TSMC is committed to maintaining a proactive and robust Enterprise Risk Management (ERM) system to safeguard the interests of the Company and its stakeholders.

TSMC’s goals in establishing an effective ERM system are to:

• Provide confidence that the Company’s risks are known and within risk appetite and tolerance;
• Prioritize resources to focus on enterprise growth and strategy to effectively capitalize on opportunities and minimize the potential impact of threats; and
• Ultimately, lead to creation of value.

TSMC’s ERM framework is designed to assist in the identification, assessment, response, monitoring and reviewing of risks, thereby assisting management in making informed business decisions to achieve its business strategies and corporate objectives. TSMC’s structured approach of risk management entails:

• Risk-aware culture;
• Risk governance;
• Risk management process that integrates with business operations; and
• Collaboration and continuous improvement.

Details of TSMC’s ERM framework, including the organization functions and implementation procedures for risk management, are set forth in the TSMC Enterprise Risk Management Procedure.

The Audit and Risk Committee shall regularly review the Company’s ERM, including the ERM procedures and implementation status.

Risk management is a shared responsibility of the management team together with the employees. All employees are required to be competent and accountable for managing risk within their area of responsibility.

The Policy and any revision hereof shall be effective upon approval by the Board of Directors.