Business Risks

Risk Governance

Astellas established the Global Risk and Resilience Management Committee (“GRRC”) and Divisional Risk and Resilience Committees (“DRRCs”) to provide effective oversight of key risks and mitigation activities. Internal Audit observes these committee meetings to ensure that these key risks are taken into consideration in their priorities. GRRC consists of several CxOs and representatives from risk functions. Global risks are ultimately reported to the Board.

The diagram below summarizes Astellas’ risk governance system.

risk management graph

Enterprise Risk Management Process

The Risk Management Team in Corporate Strategy facilitates the Enterprise Risk Management (ERM) process with the internal stakeholders annually.

Our risk assessment process is both top-down and bottom-up. To enable prioritization, we assess the impact and likelihood of each risk, considering the mitigations currently in place.
 

Risk owners develop action plans to reduce the level of risk exposure and enhance the resilience. Global Risks (risks that require enterprise-level attention due to their nature and impact) are discussed and endorsed at the GRRC. GRRC also monitors Emerging Risks, which we define as uncertainties arising from trends that are on the company’s radar but whose full extent and associated implications are not yet clear. Sometimes, an Emerging risk is subsequently included in the risk register as a Global or Divisional risk following the discussion at the GRRC.
 

We continuously review the Enterprise Risk Management process to further enhance its effectiveness and efficiency. In fiscal year 2025, the Internal Audit function conducted an audit of the Enterprise Risk Management process.

Global Risks Overview

The table below summarizes the currently identified Global Risks. Any forward-looking statements are based on judgments at the end of FY2025. In addition to these risks, there are many other risks. Some risks are unique to the pharmaceuticals business, such as the uncertain nature of research and development, the risk of being infringed upon or infringing intellectual property rights, risk of drug side effects or safety issues arising thereof, and the risk of Astellas Group business’ partial dependence on licensing and sales of third-party developed drugs. Other risks include the infringement of related laws and regulations (e.g., competition with rival products, environment, health and safety); commercial litigations; delays or stoppages in manufacturing due to natural disasters; and exchange rate fluctuations. Such risks may affect the Astellas Group’s business results and financial position.

RiskKeyContextKey Mitigation Actions (Examples)
Cyber Security***The technology and Artificial Intelligence (AI) more broadly involved in cyberattacks is advancing at an unprecedented level and the methods of attack are growing more diverse and sophisticated. The pharmaceutical industry is no stranger to cyberattacks given the important data these companies hold. Cyberattacks or breaches caused by malicious activities may result in unavailability of critical technology systems, loss or disclosure of confidential or proprietary data including personally identifiable information.
  • Information Security Program aligned with the NIST CSF framework (Govern, Identify, Protect, Detect, Respond, Recover).
  • Program leadership by the Chief Information Security Officer, with governance and oversight by the Chief Digital Officer; regular reporting to Executive Leadership and the Board of Directors.
  • Ongoing Information Security Training and Awareness program, including company-wide and targeted phishing simulations and regular awareness campaigns.
  • Continued compliance with applicable cybersecurity regulations and active monitoring of regulatory developments.
  • Ongoing enhancement of information security capabilities, including deployment of advanced defensive/offensive tools and exploration of AI use in daily operations.
  • Evolution of a skilled global operating model to support information security efforts.
US Pricing Policy Shift***The United States aims to introduce a Most Favored Nation (MFN) drug pricing policy, which seeks to lower drug prices in the U.S. in line with the lowest price level among the advanced countries. If such a policy is implemented and applied to our products, it may lead to a decrease in our revenue in the U.S. market and could also impact our market strategies in other advanced countries.
  • Monitoring of political and regulatory development.
  • Advocacy through the industry associations and direct engagement.
  • Financial impact analysis on strategic brands.
Data Nationalism & Privacy Fragmentation**Data Nationalism is a growing trend in which governments are asserting control over data generated within their borders, such as prohibiting and/or restricting the transfer of data across borders, or imposing some preconditions before transfers are allowed to take place. Data nationalism may be also manifested in fragmented privacy laws and regulations which deviate from global standards. Such regulatory changes could require Astellas to significantly modify existing business processes and IT systems that support today’s cross border data flows. This can lead to higher costs, operational and system complexity, and reduced efficiency and/or reduced innovation.
  • Monitoring of regulatory developments.
  • Country-specific projects to ensure compliance with privacy laws and other data governance & digital regulations.
  • In FY2025 the Company implemented a compliance program to operationalize US Data Security Program requirements. This entailed the following activities: identification of the affected business activities; process documentation and employee training; implementation of the new process(es) to ensure compliance; and monitoring, audit, certification.
Organizational Transformation**As the company kicks off CSP 2026, successful delivery of multiple transformation initiatives is critical for Astellas to continue creating and delivering VALUE for our patients. When multiple initiatives are concurrently running, it is critical to understand and manage the inter-dependencies.
Uncoordinated transformation initiatives and the related changes may impact our culture and reputation.
  • Implementing a forum and mechanism to coordinate major transformation change initiatives.
  • Developing a solution to provide observability of transformation initiatives being delivered across the company.
  • Building change management capability across the organization.
Global Tariffs**Since the establishment of the World Trade Organization in 1995, WTO member countries have maintained zero-tariff measures on pharmaceuticals. However, in April 2026, the United States announced the introduction of tariffs on pharmaceuticals and pharmaceutical ingredients. Depending on how these tariffs are implemented by the US government, this could lead to increased costs for Astellas.
  • Conducted impact analysis based on different tariff scenarios.
  • Developed a strategic framework for the global supply chain network, which includes segmented supply strategies to address tariffs and other geopolitical risks.
Natural disasters and extreme weather events*Due to our geographically dispersed footprint, we may be vulnerable to natural disasters and disruptive weather events caused by climate change. In the event of catastrophic weather events that exceed the scope of typical contingency planning, our business operations may be disrupted, and the stability of our commercial supply could be impacted.
  • Continuous enhancement of business continuity planning and execution of training.
  • Incorporation of natural disaster risk into the site risk assessment.
  • Assessment of the long-term impact of climate change on our sites (the results of the physical risk analysis conducted in FY 2024 identified the Shenyang plant as high risk. Increased risks of flooding, heatwaves, and precipitation in 2050 were identified as potential challenges).
AI Regulatory Expectations*With the advancement of AI utilization in the pharmaceutical industry, regulatory authorities have begun to clarify the conditions for the use of AI in GxP environments through guidelines and similar measures. While we have established an AI compliance framework based on current laws and regulations, it is necessary to continue strengthening this framework to ensure we can respond to future regulatory developments.
  • Establishment of Responsible AI principles (including the prohibition of certain AI use cases).
  • Review process for the implementation of new AI projects.
  • Implementation of AI risk assessments as part of above.
  • Establishing of a system validation process for the use of AI in GxP environments.

  • ***Catastrophic Risk: Risks that have the potential to cause fatal damage or business disruption to the entire Astellas group level should they materialize. They have the potential to fundamentally impact and disrupt business objectives, operating model, reputation or core activities to a material level.
  • **Standard Risk: Risks that have the potential to cause substantial damage or business disruption to a specific part of the business or the entire Astellas group.
  • *Emerging Risk: Uncertainties arising from trends that are on the company’s radar but whose full extent and associated implications are not yet clear.