Risk Management

• To prevent telecom fraud issues, the National Communications Commission (NCC) promulgated the “Regulations Governing the Use of the Subscriber Numbers on Telecommunications Enterprises” with the aim of strengthening the management of the use of subscriber numbers and the Know Your Customer (KYC) mechanism. It also imposes a responsibility on Mobile Network Operators (MNOs) to oversee and audit Virtual Mobile Network Operators (MVNOs), with penalties for non-compliance.

The new law has increased the company’s legal compliance obligations and costs, such as:

• The company must strengthen the management of applications for subscriber numbers by corporate customers, including confirming usage purposes, maintaining user lists, and, whenever necessary, conducting on-site visits to verify the authenticity of relevant information. In particular, the prohibition on transferring numbers except for internal activities will affect the company's revenue and operational model for corporate customer business.
• If the company wishes to cooperate with MVNOs, it must bear the responsibility for auditing and supervision, including pre-cooperation checks, confirmation of KYC implementation capabilities, and regular post-cooperation inspections. This will impact the willingness of MNOs to collaborate with MVNOs.

• For corporate customers whose primary business involves reselling numbers, the company will actively assist these customers in registering with the NCC as telecommunications enterprises (MVNOs) or becoming the company's distributors. We will also strengthen their KYC implementation capabilities to obtain qualifications for reselling numbers, in order to reduce the impact on our corporate customer business.
• Since the regulations prohibit the resale of numbers, the market order is facing reorganization. Users who previously applied for numbers through corporate customers are expected to turn to telecommunications enterprises (MNOs) for applications. The company will adjust the market strategy accordingly and actively seek to attract customers to increase revenue.

• To enhance the resilience of communication networks, The Ministry of Digital Affairs ( MODA) supported the telecom in using non-geostationary satellite orbit as emergency response communication networks.. Our competitors have already taken the lead in collaborating with international low Earth orbit (LEO) satellite providers. If the company does not accelerate its efforts to catch up, it may affect our competitiveness.

• Our competitors have taken the lead by signing an exclusive service agreement with OneWeb, the world's second-largest low Earth orbit (LEO) satellite operator. They are expected to commence commercial operations before the end of 2024.
• TWM can only negotiate and cooperation with other, smaller international satellite operators. These smaller operators have launched fewer satellites, and there is still a considerable distance before they can achieve full coverage or formal commercial operations.

• Low Earth Orbit (LEO) satellites, as a complement to ground-network communications, it not only enhances our country's network resilience but also promise to address the coverage gaps of traditional 4G/5G signals, which currently cannot fully cover all of Taiwan.
• The company is actively negotiating cooperation with other international satellite operators. We intend to build a diverse network using alternative satellite technologies that offer more greater mobility and ease of use.

• New climate-derived disaster events represent external risks, leading to increased storm intensity and prolonged high temperatures.
• Increased manpower for emergency repairs following natural disasters.
• Unstable electricity and water supply.

The disaster events arising from climate change have significantly impacted our company's operations and finances and will continue to exert the following effects. According to the 2023 TCFD report, disasters such as flooding, landslides, and debris flows have already resulted in financial losses. Analysis of our own assets revealed that 78 facilities are exposed to at least one type of disaster risk. In terms of financial impact, we have calculated 1) operating losses and 2) increased costs, as detailed below:

1) Operating Losses:

• 75 HUB machine rooms suffer the risk of flooding, with the severest threat being the failure of power supply. These measures would ensure no service interruptions or compromised quality, thereby preventing operational losses.
• One and two Hub machine rooms are located near debris flow area and landslide areas, respectively, which could potentially impact the annual revenue of the affected base stations by approximately 360 million NTD.

2) Increased Costs:

• When the 78 machine rooms experienced an impact (including response to 75 flooding emergency event, one debris flow and two landslides, the estimated annual labour cost is approximately 81.89 million NTD.

Our company has adjusted its climate strategy to address the identified impacts. The following measures have been implemented to manage these impacts through 1) capital investment, 2) human resources, and 3) the addition of equipment, as detailed below:

1) Capital Invested:

• Investment or establishment in relocation of new site: The cost of machine rooms after debris flow and landslide event swould be approximately 1 million NTD per occurrence.

2) Human Resource:

• (Flooding Prevention) For the 75 machine rooms, the installation of detection systems and power generators would cost approximately 1.82 million NTD.
• Mudslide/Landslide Prevention) the execution of slope monitoring operations, technical inspection and analysis services, along with the installation of power generators in the 3 machine rooms, would cost approximately 1.1 million NTD.

3) Adding equipment or preventative measures:

• (Flooding Prevention) For the 75 machine rooms, the installation of leak detection systems and temporary generators would cost approximately 22.14 million NTD.
• Mudslide/Landslide Prevention) the execution of slope monitoring operations, technical inspection and analysis services, along with the installation of temporary generators in the 3 machine rooms, would cost approximately 28.88 million NTD.

• The failure rate of infrastructure was increased with years of use.
• Outdated systems and infrastructure should be phased out.
• The demand for air conditioner of computer room was increased due to the growth of information system.

• The failure rate of infrastructure was increased with years of use and impact the operation of the information system.
• Outdated systems and infrastructure cannot meet business needs and affect competitiveness.
• If the existing air conditioner of computer room reaches the threshold value, it will not only increase operating costs, but also risk affecting the operation of the information system.

• Regularly checking the operation status of infrastructure equipment and consider the vendor's support to carry out timely replacement and updates and design a backup mechanism to ensure the normal operation of the information system.
• To implement a private cloud platform for quickly building information systems to support business development and enhance competitiveness.
• In addition to the original water-cooled air conditioners, it is planned to build air-cooled air conditioners while improving the fault tolerance of the air conditioners and keeping the air conditioner load below the threshold value.

• Comparison of big data quality analysis using traditional KPI analysis

• When applying AI to improve network quality, the network quality learning model is influenced by numerous factors, coupled with network obstacles affecting model accuracy. AI misjudgments may lead to operational teams crowding out or prolonging the resolution time of actual network issues.

• Combine and compare traditional analytical methods with AI models, continuously optimize and adjust to enhance AI reliability and effectiveness.

• Network integration engineering expected quality changes not meeting consumer expectations.

• Merger case engineering needs to be carried out gradually, expected changes psychologically affect user experience, leading to user correspondence, customer complaints, and group effects, impacting company image.
• Network spectrum will increase high-load phenomena at base stations due to a large increase in users, causing more users to experience poor quality.

• Plan spectrum usage priorities, coupled with dynamic scheduling of overall spectrum resources to enhance user experience.
• Adjust merger case engineering on a rolling basis to improve user experience earlier.
• Accelerate the completion of network integration to enhance user experience.

• Personal privacy regulations are becoming strict domestic and abroad, and public awareness of personal information protection raised.
• Emerging services and product ranges increase personal information leakage and the leakage affects reputation.

• Privacy regulations are becoming strict domestic and abroad, and in recent years, customers’ demands for personal information (PI) protection have increased significantly. Predictably, the Government plan to set a competent authority which named as Personal Data Protection Commission will strengthen information security (IS) and privacy supervision in the further. As a result, to establish and improve PI and privacy management, the company must continue to invest various resources and minimize external risks related to IS and privacy-related regulations of competent authorities and customer expectations.
• In addition, to provide various high-quality services, it is expected that the scope of innovative services and products will increase in the next 3 to 5 years, which will involve a large amount of PI and privacy processing. If we accidentally leak customers’ PI, we must face the relevant legal responsibilities, for example a compensation within 500 to 20,000 NTD for each customer, if the circumstances are serious, a fine of not less than 150,000 but not more than 15 million NTD may be imposed. Besides those compensation, TWM will loss of users, administrative penalties, revenue reduction, and reputation damage.

• In response to the external impact of information security (IS) and privacy, We must build a customer personal information (PI) and privacy protection mechanism, pay attention to international development trends and regulatory requirements, cooperate with the development of innovative services and products, and continue to optimize related processes involving PI and privacy.
• We verify the PI and privacy management effectiveness through an impartial third party. We continue compliance the ISO 27001 "Information Security Management System (ISMS)" and the BS 10012 and ISO/IEC29100 privacy framework standards certificates, integrate corporate operating procedures such as promote the IS maintenance plan, etc. We also expand the scope of PI and management and privacy and obtain the certificate of the latest international privacy protection standard-ISO27701 "Personal Data Privacy Management System" to improve IS and privacy level, and following take actions.

1. Establish and revise information security policies and regulations on a rolling basis.
2. Strengthen the functions of the dedicated information security organization.
3. Continuously conduct personal data security audits and personal data infringement drills.

• Network attack techniques change rapidly, and the scope of attacks expands to whole enterprises and upstream /downstream of the value chain.
• Competent authorities are increasingly strict on the cyber security protection requirements for the telecommunications industry.

• In recent years, industries around the world have faced various emerging cyber-attacks from external sources that are beyond the control of the companies themselves. We predict that in the next 3 to 5 years, hacking tactics will continue to change such as applicated artificial intelligence (AI). TWM will be impacted by those various attacks, such as ransomwares encrypt corporate files, hackers use social engineering to steal sensitive information. If hackers launch DDoS attacks to block our telecommunication services one day, TWM will lose about 170 million NTD in revenue.
• TWM is the critical infrastructure of telecommunications approved by the Executive Yuan and is one of the major telecommunications companies in Taiwan. If we cannot resist the attack, we could take the relevant legal responsibilities, and face customer compensation, loss of users, administrative penalties, revenue reduction, and reputation damage. The competent authority has formulated information security management requirements for mobile broadband and requires telecommunications operators to implement information security management. The company needs to invest in protection against attacks that will continue to increase to avoid cybersecurity-related hacker attacks and external risks.

In response to the external impact of cyber security, we must continue to invest resources to establish and promote security protection measures to fulfill the competent management of personal information and security management requirements. We review the effectiveness of the protection mechanism and the achievement of information security objectives and report the progress and benefit to the Cyber Security and Data Privacy Protection Committee. Information security protection mechanism includes:

1. Implement the inspects of the external certification body and the Mobile Broadband Information Security Management Requirements by the Ministry of Digital Affairs (MODA).
2. Conduct annual penetration test to simulate hacking to test system security, and fix vulnerability.
3. Establish various quantitative indicators to track the security level.
4. Strengthen the Security Operation Center (SOC) service and evaluate the introduction of red team exercises.
5. Monitor and analyze information security protection systems and equipment, and evaluate the introduction of Zero Trust Architecture (ZTA).

• Specific climate commitments such as 100% renewable energy usage by 2040 (RE100); achieving net-zero emissions by 2050 and carbon emissions cap.
• Timeliness and effectiveness of responses to civilian group oversight.
• Requirements for carbon information disclosure (e.g., CDP).

• Despite not being a regulated entity under emission reduction in Taiwan’s Climate Change Response Act, Taiwan Telecom aims to meet international climate agreements and initiatives (RE100 and Net Zero) due to growth in telecom services and increased energy use. This requires an increase in the installation of renewable energy facilities and the purchase of green electricity, raising operational costs. Also includes improving energy efficiency at data center facilities/operational sites, with a near increase in capital expenditure costs of approximately 55 million NTD, including the replacement of old air conditioning and the use of high-efficiency SMRs (Power Conversion Efficiency ≥ 96% SMR).
• NGO groups (such as Greenpeace) continuously monitor corporate energy savings; a lack of positive response may affect the company's reputation.
• Self-assessment of carbon information disclosure for international corporate sustainability ratings; a lack of positive response may reduce investors' confidence in the company.

• Conducting organizational carbon audits.
• Establishing energy/environmental management systems.
• Supporting government green energy policies.
• Constructing green energy infrastructure.
• Increasing the use of renewable energy and improving energy efficiency.
• Media promotion of green energy strategies.
• Continually improving through international sustainability initiatives and ratings.

• Crucial technical talent have been occurred work-related injuries.
• Contractor's works security vulnerability.

• Workplace discrimination incidents result in legal violations.

• If the number of occupational disasters increases, it may cause employees to be temporarily disabled and unable to work, affecting operations.
• If there are loopholes in the contractor's works safety, it will affect goodwill.

• Discriminatory treatment in remuneration, benefits, promotions, raises, tenure, trainings, working conditions or employment rights due to gender, age, marital status, race or disability. The company's discriminatory practices result in legal violations, leading to reputational damage and government penalties.

• Increase safety education and training for all employees.
  Establish operating procedures and provide appropriate protective equipment for use.
• Develop contractor safety and health management standard operating procedures for contractors to follow, and implement contractor management and supervision.

• The company operates its recruitment process through open hiring and explicitly states that there will be no differential treatment based on gender, age, marital status, race, or disability in terms of remuneration, benefits, promotions, raises, tenure, trainings, working conditions, and employment rights.

Based on analyses of TWM's annual ESG assessments, international trends, and various evaluations, the following risks are assessed as likely to impact the TWM’s supply chain:

• Cybersecurity risks arising from inadequate information management or insufficient cybersecurity measures.
• Cybersecurity risks due to the misuse of incorrect information stemming from improper identification of information sources.
• Transportation risks from supply chain disruption or material shortages caused by extreme weather events.
• Occupational safety risks for suppliers and contractors due to heat-related injuries caused by extreme weather events.
• Increased operational costs for suppliers due to heightened government regulation and related taxes as a result of delayed climate action.
• Increased operational costs for suppliers caused by changes in international standards and regulations of biodiversity, thereby affecting the sourcing of raw materials or the provision of products/services.

• If suppliers experience data breaches or hacking incidents, it could erode the confidence of stakeholders such as customers, investors, and potentially leading to disruption in business activity and damage in reputation.
• If suppliers use false information, it could indirectly lead to vulnerability in the system and bad operational decision; leading TWM to disruption in business activity and damage in reputation.
• Extreme weather events may cause disruptions such as material shortage and supplier's logistics, thereby impacting the timeliness of supply and leading to operational disruptions for TWM.
• Extreme weather events could expose suppliers and contractors to heat-related injuries, resulting in labor shortages and the inability to provide timely services, thereby impacting TWM operations.
• In response to international trends, regulatory authorities worldwide are increasing their demands for carbon management. If suppliers fail to meet carbon reduction requirements, they may be subject to carbon fees or taxes, leading to increased operational costs.
• If suppliers' operational scope, location of raw material sourcing, or activities that affect local biodiversity, it could lead to risks such as factory relocations or material shortages, increasing the likelihood of operational disruptions or reputational damage for TWM.

• Regularly conduct supply chain due diligence to identify the impact of suppliers' cybersecurity risks on TWM. For high-risk suppliers, require them to provide Corrective Action Plans and regularly track their progress.
• Identify key products of TWM, inventory critical suppliers, and analyze their impact. Strengthen assessment management for critical suppliers and adjust the blueprint of global supply chain or seek alternative suppliers.
• Regularly conduct supply chain due diligence to identify the impact of suppliers' occupational safety risk on TWM. For high-risk suppliers, require them to propose occupational safety Corrective Action Plans and regularly track their progress.
• Identify high carbon-emission suppliers and collaborate with suppliers with insufficient GHG management capabilities. Initiatives may include group procurement of green electricity and assisting in setting SBT to establish a low-carbon supply chain.
• Regularly conduct supply chain due diligence to identify the impact of suppliers' biodiversity risks. For high-risk suppliers, recommend that they raise their awareness and management on biodiversity.

• Operational disruption caused by employees infected with emerging infectious disease；infected with emerging infectious disease of technical talent has led to a decline in the quality of communication services and affected operations.

• Emerging infectious viruses are highly contagious, making employees unable to attend work due to illness and affecting their physical and mental health, thereby affecting company operations.

• Establish a "health management system" to set up active "infectious disease/fever" notifications to control the health of office personnel, and carry out follow-up control if there are clusters.

• The replacement cycle of mobile phones is extended. It’s difficult to attract users to transfer 5G higher-rate plans by only offering flagship handsets’ plans.

• Due to the high similarity in the content of mobile plans offered by different providers, users face a lower threshold when considering switching providers. Furthermore, telecom companies are all striving to expand their user base and offer a variety of plan options to broaden their market presence. They are also utilizing OTT services or leveraging group resources to enhance their sales competitiveness. Consequently, Taiwan Mobile is encountering competitive pressures extending beyond its traditional telecom domain.

• TWM is persistently utilizing its group resources to strategize the "momobile" plans. It offers increasingly higher rewards for higher-tier plans and actively pursues exclusive partnerships for telecommunications services and products. These include globally recognized services such as HBO GO, Apple One, and YouTube Premium. Moreover, it has introduced the "OP Life " plans to provide a comprehensive service experience and has curated gaming player bundles. These initiatives aim to not only establish Taiwan Mobile's unique plans sales advantage but also attract users to transition to higher-tier plans.

• The mergers of TWM and T-Star, and FET and APT have been completed. Each operator will through exclusive services or difference terminal equipment related to 5G service to facilitate the promotion of 5G service.
• Peer company continues to expand the application of point economy in end-users' life circles.

• Each operator is actively allocating resources to the development of 5G services and applications, with the goal of becoming the first provider to offer a groundbreaking service. This is intended to enhance incentives for users to upgrade to 5G and seize market share. Taiwan Mobile must confront the risk of potential decreases in both users and revenue due to the absence of a killer 5G application.
• Competing telecommunications companies are launching shopping reward programs akin to Taiwan Mobile's "momobile" or adopting bonus rewards as a gift model. This raises concerns about eroding Taiwan Mobile's unique position as an e-commerce pioneer and its profitability.

• By packaging exclusive telecommunications projects with diversified multimedia entertainment services, Taiwan Mobile aims to enhance its market competitiveness and attract a broader 5G user base. This includes exclusively representing internationally renowned services such as HBO GO and offering complimentary YouTube Premium services exclusively to telecom customers.
• To strengthen its sales advantage, Taiwan Mobile is deepening its integration with momo shopping resources. The plan offers momo dollar rebates and discounts for purchases made on momo's platform. Additionally, it introduces the option to use momo dollars for discounts on mobile phones, accessories, and MyMoji. This expansion of momo doallr usability enhances the ecosystem of momo dollars and creates synergies within the group.

• According to the increasing in 5G penetration and the popularity of home broadband, the hotspot on the consumer side will shift to smart homes, IoT devices and other exclusive terminal and audio-visual services.

• Competing telecommunications companies are exploring partnerships with broadband providers to integrate dual-service sales models. They are replicating Taiwan Mobile's " Double Play" plan sales model, which may potentially undermine the promotion of Taiwan Mobile's Double Play plan and impact its revenue.

• Leveraging successful collaboration models within the group, Taiwan Mobile plans to further expand its "Double Play" service to enhance coverage. Additionally, it aims to diversify its offerings by expanding the range of one-stop comprehensive experience products (OP Life) and collaborating with various types of mobile gaming/VR gaming devices to introduce smart player bundles. Moreover, it will utilize Matter to interconnect IoT products across brands and create a more comprehensive range of smart home bundles. This strategy is designed to incentivize users to choose higher-tier plans and strengthen customer loyalty.

• The continuous decrease in newborn numbers contributes to an aging structure in population, the changing demands for telecom services tailored to the elderly should be addressed.

• Taiwan's society is progressively aging, resulting in a decrease in mobile subscription demand, thereby impacting company revenue. The evolving demand for mobile services has led to a gradual decline in the effectiveness of stimulating monthly subscription fee increases through mobile phone contract bundling.

• Although older users tend to replace their phones less frequently, the acceptance and usage of digital technology have increased. This can be capitalized on by implementing diverse product and service packaging projects, as well as comprehensive one-stop experience service bundles, to transform the bundling product model. By providing diverse choices and addressing the pain points of segmented technology product searches, this approach can also lead to an increase in monthly subscription fees.

If suppliers operating location, origin of raw materials, or the transportation route passes through such areas of political instability, TWM may face operational disruptions and delays. Potential risks include:

• Trade Wars: escalation of trade wars could to lead to increased prices of key raw materials, thereby affecting production costs.
• Regional Conflicts: political instability and international conflicts could disrupt or obstruct supply chain.
• Policy Changes: changes in national regulations, trade restrictions, and other national policies could impact the import and export processes of the supply chain.

Recent geopolitical shifts in certain regions have led to increase in degree of uncertainty, posing external risks that are difficult for enterprises to control. Potential operational impacts on TWM in the next 3~5 years include:

• Raw Material Supply Disruptions: if raw materials are blocked or production is disrupted, it could lead to inability to obtain key raw materials needed for the supply chain, thereby affecting TWM's ability to acquire them on time. Additionally, trade wars and/or policy changes that cause raw material c
• Transportation Route Disruptions: blocked or disrupted routes in regions could affect the timely delivery of supplies impacting the availability of critical parts for TWM; this could hinder sales, maintenance, and other operational processes.

• Identify the key services and products of TWM, inventory critical suppliers, and analyze their impact. Strengthen assessment management for critical suppliers and simultaneously adjust the blueprint of TWM's global supply chain

• Unable to recruit emerging key technology talent in a timely manner
• Unable to effectively attract and retain emerging key technology talent
• Increased recruitment costs
• Rapid iteration of AI technology

• Recruitment difficulties leading to technology talent vacancies will affect the construction or development of new network equipment or services.
• Talent loss affects project progress and network operation quality.
• Inability to continuously acquire AI-related technologies may easily lead to competitive lag.

• Combine professional training programs from telecom equipment vendors to enhance employees' mastery of new technology skills, and cultivate internal seed instructors to compile e-Learning materials, establishing a new technology training database.

• Rising demand for talent in emerging fields/specialized skills.
• Increased costs for talent recruiting, retention or training

As industries and technology trends continue to evolve, the company's competitiveness will be impacted if we fail to cultivate, hire, or retain talent in emerging fields/specialized skills.

• Based on industry trends and strategic development, we conduct annual training needs assessment to develop yearly training plans.
  We provide diverse development opportunities to cultivate talent in anticipation of future expertise, enhancing workforce efficiency and strengthening the company's competitiveness.
• Technical supervisors map out required skills and certifications in response to trends. Supervisors evaluate employees on skills/licenses and tailor training programs accordingly.
• Employees will collaborate with supervisors to create their own individual development plans in accordance with feedback from multifaceted appraisal system and career plans. This helps employees acquire knowledge and skills they need at work or for their next role within the organization.
• We have established promotion plans for R&D/Technical Managers and Assistant Managers, aiming to motivate and strategically plan the professional career development of our R&D and technical talent.
• The company initiates "Work Club" scheme to encourage cross departmental collaboration. Employees from different departments can work on projects together, learn new things from each other, which contributes to their overall personal and professional development.
• We cultivate employees to acquire professional skills necessary for innovative services, broaden their knowledge base, and undergo the company's transformation together.

• Innovative applications (such as AI) are gradually taking shape to enhance the innovation capabilities. The rapid growth of innovative application is an external risk that is not under the control of TWM itself. If TWM is not able to grow the innovation and creativity capabilities in a timely manner, leading to insufficient innovation momentum, TWM may not be able to maintain customer stickiness, causing customers to switch to competitors.
• The innovation application can also improve business productivity. If internal innovation momentum is insufficient, TWM’s market competitiveness may be affected.

• With the rapid advancement of AI technology, there may be new applications in multimedia production, gaming entertainment, smart homes, or personalized services in the next 3 to 5 years. If TWM's product innovation growth is insufficient, it will be difficult to compete with new domestic and international service providers, and it will be unable to create more innovative service for customers to catch revenue.
• Some AI technologies and applications come from external sources that are beyond the control and management of TWM itself, requiring cooperation with external partners. If relevant technologies and resources cannot be secured, it will be impossible to meet customers' demands for innovation and change, attract their attention and time, and there will be a risk of lacking competitiveness.

• Continue to launch technological innovative applications, such as myVideo, game services, teleco-financial services, smarter home services and myMoji services, etc.
• Organize innovation competitions and demo days to create innovation culture internally and to reward employees for cross-department cooperation. It also encourages employees to make the innovation applications fulfillment so as to increase innovation momentum.

• Emerging technologies (such as green energy technology applications) need to be deployed in advance. Without sufficient understanding and insight, market opportunities may be missed, resulting in a decrease in competitiveness.

• If you fail to grasp the development trends of forward-looking technologies early and prepare in advance, you will lose business opportunities due to lack of competitiveness when customer needs arise.
• If green energy-related technology applications are not deployed early, the cost savings and environmental protection benefits brought by new technologies will not be achieved.

• Actively deploy emerging technologies in advance, such as participating in investment in green energy technology, launching myCharge service with partners, etc.
• Through strategic alliances or cross-industry cooperation, create MVP(minimum viable product) first, then gradually expand and promote.