Investors

Together We Share

Risk Management

In response to an increasingly complex business environment characterized by an evolving global economic landscape, worsening geopolitical conflicts, and intensifying extreme weather events, risk management is the key to ensuring business continuity and sustainability. Guided by the principles of sustainable operations, we have implemented systemic risk management mechanisms to ensure timely identification and evaluation of and response to various risks, strengthening our organizational resilience and competitive edge.

Risk Governance and Mitigation Mechanisms

Innolux’s Board of Directors, the highest risk management authority of the Company, is responsible for reviewing and approving risk management policies and major decisions in accordance with overall operational guidelines and external changes. To proactively address potential risks, our business units are responsible for identifying and managing risk factors relevant to their operations, and for regularly reporting risk status and corresponding mitigation measures. To support enterprise-wide risk mitigation efforts, the risk management unit monitors overall corporate risk and provides control and management solutions through systematic assessment, monitoring, and reporting mechanisms. The Audit Office oversees the implementation of these risk management processes and reports regularly to the Audit Committee and the Board of Directors, ensuring transparency and continuous improvement in risk governance.
To strengthen our risk governance structure, we have adopted the widely recognized COSO Enterprise Risk Management (ERM) framework and implemented a Three Lines of Defense model to implement risk identification, monitoring, and mitigation. In doing so, we aim to enhance operational resilience and improve the overall effectiveness of corporate governance.

Innolux’s Risk Governance Architecture

1》Risk Management Policy and Procedures

Pursuant to the Risk Management Policy and Procedures adopted by the Board of Directors in 2022, Innolux has developed a comprehensive risk management mechanism to ensure sustainable business operations in the fast-changing market enviroment. Based on the Company’s operational guidelines, we have formulated a five-step process that includes identification, evaluation, monitoring, disclosure, and response in order to determine the scope of each risk category and take the necessary action to reduce potential losses.
The Company continues to optimize its risk management mechanisms by dynamically adjusting strategies and monitoring systems to strengthen control and oversight of key risk factors across strategic, operational, financial, climate-related, and environmental areas. This approach integrates risk awareness into our corporate decision-making processes, thereby enhancing overall organizational resilience and responsiveness.

Innolux’s Risk Management Processes

2》Risk Identification and Management

In response to global economic shifts, supply chain disruptions, rising regulatory demands, and the impact of extreme weather events, Innolux has integrated sustainability management strategies and material topics into its risk management. Guided by the Global Risks Report published by the World Economic Forum (WEF), the Company has developed a comprehensive risk identification and mitigation mechanism encompassing strategic, operational, financial, and climate and disaster related risks. To promote forward-looking risk management, Innolux also monitors potential high-impact emerging risks expected to arise within the next 1 to 5 years. These are marked with an asterisk (*) among our strategic risk factors.
Leveraging the Enterprise Risk Management (ERM) mechanism, the Company tracks market trends and utilizes internal and external professional insights to support department heads in identifying and assessing potential risks. Risk factors are evaluated both qualitatively and quantitatively based on risk appetite, frequency of occurrence, potential impact, and the effectiveness of existing controls. Each responsible unit is tasked with formulating appropriate mitigation strategies, while regularly monitoring and reviewing their effectiveness. This approach helps to ensure the effectiveness of our corporate governance practices as well as the long-term resilience of our operations.

Risk Management Enhancement Measures
Areas Measures
Risk governance structure We have strengthened inter-departmental collaboration to improve risk identification, assessment, and the execution of systematic response measures and ensure a comprehensive and effective implementation of risk management.
Risk management capability In accordance with the IFRS Sustainability Disclosure Standards, we have established a risk management task force composed of the audit, finance, operations, legal, and information security departments to promote inter-departmental initiatives focused on strategic and operational risks and to strengthen the risk identification and response capabilities of department heads and supervisors.
Dynamic monitoring of risk trends With reference to GRI, COSO, and other risk management standards, we implement data monitoring and external analysis mechanisms to identify emerging risk scenarios and improve the foresight and effectiveness of our ESG risk management.
Supply chain and operational resilience We continuously enhance supply chain management and emergency response standard operating procedures (SOPs) to mitigate the risks of raw material shortages and unexpected operational disruptions, and to improve our capacity for anticipatory risk management, emergency response, and extreme incident handling.
Risk identification and performance management We have established a risk incident reporting and review system to continuously enhance risk response planning, while integrating internal controls and management audits to ensure the traceability and effectiveness of risk mitigation.
2024 Risk Factors and Mitigation Strategies

To ensure sustainable business operations, Innolux has formulated comprehensive response strategies based on the following categories:

Strategic Risks
Risk Factor Description Potential Impacts Mitigation Strategies
Investment risk arising from geopolitical conflicts* Intensifying competition between the U.S. and China, heightened cross-strait tensions, and growing uncertainties in global political, economic, and policy environments along with deepening trade barriers and geopolitical risks have presented significant challenges to corporate marketing strategies and long-term competitiveness. Geopolitical tensions and policy changes have increased market uncertainty, affecting corporate strategic planning, investment returns, and global competitiveness. The expansion of international trade barriers and the accelerating trend toward industrial de-risking have intensified pressures for supply chain restructuring, contributing to operational volatility, long-term financial risks, and potential fluctuations in investment portfolio value due to market instability.
  • In 2024, we continuously monitored changes in global political, economic, and trade policies and adjusted investment strategies and supply chain planning through diversifying market deployment to mitigate over-concentration of risk in certain regions, thus strengthening our operational resilience.
  • We increased the depth of supply chain integration by optimizing raw material procurement and logistics coordination and enhancing industrial cluster collaboration to reduce the impact of policy changes on operational costs and delivery stability.
  • We are continuing with digital transformation by adopting real-time risk monitoring mechanisms, thus improving decision-making efficiency and supply chain flexibility to address geopolitical and market uncertainties.
Economic cycles and shifting customer demand Global economic fluctuations, high inflation, and shifting consumer demand have intensified market demand volatility and price competition within the panel industry, posing operational challenges. Reduced consumer spending has constrained end-product sales, affecting customer orders and company revenues. Rising market competition, pricing pressure, and the risk of overcapacity have further impacted profitability.
  • In 2024, the Company has continued to strengthen R&D capabilities, expanded high value-added product lines, and promoted the adoption of Mini/Micro LED technologies to enhance product competitiveness.
  • We have adjusted the product portfolio to target emerging applications and niche markets, thereby reducing the impact of economic cycles on operations and stabilizing order sources.
  • Improved supply chain responsiveness helps us to adapt swiftly to changing market demand, ensuring delivery reliability and service consistency.
  • By leveraging collaboration with subsidiaries, we have strengthened our international market presence, deepened participation in the industry value chain, and enhanced our overall competitive advantage.
Ethical Risks Associated with AI* As AI technologies are increasingly applied to manufacturing, decision-making, and automation processes, ethical risks such as data privacy concerns, lack of transparency, and algorithmic bias have begun to emerge, posing challenges to corporate reputation and regulatory compliance.
  • Trust and reputational risk: Biased AI decisions or data privacy controversies may reduce customer and public trust in the company.
  • Regulatory and compliance risk: Failure to ensure AI technologies are in compliance with data protection regulations (e.g., GDPR) and fair competition laws may expose the company to regulatory fines or legal action.
  • Decision-making quality risk: Inadequately validated algorithms may result in flawed decisions, affecting business operations and competitiveness.
  • Ensuring AI transparency and accountability: We incorporate fairness testing and data bias detection during the AI design phase to ensure transparency in decision-making processes.
  • Enhancing AI compliance oversight: We conduct regular reviews to ensure AI systems comply with global data privacy and fair competition regulations, minimizing legal risks.
  • Promoting AI ethics awareness: We have established internal AI risk management guidelines and strengthened employee awareness and capabilities to address ethical challenges related to AI.

Operational Risks
Risk Factor Description Potential Impacts Mitigation Strategies
Geopolitical and trade policy changes impact global supply chain deployment Global political and economic instability, such as regional conflicts, trade barriers, and extreme weather incidents, has impacted supply chain stability. Heightened U.S.-China trade tensions along with increasing tariffs and export controls have increased operational uncertainty. As the global trend toward de-risking intensifies, customers are demanding diversification and de-Sinicization of supply chains, adding to pressure on costs, lead times, and supply chain resilience.
  • Supply chain rerouting significantly increases transportation time and costs, affecting delivery schedules and operating costs.
  • Customer concerns about delivery stability may impact order volumes.
  • Policy changes may increase compliance and supply chain management costs, further affecting financial performance.
  • In 2024, we continuously monitored global policy and market developments, adjusted our supply chain strategies to diversify raw material sources, and reduced reliance on any single market.
  • We have increased supply chain integration with a focus on production sites in Taiwan and mainland China and promoted local sourcing and optimized logistics coordination to reduce costs and mitigate disruption risks, while supporting sustainability goals.
  • The Company is promoting digital transformation by implementing real-time risk monitoring and integrated procurement platforms to enhance transparency and risk control, enabling flexible responses to changing operating environments.
Talent Shortages Caused by Technological Transformation and Intensifying Market Competition Driven by rapid advancements in the technology sector, global demand for highly skilled professionals in the semiconductor, display technology, and AI industries has surged, intensifying competition for talent. Innolux’s continued pursuit of technological transformation has further increased its reliance on specialized expertise, leading to a growing imbalance between talent supply and demand. As a result, the company faces increasing pressure in both recruitment and retention, which may impact the pace of transformation and overall competitiveness.
  • Shortages of technical talent may affect transformation progress and competitiveness.
  • High turnover rates may affect organizational stability and knowledge retention.
  • Rising recruitment and retention costs increase operational burdens.
  • By establishing the Semiconductor College, we are intensifying technical talent cultivation and supporting transformation initiatives.
  • Optimizing compensation and incentive mechanisms strengthens talent retention and enhances organizational stability.
  • We have expanded international recruitment efforts and strengthened campus outreach programs. By collaborating with academic institutions, the company is proactively building talent pipelines and improving retention to strengthen the talent supply chain.

See 2024 ESG Report -- 4.1 Talent Recruitment and Retention and 4.2 Talent Cultivation and Development.
Elevated cybersecurity risks amid digital transformation and widespread AI adoption Rapid digital transformation and widespread AI adoption have increased the value of corporate data assets, heightening cybersecurity risks. The growing frequency of cyberattacks, data breaches, and ransomware incidents poses a serious threat to business operations and corporate reputation.
  • Cybersecurity vulnerabilities could result in leaks of confidential company and customer data, damaging brand reputation and customer trust.
  • Malware attacks could paralyze company systems, disrupt operations, and incur additional system recovery costs.
  • In 2024, we continued to strengthen our cybersecurity defenses through AI-driven security mechanisms to enhance anomaly detection and incident response capabilities.
  • Participating in domestic and international cybersecurity alliances allows us to exchange threat intelligence on a regular basis, bolstering the foresights of defense. Participating in domestic and enhancing forward-looking defense capability.
  • We conduct routine cybersecurity drills to improve automated alert systems and response protocols and reinforce cybersecurity resilience and the protection of data and business operations.

See 2024 ESG Report -- 2.2.4 Information Security Management
Asset and business interruption risk Natural disasters, force majeure, or accidents (such as earthquakes, typhoons, or fires) pose potential risks to company assets, including plants, equipment, and inventory, disrupting production and business operations.
  • Major disasters may result in production halts, affecting delivery timelines and revenue.
  • Damage to facilities or equipment may cause additional repair or reconstruction costs, increasing the Company’s financial burden.
  • We leverage insurance mechanisms to transfer risk, including the purchase of property insurance and business interruption coverage to mitigate financial losses.
  • We have established a Business Continuity Plan (BCP) to ensure swift recovery of operations in the event of disasters and minimize impacts on the supply chain.

Financial Risks
Risk Factors Description Potential Impacts Mitigation Strategies
Foreign exchange risk management and financial stability Amid increasing global economic and political volatility, fluctuations in major currencies such as the U.S. dollar and Japanese yen pose risks for revenue, capital expenditure, and production costs. Unstable interest rate policies may further increase financing costs, affecting financial stability and operational flexibility.
  • Currency fluctuations impact revenue and cost structures, causing volatility in financial statements and affecting profitability and market confidence.
  • Rising interest rates may increase financing costs, heightening liquidity pressure and limiting investment and operational agility.
  • In 2024, our finance unit closely monitored major currency exchange rate and interest rate trends, proactively deploying hedging tools (e.g., forward exchange, currency swaps) to stabilize cash flow and reduce financial volatility.
  • Regularly reviews of capital strategies help us optimize resource allocation and ensure financial health to support operations and investment, while enhancing resilience to market changes.
Credit risk and accounts receivable management Global economic fluctuations and financial market instability may affect customers’ financial health, increasing the risk of accounts receivable collection. A decline in customers’ payment capacity could impact the Company’s cash flow and compromise operational stability.
  • Deteriorating customer finance may result in delayed collection or bad debts, straining cash flow and operational continuity.
  • Tightening credit markets increase pressure on cash management, potentially restraining business operations and expansion plans.
  • In 2024, we continued to strengthen credit evaluation and receivables management by regularly assessing customer credit profiles and adjusting credit terms to mitigate collection risks.
  • By establishing early-warning mechanisms and integrating collection procedures, we ensure timely cash recovery and maintain stable cash flow.
  • Diversifying our customer base reduces company exposure to financial issues from any single client and enhances liquidity security and operational flexibility.
Liquidity risk and capital management Rapid shifts in the global economy, unexpected financial events, or tightening markets may disrupt capital flows, impact operational liquidity, increase short-term funding pressures, and pose risks to business continuity.
  • Insufficient liquidity may affect day-to-day operations and investment execution, potentially impacting corporate credit and market confidence.
  • Financial market volatility may increase borrowing costs, weakening capital structures and financial resilience.
  • In 2024, we continued to strengthen liquidity and cash flow management by leveraging diversified financing sources to ensure sufficient operating capital and reduce the risk of funding shortages.
  • Regularly assessing cash positions and funding strategies to reinforce cash reserves enables agile responses to market shifts, ensuring operational continuity and financial stability.
Investment management and financial stability Innolux’s core business and its reinvestments are concentrated in similar sectors and geographic regions, making them susceptible to global political and economic fluctuations, supply chain restructuring, inflation, and rising interest rates. This concentration heightens the risk of return volatility and may impact the Company’s financial stability and long-term competitiveness.
  • Growing global uncertainty increases fluctuations in investment performance, raising portfolio risk and reducing capital efficiency.
  • Misalignment between investments and corporate strategy may reduce competitiveness and hinder financial performance and long-term development.
  • In 2024, we continuously reviewed our portfolio composition and strategic alignments to strengthen investment risk controls and ensure that capital deployment aligns with financial objectives.
  • By adjusting or exiting high-risk or underperforming investments, we improve the return on investment and reinforce financial health.
  • We are increasing investment diversification to reduce the impact of sector or regional volatility on overall financial performance and increase capital allocation flexibility.

Climate Change and Environment Risks

In keeping with the Task Force on Climate-related Financial Disclosures (TCFD) framework and guided by the Global Risks Report published by the World Economic Forum (WEF), Innolux conducts an annual, systematic identification and assessment of risks across the operational, financial, climate-related, and environmental dimensions. Both qualitative and quantitative analyses are employed to formulate response measures, ensuring a comprehensive and effective risk management approach.
Climate-related risks are assessed according to the four core pillars of the TCFD framework: Governance, Strategy, Risk Management, and Metrics and Targets. The outcomes of this assessment are disclosed in Chapter 5 of this report, Environmental Risk Management Strategies.
The table below consolidates key physical, transformation, and environmental risks associated with climate change. It also provides illustrative cases to highlight potential impacts on Innolux’s operations, while outlining our corresponding mitigation measures.

Risk Factors Description Potential Impacts Mitigation Strategies
Operational disruption due to natural disasters Taiwan is located in a seismic zone and is frequently affected by typhoons and other natural disasters, posing significant risks to facility infrastructure and business continuity. These events may impact production and disrupt supply chain stability.
  • Major disasters may cause production line shutdowns and delivery delays, affecting customer satisfaction and revenue.
  • Damage to plants and equipment may result in high repair or reconstruction costs, increasing the financial burden.
  • In 2024, we continued to implement the Business Continuity Plan (BCP), with regular reviews of disaster response mechanisms to ensure rapid recovery and minimize operational disruptions.
  • We transfer risk through property insurance, with periodic reviews of coverage and limits to ensure sufficient post-disaster resources for operational recovery.
Water shortage risk Due to the effects of climate change, extreme weather events have increased in frequency. In recent years, Taiwan has faced recurring droughts, complicating water allocation and potentially affecting the process water supply, factory operations, and supply chain stability.
  • Insufficient process water supply may disrupt production schedules and deliveries, potentially causing supply chain interruptions and customer attrition.
  • Long-term water shortages may raise operational costs and challenge sustainable business development.
  • In line with the Directives for Water Supply Redundancy during Droughts, in 2024, we continued to implement four major strategies: resource development, conservation, allocation, and backup to improve water resilience.
  • We have actively adopted reclaimed water use and enhanced our water-saving and recycling capabilities. Coordinating water dispatch among facilities stabilizes supply and mitigates water shortage impacts.
  • By strengthening infrastructure, we increase water storage capacity and external sourcing flexibility, ensuring stable production operations.
Renewable energy installation risk Due to the government policy mandating that energy-heavy industries increase their investment in green energy, the Company is required to establish a designated percentage of renewable energy capacity. Improper construction management or regulatory non-compliance could pose safety issues, affect operations, and damage corporate reputation.
  • Non-compliant installations may pose safety hazards, disrupting operations and financial stability.
  • Insufficient roof load-bearing capacity may result in facility damage or safety risks, impacting corporate image.
  • In 2024, we continued to follow the Company’s Solar Power Equipment Installation Guidelines, reinforcing site assessments and safety inspections to ensure installations meet both government and industry standards.
  • We have improved pre-connection inspections and emergency drills to reduce operational risks in renewable energy systems and ensure a stable, safe power supply.
  • We provide professional training to improve staff proficiency in the operation and maintenance of renewable energy facilities and ensure operation efficiency.
Natural resource and biodiversity risk Manufacturing processes involve the use of natural resources, and poor resource management may result in depletion and ecological degradation, undermining environmental sustainability and corporate operational stability. With tightening global environmental regulations, companies must actively address natural resource conservation and biodiversity to mitigate reputational and compliance risks.
  • Over extraction of resources or ecological harm may threaten raw material availability, increasing costs and destabilizing the supply chain.
  • Biodiversity loss or environmental disputes may increase regulatory pressure and reputational risks, jeopardizing sustainable operations.
  • In 2024, we continued to implement the Biodiversity and Zero Deforestation Policy and Sustainable Water Stewardship Policy to improve resource use and strengthen our ecological protection.
  • We conduct supply chain impact assessments to evaluate the effect of raw material sourcing on ecosystems and strengthen resource sustainability strategies.
  • The Company has established key environmental indicators (energy, water, waste) and collaborates with external parties to promote ecological restoration and biodiversity conservation, improving overall environmental performance.

See 2024 ESG Report -- 5.1 Environmental Governance

As global industries undergo rapid transformation, traditional risk management frameworks are no longer sufficient to fully address emerging challenges. At Innolux, we closely monitor current key operational risks while proactively identifying emerging risks that could significantly impact our business in the next one to five years. This approach enables us to maintain a competitive edge amid industry transformation, technological advancements, and evolving environmental regulations.
The risk factors outlined in this chapter have been identified and assessed through our Enterprise Risk Management (ERM) framework, with reference to the World Economic Forum’s Global Risks Report, the Dow Jones Sustainability Indices (DJSI), and GRI Standards. These efforts strengthen our forward-looking risk management capabilities and enhance the company’s overall operation resilience.

Material Topics and Risk Management
Risk Factors Corresponding Material Topics Issue Areas
Strategic risks Investment risk rising from geopolitical conflicts Supply chain management Governance
Economic cycles and shifting customer demand Innovation and R&D Governance
Ethical risks associated with AI*1 Managed under GRI general disclosures -
Operational risks Geopolitical and trade policy changes impacting global supply chain Supply chain management Governance
Talent shortage caused by technological transformation and intensifying market competition Talent recruitment and retention Social
Elevated cybersecurity risks amid digital transformation and widespread AI adoption Information security Governance
Risks of asset and business interruption Supply chain management Governance
Financial risks Foreign exchange risk management and financial stability Managed under GRI general disclosures *1
Credit risk and accounts receivable management Managed under GRI general disclosures -
Liquidity risk and capital management Managed under GRI general disclosures -
Investment management and financial stability Managed under GRI general disclosures -
Climate change and environmental risks Operational disruptions due to natural disasters Climate strategy and energy Environmental
Water resource shortage risk Water management Environmental
Renewable energy installation risk Climate strategy and energy Environmental
Natural resource and biodiversity risk Waste management and circular economy Environmental
Note 1: The Company has already incorporated emerging risks not yet classified as material ESG topics (e.g., new raw materials, AI ethics) into its overall risk assessment mechanism and continues to monitor their potential impacts.

3》Business Continuity Management

As global risks continue to rise, Innolux has integrated Business Continuity Management (BCM) into its daily operations to minimize the impact of natural disasters and human-induced incidents on production, materials supply, and service delivery. We aim to ensure uninterrupted business operations, support long-term corporate sustainability, and provide stable and reliable service to our customers.
The Company established the Business Continuity Management Team, with the CEO and the chief executive of each site serving as heads and the senior executives of functional departments as members of the crisis management cabinet. The team is responsible for making strategic decisions and developing recovery plans to ensure timely responses and safeguard stakeholders’ interests and the Company's reputation in the event of operational interruptions.

Innolux’s Business Continuity Management Architecture

Business Continuity Plan
We have formulated the Innolux Business Continuity Plan (BCP), which establishes emergency response and recovery procedures to ensure that the necessary measures are taken to prevent or minimize interruptions in the event of a crisis or disaster.
Furthermore, to ensure operational resilience and production stability, Innolux has established 12 disaster prevention centers across its global manufacturing sites, each equipped with plant safety monitoring systems. A dedicated Emergency Response Team (ERT) has also been formed to ensure a timely response to unforeseen events. In 2024, Innolux continuously strengthened site safety and disaster response capabilities by conducting over 1,420 emergency response drills with more than 15,740 participants.
Innolux’s Business Continuity Plan

Business Continuity Drills
Innolux proactively enhances intrinsic safety measures and backup systems, while regularly conducting scenario-based drills. Through ongoing improvement of response strategies, contingency plans, and crisis management procedures, the company ensures the effectiveness and resilience of its Business Continuity Management (BCM) system.
Each year, the Company designs specific crisis scenarios for its Business Continuity Plan (BCP) drills, addressing potential risks such as public infrastructure failures, natural disasters, infectious disease outbreaks, and materials shortages. In 2024, in response to the growing severity of extreme weather events, we conducted drills simulating scenarios that could lead to production interruptions, including water shortages, power rationing, and fires in the make-up air units (MAU). A total of 11 scenario-based drills were carried out through tabletop exercises and practical testing to ensure the relevance and effectiveness of our BCP.
Anti-water shortage and drought initiatives Fire scenario drills in the make-up air units

4》Information Security Management

Due to accelerating digital transformation and elevated cybersecurity risks, businesses must establish stable information security management mechanisms to safeguard operational stability and data security. Innolux is fully aware of the importance of information security to ensure corporate sustainability and maintain the trust of stakeholders. We are committed to building a comprehensive information security framework that protects operational data, client confidentiality, supply chain information, and employee privacy. To ensure the effectiveness and continuity of our security strategies, we have established clear information security policies in accordance with international standards and industry best practices and implemented a range of measures, including risk mitigation, incident response protocols, and employee training.

Information Security Governance Framework
To ensure the effectiveness of our information security governance, Innolux established the Information Security Committee to formulate overall information security strategy and action plans, with the Chief Information Security Officer (CISO) serving as convenor. The Information Security Committee convenes regularly to review the applicability and effectiveness of the Information Security Management System (ISMS).
Two task forces—the Information Security Working Group and the Emergency Response Team—operate under the committee. The former is responsible for daily monitoring and management of information security, while the latter activates the emergency response mechanism in the event of major cybersecurity incidents to ensure timely risk control and minimize potential damage.
Organizational Structure and Responsibilities

Oversight by the Board of Directors

To maximize the effectiveness of our information security governance, Innolux submits an annual Cybersecurity Governance Report to the Board of Directors in the fourth quarter of each year. This report includes the results of information security risk assessments, the implementation status of critical infrastructure protection measures, summaries of major cybersecurity incidents, and future improvement plans. The purpose of this mechanism is to ensure that senior management maintains a clear understanding of the evolving cybersecurity landscape and that decision-making remains aligned with our Enterprise Risk Management (ERM) framework. Furthermore, in accordance with our corporate governance principles and international standards, all key information security strategies are subject to review and oversight by the Board of Directors.

Annual Information Security Maturity Assessment

Innolux conducts an annual cybersecurity maturity assessment to evaluate the effectiveness of its information security management system. The assessment applies quantitative indicators to measure the performance of policy implementation and risk management mechanisms, the strength of technical applications, employee cybersecurity awareness, and supply chain cyber defenses. This assessment examines the effectiveness of our corporate information security management system, as well as opportunities for continuous improvement.
Since 2020, Innolux has adopted the Security Platform as a Service (SECPAAS) developed by the Industrial Technology Research Institute (ITRI) to identify system vulnerabilities and adjust network security strategies across its manufacturing sites, thus reinforcing information resilience and mitigating cybersecurity threats. In 2023, the Company further enhanced its cybersecurity framework by introducing the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) built around five core aspects: Identify, Protect, Detect, Respond, and Recover. These measures strengthen Innolux’s ability to optimize information security operations, improve cybersecurity emergency response, and strengthen its overall digital resilience.
n 2024, Innolux achieved a SECPAAS cybersecurity maturity score of 92, obtaining the highest protection rating (Grade A). This demonstrates the Company’s excellence in cyber risk mitigation, incident response, and governance and positions it as a leader in the industry. Through ongoing improvements to its cybersecurity technologies and management systems, Innolux remains focused on safeguarding business continuity and forward-looking cybersecurity defense capabilities.

Information Maturity Assessment Chart

Information Security Policy and Organization

Based on ISO 27001 and the NIST Cybersecurity Framework (CSF), Innolux has established a robust information security management system built on five pillars—Identify, Protect, Detect, Respond, and Recover—ensuring the confidentiality, integrity, and availability of information assets. To support this framework, Innolux regularly conducts asset inventories and risk assessments, enhances access control for sensitive data, and ensures the security of IT infrastructure and critical data. The Company has implemented enhanced internal network programs and source code scanning mechanisms to strengthen defense capabilities in compliance with ISO 27001 requirements.
Real-time threat detection is enabled through cybersecurity monitoring systems that track anomalies and potential threats. Innolux also conducts regular phishing simulations and social engineering drills to raise employee awareness and reduce vulnerability to cyberattacks. To ensure preparedness, the Company has established a cybersecurity Incident Response Plan (IRP) that is integrated with its Business Continuity Plan (BCP) and disaster recovery mechanisms. These systems enhance Innolux’s ability to respond timely and effectively to incidents, minimizing potential disruptions to our operations.

Information Security Strategies and Future Development Objectives
Timeline Description
Short-term:
2025
Information Security Goals
  • Conduct regular cybersecurity incident reporting and response drills to strengthen response and mitigation capabilities.
  • Implement social engineering exercises to reduce the risk of phishing mails and social engineering attacks.
  • Complete transition to ISO 27001:2022 to ensure compliance of systems and policy frameworks.
  • Promote Zero Trust Architecture to enhance access control and improve protection levels.
  • Strengthen source code screening mechanisms to ensure secure software development processes.
Mid-to Long-term:
2030
Information Security Commitments
  • Enhance network protection in DMZ areas to strengthen cybersecurity perimeters.
  • Improve internal system and website security to reduce internal risks.
  • Optimize cloud cybersecurity to protect corporate data.
  • Introduce more comprehensive secure software development testing mechanisms.
  • Strengthen supply chain cybersecurity management to ensure vendor compliance with corporate standards.

Cybersecurity Incident Management and Response Mechanisms

Innolux has established a cybersecurity Incident Response Plan (IRP) in accordance with ISO 27001 and the NIST Cybersecurity Framework (CSF) to ensure timely and effective responses to cybersecurity incidents, minimize operational disruptions, and maintain business continuity. Through its Security Operations Center (SOC) and Advanced Persistent Threat (APT) detection systems, the Company enforces 24/7 monitoring of potential threats and classifies incidents for appropriate reporting and response measures based on the incident level, minimizing operational impacts.
Innolux conducts cybersecurity incident reporting and response drills at least twice a year to ensure all departments are equipped to respond promptly and effectively to potential threats. In 2024, the Company conducted 13 drills for critical core systems, covering various cybersecurity threats and response procedures to ensure timely responses while maintaining operational continuity during cyberattacks.
In April 2024, Innolux conducted a Breach and Attack Simulation (BAS) to simulate real-world cyberattacks and test the effectiveness of its defenses. The exercise included simulated hacking and network attacks to validate the security of the Company’s infrastructure and cybersecurity architecture. Following the exercise, the Company optimized system configurations to enhance real-time defense capabilities.
In 2024, no major cybersecurity incidents occurred, nor did the Company incur any penalties for regulatory violations, demonstrating strong performance in cybersecurity management.

Regulatory Compliance and Incident Reporting

Innolux is dedicated to ensuring full compliance with international standards, including ISO 27001, DJSI, and GRI, in its cybersecurity management. A formal incident reporting mechanism is in place to ensure timely response, regulatory compliance, and transparency in the event of any incident that may impact operations. By strengthening monitoring, response, and recovery mechanisms, Innolux effectively enhances cyber resilience, operational stability, and sustainable development.

Innolux’s Cybersecurity Incident Reporting and Response Procedures

Disaster Recovery and Business Continuity Plan (BCP)

Innolux has established backup mechanisms for critical systems and validates response capabilities through disaster recovery (DR) drills. The Company also maintains a robust Business Continuity Plan (BCP) to ensure operations can be quickly restored even in the event of major cybersecurity incidents, thereby minimizing risk and maintaining business integrity.

Cybersecurity Awareness and Internal Compliance

Innolux continues to promote cybersecurity education and awareness through phishing simulations and social engineering drills. In 2024, the Company launched a phishing email recognition training program with participation from 11,454 employees and a 100% completion rate, providing baseline cybersecurity awareness across the organization. Additionally, 22 cybersecurity bulletins were issued and online training sessions were conducted with a 100% completion rate, reinforcing compliance and internal capabilities. These efforts have laid a solid foundation for sustainable growth by ensuring the regulatory compliance of our security policies and fostering a strong cybersecurity awareness and capability among our employees.
To improve training effectiveness, the Company established a cybersecurity training KPI with a target achievement rate of 80%. In 2024, the actual compliance rate reached 100%, exceeding the set target.

Year Cybersecurity training KPI Actual compliance rate
2022 ≥80% 100%
2023 ≥80% 100%
2024 ≥80% 100%

Supply Chain Cybersecurity Management

To mitigate supply chain–related cybersecurity risks, Innolux has implemented a Supply Chain Risk Management (SCRM) platform that classifies and assesses vendors’ cybersecurity maturity to ensure compliance with corporate standards. All on-site personnel must pass cybersecurity workstation checks to prevent confidential data leaks, and vendors are required to sign Non-Disclosure Agreements (NDAs) to ensure full compliance with information security protocols. To further protect information security, we employ a Mobile Device Management (MDM) system to strengthen access control and protect sensitive information on mobile platforms.
To enhance oversight of supply chain cybersecurity, Innolux also conducts regular audits and training for supply chain partners to ensure their cyber protection capabilities meet corporate standards. By fostering collaboration with suppliers, the Company continues to improve the overall maturity of its supply chain cybersecurity and reduce the risk of information leaks due to supply chain vulnerabilities.

Supply Chain Cybersecurity Initiatives and Outcomes

To further strengthen supply chain cybersecurity, Innolux implemented several cybersecurity enhancement measures in 2024, actively engaging with supply chain partners to raise cybersecurity standards through interactive engagement sessions and knowledge-sharing events. Key activities conducted in collaboration with our suppliers in 2024 include:

Date and Event Participating Companies Purpose Outcomes External Benefits
2024/02/20
Supply Chain Cybersecurity Enhancement 		CHENG MEI MATERIALS TECHNOLOGY, CHIMEI, Innolux Improve supply chain cybersecurity Enhanced suppliers’ cybersecurity management capabilities, reducing the risk of confidential data leaks due to vendor vulnerabilities Acquired expertise in cybersecurity management and monitoring practices, enabling more robust defense measures
2024/05/27
Cybersecurity Knowledge Exchange 		MIRLE GROUP, Innolux Cybersecurity best practices exchange Supported suppliers in improving cybersecurity practices through knowledge exchange. Acquired expertise in cybersecurity management and monitoring practices, with effective application to real-world implementation

Through these efforts, Innolux not only strengthened its own internal cybersecurity defenses, but also significantly enhanced the cybersecurity maturity of its supply chain partners, mitigating the risk of vendor vulnerabilities and ensuring stable operations and data security.

Future Outlook and Global Trends

As digital transformation accelerates, Innolux continues to reinforce cybersecurity in cloud environments and operational technology (OT) systems to ensure the integrity of manufacturing operations. The Company is also advancing AI-driven cybersecurity protection by leveraging behavioral analytics and machine learning technologies to enhance anomaly detection and automate incident response.

Cybersecurity Alliances and Collaborative Defense

To further enhance cybersecurity resilience, Innolux actively participates in domestic and international cybersecurity alliances. Through intelligence sharing and collaborative defense mechanisms, the Company strengthens its threat monitoring and response capabilities, ensuring information security and supply chain stability.

Participating Organizations Objectives
Forumof Incident Response and Security Team, FIRST Gather cybersecurity threat intelligence and engage in international cybersecurity information exchange
Taiwan Computer Emergency Response Team, TWCERT
Science ParkIn formation Sharing and Analysis Center, SP-ISAC
Taiwan Chief Information Security Officer Alliance, CISO Share best practices in information security technologies
Ministry of Justice Investigation Bureau Sign cybersecurity collaborative defense and intelligence-sharing memorandums to enhance defense capabilities

Through these international and regional collaborations, the Company gains timely access to the latest Indicators of Compromise (IOCs), enhancing its cybersecurity detection capabilities and optimizing incident response mechanisms, thereby further strengthening Innolux’s overall cybersecurity resilience.。

Project cooperation and public-private collaborative defense
Innolux actively collaborates with government agencies to strengthen cybersecurity defenses. On June 14, 2024, the Company signed a Memorandum of Understanding (MOU) with the Ministry of Justice Investigation Bureau (MJIB) to jointly promote public-private collaborative defense and share threat intelligence, including hacker intrusions and emerging forms of tech-enabled crime. This partnership further enhances Innolux’s defensive capabilities and digital resilience.