Governance 5. Action on global compliance In face of the rapid development and review of personal data protection laws in various countries, as represented by EU’s General Data Protection Regulation, it is important to keep abreast of such developments and assure compliance. The Fujifilm Group employs Global Personal Information Protection Regulations based on the OECD Privacy Principles as its fundamental group-wide rules to appropriately protect and manage the personal data used across the entire group, including overseas. Although our regional headquarters and local subsidiaries are involved in the practical aspect of dealing with these developments, the ESG Division of FUJIFILM Holdings is also examining the development and review of the laws in various countries and confirming the activities of the various regional headquarters and local subsidiaries. 6. Incidents and violations in personal data handling In July 2022, unauthorized access achieved through vulnerabilities in the tools provided by a service provider took place at the EC site of a Group company in Japan. Credit card information on 1,370 customers may have been leaked. The incident was reported to the competent police authorities, and a report sent to the Personal Information Protection Committee. Notice of the incident and a letter of apology was sent to the individual customers whose information may have been leaked. Measures to prevent any recurrence have been implemented. Except for the above, in fiscal 2022 the administrative authorities have identified no cases or appeals that require public disclosure. Acquisition of P-Mark and ISMS at Fujifilm Group As of June, 2023 Certification Certified Affiliates FUJIFILM Medical Co., Ltd. FUJIFILM System Services Corp. FUJIFILM Imaging Systems Co., Ltd. FUJIFILM Medical Solutions Corporation 1 P-Mark* FUJIFILM Media Crest Co., Ltd. FUJIFILM Healthcare Systems Corporation FUJIFILM Techno Service Co., Ltd. FUJIFILM Healthcare Laboratory Co., Ltd. FUJIFILM Imaging Protec Co., Ltd. FUJIFILM Imaging Systems Co., Ltd. FUJIFILM Medical Systems Business Division FUJIFILM Imaging Protec Co., Ltd. FUJIFILM Wako Pure Chemical Corporation FUJIFILM Medical Co., Ltd. FUJIFILM System Service Co., Ltd. FUJIFILM Business Innovation Corp. FUJIFILM Service Link Co., Ltd. FUJIFILM Business Innovation Japan Corp. FUJIFILM Service Creative Co., Ltd. 2 ISMS* FUJIFILM Manufacturing Co., Ltd. FUJIFILM Digital Solutions Co., Ltd. FUJIFILM Printing Systems Co., Ltd. FUJIFILM Software Co., Ltd. FUJIFILM Business Innovation overseas FUJIFILM Recording Media Products Division manufacturing companies (3 companies) (now Industry Equipment Division) FUJIFILM Business Innovation overseas sales companies (14 companies) The scope of application may be limited for some organizations. Please contact the relevant companies for details. *1 Privacy Mark (P-Mark): A mark granted by the Japan Information Processing Development Corporation (JIPDEC) to companies in which personal information is handled appropriately. *2 I SMS: Certification regarding the overall management framework for information including personal information (Information Security Management System). Fujifilm Holdings Information Security: Third party evaluation and certification https://www.fujifilm.com/files-holdings/en/sustainability/activity/governance/security/security_report_en.pdf 2.2.10 Initiatives on Business Continuity Such As Large Scale Natural Disasters １. Basic policy Of the variety of risks that threaten business continuity, risks related to large scale natural disasters have increased in recent years. Drastic environmental changes are happening around the world, represented by rises in sea levels and abnormal meteorological phenomena caused by climate change. The results of these changes are getting more serious each year. In conducting its business activities on a global scale, the Fujifilm Group believes in its social responsibility to 45 FUJIFILM Holdings Corporation Sustainability Report 2023