
Governance
Governance | Risk Management | Ethics and Compliance | Information Security | Executive Compensation | Tax Policy
Information Security Management
As a global company, Renesas takes cybersecurity seriously and strives to identify vulnerabilities and respond immediately to any potential threats. To ensure business continuity, we constantly work to prevent cyberattacks through comprehensive governance, policies and processes, including monitoring and reporting potential threats, employee training, and staying current with the latest cybersecurity standards and certifications. In 2025, we enhanced our information security core competencies via the following key initiatives:
- Continuous improvement and benchmarking of security measures against industry standards to ensure ongoing maturity enhancement.
- Strengthened supply chain risk management to improve cyber resilience and mitigate third-party risks.
- Enhanced collaboration with government and industry bodies, including active participation in the Semiconductor Manufacturer Cybersecurity Consortium (SMCC), to improve threat intelligence and collective defense.
- Deployment of advanced technical controls,including enhanced protection mechanisms for sensitive data and the secure adaption of AI tools.
We have established a comprehensive security management framework designed to continuously monitor, assess, report, and address any unauthorized attempts to access our networks, data, or computer systems. This structured approach ensures that we can promptly identify and respond to potential security threats, thereby safeguarding our digital assets and maintaining the integrity of our operations.
Renesas aligns with ISO 27001 standards and conducts regular maturity benchmarking against a peer group of comparable manufacturers to ensure continuous improvement in information security practices. We have a formal structure in place to monitor, evaluate, and respond to unauthorized attempts to access our networks, data, or systems. Our expert IT security team monitors potential threats around the clock, employing both tactical and strategic measures to proactively detect and resolve security issues, all under the guidance of the Vice President of IT.
In the event of an incident, the IT team promptly reports to the Security Council (CEO, CFO, General Counsel, and heads of HR and IT) and activates emergency response plans, collaborating with HR, Legal, Quality Assurance, Procurement, and Accounting as necessary. Quarterly reports are provided to the Security Council, executive management, and the Board of Directors to keep them informed of cybersecurity risks and initiatives.
We conduct regular incident response exercises to ensure swift and effective action, reinforced by recent security policy updates that strengthen threat response, enhance coordination, and align with industry-leading standards. In addition, we also conduct annual penetration tests to identify internal vulnerabilities and provide actionable insights to mitigate risk.
Training at Renesas
At Renesas, we prioritize cybersecurity awareness by providing mandatory annual training on phishing and security protocols to all global employees and contractors. Our program includes periodic mock phishing exercises and access to additional on-demand training materials via the IT Intranet page.
In 2025, we conducted regularly scheduled employee cybersecurity training sessions and completed our annual cycle of security training, with 92.5% of employees successfully completing the training. This is a continual process that not only focuses on phishing, but also ensures our colleagues are up to date with the latest knowledge on cybersecurity threats. Furthermore, every new employee undertakes detailed security and compliance training with annual refresher training.
Our cybersecurity team works closely with our colleagues in Compliance, Legal, and HR to ensure we have the necessary tools and processes to address modern security threats. We firmly believe that robust information security acts as a business enabler, fostering growth by establishing us as a trusted supplier, customer, and partner.
Certifications
Renesas is dedicated to adhering to global security standards, showcasing our commitment and ability to protect against security breaches. In 2025, we aimed to broaden our certifications to ensure that both current and future acquisitions align with our global standards, providing a consistent experience for all users. Our current certifications include the following:
- ISO/IEC 27001 : Gap analysis completed; remediation activities underway to strengthen ISMS and prepare for future certification
- TISAX : Continued maintenance and renewal activities for an automotive security standard, aligned with IATF 16949 and ISO/IEC 9001 (renewed in 2024)
- SOC2 Type 2 : Maintained certification for the Altium 365 platform, demonstrating the effectiveness and consistent operation of security controls over time.
AI Governance
As AI continues to expand as an imperative part of our operations at Renesas, we are strengthening our AI governance framework to support safe and responsible innovation while complying with evolving legal and regulatory expectations. Internally, we have continued to enhance our AI governance framework through regularly reviewing and updating internal policies and guidelines for AI usage. This work has been supported by cross-functional collaboration among IT, Information Security, Legal and other relevant functions.
We have also implemented enhanced technical controls to help protect sensitive data and AI tools, addressed emerging risks associated with generative AI and agentic AI, and promoted employee awareness of appropriate AI use through internal guidance and training. We will continue to review and refine our governance approach as technologies, internal controls and external expectations evolve.
Data Privacy
Renesas is dedicated to safeguarding the privacy and security of personal data relating to our team, clients, partners, and stakeholders. Our privacy practices are guided by key data protection laws and form part of our broader approach to sustainable and responsible data governance and continuous enhancement of our privacy framework. These practices have been implemented organization-wide to strengthen our privacy and security posture and evolve with industry best practices. Additionally, Renesas conducts a regular assessment of its privacy practices thoroughly evaluating Renesas’s privacy policies, procedures, and documents, ensuring that any potential gaps are identified as its ongoing commitment to responsible data governance.
Our Data Privacy Framework outlines the principles, controls, and governance mechanisms we have implemented to protect personal data. We have continued to advance our data privacy capabilities through the following key initiatives:
- Enhanced Data Privacy Governance
We have established a dedicated Data Privacy Team within our Legal Department, underscoring our strong focus on data privacy and protection. We work closely with our internal stakeholders to identify and mitigate data privacy risks. - Strengthened Privacy Frameworks and Regulatory Compliance
Renesas is implementing structured frameworks to support compliance with global data protection laws. These frameworks are designed to provide a consistent foundation for privacy operations and reinforce accountability, transparency, and risk mitigation across the organization and our third-party vendors. - Privacy by Design and Default
Renesas’ approach to privacy is guided by Privacy by Design principles, supporting the integration of privacy considerations from the earliest stages of product development and business initiatives. By default, we aim to limit the collection, retention, and processing of personal data to as responsible data use and reduction of data exposure risks. - Cross-Functional Engagement and Risk Analysis
We engage cross functionally to assess and manage privacy risks. Through internal reviews and privacy impact assessments (PIAs), we strengthen organizational awareness and alignment with data protection objectives. - Robust Privacy Resources
Renesas provides readily accessible privacy resources offering streamlined access to privacy policies, guidance, training materials, and templates supporting privacy practices across the organization. - Ongoing Monitoring and Continuous Improvement
We monitor developments in data protection laws and regulatory expectations and update internal documents where necessary to support our continuous improvement of our privacy framework. - Transparent Communication
Renesas is committed to transparency in how personal data is handled. Through our Privacy Policy and related communications, we explain how personal data is collected, used, protected, and to support fundamental privacy rights of individualsin accordance with applicable laws.
Through these efforts, Renesas ensures the responsible handling of personal data and fosters a culture of privacy that supports innovation, trust, and global compliance.