Sound risk management serves as the essential foundation for corporate business resilience. In 2025, GIGABYTE reorganized its Audit Committee into the “Audit and Risk Management Committee.” Beyond overseeing the preparation of financial statements, this committee ensures the effectiveness of the companyʼs regulatory compliance, risk management, and internal control systems.

Drawing on the principles of the Business Continuity Plan (BCP), GIGABYTE has established Three Lines of Defense for risk management. Dedicated units undertake management actions across eight major risk categories to identify, define, and evaluate threats, weaknesses, and risks inherent in our operations. This framework enables the early formulation of countermeasures to preemptively mitigate potential negative impacts resulting from disasters or accidents.

Risk Issues and Management Strategy

Risk Description Management Strategy
Financial Risk The engagement in the investment in high risk and high leverage investments, financing a third party, acting as guarantor in favor of a third party by endorsement, and the policy in derivative trade may affect financial soundness and credit ratings. For outward loans, endorsement/guarantee and derivatives, GIGABYTE has faithfully complied with the policies duly enacted in accordance with “Procedures in Acquirement or Disposal of Assets”, “Procedures in Outward Loans of Capitals” and “Procedures in Endorsement/guarantee” and conservative policy. Under no circumstances has the Company engaged in high leverage investment.
Market
Risk		 Potential losses to the Company’s financial assets due to market fluctuations (such as interest rates, exchange rates, and inflation) We utilize appropriate financial instruments to manage interest rate fluctuations and reduce working capital costs; simultaneously, we closely monitor exchange rate trends, raw material procurement status, and prices
Technical Risk Lagging behind the industry in technology application or innovation, leading to issues such as loss of competitiveness or insufficient market acceptance Allocate a certain percentage of annual revenue to research and development expenses, and establish the ” GIGABYTE Group Patent Reward Regulations ” to encourage R&D innovation
Legal, financial, or reputational losses resulting from improper management of patents or intellectual property Establish intellectual property and patent management regulations, including the “Intellectual Property Management Plan,” “Patent Management Regulations,” and “Confidential Information Management Regulations”
Quality Risk Legal, financial, or reputational losses due to poor product or service quality or non-compliance with local laws and regulations Establish regulations such as the “Guidelines for the Management of Harmful Chemical Substances Requirements” and “Guidelines for the Management of Supplier Quality” to ensure the stability and sustainability of the supply chain and product quality. Simultaneously, obtain international certifications such as ISO 9001:2015 Quality Management and IECQ QC 080000:2017 Hazardous Substance Management
Supply Chain Risk Excessive concentration of procurement or sales, or failure to implement supply chain management, may lead to disruptions, losses, or even operational impacts due to significant changes in the market environment or other uncertainties Regularly review procurement and sales status; establish the “Sustainable Procurement Guidelines” and ” Guidelines for the Management of Supplier Quality ” to implement a supplier tiering system; strengthen supply chain resilience through mechanisms such as evaluation, risk tracking, and audits
Cybersecurity Risk Insufficient information security measures may lead to data theft, tampering, or system attacks, potentially resulting in financial losses or business disruptions Internal regulations such as the “Information Security Policy” and the “Personal Data Protection and Management Measures” have been established to ensure that the use of information security systems and data complies with regulations. Additionally, the company has obtained ISO/IEC 27001:2022 and CNS 27001:2023 information security management system certifications
Sustainability and Climate Change Risk Domestic and international corporate sustainability regulations are becoming increasingly stringent, which may pose challenges to internal management operations and increase management risks With “Zero Waste & Zero Pollution; Transition to Low-carbon Technology; Sustainability Cycle and Sharing; and Realization of Humanistic Values” as long-term sustainable development goals, the company has launched the Green Action Plan. Concurrently, it conducts annual material topic analyses to assess the impact of sustainability issues on operations and sustainable development, and implements tracking and management
External Emerging Risk Rapidly changing geopolitical, environmental, social/human rights, and economic conditions, as well as the uncertainty risks arising from these developments, test the resilience of corporate operations Monitor changes in the industry, market, and external environment; refer to the Global Risks Report to identify the potential impact of emerging uncertainties on business operations; and formulate management measures

 

Emerging Risks Management

GIGABYTE references the annual “Global Risks Report” published by the World Economic Forum (WEF) to analyze the potential impacts of emerging risk issues on various stakeholders. Through internal discussions, we have identified 10 emerging risk issues closely related to our industry and business operations.

These risks are evaluated based on their probability of occurrence (0–100%), time horizon (scored 1–5), and degree of impact on the company (scored 1–5). Based on this assessment, we have identified 6 short-term emerging risks and 2 long-term emerging risks. Furthermore, management policies have been established for material emerging risk issues to preemptively prevent or mitigate the potential impacts of these risks.

 

Emerging Risk Management Strategy (Short-term-within 3 years)

Risk Issue Potential Risk Impact Boundary Management Strategy
Upstream Operation Downstream
Geo-economic Confrontation
  • Domestic and international policy shifts increase market, supply chain, and regulatory risks.
  • Evolving regulations may restrict production and sales, leading to heightened trade barriers and uncertainty.
 V V V
  • Manage product compliance, logistics, and related matters through a management platform, and provide occasional education and training for employees.
  • Establish self-inspection and external forensic/verification processes for strategic high-tech products.
  • Create dedicated product pages and management platforms to archive relevant permits and certifications.
  • Establish a control mechanism and system for the import inspection waiver process and organize briefings for the waiver procedures.
  • Conduct training sessions on strategic high-tech goods customs clearance, cargo insurance, and customs origin determination practices.
Extreme Weather Events Operational disruptions caused by extreme weather events, including concentrated rainfall, typhoons, and droughts. V V
  • Regularly assess the potential impacts of concentrated rainfall, typhoons, and droughts on production sites, logistics, and the supply chain, while taking corresponding actions and disclosures.
  • Enhance water resource and disaster prevention management to mitigate the impact of extreme weather events.
Non-weather Related Disasters Increased risks to operations and the value chain due to earthquakes, fires, or compound disasters. V V
  • Regularly conduct emergency evacuation drills and environmental inspections to perform EHS (Environment, Health, and Safety) assessments and improvements.
Labor / Talent Shortages Critical shortages of specialized technical talent and general labor force. V V V
  • Implement optimization measures such as production automation.
  • Conduct employee satisfaction surveys to understand employee needs and address identified gaps.
  • Provide diverse employee benefits and communication channels to reduce employee turnover.
Critical Supply Chain Disruption Risks associated with supplier instability, demand volatility, logistics, transportation, and international trade regulations. V V
  • Regularly evaluate supplier grading and encourage sustainable performance among vendors.
  • Utilize a management platform for product compliance and logistics management while providing employee education and training.
Adverse Outcomes of AI Emergence of AI-driven cyber threats, including hacker attacks using similar technologies, cloud security vulnerabilities, social engineering, and malicious viruses. V
  • Regularly conduct employee training, external penetration testing, and defense drills.
  • Comply with domestic and international information security regulations.

 

Emerging Risk Management Strategy (Long-term-over 3 years)

Risk Issue Potential Risk Impact Boundary Management Strategy
Upstream Operation Downstream
Regression of Human Rights Regression of labor rights, overwork, and excessive hours. V V
  • Promote supplier education and training, and facilitate the signing of human rights commitment documents.
  • Provide diverse employee communication channels and Employee Assistance Programs (EAP).
Erosion of Health and Wellbeing Psychological stress, rising cost of living, and workplace safety hazards. V
  • Implement an employee health grading management system and initiate follow-up management based on medical check-up results.
  • Provide medical subsidies and health management incentives for high-risk employee groups.
  • Promote health enhancement activities and awareness campaigns, alongside Employee Assistance Programs (EAP).

Enhancement of Risk Culture

GIGABYTE attaches great importance to the cultivation of internal corporate risk awareness. We strive to make risk awareness a part of every GIGABYTE employeeʼs work DNA. Risk management training is implemented for all personnel from mid/upper managers to junior employees. For example, emergency incident response drills and first-aid courses are conducted every year. GIGABYTE organizes emergency no-notice evacuation drills every December. Simulated scenarios are used to implement the evacuation of all personnel (including visitors and contractors) and conduct exercises on emergency response and deployment of fire hoses by the firefighting team.