(Translation) Tokio Marine Group Basic Policies for Information

Article 1 (Purpose) These Policies shall establish the basic Policies for the information security management of the Tokio Marine Group in accordance with the “Tokio Marine Group Basic Policies for Compliance”.

Article 2 (Relationship to "Basic Policies for Group Company Management") Unless the spirit of these Policies is violated, any matter not provided for in these Policies shall be governed by the “Tokio Marine Group Basic Policies for Group Company Management” (Basic Policies for Group Company Management) separately established by Tokio Marine Holdings, Inc. (Tokio Marine HD) and “Tokio Marine Group Basic Policies for Compliance”.

Article 3 (Definitions, etc.) 3.1 As used in these Policies, the terms in the following subparagraphs shall have the meanings defined therein: (1) “Information Security Management” means protecting the Information against various information leakage such as leakage, disappearance and unauthorized use; securing the confidentiality of the Information Asset; preventing the details from being changed without approval; and managing the Information Asset so that it can be used whenever necessary. (2) “Information Asset” means Important Information and the information system. (3) “Important Information” means information that requires strict control such as prevention of leakage or utilization beyond the scope of purpose with respect to the of the company and that shall be divided into “Customer Information”, “Personal Information and specific personal information about employees, etc.” or “Confidential Information” based upon its own nature. (4) “Customer Information” means information related to Customers, etc. (including specific personal information, etc.) by which specific Customers, etc. can be identified (including information that can be easily collated with other information to identify specific Customers, etc.) (5) “Employees, etc.” means officers and employees of Tokio Marine HD or Tokio Marine Group Companies (including dispatched workers), agencies or their respective concerned persons (including family members, officers and employees, sureties). (6) “Personal Information” means information about a living individual which can identify the specific individual by name, date of birth or other description contained in such information (including such information as would allow easy reference to other information, thereby enabling the specific individual to be identified); provided, however, that specific personal information, etc. shall be excluded. (7) “Specific Personal Information, etc.” means individual number and specific personal information. (8) “Individual Number” means the individual number provided for in Article 2, Paragraph 5 of the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (My Number Act) (including the individual number provided for in parentheses of Paragraph 8 of said Article). (9) “Specific Personal Information” means personal information that contains the individual number. (10) “Confidential Information” means Important Information other than “Customer Information” and “Personal Information and Specific Personal Information, etc. about employees, etc.” (11) “Privacy Policy” means “a pronouncement on an entity’s view and guidelines for the protection of Personal Information and Specific Personal Information, etc. by business operators handling Personal Information and Specific Personal Information, etc.” (12) “Outsourcing” means that Tokio Marine HD or a Tokio Marine Group Company commissions an outsourcee to conduct part or the whole of its . 3.2 Definitions of “Tokio Marine Group,” “Tokio Marine Group Companies,” and “Subsidiary Subject to Business Management” mentioned in Article 2 (Definitions, etc.) of the Basic Policy for Group Company Management shall apply to these Policies. 3.3 Definitions of “Customers, etc.” mentioned in Article 3 (Definitions) of “Tokio Marine Group Policy for Protection of Customers, etc.” separately established by Tokio Marine HD shall apply to these Policies. 3.4 Definitions of “Information System” mentioned in Article 3 (Definitions) of “Tokio Marine Group Basic Policy for IT Governance” separately established by Tokio Marine HD (Group IT Governance Basic Policies) shall apply to these Policies.

Article 4 (Basic Concept) 4.1 Tokio Marine Group shall conduct the Information Security Management in an appropriate manner, according to the type of business, size or location of each company of the Tokio Marine Group, to ensure the appropriate and reliable operation of the Tokio Marine Group, in view of the importance of Information Asset. 4.2 Each company of the Tokio Marine Group may, if necessary for business purposes and only if either of the following items is applicable, use Customer Information except for Specific Personal Information with other companies of Tokio Marine Group; provided, that if there are provisions of laws, ordinances and regulations, if any, in addition to the Financial Instruments and Exchange Act of Japan that apply to the joint use, each company shall comply with such provisions. Also, even in cases where the Customer Information except for Specific Personal Information is used jointly, each company shall strictly manage such Customer Information to prevent it from being leaked out to parties outside of the Tokio Marine Group. 1) If approval of the Customers, etc. has been obtained 2) If such joint use of information is authorized by laws, ordinances or other regulations applicable to each company 4.3 If each company of the Tokio Marine Group intends to have an outsourcee handle Important Information in certain business operations outsourced, the company shall have the outsourcee implement the Information Security Management in the same level as the company is required by laws and regulations. The content of the Information Security Management shall be governed by “Tokio Marine Group Policies for Outsourcing Management,” which are separately established by Tokio Marine HD. 4.4 Among the Information Security Management implemented by the Tokio Marine Group, the Information Security Management related to the information system shall be governed by the Group IT Governance Basic Policies.

Article 5 (Preparation of System for Information Security Management) 5.1 Based on these Policies, Tokio Marine HD and Tokio Marine Group Companies shall positively engage in the Information Security Management. 5.2 In principle, Tokio Marine HD and Tokio Marine Group Companies shall conduct the activities described in the following subparagraphs, and shall establish, in accordance with these Policies, a system for the Information Security Management that is necessary for the said companies to perform their own responsibilities, including the establishment of policies, regulations, etc., the creation of organizational structures, and the implementation of evaluation, improvement activities, etc.: 1) Establish a department supervising Information Security Management. 2) If Privacy Policies are to be established to meet the requirements of the Act on the Protection of Personal Information and the My Number Act in Japan, Tokio Marine HD shall specify the content of such privacy policy based on the “Tokio Marine Group Privacy Policy” separately established by it and publicize such content. 3) Establish regulations, etc. concerning the handling of Important Information, and create an internal system for notifying officers and employees of particulars thereof without fail. 4) Establish reporting rules on the occurrence of any problem concerning Information Security Management.

Article 6 (Responsibilities of Tokio Marine HD) Tokio Marine HD shall conduct the following activities, in addition to those specified in the Basic Policies for Group Company Management: (1) Establish “Tokio Marine Group Privacy Policy” and provide it to Subsidiaries Subject to Business Management

Article 7 (Responsibilities of Subsidiaries Subject to Business Management) In principle, Subsidiaries Subject to Business Management shall conduct the following activities, in addition to those mentioned in the Basic Policies for Group Company Management: (1) Report to Tokio Marine HD on the matters specified in Schedule 1;

Article 8 (Amendment and Abolishment) Important amendments to and abolition of this Policy shall be determined by the of Tokio Marine Holdings. Other amendments may be determined by the executive officer in charge of the Legal & Compliance Department. The General Manager of the Legal & Compliance Department, however, may execute minor amendments and amendment of Appendices (excluding the matters for which prior approval or consultation is necessary).

Established on April 2, 2002 Revised on April 1, 2005 Revised on October 1, 2006 Revised on December 17, 2007 Revised on July 1, 2008 Revised on June 29, 2009 Revised on September 9, 2009 Revised on October 1, 2009 Revised on April 1, 2010 Revised on April 1, 2011 Revised on April 1, 2012 Revised on July 24, 2012 Revised on April 1, 2015 Revised on December 18, 2015 Revised on May 30, 2017 Revised on April 1, 2018 Revised on April 1, 2019 Revised on April 1, 2020 Schedule 1

Matters subject to reporting Reporting time 1. Status of reporting information leakage incidents Half-year period