Managing risks and compliance

Telkom executes a solid, flexible and resilient risk and compliance strategy that supports our strategic objectives. Our operating environment is characterised by unprecedented opportunities and significant, ever-changing threats. This requires the Group to balance risks and rewards and constantly monitor strategic risks.

Telkom considers internal and external contexts and the adequacy of key controls and existing regulatory framework controls when reviewing the Group's risks and opportunities. We monitor the effectiveness of risk management and compliance programmes to identify improvement areas, and track risk metrics to ensure significant progress is made to mitigate risks.

We use control self-assessments and compliance control validation reviews to determine the effectiveness of our risk and compliance management processes. Annual risk and compliance reviews are conducted to ensure we meet our King IV requirements. Any undue or unexpected risks, and those risks outside of our tolerance level, are reported with the necessary mitigating actions.

Risk and compliance management governance

In our dynamic and competitive industry, enterprise risk management (ERM) is a strategic imperative. Our ERM framework is designed to navigate the risks inherent to the business, from technological advancements and regulatory changes to cyberthreats and market volatility.

Our ERM strategy is underpinned by robust governance structures. This ensures that risk management is integrated into our strategy and operational processes. All business units, supporting functions, processes, projects and other controlled entities are subjected to the ERM framework.

		Board	Oversees risk and compliance across the Group. Provides an integrated approach to governance and management of risk and compliance, supported by a risk and compliance operating model aligned with Telkom's business model.

		Audit, Risk, and Social and Ethics Committees	Monitor and advise the Board on risk and compliance, laws and regulations. Refer to nominations committee, audit committee and remuneration committee for these Committee reports.

		Group Exco	Integrates risk and compliance management, systems, and people across the Group.

		Integrated Governance, Risk, Compliance and IT Steering Committees	Assess risks and resulting opportunities within the agreed risk framework. Reduce the impact of regulatory risk by driving compliance awareness for all applicable laws, regulations and supervisory requirements.

		Group risk, compliance, business continuity management	Set policies and standards and provide oversight and control.

		ERM forum	Shares best practices and knowledge and monitors key risks and mitigation plans.

		Business unit assurance forum	Applies effective risk and compliance management and combined assurance, aligned with the ERM framework, to optimise risktaking.

		Business unit risk and compliance management Business unit management	Implement the risk, compliance and business continuity management policies, standards and frameworks. Apply and maintain the compliance risk registers, identify mitigating controls, implement action plans and operationalise the business unit assurance forum. All business unit Excos are accountable for managing risk and compliance within the approved delegation of authority (DoA).

In managing and dealing with the Group's risks, Telkom ensures:

There is effective risk management
Risk and opportunity management is clearly and consistently integrated into Telkom's culture and managed according to best practice
People, processes and technology support the strategy, underpinned by governance, risk and compliance requirements
Group-wide interdependencies are recognised in enhancing business resilience by anticipating, observing and responding to the macro- and micro-environments
Management's conscious effort to manage risks ensures the business fulfils its mandate and that internal structures collaborate
The importance of an integrated, proactive and continuous approach is appreciated across all structures
Key stakeholders' needs and expectations are comprehended and managed to identify and manage related risks

Improvements in FY2025

We continued to monitor the six Telkom strategic risks and their associated mitigating actions. We performed an annual strategic risk assessment, reviewed the risk appetite and tolerance levels, and obtained Risk Committee approval. We also conducted a Group Exco risk workshop.

We intensified engagements with management by including them in strategic discussions within the Group.

We implemented a risk aggregation process and reviewed risk reporting to ensure meaningful assessment and value-add.

We identified and will continue to monitor risks relating to the FY2026 to FY2030 business plan.

We promoted combined assurance and collaboration in support of the OneTelkom approach. We ensured that key internal assurance providers adopt the risk management framework in their risk assessment.

We continued to enhance our combined assurance model to create efficiencies in managing risks that involve different assurance providers within the Group.

In line with the combined assurance model, we conducted a third-party risk assessment to establish gaps and associated mitigating actions from a combined assurance perspective. We also implemented combined assurance initiatives related to business continuity awareness, whistle-blowing, fraud awareness, health and safety, and compliance. (Refer to the combined assurance section.)

We focused on maturing the ESG risk assessments, and emphasised the energy initiatives as a critical component of the ESG strategy. The regional risk assessments on the climate risks were completed. The findings will help Telkom proactively respond to climate-related risks. (refer to the TCFD chapter.)

There was no undue or unexpected risk outside of tolerance levels, despite the macro-economic environmental instability remaining very high throughout the year due to external factors beyond Telkom's control. There are mitigating actions internally to reduce the impact.

Business continuity management

Telkom focused on maintaining and improving business resilience. Our infrastructure, business processes and emergency management procedures are flexible enough to protect stakeholders' interests and our brand and reputation.

The Group Emergency Management Team successfully dealt with the potential risks related to the 2024 national elections. Loadshedding was minimal, though it continued in some areas of the country.

Telkom did not experience any significant business disruptions that required focused resources in FY2025.

Our strategic risks

Telkom reviewed the Group's strategic risks based on three dimensions and in the context of its financial and non-financial strategic objectives:

Macro-environmental risks likely to impact Telkom's growth opportunities, such as economic conditions and ability to access funds.

Strategic risks with the potential to affect Telkom's business strategy/objectives. These are uncertainties or opportunities that could affect decision-making. They are crucial matters that the Board, shareholders and investors should be concerned about in relation to strategic intent.

Operational risks with the potential to impact critical operations, such as increased cyberattacks or supply chain disruptions.

The risk heatmap reflects the residual risk rating, which considers the mitigation controls in place.

The risk dashboard reflects the movement of strategic risks between FY2024 and FY2025.

FY2025

	Description	Residual risk exposure		Trend	Reason for risk movement
		FY2024	FY2024
1	Market forces and disruption exacerbating competition pressures	High	High		There is pending introduction of policy direction which may introduce new entrants in the market, e.g. Starlink.
2	Inability to attract and retain a suitable and resilient workforce	High	Medium		Telkom's employee turnover is within the risk appetite. Telkom continues to attract skilled talent from within and outside of the industry.
3	Increased focus and scrutiny on ESG matters	High	High		Telkom continues to implement its ESG strategy while addressing implementation challenges.
4	Financial sustainability	High	Medium		Telkom demonstrated strong EBITDA growth and a strengthened balance sheet resulting from the Swiftnet disposal in FY2025.
5	Macro-environmental instability	Very high	Very high		The macro-environment is negatively affected by geopolitical tensions and an uncertain economic outlook.
6	Inability to manage and meet material stakeholder expectations	Medium	Medium		Significant progress was made in proactive stakeholders engagement and brand repositioning in FY2025.

Movement in our strategic risks compared to FY2024:
	Risk exposure remained constant		Risk exposure deteriorated		Risk exposure improved

	1 Market forces and disruption exacerbating competition pressures	2 Inability to attract and retain a suitable and resilient workforce	3 Increased focus and scrutiny on ESG matters
Risk definition	Telkom operates in a competitive and rapidly changing market. Increases in technological innovation, market deregulation, customer expectations, and new entrants in the connectivity space exacerbate this risk, putting pricing and product offerings under pressure. Failure to respond swiftly to competitive threats could negatively impact the Group's prospects, including its market share, relevance, revenue growth and profit margins.	How companies work, hybrid working models, customer behaviours and technology trends are changing. This requires talent that can provide a sustainable competitive advantage. Failure could result in loss of competitive advantage, increased employee costs and delays in achieving the Group's strategy.	There is increased focus on ESG matters due to the growing importance of sustainability matters in society, including increased awareness of climate change, social inequality and corporate misconduct. This could impact Telkom's financial sustainability and reputation and limit access to opportunities.
Mitigating activities and monitoring	Continuously monitor the market and competitive landscape, using AI to gain further insights Develop product offerings that appeal to customers and explore upselling opportunities Develop and implement adaptive strategies focused on innovation Investigate strategic partnerships to increase competitive advantage Invest in technology that ensures agile and speedy solution delivery Continuously identify and address operational inefficiencies	Continuously implement the culture transformation journey Implement the recruitment strategy to meet the demands of the business while allowing flexibility to align with market demand Implement change management processes and enable a robust working environment Continuously develop skills and career opportunities through the learning programme, succession planning and future skills programme Continue with a hybrid work approach	Continue to implement the ESG strategy Continuously identify and monitor ESG risks and improve ESG maturity Develop a sustainable procurement strategy Completed a double materiality assessment incorporating input from external stakeholders The ESG vision and strategy for 2030 will be revised
Assessment rationale and opportunities arising from managing risks	Telkom's ability to compete effectively is demonstrated through increased mobile subscribers, fibre homes passed and homes connected. There is still a challenge in the IT market segment due to competition. However, Telkom is implementing an improvement strategy. The risk remains high as competitors work hard to win over Telkom customers, as reflected in customer churn numbers. The pending introduction of policy direction on equity equivalent investment programmes in the sector may introduce new entrants in the market, e.g. Starlink, which may exacerbate this risk. Telkom strengthens its competitiveness through different strategies, based on the OneTelkom approach.	This risk declined to medium and within risk appetite. However, the risk of losing talent to competitors remains, as does the shortage of critical skills. The following contributes to retaining and attracting talent: We were certified as a Top Employer in South Africa in 2025 We have maintained a hybrid work approach since 2020 Employees participate in innovation challenges Our learning programmes, bursaries, learnerships and internships Career growth prospects for talented employees through succession development See Human capital for more on our HR practices.	Telkom's ESG strategy is progressing well and will be revised in our ESG strategy. We monitor ESG risks and report on them to various governance structures. Our external maturity assessment continues. We completed our first climate risk assessment. Although we have made significant progress, the risk remains high as some deliverables are in progress.
Strategic pillars	P V O T DS OE	O IWP	O IWP DP DS EC BS
Material matters	MM2 MM3 MM8	MM6	MM7


	4 Financial sustainability	5 Macro-environmental instability	6 Inability to manage and meet material stakeholder expectations
Risk definition	Maintaining financial capacity is crucial to sustain and grow operations while building financial resilience to manage unforeseen economic events. This risk is due to: A depressed economic environment Insufficient liquidity and/or cash flow deterioration Inability to generate FCF Customers not paying on time Unsustainable leverage ratios	Socio-economic challenges impact consumers' quality of life and influence their attitudes, behaviours and preferences. Since consumers are critical to the Group's success, this instability could lead to levels of profitability and cash generation that are unsustainable. It could also impact shareholders' perspectives on future growth.	When Telkom does not meet material stakeholder needs and expectations, this can result in: Diminished reputation Loss of trust, investor confidence and access to capital Customer dissatisfaction and loss of market share Public backlash and potential boycotts of our products and services Low employee morale, decreased productivity and increased employee turnover
Mitigating activities and monitoring	Monitor cost-optimisation initiatives Continue the data-led strategy to drive revenue Maintain adequate debt headroom and disciplined capital allocation, with flexible capex investments and secured debt facilities Use device financing to stimulate further growth in post-paid while managing FCF Efficiently management of bad debts Maintain a sound governance framework that ensures transparent financial and operational frameworks and supportive credit ratios	Monitor macro-economic indicators to guide financial decision-making and strategy execution Monitor geopolitical developments and their effect on strategic execution and operations Monitor trade receivables, bad debts and involuntary customer churn Sustain a robust balance sheet to withstand fluctuations in the economy Continuously engage with credit rating agencies and lenders Increase collaborative efforts with social agents and foster private-public partnerships Strengthen CSI	Developed an integrated stakeholder engagement framework Continue the brand refresh journey Continuously monitor and track performance against stakeholder expectations, creating opportunities to revise plans, collect feedback and adapt to evolving needs to ensure alignment Read more in the stakeholder chapter.
Assessment rationale and opportunities arising from managing risks	This risk abated in FY2025 due to improved financial performance, as set out in the GCFO's report. We continually explore other revenue streams to reduce operational costs and improve profitability.	Macro-economic indicators showed some improvement in FY2025. Loadshedding was reduced, the GNU improved investor confidence, and inflation and interest rates decreased. However, unemployment remains high and customers remain under pressure to manage debts and prioritise essential needs. Most of these factors are out of Telkom's control. However, we can ensure our products and services are competitive to reflect changing customer attitudes and behaviours. Telkom introduced affordable mobile devices for low-income customers. Opportunities exist for products and services to improve the economy, and for community partnerships to address social issues such as the digital divide and grow SMMEs.	We made significant progress in proactively engaging strategic stakeholders, including government, regulators and investors. Our brand refresh to position Telkom as the brand of choice continues. However, more work is required to include other stakeholder categories and improve existing relationships.
Strategic pillars	P V O DP DS EC	P V O DP DS EC	P DP DS EC BP
Material matters	MM5	MM3 MM5	MM3

Compliance governance and oversight

Telkom is committed to comply with all applicable laws and regulations, and supports the application of non‑binding codes and standards. This fosters stakeholder trust and safeguards the Group's long-term viability.

The Board, through the Group Risk Committee, oversees compliance risk management and internal controls to ensure compliance with legislation. We have a specialised team that oversees our compliance landscape, ensuring we meet regulatory obligations and stay ahead of emerging legislation.

We confirm that no material or repeated regulatory penalties, sanctions or fines for contraventions of or non-compliance with statutory obligations were reported in FY2025.

Our stringent compliance regime supports our combined assurance approach through three lines of defence and regular reporting. The compliance function also reports to the IT governance structures and the economic crimes forum on data privacy, cybersecurity and potential areas of non-compliance.

We have zero tolerance for regulatory non‑compliance, fraud, bribery and corruption.

The Group Exco annually reviews and approves the regulatory universe derived from our risk-based approach. This is an important part of our due diligence, strategic planning and risk management. It safeguards Telkom's compliance posture and allows us to drive innovation and growth within a sound regulatory framework. We also invest in comprehensive employee training to foster a culture of compliance and integrity.

The annual compliance plan supports the ERM strategy and objectives. It sets out plans to enhance the Group's compliance culture and monitor compliance risk management. We provide quarterly reports on the status of compliance deliverables to the ERM forum, integrated governance risk and compliance forum, Risk Committee and Board.

We continuously monitor and report on the effectiveness of controls to ensure compliance with the Electronic Communications Act and applicable regulations. In response to growing data privacy concerns, we have strengthened our efforts to safeguard personal information.

We play a proactive and influential role in the regulatory space. This includes:

Advocacy for regulatory balance between safeguarding consumer interests and flexibility to innovate and grow
Participating in dialogues with regulators and policymakers and contributing our expertise to draft policies (e.g. RICA) that could impact the industry

We respect the personal information of our customers, employees and service providers. We are committed to safeguarding the personal information we handle.

Compliance with data privacy legal frameworks and information security standards is Telkom's priority. Two instances of unauthorised access to personal information (FY2024: 2) were reported to the Information Regulator, with limited exposure. Telkom immediately enhanced the control environment.

We received five customer complaints (FY2024: 5) from the Information Regulator regarding direct marketing. Telkom investigated all incidents, reported on the outcomes, and addressed the control environment.

Focus areas for FY2026

ERM

Enable effective tracking of key risk indicators and mitigating actions
Improve the ERM framework in line with risk management advancements
Redefine organisational resilience by ensuring sustainable operations during disruptions
Continue to support the ESG strategy by managing the associated risks
Collaborate with the first line of defence in managing the Telkom business plan risks for 2026 to 2030
Continue to embed the risk culture through training and awareness across the Group

COMPLIANCE

Continue to monitor the top 10 regulations in line with the regulatory universe with a focus on core legislation
Continue to monitor any emerging regulations impacting Telkom