Cybersecurity	12 Months Ended
Jun. 30, 2024
Cybersecurity
Cybersecurity	K. Cybersecurity *Governance* Cybersecurity is one of our strategic priorities. Our information security team defines the strategy, policies, practices, procedures, and organizational structure which we use to identify, analyze, evaluate, measure, mitigate, and monitor cybersecurity risks. We work together with various teams of our organization to conduct continuous analysis of potential failures, and vulnerabilities or risks that may affect our processes and assets. We believe that information security and critical data governance are important to us. As a result, we have an information security management team led by our Information Security Manager, who has over 20 years of experience in the cybersecurity sector. He has deep knowledge in telecommunications, security awareness, access control, and technological risks. He has participated in information security training programs such as CISM (Certified Information Security Manager) and CISSP (Certified Information Systems Security Professional) and is responsible for evaluating and managing cybersecurity risks. Our information security management team is independent of our IT management and is integrated into our compliance management. This information security management has an individual annual budget, and a strategy which is based on two principles: (i) the continuous review and improvement of our information security model; and (ii) a cybersecurity framework based on the National Institute of Standards and Technology (NIST). This strategy allows us to identify, protect, detect, respond to, and recover our systems and data from potential threats, and it is under constant evaluation. This strategy also ensures the proper integration of security into business processes, minimizing risks and impacts that could materially affect us or our subsidiaries. Within this corporate governance model, there are preventive controls and processes that allow us to supervise and monitor our corporate information security strategy and carry out investments and initiatives that enable us to achieve our business objectives. *Cybersecurity* In response to the evolving cyber threats, we have undertaken several projects to improve our security systems. During 2023 and 2024, we carried out actions that allowed us to enhance the maturity level of our control systems based on internationally recognized cybersecurity best practices. Additionally, we identified residual risks, deepened cybersecurity awareness among our employees, implemented security measures on our employees’ user accounts, and established mechanisms for users to report cybersecurity incidents. These actions have enabled better incident management, increased protection against threats, and built an adequate cybersecurity environment for the organization. In response to the evolution of cyber threats, we have external advisors with over 24 years of experience in the cybersecurity field who provide us with vulnerability assessment services, customized training, and protection recommendations against cyber threats. Additionally, we work with business partners who provide us with advanced tools for early threat detection, allowing us to identify potential cybersecurity risks. Our main Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) systems have the levels of protection and contingency recovery that allow us to be prepared for the constant evolution of cyberattacks. During 2023 and 2024, we have carried out the following actions: (i) we conducted a risk analysis that allows us to identify residual risks to be treated or accepted; (ii) we deepened cybersecurity training for our employees with the aim of distributing simulations, tips, best practices, and knowledge about cybersecurity threats; (iii) we implemented the use of two-factor authentication on our employees’ user accounts to minimize the risk of identity theft and information theft; (iv) we established mechanisms for employees to report cybersecurity incidents for identification, management, containment, and analysis by the incident response team. These actions deepen our commitment to cybersecurity management, increase protection against threats, and build an adequate environment for the organization. In recent years, the average number of cybersecurity incidents has increased significantly worldwide. Therefore, we focus on using advanced threat detection and blocking tools that allow us to prevent the most frequent cyberattacks, which are related to ransomware (hacking of virtual files), malware, spam, phishing, and executive impersonation (BEC - Business Email Compromise), among others. Our Information Security Manager provides quarterly reports on cybersecurity to our Audit Committee, which assumes the responsibility for the strategy and oversight of cybersecurity issues. This allows involving senior management, providing knowledge of the status of each action taken, and adjusting the strategy based on the needs and direction of the business. We have a cybersecurity incident response process to report to our Executive Committee, Audit Committee, and the SEC information about cybersecurity incidents that have had a significant impact on the Company. Our Information Security Manager is responsible for managing and resolving cybersecurity incidents that affect the Company. His main responsibilities include supervising the security detection and alert system, notifying relevant parties about detected incidents, conducting initial assessments of incidents, isolating compromised systems, coordinating recovery efforts with our IT management, investigating cybersecurity incidents, managing internal communication about incidents, and reviewing the effectiveness of implemented corrective and preventive measures. We also have a Crisis Committee whose responsibilities include managing unforeseen situations that can negatively affect the Company’s operations and assets, coordinating a quick and effective response to a cybersecurity crisis, managing internal and external communication during the crisis, making critical real-time decisions, constantly evaluating the impact of the situation, adjusting decisions, and ensuring compliance with applicable laws and regulations. Also, our Compliance Manager is responsible for ensuring that the Company complies with all laws, regulations, and standards related to the management of cybersecurity incidents applicable to it, cooperating with regulatory entities, promoting the review and updating of policies and procedures, acting as a spokesperson for the Executive Committee, and keeping the Executive Committee and the Audit Committee informed about the status of the Company’s regulatory and legal compliance. Additionally, our legal management receives reports on cybersecurity incidents, cooperates in determining the materiality of such incidents, evaluates the severity and scope of such incidents from a legal perspective, reviews contracts with suppliers, evaluates the possibility of potential litigation, and provides legal guidance to the Executive Committee. Similarly, our fraud prevention management participates in the analysis of cybersecurity incidents to identify possible fraudulent activity, collects evidence for legal purposes, monitors suspicious transactions, and cooperates in reporting incidents. Also, as part of our processes in contracts with suppliers, our company establishes specific contractual provisions to ensure that these partners comply with adequate data protection standards and security measures. In 2023 and 2024, we have not recorded any significant Information Security events that have materially affected or are reasonably likely to materially affect us, our business strategy, results of operations, or financial condition. We are aware of the constant cybersecurity risks and continue to implement protective measures that allow us to minimize potential negative impacts on our business. However, these protective measures may be insufficient to fully protect against cybersecurity risks. For more information about these risks, see “Item 3. Key Information — D. Risk Factors - Risks Relating to Our Business -Cybersecurity events could negatively affect our reputation, our financial condition and our results of operations.

Cybersecurity

12 Months Ended

Jun. 30, 2024

K. Cybersecurity

Governance

Cybersecurity is one of our strategic priorities. Our information security team defines the strategy, policies, practices, procedures, and organizational structure which we use to identify, analyze, evaluate, measure, mitigate, and monitor cybersecurity risks. We work together with various teams of our organization to conduct continuous analysis of potential failures, and vulnerabilities or risks that may affect our processes and assets.

We believe that information security and critical data governance are important to us. As a result, we have an information security management team led by our Information Security Manager, who has over 20 years of experience in the cybersecurity sector. He has deep knowledge in telecommunications, security awareness, access control, and technological risks. He has participated in information security training programs such as CISM (Certified Information Security Manager) and CISSP (Certified Information Systems Security Professional) and is responsible for evaluating and managing cybersecurity risks. Our information security management team is independent of our IT management and is integrated into our compliance management. This information security management has an individual annual budget, and a strategy which is based on two principles: (i) the continuous review and improvement of our information security model; and (ii) a cybersecurity framework based on the National Institute of Standards and Technology (NIST).

This strategy allows us to identify, protect, detect, respond to, and recover our systems and data from potential threats, and it is under constant evaluation. This strategy also ensures the proper integration of security into business processes, minimizing risks and impacts that could materially affect us or our subsidiaries.

Within this corporate governance model, there are preventive controls and processes that allow us to supervise and monitor our corporate information security strategy and carry out investments and initiatives that enable us to achieve our business objectives.

Cybersecurity

In response to the evolving cyber threats, we have undertaken several projects to improve our security systems. During 2023 and 2024, we carried out actions that allowed us to enhance the maturity level of our control systems based on internationally recognized cybersecurity best practices. Additionally, we identified residual risks, deepened cybersecurity awareness among our employees, implemented security measures on our employees’ user accounts, and established mechanisms for users to report cybersecurity incidents. These actions have enabled better incident management, increased protection against threats, and built an adequate cybersecurity environment for the organization.

In response to the evolution of cyber threats, we have external advisors with over 24 years of experience in the cybersecurity field who provide us with vulnerability assessment services, customized training, and protection recommendations against cyber threats. Additionally, we work with business partners who provide us with advanced tools for early threat detection, allowing us to identify potential cybersecurity risks.

Our main Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) systems have the levels of protection and contingency recovery that allow us to be prepared for the constant evolution of cyberattacks. During 2023 and 2024, we have carried out the following actions: (i) we conducted a risk analysis that allows us to identify residual risks to be treated or accepted; (ii) we deepened cybersecurity training for our employees with the aim of distributing simulations, tips, best practices, and knowledge about cybersecurity threats; (iii) we implemented the use of two-factor authentication on our employees’ user accounts to minimize the risk of identity theft and information theft; (iv) we established mechanisms for employees to report cybersecurity incidents for identification, management, containment, and analysis by the incident response team. These actions deepen our commitment to cybersecurity management, increase protection against threats, and build an adequate environment for the organization.

In recent years, the average number of cybersecurity incidents has increased significantly worldwide. Therefore, we focus on using advanced threat detection and blocking tools that allow us to prevent the most frequent cyberattacks, which are related to ransomware (hacking of virtual files), malware, spam, phishing, and executive impersonation (BEC - Business Email Compromise), among others.

Our Information Security Manager provides quarterly reports on cybersecurity to our Audit Committee, which assumes the responsibility for the strategy and oversight of cybersecurity issues. This allows involving senior management, providing knowledge of the status of each action taken, and adjusting the strategy based on the needs and direction of the business.

We have a cybersecurity incident response process to report to our Executive Committee, Audit Committee, and the SEC information about cybersecurity incidents that have had a significant impact on the Company. Our Information Security Manager is responsible for managing and resolving cybersecurity incidents that affect the Company. His main responsibilities include supervising the security detection and alert system, notifying relevant parties about detected incidents, conducting initial assessments of incidents, isolating compromised systems, coordinating recovery efforts with our IT management, investigating cybersecurity incidents, managing internal communication about incidents, and reviewing the effectiveness of implemented corrective and preventive measures.

We also have a Crisis Committee whose responsibilities include managing unforeseen situations that can negatively affect the Company’s operations and assets, coordinating a quick and effective response to a cybersecurity crisis, managing internal and external communication during the crisis, making critical real-time decisions, constantly evaluating the impact of the situation, adjusting decisions, and ensuring compliance with applicable laws and regulations.

Also, our Compliance Manager is responsible for ensuring that the Company complies with all laws, regulations, and standards related to the management of cybersecurity incidents applicable to it, cooperating with regulatory entities, promoting the review and updating of policies and procedures, acting as a spokesperson for the Executive Committee, and keeping the Executive Committee and the Audit Committee informed about the status of the Company’s regulatory and legal compliance.

Additionally, our legal management receives reports on cybersecurity incidents, cooperates in determining the materiality of such incidents, evaluates the severity and scope of such incidents from a legal perspective, reviews contracts with suppliers, evaluates the possibility of potential litigation, and provides legal guidance to the Executive Committee. Similarly, our fraud prevention management participates in the analysis of cybersecurity incidents to identify possible fraudulent activity, collects evidence for legal purposes, monitors suspicious transactions, and cooperates in reporting incidents.

Also, as part of our processes in contracts with suppliers, our company establishes specific contractual provisions to ensure that these partners comply with adequate data protection standards and security measures.

In 2023 and 2024, we have not recorded any significant Information Security events that have materially affected or are reasonably likely to materially affect us, our business strategy, results of operations, or financial condition. We are aware of the constant cybersecurity risks and continue to implement protective measures that allow us to minimize potential negative impacts on our business. However, these protective measures may be insufficient to fully protect against cybersecurity risks. For more information about these risks, see “Item 3. Key Information — D. Risk Factors - Risks Relating to Our Business -Cybersecurity events could negatively affect our reputation, our financial condition and our results of operations.