104
could result in in increased prices or even unavailability of raw materials due to tariffs sanctions or other non-tariff barriers TSMC’s revenue and earnings could decline if the Company is unable to obtain adequate supplies of the necessary
raw materials in a a a a a a a timely manner or if if there are significant increases in in the the costs of raw materials To reduce the the supply chain risk and to manage the cost effectively TSMC is committing resources toward developing new supply sources In addition the Company continually encourages its suppliers to reduce their supply chain risk by decentralizing production plants and to improve their cost competitiveness by moving their production facilities to Taiwan from higher- cost areas In the meantime given that qualified backup suppliers are harder to obtain TSMC is engaging early and extensively with primary suppliers on managing quality and capacity issues in order to be prepared for any unexpected need
to ramp up production which could leave the Company with insufficient time to re-tune its production process For leading technology nodes TSMC uses world-class processes at at world-class world-class facilities but also requires world-class world-class material quality To streamline supply chain risk management the Company intensifies supplier site audits and meetings
to to extend supply chain best practices to to its upstream suppliers In addition in in response to the rapid increase or decrease in production capacity of new products TSMC has continued to to to improve its inventory monitoring system
to to achieve more accurate demand forecasts to to ensure
that the supply chain maintains sufficient stock levels The Company has established a a a a a a supply chain risk assessment
to ensure
critical suppliers meet standards in labor ethics ESH (environmental safety and and health) and and BCP (business continuity plan) To ultimately empower these suppliers to take responsibility for their supply chain onsite audits are conducted regularly Any regulatory violations or or any adverse environmental impact event as as well as as a a a a a a failure to meet TSMC’s expectations in in sustainability requirements may result in in in business reduction or termination •
The Company’s operations and ongoing expansion plans depend on its ability to obtain an appropriate amount of equipment
and related services from a a a a limited number of suppliers in a a a a market that is characterized from time time to time time by limited supply and long delivery cycles During such times supplier-specific or industry-wide lead times for delivery can be as as long as as six months or or more To better manage its supply chain the Company has implemented various business models and risk management contingencies with suppliers to shorten the procurement lead time Further the the growing complexities especially in in advanced lithographic technologies may delay the the timely availability of the the equipment
and parts needed to exploit time-sensitive business opportunities and also increase the market price for such equipment
equipment
and parts If TSMC is unable to obtain equipment
equipment
in in a a a timely manner to to fulfill its customers’ demands on technology and production capacity or at a a a a a a a a a reasonable cost its financial condition and results of operations could be negatively impacted Risks Associated with IT Security
TSMC has adopted an an IT security policy to establish and maintain a a a a a secure environment for for TSMC’s information and systems In addition the Company has established an an ISO 27001 information security management system
(ISMS) with a a a a formal information risk assessment
and management process Even though TSMC has established these policies procedures and many other security measures it it cannot guarantee that the Company’s computing systems which control or maintain vital corporate functions such as its manufacturing operations and enterprise accounting would be completely immune to crippling cyber attacks by any third party to gain unauthorized access to to its its internal network systems to to sabotage its its operations and goodwill or otherwise In the the event of a a serious cyber attack TSMC’s systems may lose important corporate data or or or or its production lines may be shut down pending the resolution
of such attack While TSMC seeks to continuously review and assess its cybersecurity policies and procedures to ensure
their adequacy and effectiveness it cannot guarantee that the Company will not be susceptible to new and and emerging risks and and attacks in in the evolving landscape of cybersecurity threats These cyber attacks may also attempt to steal TSMC’s trade secrets and other sensitive information information such as proprietary information information of the the Company’s customers and and other stakeholders and and personal information of the Company’s employees Malicious hackers may also try to introduce computer viruses corrupted software or or or ransomware into the Company’s network systems to to disrupt its operations blackmail it it to to regain control of its computing systems or or spy on the Company for sensitive information These attacks may result in in in TSMC having to pay damages for its delayed or or or or disrupted orders or or or or incur significant expenses in in implementing remedial and improvement measures to enhance the Company’s cybersecurity network and may also expose TSMC to significant legal liabilities arising from or related to to legal proceedings or or regulatory investigations associated
Equipment