Governance
Global Enterprise Risk Management

The world has seen, and will continue to see, volatility relating to disruptive innovations in technology, cyberattacks, geopolitical disputes and macroeconomic risks, and catastrophic events (such as resource scarcity, natural disasters, humanitarian crises, as well as outbreaks, epidemics, and pandemics). While change is constant, the challenges of recent and future years require global companies such as Bridgestone to build and sustain the resilience of their operations. Bridgestone’s 2030 Long Term Strategic Aspiration recognizes these challenges and focuses efforts on becoming a resilient ”excellent” Bridgestone.

To this end, Bridgestone is committed to enhancing its global and regional programs to manage risks, including its ability to identify, assess, mitigate, and respond to significant enterprise-wide risks. As part of its ongoing efforts to manage global risks and ensure that it delivers on its Mission of “Serving Society with Superior Quality,” Bridgestone continues to strengthen its Global Enterprise Risk Management (ERM) program through advanced enterprise-wide technology, ongoing risk assessments, proactive sensing, and scenario planning. It is also focused on mitigation strategies that will enable Bridgestone to remain resilient and, on some occasions, transform volatility into opportunity.

Bridgestone is continuously working toward its goals of fulfilling its enterprise risk management mission, and has measurable KPIs for each of these goals, which include:

1. Continuing to implement a globally-aligned risk management framework to define key elements of the risk management programs.
2. Conducting regular assessments to identify, assess, prioritize, and mitigate risks at both global and regional levels.
3. Tracking and reporting on key risks and mitigation strategies to address risks at both global and regional levels.
4. Ensuring an effective risk response by reducing the number and impact of significant risks, and improving response times to address and mitigate risks and emerging trends.
5. Demonstrating how effective risk management leads to cost reductions and increased opportunities to achieve strategic objectives.

Bridgestone’s enterprise risk management program is built on a framework that strives for alignment between its global and regional risk management programs and the different risks faced by the organization around the world.

In early 2022, Bridgestone established the Global Management Risk Committee (GMRC). The GMRC, chaired by Global ERM Leader, is a chartered committee consisting of BRIDGESTONE EAST and WEST CEOs, Group presidents, and global function leaders, as well as others with relevant expertise within the organization. In addition, global and regional enterprise risk management leaders and professionals attend meetings to provide programmatic updates and ensure the overall global alignment and maturity of the program. The GMRC meets several times a year through a regular cadence of meetings and on an ad hoc basis and it has direct oversight of the most significant enterprise-wide global risks and the overall global ERM program. The GMRC evaluates various global risks from short-, medium-, and long-term perspectives, and provides oversight and guidance for the relevant leaders and cross-functional groups within the organization who are charged with leading risk management efforts. The GMRC additionally reviews relevant industry best practices and provides guidance and support for the Global ERM Department to facilitate and integrate risk management training across the organization. Members of the GMRC also periodically provide updates and reports to the Global CEO and board members. These periodic updates provide regular opportunities for senior leadership to engage with the global program, provide direction, and help ensure that risk management is part of Bridgestone’s strategic planning and decision making.

Under the GMRC, certain global working groups and short-term task forces address priority global management risks. The GMRC oversees efforts to address these priority global management risks and collaborates, through risk owners, with the Global Chief Digital Officer (G-CDXO) on cyber risks, with the Global Research & Development Committee on initiatives in 6PPD/TRWP, and with the Global Supply Chain Management, Global Procurement, Global Finance, and other departments on geopolitical risks. The GMRC partners closely with Global Communications and other departments to ensure alignment and a coordinated approach to addressing enterprise risks. The GMRC also works closely with other Bridgestone global committees, including the Global Sustainability Committee (GSC), to integrate sustainability into ERM processes. For example, materiality assessments from Bridgestone’s sustainability program inform its global and regional risk management programs. Additionally, the Global Standards and Regulations Roundtable is under the GMRC’s oversight.

In addition to the GMRC, Bridgestone also maintains a Global ERM Department. The Global ERM Department consists of risk leaders and dedicated enterprise risk management professionals globally and from each region. The Global ERM Department meets frequently and has direct responsibility for the design and implementation of enterprise risk management at the global and regional levels, including investment in and use of leading risk management technology and systems. It also has responsibility for continuous enhancement of Bridgestone’s business continuity and crisis management activities. The Global ERM Department helps ensure the alignment of Bridgestone’s Global Enterprise Risk Management Standards on global risk-related activities together with risk-related activities for each strategic business unit and region. The efforts of the Global ERM Department help build and sustain a culture of resilience (including, for example, by periodically conducting risk identification exercises and reporting on risk management activities), proactively conducting risk sensing and scenario planning, and embedding enterprise risk management in strategic planning and decision-making throughout the organization. Each of the regional risk leaders are also responsible for driving and coordinating operational risk mitigation and management activities at the department and strategic business unit (SBU) levels in their respective regions. Finally, each of the SBU board of directors has relevant committees which provide additional oversight of Bridgestone’s risk management efforts.

*The GMRC and Global ERM Department collaborate with a number of global departments and committees, including the Global Procurement Committee (GPROC), to manage and mitigate risks associated with the sustainable procurement of raw materials.

In addition to the internal resources that focus on global risk management, Bridgestone also periodically engages different external experts and other third parties to help support the global and regional risk management programs. These third parties periodically provide support for risk-related activities (such as risk identification and validation exercises), advising on particular risk topics (such as geopolitical disputes), and other program enhancements.

The Global Enterprise Risk Management program seeks to evaluate and capitalize on the best industry-leading frameworks, including the framework provided by the Committee of Sponsoring Organizations & Treadway Commission (COSO), the International Organization for Standardization (ISO 31000), the Risk Management Society (RIMS), and other industry-leading thought leaders. Bridgestone developed the Global Enterprise Risk Management program based on elements of these industry-leading frameworks and thought leadership. Its Global Enterprise Risk Management Standards are reviewed and updated as needed to respond to the changing business landscape.

Bridgestone conducts regular risk assessments to identify, assess, validate, and develop appropriate response strategies for its most significant risks and to ensure that strategic planning is aligned with addressing these risks.

The assessment process includes identifying a theme and category for each identified risk and evaluating risk based on likelihood and impact scales. This assessment takes into consideration quantitative (e.g., financial, operational, strategic) as well as qualitative (e.g., reputational) analysis. Additionally, management preparedness and existing controls are in place to review and manage identified risks.

Risk Rating criteria (from the Global Enterprise Risk Management Standards)

The Global Management Risk Committee (GMRC) conducts a bi-annual, Group-wide process to identify potential risks facing the overall organization as well as each strategic business unit (SBU). Once risks are identified, Bridgestone appoints responsible individuals, and the risk leaders collaborate to drive and coordinate risk mitigation and management activities at the global, SBU, and department levels. The GMRC meets periodically to formulate appropriate response strategies, and thereby verifies their effectiveness. The outcomes of these discussions and monitoring activities are reported to G-EXCO and further to the Board of Directors.

At present, under the GMRC, Bridgestone has established global working groups for priority global management risks. These groups are composed of the top management of related organizations and members with expertise, facilitating cross-organizational risk responses. Some of our global management risks include the following.

Bridgestone has approximately 130 manufacturing plants and R&D facilities worldwide and operates in more than 150 countries and regions. This extensive global presence exposes Bridgestone to risks stemming from changes in geopolitical situations, such as elections, trade wars, military actions, and societal conflicts and disputes. These incidents, categorized within geopolitical and societal conflicts, could disrupt logistics and trade, cause price increases, impact the availability of raw materials, utilities, or intermediates, and result in sanctions or otherwise impact operations. Examples include the ongoing Russian invasion of Ukraine, strained relations between Russia and NATO countries, potential conflicts between China and Taiwan, a change in American trade and foreign relations policies, and the continuing conflict in the Middle East.

The risks posed by such geopolitical disputes can have significant implications for Bridgestone’s business operations, leading to operational disruptions, reduced income, increased expenses, and potential impacts on the safety of employees and customers. To address geopolitical risks, Bridgestone has established a Global Geopolitical Risk Working Group responsible for continuously monitoring international tensions, political and economic situations, regulatory trends, and other factors that may disrupt business operations and impact employees and business partners. The team conducts sensing and analyses of business impacts when risks materialize and examines and executes measures to mitigate these impacts.

Bridgestone faces various cybersecurity risks, including new, emerging, and significantly heightened threats. These risks are evaluated across multiple categories, such as data protection, threat and vulnerability management, and security governance. Long-term and externally influenced risks include economic instability and escalating geopolitical tensions between countries where Bridgestone operates. These conditions could lead to actions and attacks by state-sponsored threat actors, activist hacker groups, or other malicious actors. Due to its operations spanning over 150 countries, the vast range of products it offers, and its large threat landscape, Bridgestone is exposed to a wide range of cybersecurity risks, influenced by the varying cultural and regulatory environments of different regions. Furthermore, due to the significant risks of privacy and personal data breaches, which could undermine customer trust, Bridgestone considers protecting customers' personal information a critical responsibility across its entire business, including the tire, solutions, and diversified products segments.

Bridgestone has created a global Information Security department led by a global Chief Information Security Officer (CISO) to secure the enterprise while supporting agile and resilient operations. The global Information Security department takes a wide range of measures to maintain and strengthen the Company’s global information security program, including but not limited to the following:

• Implementing global information security policies and controls based on the ISO/IEC 27001 information security controls.
• Enhancing awareness of information security among employees through e-learning programs and phishing awareness campaigns.
• Protecting data with technical cybersecurity measures such as encryption, data access restrictions, and threat detection monitoring.

Bridgestone has established this global organizational structure to quickly respond to information security incidents and regularly conducts both internal and external audits to verify the effectiveness of security controls. Additionally, Bridgestone continues to strengthen measures to provide effective monitoring of its websites, networks, and other systems, as well as the improvement of security controls such as email filtering to help detect of suspicious emails.

In 2020, Bridgestone conducted an initial assessment of its IT digital maturity to identify long-term cybersecurity risk, and the global Information Security department continues to mature cyber risk assessment and response activities. Additionally, in 2022, a Global Cyber Risk Working Group was created, led by the global Information Security leader. The Working Group is composed of senior IT executives and employees, as well as other ancillary departments and functions, to serve as a cross-functional team to address cyber resiliency and globally align strategy and the execution of IT programs and systems.

In Japan, Bridgestone Corporation and its Group companies take a systematic approach to IT security under the direction of the Chief Information Officer to prevent IT security incidents, including leaks of customer data and other confidential information. The Company formulates corporate standards and rules on IT security, which are reviewed and revised to stay abreast of technological advancements and changes in IT risks. It sets particularly strict standards for information systems that handle personal information.

Bridgestone sells products in more than 150 countries worldwide, and the potential of a data security incident or ransomware attack which may impact its business operations could vary considerably from region to region based on local laws and regulations. The impact of a data security incident could lead to significant operational disruption and/or result in fines and penalties or damages under various privacy and data security laws, rules, regulations, or lawsuits brought by impacted individuals. A data security incident might also damage the Bridgestone brand now and in the future. Based on the complexity of cybersecurity threats, Bridgestone reviews multiple information and communication security categories when evaluating emerging cyber risks, including topics such as data protection, threat and vulnerability management, identity and access management, and security governance.

As stated earlier, Bridgestone has created a global Information Security department under the direction of a global Chief Information Security Officer (CISO) to counter targeted attacks and other advanced cyber threats. The global Information Security department takes measures to maintain and continually improve upon a global information security program through the incorporation of global information security policies and controls, as well as to enhance the awareness of information security among employees through e-learning programs.

The Bridgestone Code of Conduct contains a specific section on privacy and personal data. Furthermore, to comply with data protection laws and regulations, certain SBUs have appointed a designated data protection lead (if required by law) or privacy officer and continue to implement and maintain robust privacy programs and associated policies. They have further developed methods to monitor and comply with the emerging privacy laws being adopted by an increasing number of governments in their territories.

The privacy professionals in the various Bridgestone Group companies have focused on compliance with the privacy laws such as Europe’s General Data Protection Regulation (GDPR) and other privacy laws in the EMEA region, Brazil’s Lei Geral de Proteção de Dados (LGPD) and other privacy laws in Latin America, the California Consumer Privacy Act (CCPA) and the 18 other U.S. state privacy laws that have been passed as of February 2025, as well various data protection acts in the APIC region.

Bridgestone and its Group companies in Japan believe that protecting personal information is an important employee responsibility. Bridgestone in Japan has formulated a Privacy Policy that reflects these principles. Based on this policy, the Company conducts ongoing training for all its employees and its Group companies’ employees in Japan and maintains a well-defined structure for information management.

For the privacy policy, also please see: Privacy Policy | Bridgestone

Key risks to the sustainable procurement of raw materials include threats to the sufficient supply of natural rubber due to external factors such as natural disasters, climate change, war, and political, civil, and social unrest. The interrelationship of these external factors manifests as emerging risks, including geopolitical and societal conflicts, environmental degradation (such as deforestation, water scarcity, loss of biodiversity), human rights concerns, and more restrictive farmland expansion. The demand for tires is expected to expand along with global population growth and motorization. Natural rubber consumption is also expected to increase globally in the coming years, making the realization of a sustainable natural rubber supply chain a business imperative which Bridgestone is committed to pursuing. Additionally, the length of time required to implement sustainable practices to safeguard the environment, uphold human rights, and develop a greater supply of natural rubber and alternative sources presents an emerging risk that will persist over the long term. Any disruption in sustainable materials procurement, not only of natural rubber but also other critical raw materials, would adversely impact global tire supplies as well as Bridgestone’s business performance and brand reputation.

Furthermore, in the mid- and long-term the continuity and sustainability of the natural rubber industry is heavily reliant on the activities of suppliers, such as replanting rubber trees and expanding the capability of supply chain participants to address social requirements. Bridgestone's extensive reliance on natural rubber means that supply disruptions could impact multiple product lines and regions.

With these risks in mind, Bridgestone has reinforced its commitment to sustainability by adopting a Global Sustainable Procurement Policy and by reaffirming its corporate responsibility commitment. Bridgestone will continue conducting business in ways that improve the natural rubber supply chain, supporting technological innovation and advancement that enhances the viability of the natural rubber economy. Additionally, Bridgestone will take measures to mitigate negative impacts related to procurement, logistics, the supply chain, and processes for both natural rubber and other critical raw materials, ensuring sustainable procurement practices.

For more detailed mitigation activities, please also see: Procurement | Social | Sustainability | Bridgestone Corporation

Tire and road wear particles (TRWP) are the result of friction between the tire and the road surface which is essential to ensuring a safe and comfortable journey, consisting of a mixture of tread (tire surface) and road pavement materials.

Bridgestone’s approach

• As a leading company, Bridgestone supports investigation on the physical and chemical characteristics of TRWP and their impact through the Tire Industry Project (TIP) under the World Business Council for Sustainable Development (WBSCD).
• Bridgestone actively participates in and leads initiatives in industry organizations, helping to develop globally consistent test methods. It promotes activities to define common tire wear standards for all industry professionals. Reducing the number of tires on the market that do not meet the common tire wear standards will lead to mitigating the emission of TRWP.
• Bridgestone promotes efforts to reduce TRWP emissions throughout the entire process of “produce& sell” and “use” tires .
• Bridgestone presented its methodology for effective TRWP collection using a vehicle at the Tire Emissions Research Conference held in December 2024 in Munich which TIP supported. Bridgestone also presented the methodology at the Tire Technology Expo 2025 held in Hannover in March 2025.

Technology development

Bridgestone is continuing to invest in R&D in sustainable technologies, including the development of materials to improve wear resistance.

Products

Based on ENLITEN technology, which aims to provide “ultimate customization,” Bridgestone strives to improve various performance characteristics of tires, including improved wear resistance and extended life of tires.
In addition, Bridgestone is focusing on improving wear resistance of tires for EVs, promoting initiatives with Euro 7 (next environmental regulation for motor vehicles) in mind.

Solutions

By proposing optimal routes (shortest routes, avoidance of traffic congestions, reduction of stop & go frequency, etc.) for customers in real x digital, we will provide solutions that enable customers to “use tires safer, longer, better and more efficiently” through building the mobility tech business.

<6PPD>

6PPD is an antioxidant and antiozonant widely used in the tire industry to inhibit the degradation of tire rubber and to promote motor vehicle safety. While driving industry-wide initiatives, Bridgestone is working to develop alternatives with the fundamental goal that tire safety is ensured.

Some of the mitigation and management approaches to Bridgestone’s global risks are reflected in the Bridgestone 3.0 Journey 2025 Integrated Report as part of its strategic, operational, and financial planning.

For major business risks identified, also please see: Annual Securities Report