How we manage risk

A systematic approach in a dynamic environment

Dynamics in the global semiconductor industry present both opportunities and risks. ASML manages risk through an enterprise risk management (ERM) framework that integrates risk management into our daily business activities and strategic planning.

Our risk management process

ASML's ERM framework is designed to enable a well-defined governance structure and a robust ERM process. The Risk and Business Assurance function drives the ERM process and associated activities across ASML. We follow a systematic approach to identify, manage and monitor risks in pursuit of our business objectives by setting standards and enabling management to maintain and continuously improve our governance, risk management, internal control and compliance.


Read more about how ASML manages risk in our annual report.

2023 Annual Report
Risk management process

Risk management governance structure

Risk management  governance structure

Risk universe

ASML’s risk universe is a consolidated overview of the risk categories that may have a material adverse effect in achieving our business objectives. We review and update our risk universe frequently, taking into account a broad range of internal and external information sources, such as macroeconomic and industry trends, relevant guidelines and legislation, and stakeholders’ needs and expectations.

Strategy and products

  • Industry cycle
  • Geopolitical
  • ESG expectations
  • Business model
  • Merger & acquisition
  • Competition
  • Innovation
  • Product Stewardship
  • Product roadmap execution
  • Intellectual property rights

Finance & reporting

  • Business planning
  • Financial
  • Tax and customs
  • Shareholder activism
  • Disclosure / external reporting 


  • Customer dependency
  • Product / service quality
  • Supplier strategy & performance
  • Supply chain disruption


  • Knowledge management
  • Organizational effectiveness
  • Human resource


  • Product industrialization
  • Process effectiveness & efficiency
  • Environment, health & safety
  • Continuity of own operations
  • Security
  • Information technology
  • Manufacturing and install

Legal and compliance

  • Contractual liability
  • Violation of laws & regulations 

    Risk appetite

    Our ‘risk appetite’ sets out the level of risk we are willing to accept to achieve our objectives, which varies depending on the type of risk.

    ASML's risk appetite