secrets, personal information, and systems that the Group possesses regarding this information (hereinafter referred to as information assets) as important management assets in our business. We will strive to earn the trust of all members of society, including our customers, and enhance our corporate value by systematically and continuously making efforts in information security as denoted below.

Basic Policy

Compliance with laws and regulations

We will implement measures in each country and region to comply with the requirements of laws, national guidelines, contractual obligations, and other social standards related to information security.

Establishment of an appropriate platform for information management

In order to ensure the security of information assets, we will clarify our system responsible for information security and implement appropriate measures as follows in accordance with the importance and risks of the information assets.

Establish an information security governance system: We will establish a centralized management system led by the Information Security Committee, and a person responsible for the handling of information will be appointed within each division and company.
Establish regulations for information security: We will establish regulations and guidelines for information security, and we will strive to continuously improve our initiatives to ensure information security.
Implement safety management measures: Appropriate management measures, including personnel and physical management as well as system, server, and network management, will be implemented throughout the life cycle of information in accordance with its level of importance.
Education and training: We will continuously provide education and training on information security to all Group officers and employees in an effort to raise awareness and ensure compliance with rules and regulations. Any violations of these rules and regulations will be dealt with strictly, including disciplinary action against the offending party.
Information security audits: We will conduct internal audits throughout the entire Group on the status of information security measures, regularly confirm the status of compliance with information security rules and operation of information security management systems, and continuously make improvements. Additionally, we will monitor for new threats and changes in risks to prevent new vulnerabilities from emerging.

Establishment of an information security incident response system

We will establish a management system that enables the prompt resumption and continuation of business activities should an information security incident result in an interruption of operations. In the event that an incident occurs, we will make efforts to identify the cause and prevent recurrences.

Established: September 1, 2024

Strengthening information security

The Group is promoting specific initiatives in each of the following areas against technical threats such as unauthorized access and cyberattacks, human threats such as internal misconduct and disregard for rules, and physical threats such as disasters and theft.

IT countermeasures	IT security measures with multi-layered protection (entrance, exit, and internal) Confirmation of activities through logs
Organizational countermeasures	Implementation of company-wide information security management activities based on global rules and guidelines Development of information security management activities in the supply chain
Human countermeasures	Cultivation of a corporate culture of information security by providing various types of education and training to all employees Prevention of negligence and fraud through human risk countermeasures such as written pledges and a variety of checks
Physical countermeasures	Implementation of zone classification and thorough risk management by zone management officers Promotion of the prevention of unauthorized entry and theft by implementing physical measures corresponding to zone classifications

Personal information initiatives

We have established the Group Basic Policy for the Protection of Personal Information in order to define basic rules for the handling of personal information. This policy is implemented globally to ensure proper processing of personal information throughout the Group. Additionally, in order to specify the obligations we must comply with in handling personal information, we established the Personal Information Protection Regulations in 2015 as well as a system of regulations and related guidelines in 2023, and we are working to ensure the proper handling of personal information. In particular, we take additional precautions to manage sensitive personal information that requires special care in processing.
For more information regarding the Group’s handling of personal information obtained from customers and other parties, please refer to our Privacy Notice.

Information security education

Regarding employee training, we conduct regular global training using video content available in more than 30 languages and e-mail drills that simulate targeted attacks.

	Target	Description
Awareness-raising month	Officers and all employees (global)	A designated annual Information Security Awareness-Raising Month during which messages from the president and other top officers are distributed and lectures by experts are held.
Rank-based training	Newly graduated employees, newly promoted employees, mid-career hires, etc.	Conduct training on essential information security knowledge at the time of hiring, promotion, etc.
E-learning courses	Officers and all employees (global)	Conducted multiple times per year. Fosters awareness of information security throughout the entire global company.
E-mail drills	Officers and all employees (global)	Conducted multiple times per year, including follow-up training.