KDDI Europe Limited ("Company") is committed to fully complying with the relevant laws and regulations in relation to Information Security ("Relevant Laws"), including the Data Protection Act 1998 of the UK and the Act on the Protection of Personal Information of Japan by protecting the information assets from a wide range of infringement incidents and ensuring the confidentiality, integrity and availability of information assets of the Company.

For the aforementioned purpose, the Company will:

1. Establish a working structure in the Company to deal with Information Security.
2. Develop necessary internal rules to enforce this policy ("Enforcement Rules").
3. Check all the information assets and business processes, classify them and manage them properly.
4.  Analyze threats to the information assets and business processes, their estimated probability, possible adverse impact on the Company's business and thus identify and assess the risks associated with them.
5.  Develop the measures to manage and control the identified risks ("Control Measures") based on the aforementioned analysis and the assessment and put them into force.
6. Conduct a periodical and extraordinary internal audit on the Enforcement Rules and the Control Measures, etc. in terms of their effectiveness and enforceability, and based on the results of the audit, review, and, if it is deemed appropriate, amend this policy, the Enforcement Rules and/or the Control Measures or take any other step to ensure Information Security.
7. Take appropriate actions to enforce this policy as well as to apply Enforcement Rules to those who are not a Company's staff, but have an access to the information assets of the Company.

All Company staff shall have an adequate knowledge about the significance of Information Security and faithfully abide by all the provisions of the Enforcement Rules. Any actual or threatened infringement of the Relevant Laws or Enforcement Rules shall be reported to the management without delay.

Any non compliance with the Relevant Laws or Enforcement Rules will be considered to be an offence, to which the Company's Disciplinary Procedures will apply.

Tokuji Mitsui
Managing Director
KDDI Europe Ltd.