As part of a BUMN, Telkom places compliance and compliance with applicable regulations as the basis for implementing good corporate governance. By implementing the principle of compliance with all regulations, Telkom believes this will have an impact on the smooth running of business activities and minimize operational and other risks and improve the Company's reputation.

Telkom has also implemented various compliance programs, including::

• Compliance Training Program: Telkom provides compliance training to all employees on a regular basis.
• Whistleblowing Program: Telkom provides a safe and trusted violation reporting channel for employees.
• Due Diligence Program: Telkom carries out due diligence on all potential business partners before establishing collaboration.

In terms of business competition, Telkom recorded no monetary losses as a result of legal proceedings related to anti-competitive behavior regulations throughout 2023. On the other hand, Telkom is also committed to fair business competition, with the principle of prudence in developing products so that they remain in accordance with competition regulations. business.

As a leading company in Indonesia, Telkom and its Subsidiaries have so far adopted ethical business competition practices with no record of violations related to monopoly or business competition regulations in the 1999 Business Competition Law.

TelkomGroup adheres to the principles of anti-corruption, collusion and nepotism. The realization of this commitment is reflected in the implementation of anti-fraud policies. We require filling out the State Administrator's Assets Report (LHKPN) for members of the Board of Directors, Commissioners and employees at Band I-III (specifically Kakandatel) top level.

The company also routinely carries out anti-corruption and anti-fraud outreach as well as SMAP e-learning, and is targeting ISO 37001:2016 SMAP (Anti-Bribery Management System)/Anti-Bribery Management System certification for all subsidiaries directly until 2024.

We continue to consistently uphold business ethics standards and prioritize transparency in our operations, one of which is by developing the Telkom Integrity Line as a whistleblowing system (WBS) and following up on reports deemed appropriate according to the criteria and procedures set out in the WBS.

Telkom carries out operational activities in accordance with ethical and fair business practices in the telecommunications industry. Telkom's commitment to integrity and transparency is reflected in every aspect of the business, from customer service to interactions with partners and communities. Telkom prioritizes compliance with strict regulations and industry standards, as well as paying attention to consumer rights and privacy in every service Telkom offers. TelkomGroup Business Ethics Guidelines are stipulated in Directors' Decree No. PD.201.01/r.00/PS150/COP-B04000000/2014 concerning Business Ethics in the TelkomGroup Environment.

Telkom has a comprehensive corruption, bribery and fraud prevention policy which regulates how the company prevents, detects and follows up on acts of corruption, bribery and fraud. This policy is in line with applicable laws and regulations in Indonesia, such as Law Number 31 of 1999 concerning the Eradication of Corruption Crimes (UU Tipikor) and Presidential Regulation Number 87 of 2016 concerning the National Strategy for Preventing Corruption. TelkomGroup adheres to the principles of anti-corruption, collusion and nepotism. The realization of this commitment is reflected in the implementation of anti-fraud policies. Telkom requires filling out the State Administrator's Assets Report (LHKPN) for members of the Board of Directors, Commissioners and employees at Band I-III level (specifically Head of Telkom). Telkom routinely carries out anti-corruption and anti-fraud outreach as well as SMAP e-learning, and targets ISO 37001:2016 Anti-Bribery Management System Certification for Subsidiaries by 2024.

Telkom continues to consistently uphold business ethics standards and prioritizes transparency in its operations, one of which is by developing the Telkom Integrity Line as a whistleblowing system (WBS) and following up on reports deemed appropriate using the criteria and procedures set out in the WBS. Since 2006, Telkom has implemented a WBS which is designed to receive, review and follow up on complaints from stakeholders, while maintaining the confidentiality of the reporter. This WBS is under the Main Director of Telkom so that incoming reports can be immediately known by management and followed up by the Internal Auditor.

Telkom has a comprehensive privacy and data security policy that regulates how the company collects, uses and protects customer data. This policy is in line with applicable laws and regulations in Indonesia, such as Law Number 11 of 2008 concerning Electronic Information and Transactions (UU ITE) and Regulation of the Minister of Communication and Information Technology Number 12 of 2016 concerning Personal Data Protection.

In 2023, Telkom will have a Data Protection sub-department as a form of Telkom's commitment to continue to improve guaranteed protection of customer data, internal company data, as well as supplier and business partner data. Throughout 2023, there were no data breach incidents, and there were no sanctions, fines or legal proceedings related to customer privacy.

Telkom ensures legal use of data and asks for permission or consent from customers regarding their personal data in accordance with applicable regulations. Telkom also carries out data governance in accordance with data protection regulations and carries out regular assessments, outreach and audits to ensure data governance runs according to established standards. Telkom consistently disseminates the Personal Data Protection (PDP) ecosystem to all employees to explain the roles and interactions of personal data subjects, controllers, processors and supervisory institutions in maintaining data privacy and security.

The company carries out preventive efforts to face the risk of cyber threats, such as developing a Cyber ??Security Operation Center (CSOC) which functions as a center for continuous monitoring, detection and response to information security incidents. The company also carries out routine cybersecurity testing and mandatory cybersecurity-related training for employees.