Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Risk Management and Strategy We maintain a comprehensive process for assessing, identifying and managing material risks from cybersecurity threats, including risks related to disruption of business operations and financial reporting systems and customer information protection, as part of our overall enterprise risk management system and processes. Our enterprise risk management program considers cybersecurity risks alongside other company risks, and our enterprise risk professionals consult with company subject matter experts to gather information necessary to identify cybersecurity risks, and evaluate their nature and severity, as well as identify mitigations and assess the impact of those mitigations on residual risk. Our cybersecurity risk management practices include development, implementation and improvement of policies and procedures to safeguard our network infrastructure and customer information and ensure availability of critical data and systems. We understand the importance of protecting our network infrastructure and preserving trust and protecting personal information from cybersecurity threats including distributed denial-of-service (“DDoS”) attacks and advanced persistent threat (“APT”) attacks. To assist us, we have a cybersecurity governance framework in place, which is designed to protect network infrastructure and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. Our cybersecurity program consists of controls designed to identify, protect against, detect, respond to and recover from, cybersecurity incidents. The program is built upon a foundation of advanced security technology and overseen by an experienced and trained team of experts with substantial knowledge of cybersecurity best practices. We actively engage in various activities to protect our network infrastructure from cybersecurity threats and to ensure that our customers can use the Internet safely. We believe we are the first Korean telecommunications company to deploy security measures to all overseas interconnection network sections utilized by us in order to preemptively block abnormal traffic from both domestic and international sources. Our technical measures also include: •operation of a comprehensive security control system to protect against and monitor suspected hacking and abnormal behaviors in real-time; •operation of the IT/ Network Integrated Cyber Security Center, a non-stop comprehensive response system; •digital rights management to control access to copyrighted materials; and •encryption of personal information and control database commands. When we adopt a new information system or change an existing system, we carry out a security approval process to review technical and administrative protection measures and make improvements if any issues are found. We conduct technical security review during the designing stage of our system development. We utilize policies, software, training programs and hardware solutions to protect and monitor our environment, including multifactor authentication on all critical systems, firewalls, intrusion detection and prevention systems, vulnerability and penetration testing and identity management systems. Our platform includes a host of encryption, antivirus, multi-factor authentication, firewall and patch-management technologies designed to protect and maintain the systems and computers across our business. We also conduct mock hackings of our websites and application services. To strengthen customer information protection, we engage in inspection of suppliers and other third parties that possess customer information as well as perform mock drills to prepare against infringement or leakage of personal information. We subscribe to liability insurance to ensure compensation for our customers in the unlikely event of any damage caused by information leakage. Our cybersecurity team regularly tests our controls through penetration testing, vulnerability scanning and attack simulation. We conduct risk assessments periodically to identify threats and vulnerabilities, and then determine the likelihood and impact for each risk using a qualitative risk assessment methodology. Risks are identified from various sources, including vulnerability scans, penetration tests, vendors risk assessments, product and services audits, internal compliance assessments and threat-hunting operations. We monitor our infrastructure and applications to identify evolving cyber threats, scan for vulnerabilities and mitigate risks. We also maintain a robust cybersecurity incident response plan, which provides a framework for handling cybersecurity incidents based on the severity of the incident and facilitates cross-functional coordination across the company. Our incident response plan coordinates the activities we take to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to triage, assess the severity of, escalate, contain, investigate and remediate, the incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. In order to efficiently respond to company-wide crises, such as large-scale network infrastructure failures and personal information leaks, we regularly update our crisis response action manual and conduct annual mock drills. We value collaboration with external evaluators, consultants, auditors and other third parties to strengthen and continually improve our cybersecurity risk management processes. In connection with our cybersecurity risk management processes, we engage external consultants from security companies to assist in the design and implementation of our cybersecurity risk assessment and management processes. In particular, they provide the expertise necessary to (i) identify and analyze new cybersecurity threats, (ii) identify and improve vulnerabilities through mock hacking and (iii) analyze and respond to new threats in real time through integrated security control. Our cybersecurity risk management processes extend to the oversight and identification of threats associated with our use of third-party service providers. Our cybersecurity risk management program includes due diligence on service providers’ information security programs. We review our service providers’ cybersecurity practices before we enter into business transactions with them, and we seek to contractually obligate them to operate their environments in accordance with strict cybersecurity standards. Despite these measures, we have experienced cyber-attacks of varying degrees from time to time, including the theft of personal information of our subscribers by third parties, which has led to lawsuits and administrative actions against us alleging that the leak was related to our mismanagement of subscribers’ personal information. In particular, in December 2025, the MSIT released the final results of a joint public-private investigation concluding that deficiencies in our femtocell management enabled unauthorized access to the information of subscribers who have previously been connected to an illegal femtocell. According to the investigation, these incidents resulted in unauthorized micropayment transactions affecting 368 customers, with total damages of approximately W243 million, and the leakage of personal information of approximately 22,227 subscribers, including phone numbers, IMSI numbers and IMEI numbers. The investigation also identified malware infections affecting 94 of our servers. Authorities further determined that certain security configurations were insufficient and that our notifications to regulatory authorities regarding these incidents were delayed. In addition, we are subject to an ongoing investigation by the PIPC regarding the timing and circumstances of these incidents. As a result, we are currently unable to reasonably estimate any obligations that may arise in connection with this matter. See Note 20(19) of the notes to the Consolidated Financial Statements. The MSIT concluded that we did not meet our contractual and statutory obligations to provide secure telecommunications services and announced that it may impose administrative fines under the Information and Communications Network Act, the Personal Information Protection Act and other applicable laws. The MSIT advised us to waive early termination fees for subscribers who elect to terminate their service contracts and ordered us to submit and implement corrective measures within specified timelines, with implementation to be verified by June 2026. Following this incident, our Board of Directors resolved to waive early termination fees for the period from December 31, 2025 to January 13, 2026, during which over 233,000 subscribers terminated their service contracts, resulting in a decline in our total subscriber base and market share. We expect that such terminations will have an adverse effect on our results of operations in 2026. We plan to mitigate the potential financial impact through customer retention and acquisition efforts, such as personalized marketing initiatives supported by AI-based data analytics. In addition, we are implementing measures to prevent recurrence of such incidents, including enhancements to our organizational oversight and governance, system upgrades and strengthened management of femtocell operations. As of the date hereof, we have fully compensated subscribers affected by unauthorized payments arising from illegal femtocell activity, and no class actions or similar collective proceedings have been initiated against us in connection with this incident. However, no assurance can be made that certain of our customers will not pursue additional legal actions to seek alleged damages against us in connection with this incident. Although our business, financial condition and results of operations have not been materially affected by such incidents, we cannot provide any assurance that we will not be materially affected in the future by risks from cybersecurity threats. See “Item 3.D. Risk Factors — Cybersecurity breaches may expose us to significant legal and financial exposure, damage to our reputation and a loss of confidence of our customers” for more information on risks from cybersecurity threats that are reasonably likely to materially affect our business, financial condition and results of operations. Governance Management The cybersecurity risk management processes described above are managed by the Chief Information Security Officer, who reports directly to, and operates under the supervision of, our Chief Executive Officer. Our current Chief Information Security Officer has served in this role since April 1, 2026. He has over 30 years of experience in the information technology and information security fields, including significant experience in the financial sector, where he has held various senior roles in information security and information technology. Our Chief Information Security Officer is supported by the company at the highest levels and regularly collaborates with information security managers from each division. Our Chief Information Security Officer oversees company-wide information security activities and serves as the chairperson of the Information Security Committee, which discusses the latest trends in cybersecurity, risks identified, security measures implemented, coordination of security protocols among various business divisions, and effectiveness of such security protocols. The Information Security Committee annually reviews and approves our cybersecurity risk management processes. In addition, starting in 2022, we have been strengthening our risk detection and response capabilities by consolidating the enterprise risk management of the KT Group through collaborative measures such as implementing a bi-weekly working council with regional headquarters, business divisions and member companies of the KT Group. Board of Directors Our Board of Directors is committed to mitigating data privacy and cybersecurity risks and recognizes the importance of these issues as part of our risk management framework. While the Board of Directors maintains ultimate responsibility for the oversight of our data privacy and cybersecurity program and risks, it has delegated certain responsibilities to the Audit Committee of the Board of Directors. This committee-level focus on data privacy and cybersecurity allows the board to further enhance its understanding of these issues. The Audit Committee assists the Board of Directors in its oversight of our data privacy and cybersecurity needs by staying apprised of our data privacy and information security programs, strategy, policies, standards, architecture, processes and material risks, and overseeing responses to security and data incidents. Our Board of Directors and the Audit Committee’s principal role is one of oversight, recognizing that management is responsible for the design, implementation and maintenance of an effective program for protecting against and mitigating data privacy and cybersecurity risks. The Chief Information Security Officer, as the chairperson of the Information Security Committee, provides updates to the Compliance Subcommittee operated by the Audit Committee on a periodic basis and, as necessary, to the Board of Directors. These regular reports include detailed updates on our performance preparing for, preventing, detecting, responding to and recovering from cyber incidents. The Chief Information Security Officer also promptly informs and updates the Compliance Subcommittee operated by the Audit Committee about any information security incidents that may pose significant risk to the KT Group. Members of the Board of Directors stay apprised of the rapidly evolving cyber threat landscape and provide guidance to management as appropriate in order to address the effectiveness of our overall data privacy and cybersecurity program.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We actively engage in various activities to protect our network infrastructure from cybersecurity threats and to ensure that our customers can use the Internet safely. We believe we are the first Korean telecommunications company to deploy security measures to all overseas interconnection network sections utilized by us in order to preemptively block abnormal traffic from both domestic and international sources. Our technical measures also include: •operation of a comprehensive security control system to protect against and monitor suspected hacking and abnormal behaviors in real-time; •operation of the IT/ Network Integrated Cyber Security Center, a non-stop comprehensive response system; •digital rights management to control access to copyrighted materials; and •encryption of personal information and control database commands. When we adopt a new information system or change an existing system, we carry out a security approval process to review technical and administrative protection measures and make improvements if any issues are found. We conduct technical security review during the designing stage of our system development. We utilize policies, software, training programs and hardware solutions to protect and monitor our environment, including multifactor authentication on all critical systems, firewalls, intrusion detection and prevention systems, vulnerability and penetration testing and identity management systems. Our platform includes a host of encryption, antivirus, multi-factor authentication, firewall and patch-management technologies designed to protect and maintain the systems and computers across our business. We also conduct mock hackings of our websites and application services. To strengthen customer information protection, we engage in inspection of suppliers and other third parties that possess customer information as well as perform mock drills to prepare against infringement or leakage of personal information. We subscribe to liability insurance to ensure compensation for our customers in the unlikely event of any damage caused by information leakage. Our cybersecurity team regularly tests our controls through penetration testing, vulnerability scanning and attack simulation. We conduct risk assessments periodically to identify threats and vulnerabilities, and then determine the likelihood and impact for each risk using a qualitative risk assessment methodology. Risks are identified from various sources, including vulnerability scans, penetration tests, vendors risk assessments, product and services audits, internal compliance assessments and threat-hunting operations. We monitor our infrastructure and applications to identify evolving cyber threats, scan for vulnerabilities and mitigate risks. We also maintain a robust cybersecurity incident response plan, which provides a framework for handling cybersecurity incidents based on the severity of the incident and facilitates cross-functional coordination across the company. Our incident response plan coordinates the activities we take to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to triage, assess the severity of, escalate, contain, investigate and remediate, the incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. In order to efficiently respond to company-wide crises, such as large-scale network infrastructure failures and personal information leaks, we regularly update our crisis response action manual and conduct annual mock drills. We value collaboration with external evaluators, consultants, auditors and other third parties to strengthen and continually improve our cybersecurity risk management processes. In connection with our cybersecurity risk management processes, we engage external consultants from security companies to assist in the design and implementation of our cybersecurity risk assessment and management processes. In particular, they provide the expertise necessary to (i) identify and analyze new cybersecurity threats, (ii) identify and improve vulnerabilities through mock hacking and (iii) analyze and respond to new threats in real time through integrated security control.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our Board of Directors is committed to mitigating data privacy and cybersecurity risks and recognizes the importance of these issues as part of our risk management framework. While the Board of Directors maintains ultimate responsibility for the oversight of our data privacy and cybersecurity program and risks, it has delegated certain responsibilities to the Audit Committee of the Board of Directors. This committee-level focus on data privacy and cybersecurity allows the board to further enhance its understanding of these issues. The Audit Committee assists the Board of Directors in its oversight of our data privacy and cybersecurity needs by staying apprised of our data privacy and information security programs, strategy, policies, standards, architecture, processes and material risks, and overseeing responses to security and data incidents. Our Board of Directors and the Audit Committee’s principal role is one of oversight, recognizing that management is responsible for the design, implementation and maintenance of an effective program for protecting against and mitigating data privacy and cybersecurity risks. The Chief Information Security Officer, as the chairperson of the Information Security Committee, provides updates to the Compliance Subcommittee operated by the Audit Committee on a periodic basis and, as necessary, to the Board of Directors. These regular reports include detailed updates on our performance preparing for, preventing, detecting, responding to and recovering from cyber incidents. The Chief Information Security Officer also promptly informs and updates the Compliance Subcommittee operated by the Audit Committee about any information security incidents that may pose significant risk to the KT Group. Members of the Board of Directors stay apprised of the rapidly evolving cyber threat landscape and provide guidance to management as appropriate in order to address the effectiveness of our overall data privacy and cybersecurity program.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our Board of Directors is committed to mitigating data privacy and cybersecurity risks and recognizes the importance of these issues as part of our risk management framework. While the Board of Directors maintains ultimate responsibility for the oversight of our data privacy and cybersecurity program and risks, it has delegated certain responsibilities to the Audit Committee of the Board of Directors. This committee-level focus on data privacy and cybersecurity allows the board to further enhance its understanding of these issues. The Audit Committee assists the Board of Directors in its oversight of our data privacy and cybersecurity needs by staying apprised of our data privacy and information security programs, strategy, policies, standards, architecture, processes and material risks, and overseeing responses to security and data incidents. Our Board of Directors and the Audit Committee’s principal role is one of oversight, recognizing that management is responsible for the design, implementation and maintenance of an effective program for protecting against and mitigating data privacy and cybersecurity risks. The Chief Information Security Officer, as the chairperson of the Information Security Committee, provides updates to the Compliance Subcommittee operated by the Audit Committee on a periodic basis and, as necessary, to the Board of Directors. These regular reports include detailed updates on our performance preparing for, preventing, detecting, responding to and recovering from cyber incidents. The Chief Information Security Officer also promptly informs and updates the Compliance Subcommittee operated by the Audit Committee about any information security incidents that may pose significant risk to the KT Group. Members of the Board of Directors stay apprised of the rapidly evolving cyber threat landscape and provide guidance to management as appropriate in order to address the effectiveness of our overall data privacy and cybersecurity program.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our Board of Directors and the Audit Committee’s principal role is one of oversight, recognizing that management is responsible for the design, implementation and maintenance of an effective program for protecting against and mitigating data privacy and cybersecurity risks. The Chief Information Security Officer, as the chairperson of the Information Security Committee, provides updates to the Compliance Subcommittee operated by the Audit Committee on a periodic basis and, as necessary, to the Board of Directors. These regular reports include detailed updates on our performance preparing for, preventing, detecting, responding to and recovering from cyber incidents. The Chief Information Security Officer also promptly informs and updates the Compliance Subcommittee operated by the Audit Committee about any information security incidents that may pose significant risk to the KT Group. Members of the Board of Directors stay apprised of the rapidly evolving cyber threat landscape and provide guidance to management as appropriate in order to address the effectiveness of our overall data privacy and cybersecurity program.
Cybersecurity Risk Role of Management [Text Block]	Our cybersecurity risk management processes extend to the oversight and identification of threats associated with our use of third-party service providers. Our cybersecurity risk management program includes due diligence on service providers’ information security programs. We review our service providers’ cybersecurity practices before we enter into business transactions with them, and we seek to contractually obligate them to operate their environments in accordance with strict cybersecurity standards. Despite these measures, we have experienced cyber-attacks of varying degrees from time to time, including the theft of personal information of our subscribers by third parties, which has led to lawsuits and administrative actions against us alleging that the leak was related to our mismanagement of subscribers’ personal information. In particular, in December 2025, the MSIT released the final results of a joint public-private investigation concluding that deficiencies in our femtocell management enabled unauthorized access to the information of subscribers who have previously been connected to an illegal femtocell. According to the investigation, these incidents resulted in unauthorized micropayment transactions affecting 368 customers, with total damages of approximately W243 million, and the leakage of personal information of approximately 22,227 subscribers, including phone numbers, IMSI numbers and IMEI numbers. The investigation also identified malware infections affecting 94 of our servers. Authorities further determined that certain security configurations were insufficient and that our notifications to regulatory authorities regarding these incidents were delayed. In addition, we are subject to an ongoing investigation by the PIPC regarding the timing and circumstances of these incidents. As a result, we are currently unable to reasonably estimate any obligations that may arise in connection with this matter. See Note 20(19) of the notes to the Consolidated Financial Statements. The MSIT concluded that we did not meet our contractual and statutory obligations to provide secure telecommunications services and announced that it may impose administrative fines under the Information and Communications Network Act, the Personal Information Protection Act and other applicable laws. The MSIT advised us to waive early termination fees for subscribers who elect to terminate their service contracts and ordered us to submit and implement corrective measures within specified timelines, with implementation to be verified by June 2026. Following this incident, our Board of Directors resolved to waive early termination fees for the period from December 31, 2025 to January 13, 2026, during which over 233,000 subscribers terminated their service contracts, resulting in a decline in our total subscriber base and market share. We expect that such terminations will have an adverse effect on our results of operations in 2026. We plan to mitigate the potential financial impact through customer retention and acquisition efforts, such as personalized marketing initiatives supported by AI-based data analytics. In addition, we are implementing measures to prevent recurrence of such incidents, including enhancements to our organizational oversight and governance, system upgrades and strengthened management of femtocell operations. As of the date hereof, we have fully compensated subscribers affected by unauthorized payments arising from illegal femtocell activity, and no class actions or similar collective proceedings have been initiated against us in connection with this incident. However, no assurance can be made that certain of our customers will not pursue additional legal actions to seek alleged damages against us in connection with this incident. Although our business, financial condition and results of operations have not been materially affected by such incidents, we cannot provide any assurance that we will not be materially affected in the future by risks from cybersecurity threats. See “Item 3.D. Risk Factors — Cybersecurity breaches may expose us to significant legal and financial exposure, damage to our reputation and a loss of confidence of our customers” for more information on risks from cybersecurity threats that are reasonably likely to materially affect our business, financial condition and results of operations.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Our Board of Directors is committed to mitigating data privacy and cybersecurity risks and recognizes the importance of these issues as part of our risk management framework. While the Board of Directors maintains ultimate responsibility for the oversight of our data privacy and cybersecurity program and risks, it has delegated certain responsibilities to the Audit Committee of the Board of Directors. This committee-level focus on data privacy and cybersecurity allows the board to further enhance its understanding of these issues. The Audit Committee assists the Board of Directors in its oversight of our data privacy and cybersecurity needs by staying apprised of our data privacy and information security programs, strategy, policies, standards, architecture, processes and material risks, and overseeing responses to security and data incidents. Our Board of Directors and the Audit Committee’s principal role is one of oversight, recognizing that management is responsible for the design, implementation and maintenance of an effective program for protecting against and mitigating data privacy and cybersecurity risks. The Chief Information Security Officer, as the chairperson of the Information Security Committee, provides updates to the Compliance Subcommittee operated by the Audit Committee on a periodic basis and, as necessary, to the Board of Directors. These regular reports include detailed updates on our performance preparing for, preventing, detecting, responding to and recovering from cyber incidents. The Chief Information Security Officer also promptly informs and updates the Compliance Subcommittee operated by the Audit Committee about any information security incidents that may pose significant risk to the KT Group. Members of the Board of Directors stay apprised of the rapidly evolving cyber threat landscape and provide guidance to management as appropriate in order to address the effectiveness of our overall data privacy and cybersecurity program.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The cybersecurity risk management processes described above are managed by the Chief Information Security Officer, who reports directly to, and operates under the supervision of, our Chief Executive Officer. Our current Chief Information Security Officer has served in this role since April 1, 2026. He has over 30 years of experience in the information technology and information security fields, including significant experience in the financial sector, where he has held various senior roles in information security and information technology. Our Chief Information Security Officer is supported by the company at the highest levels and regularly collaborates with information security managers from each division.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The cybersecurity risk management processes described above are managed by the Chief Information Security Officer, who reports directly to, and operates under the supervision of, our Chief Executive Officer. Our current Chief Information Security Officer has served in this role since April 1, 2026. He has over 30 years of experience in the information technology and information security fields, including significant experience in the financial sector, where he has held various senior roles in information security and information technology. Our Chief Information Security Officer is supported by the company at the highest levels and regularly collaborates with information security managers from each division. Our Chief Information Security Officer oversees company-wide information security activities and serves as the chairperson of the Information Security Committee, which discusses the latest trends in cybersecurity, risks identified, security measures implemented, coordination of security protocols among various business divisions, and effectiveness of such security protocols. The Information Security Committee annually reviews and approves our cybersecurity risk management processes. In addition, starting in 2022, we have been strengthening our risk detection and response capabilities by consolidating the enterprise risk management of the KT Group through collaborative measures such as implementing a bi-weekly working council with regional headquarters, business divisions and member companies of the KT Group.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We maintain a comprehensive process for assessing, identifying and managing material risks from cybersecurity threats, including risks related to disruption of business operations and financial reporting systems and customer information protection, as part of our overall enterprise risk management system and processes. Our enterprise risk management program considers cybersecurity risks alongside other company risks, and our enterprise risk professionals consult with company subject matter experts to gather information necessary to identify cybersecurity risks, and evaluate their nature and severity, as well as identify mitigations and assess the impact of those mitigations on residual risk. Our cybersecurity risk management practices include development, implementation and improvement of policies and procedures to safeguard our network infrastructure and customer information and ensure availability of critical data and systems.

We understand the importance of protecting our network infrastructure and preserving trust and protecting personal information from cybersecurity threats including distributed denial-of-service (“DDoS”) attacks and advanced persistent threat (“APT”) attacks. To assist us, we have a cybersecurity governance framework in place, which is designed to protect network infrastructure and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. Our cybersecurity program consists of controls designed to identify, protect against, detect, respond to and recover from, cybersecurity incidents. The program is built upon a foundation of advanced security technology and overseen by an experienced and trained team of experts with substantial knowledge of cybersecurity best practices.

We actively engage in various activities to protect our network infrastructure from cybersecurity threats and to ensure that our customers can use the Internet safely. We believe we are the first Korean telecommunications company to deploy security measures to all overseas interconnection network sections utilized by us in order to preemptively block abnormal traffic from both domestic and international sources. Our technical measures also include:

•operation of a comprehensive security control system to protect against and monitor suspected hacking and abnormal behaviors in real-time;

•operation of the IT/ Network Integrated Cyber Security Center, a non-stop comprehensive response system;

•digital rights management to control access to copyrighted materials; and

•encryption of personal information and control database commands.

When we adopt a new information system or change an existing system, we carry out a security approval process to review technical and administrative protection measures and make improvements if any issues are found. We conduct technical security review during the designing stage of our system development. We utilize policies, software, training programs and hardware solutions to protect and monitor our environment, including multifactor authentication on all critical systems, firewalls, intrusion detection and prevention systems, vulnerability and penetration testing and identity management systems. Our platform includes a host of

encryption, antivirus, multi-factor authentication, firewall and patch-management technologies designed to protect and maintain the systems and computers across our business. We also conduct mock hackings of our websites and application services. To strengthen customer information protection, we engage in inspection of suppliers and other third parties that possess customer information as well as perform mock drills to prepare against infringement or leakage of personal information. We subscribe to liability insurance to ensure compensation for our customers in the unlikely event of any damage caused by information leakage.

Our cybersecurity team regularly tests our controls through penetration testing, vulnerability scanning and attack simulation. We conduct risk assessments periodically to identify threats and vulnerabilities, and then determine the likelihood and impact for each risk using a qualitative risk assessment methodology. Risks are identified from various sources, including vulnerability scans, penetration tests, vendors risk assessments, product and services audits, internal compliance assessments and threat-hunting operations. We monitor our infrastructure and applications to identify evolving cyber threats, scan for vulnerabilities and mitigate risks.

We also maintain a robust cybersecurity incident response plan, which provides a framework for handling cybersecurity incidents based on the severity of the incident and facilitates cross-functional coordination across the company. Our incident response plan coordinates the activities we take to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to triage, assess the severity of, escalate, contain, investigate and remediate, the incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. In order to efficiently respond to company-wide crises, such as large-scale network infrastructure failures and personal information leaks, we regularly update our crisis response action manual and conduct annual mock drills.

We value collaboration with external evaluators, consultants, auditors and other third parties to strengthen and continually improve our cybersecurity risk management processes. In connection with our cybersecurity risk management processes, we engage external consultants from security companies to assist in the design and implementation of our cybersecurity risk assessment and management processes. In particular, they provide the expertise necessary to (i) identify and analyze new cybersecurity threats, (ii) identify and improve vulnerabilities through mock hacking and (iii) analyze and respond to new threats in real time through integrated security control.

Our cybersecurity risk management processes extend to the oversight and identification of threats associated with our use of third-party service providers. Our cybersecurity risk management program includes due diligence on service providers’ information security programs. We review our service providers’ cybersecurity practices before we enter into business transactions with them, and we seek to contractually obligate them to operate their environments in accordance with strict cybersecurity standards.

Despite these measures, we have experienced cyber-attacks of varying degrees from time to time, including the theft of personal information of our subscribers by third parties, which has led to lawsuits and administrative actions against us alleging that the leak was related to our mismanagement of subscribers’ personal information. In particular, in December 2025, the MSIT released the final results of a joint public-private investigation concluding that deficiencies in our femtocell management enabled unauthorized access to the information of subscribers who have previously been connected to an illegal femtocell. According to the investigation, these incidents resulted in unauthorized micropayment transactions affecting 368 customers, with total damages of approximately W243 million, and the leakage of personal information of approximately 22,227 subscribers, including phone numbers, IMSI numbers and IMEI numbers. The investigation also identified malware infections affecting 94 of our servers. Authorities further determined that certain security configurations were insufficient and that our notifications to regulatory authorities regarding these incidents were delayed. In addition, we are subject to an ongoing investigation by the PIPC regarding the timing and circumstances of these incidents. As a result, we are currently unable to reasonably estimate any obligations that may arise in connection with this matter. See Note 20(19) of the notes to the Consolidated Financial Statements.

The MSIT concluded that we did not meet our contractual and statutory obligations to provide secure telecommunications services and announced that it may impose administrative fines under the Information and Communications Network Act, the Personal Information Protection Act and other applicable laws. The MSIT advised us to waive early termination fees for subscribers who elect to terminate their service contracts and ordered us to submit and implement corrective measures within specified timelines, with implementation to be verified by June 2026. Following this incident, our Board of Directors resolved to waive early termination fees for the period from December 31, 2025 to January 13, 2026, during which over 233,000 subscribers terminated their service contracts, resulting in a decline in our total subscriber base and market share. We expect that such

terminations will have an adverse effect on our results of operations in 2026. We plan to mitigate the potential financial impact through customer retention and acquisition efforts, such as personalized marketing initiatives supported by AI-based data analytics. In addition, we are implementing measures to prevent recurrence of such incidents, including enhancements to our organizational oversight and governance, system upgrades and strengthened management of femtocell operations. As of the date hereof, we have fully compensated subscribers affected by unauthorized payments arising from illegal femtocell activity, and no class actions or similar collective proceedings have been initiated against us in connection with this incident. However, no assurance can be made that certain of our customers will not pursue additional legal actions to seek alleged damages against us in connection with this incident.

Although our business, financial condition and results of operations have not been materially affected by such incidents, we cannot provide any assurance that we will not be materially affected in the future by risks from cybersecurity threats. See “Item 3.D. Risk Factors — Cybersecurity breaches may expose us to significant legal and financial exposure, damage to our reputation and a loss of confidence of our customers” for more information on risks from cybersecurity threats that are reasonably likely to materially affect our business, financial condition and results of operations.

Governance

Management

The cybersecurity risk management processes described above are managed by the Chief Information Security Officer, who reports directly to, and operates under the supervision of, our Chief Executive Officer. Our current Chief Information Security Officer has served in this role since April 1, 2026. He has over 30 years of experience in the information technology and information security fields, including significant experience in the financial sector, where he has held various senior roles in information security and information technology. Our Chief Information Security Officer is supported by the company at the highest levels and regularly collaborates with information security managers from each division.

Our Chief Information Security Officer oversees company-wide information security activities and serves as the chairperson of the Information Security Committee, which discusses the latest trends in cybersecurity, risks identified, security measures implemented, coordination of security protocols among various business divisions, and effectiveness of such security protocols. The Information Security Committee annually reviews and approves our cybersecurity risk management processes. In addition, starting in 2022, we have been strengthening our risk detection and response capabilities by consolidating the enterprise risk management of the KT Group through collaborative measures such as implementing a bi-weekly working council with regional headquarters, business divisions and member companies of the KT Group.

Board of Directors

Our Board of Directors is committed to mitigating data privacy and cybersecurity risks and recognizes the importance of these issues as part of our risk management framework. While the Board of Directors maintains ultimate responsibility for the oversight of our data privacy and cybersecurity program and risks, it has delegated certain responsibilities to the Audit Committee of the Board of Directors. This committee-level focus on data privacy and cybersecurity allows the board to further enhance its understanding of these issues. The Audit Committee assists the Board of Directors in its oversight of our data privacy and cybersecurity needs by staying apprised of our data privacy and information security programs, strategy, policies, standards, architecture, processes and material risks, and overseeing responses to security and data incidents.

Our Board of Directors and the Audit Committee’s principal role is one of oversight, recognizing that management is responsible for the design, implementation and maintenance of an effective program for protecting against and mitigating data privacy and cybersecurity risks. The Chief Information Security Officer, as the chairperson of the Information Security Committee, provides updates to the Compliance Subcommittee operated by the Audit Committee on a periodic basis and, as necessary, to the Board of Directors. These regular reports include detailed updates on our performance preparing for, preventing, detecting, responding to and recovering from cyber incidents. The Chief Information Security Officer also promptly informs and updates the Compliance Subcommittee operated by the Audit Committee about any information security incidents that may pose significant risk to the KT Group. Members of the Board of Directors stay apprised of the rapidly

evolving cyber threat landscape and provide guidance to management as appropriate in order to address the effectiveness of our overall data privacy and cybersecurity program.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

•operation of a comprehensive security control system to protect against and monitor suspected hacking and abnormal behaviors in real-time;

•operation of the IT/ Network Integrated Cyber Security Center, a non-stop comprehensive response system;

•digital rights management to control access to copyrighted materials; and

•encryption of personal information and control database commands.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

evolving cyber threat landscape and provide guidance to management as appropriate in order to address the effectiveness of our overall data privacy and cybersecurity program.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

evolving cyber threat landscape and provide guidance to management as appropriate in order to address the effectiveness of our overall data privacy and cybersecurity program.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

evolving cyber threat landscape and provide guidance to management as appropriate in order to address the effectiveness of our overall data privacy and cybersecurity program.

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

evolving cyber threat landscape and provide guidance to management as appropriate in order to address the effectiveness of our overall data privacy and cybersecurity program.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true