Company Data

Risk Governance

Develop a system to continuously monitor and supervise the implementation of risk management in each department in charge of risk management. In addition, the Company's Internal Control Committee will evaluate the effectiveness of the system and oversee and promote it from the group-wide perspective.
The head of each department promotes the daily risk management within their own department.
In addition to appointing an executive at the Company to supervise risk management from a company-wide perspective, an executive in charge of risk management shall be appointed at each Group company, thereby establishing a system for collaboration across the entire Group.
The Internal Control Committee shall be set up in the Company, which shall periodically hold a meeting to enable smooth and effective functions of the internal control system of the Group.
The internal audit function shall be set up in the Company and major group companies. The department shall verify independently from operation execution that the Group's business activities are performed in accordance with the laws, articles of incorporation, internal rules, and the management policy and plan of the Group, and maintain the soundness of the Group's business activities by providing specific advice and recommendations.

The important long-term emerging risks

AI Ethics

Potential business impact of the risk	With the advent of deep learning, the capabilities of AI have improved, leading to its application in areas that require high reliability and are related to human life and management, such as autonomous driving, loan screening, and medical image diagnosis. However, this expansion has brought with it the risk of various issues that could potentially violate human rights. For instance, using AI in recruitment or benefit assessments can lead to discriminatory decisions against minorities, thus posing a risk to fairness. Additionally, the use of facial recognition on individuals captured by surveillance cameras to identify criminals carries the risk of wrongful arrests, highlighting the potential for unfair law enforcement. Moreover, the rapid expansion of the use of generative AI in recent years has raised concerns about various risks. These include the spread of false information through deepfake avatar videos that can undermine individual dignity, the leakage of personal information through generated prompts, and copyright infringement risks associated with training data and generated content. It was noted that there are numerous risks to consider when using these technologies. In addition to issues such as copyright infringement and disruption of distribution channels by creating content that highly resembles the existing content, there are also concerns about the manipulation of the vote through the intentional creation of false information and the threat to national security posed by the easy access to information on how to create hazardous materials. When these issues occur, they can lead to a rapid decline in corporate reputation due to decreased public acceptance. This can result in significant business continuity challenges, including service disruptions or business downsizing. Furthermore, when the recently enacted EU AI-Act comes into effect, even companies based outside the EU could face substantial penalties—up to 7% of their annual turnover (over 100 billion yen in our case)—if violations occur in services provided within the EU. This poses a critical threat business sustainability. Considering these issues, our company has been actively engaged in governance activities to regulate AI. We are committed to promoting the creation of value through the fair and sound use of AI, as well as fostering the sustainable development of society.
Mitigating actions	In 2019, our company established the "NTT DATA Group's AI Guidelines," which serves as a reference for the development, operation, use, and decision-making related to AI. https://www.nttdata.com/global/ja/news/release/2019/052900/
In 2021, we established the AI Advisory Board to incorporate external expertise and examine the ideal state of governance. Based on the findings, we have advanced the development and implementation of AI risk management. https://www.nttdata.com/global/ja/news/services_info/2021/012900/
In 2023, we established the AI Governance Office as an organization dedicated to effectively managing risks arising from the inappropriate use of AI and promoting the appropriate use of AI. Targeting both the AI systems provided by NTT DATA and our internal systems, we have developed rules and frameworks to detect business risks associated with AI. By addressing these risks in collaboration with project teams, we are promoting the creation of an environment in which society and our customers can fully benefit from the use of AI and achieve a sustainable society. https://www.nttdata.com/global/ja/news/release/2023/032301/
Particularly in 2023, we established the "AI Risk Management Policy," which defines the AI risks that must be managed globally across the entire group and outlines the management framework. Given the rapid development of generative AI and the urgent need to establish AI governance, we are currently working on developing rules and processes based on this policy across the entire group. https://www.nttdata.com/global/en/insights/generative-ai/governance https://www.nttdata.com/jp/ja/services/data-and-intelligence/governance/

Potential business impact of the risk

With the advent of deep learning, the capabilities of AI have improved, leading to its application in areas that require high reliability and are related to human life and management, such as autonomous driving, loan screening, and medical image diagnosis. However, this expansion has brought with it the risk of various issues that could potentially violate human rights.
For instance, using AI in recruitment or benefit assessments can lead to discriminatory decisions against minorities, thus posing a risk to fairness. Additionally, the use of facial recognition on individuals captured by surveillance cameras to identify criminals carries the risk of wrongful arrests, highlighting the potential for unfair law enforcement.
Moreover, the rapid expansion of the use of generative AI in recent years has raised concerns about various risks. These include the spread of false information through deepfake avatar videos that can undermine individual dignity, the leakage of personal information through generated prompts, and copyright infringement risks associated with training data and generated content. It was noted that there are numerous risks to consider when using these technologies.
In addition to issues such as copyright infringement and disruption of distribution channels by creating content that highly resembles the existing content, there are also concerns about the manipulation of the vote through the intentional creation of false information and the threat to national security posed by the easy access to information on how to create hazardous materials.

When these issues occur, they can lead to a rapid decline in corporate reputation due to decreased public acceptance. This can result in significant business continuity challenges, including service disruptions or business downsizing.
Furthermore, when the recently enacted EU AI-Act comes into effect, even companies based outside the EU could face substantial penalties—up to 7% of their annual turnover (over 100 billion yen in our case)—if violations occur in services provided within the EU. This poses a critical threat business sustainability.

Considering these issues, our company has been actively engaged in governance activities to regulate AI. We are committed to promoting the creation of value through the fair and sound use of AI, as well as fostering the sustainable development of society.

Mitigating actions

In 2019, our company established the "NTT DATA Group's AI Guidelines," which serves as a reference for the development, operation, use, and decision-making related to AI.

https://www.nttdata.com/global/ja/news/release/2019/052900/

In 2021, we established the AI Advisory Board to incorporate external expertise and examine the ideal state of governance. Based on the findings, we have advanced the development and implementation of AI risk management.

https://www.nttdata.com/global/ja/news/services_info/2021/012900/

In 2023, we established the AI Governance Office as an organization dedicated to effectively managing risks arising from the inappropriate use of AI and promoting the appropriate use of AI. Targeting both the AI systems provided by NTT DATA and our internal systems, we have developed rules and frameworks to detect business risks associated with AI. By addressing these risks in collaboration with project teams, we are promoting the creation of an environment in which society and our customers can fully benefit from the use of AI and achieve a sustainable society.

https://www.nttdata.com/global/ja/news/release/2023/032301/

Particularly in 2023, we established the "AI Risk Management Policy," which defines the AI risks that must be managed globally across the entire group and outlines the management framework. Given the rapid development of generative AI and the urgent need to establish AI governance, we are currently working on developing rules and processes based on this policy across the entire group.

https://www.nttdata.com/global/en/insights/generative-ai/governance

https://www.nttdata.com/jp/ja/services/data-and-intelligence/governance/

Risks associated with securing human resources

Potential business impact of the risk	Sophisticated IT personnel are one of the most important management capital resources for our group in terms of development and service delivery. A shortage of IT personnel in the future will have a significant impact on customer operations and the lives of general users, and may have a negative impact on our group's business performance and financial condition.
Mitigating actions	In terms of recruitment, we are strengthening the recruitment of personnel who have a background in digital technology or who are capable of promoting global business, and we also are promoting to hire personnel with immediate business capability.
	Our company is promoting the recruitment of human resources through the Advanced Professional System, which employs human resources with outstanding expertise in the digital domain who can immediately contribute to the expansion and driving our business, with compensation commensurate with market value, and we also introduced the Technical Grade System, which provides compensation commensurate with the degree of contribution of expertise.
	We are focusing on the development of professional human resources with a high level of expertise and the ability to respond to changes in the erea, and human resources who can play an active role on a global scale. In order to realize this, in April 2022, Olive One was introduced as a new human resource development platform.
	In addition to establishing a system to promote the autonomous growth of employees, such as the realization of highly specialized treatment, we will promote diversity, equity, and inclusion and improve employee engagement by creating an environment in which employees can flexibly set the time and place to work according to the characteristics of their work.

Security Experts

With information security threats getting more diverse and sophisticated, there are concerns about the shortage of human resources with the information security expertise required.
Against this backdrop, the NTT DATA Group develops security experts and improves their skills actively. As of April 2024,1022 experts, with the “Security Expert Qualification” offered internally by the NTT Group were active in Japan and overseas.

Job Classification	Level
Security management / Security consulting	Security Masters	2	First-rate experts with industry-leading track records and communication capabilities
Security operation	Security principals	9	Specialists in proposing security strategies to managers
Security development	Security professionals	1013	Specialists with exceptional experience and judgement