Vodafone 2026 Annual Report

Vodafone Group Plc Annual Report 2026

Strategic report

Governance

Financials

Other information

Principal risks and uncertainties continued

Risk factors

Why the risk is important

Key risk drivers

Adverse changes in the external regulatory and policy environment Significant adverse changes to the external environment that could impact our strategy, resulting in increased costs, creating a competitive disadvantage, or having a negative impact on our return on capital employed. Risk trend: No change Risk owner: Chief External and Corporate Affairs Officer The risk of financial loss or operational disruptions due to the inefficient use of funds, inability to access capital markets on reasonable terms, or manage deteriorating market conditions. Risk trend: Increasing Risk owner: Chief Financial Officer Adverse macroeconomic, liquidity, funding and market risk Adverse market competition Accelerated traditional competition, unmet customer expectations for leading-edge technology in networks, and the risk of disintermediation from disruptive technologies or market consolidation could weaken our competitive position, resulting in market share losses, reduced pricing power, and lower profitability. Risk trend: No change Scope increased (incl. Disintermediation and Infrastructure competitiveness) Risk owner: Executive Chairman Vodafone Germany and CEO European Markets Cyber threat An external attack, insider threat, or supplier breach causes service disruption or data breach. Risk trend: Increasing Risk owner: Chief Technology Officer Data management and Privacy Data privacy breaches, misuse of data, data manipulation, inappropriate data sharing, poor data quality, data unavailability or failure to retain or dispose of data appropriately could lead to fines, reputational damage, loss of value, loss of business opportunity, and failure to meet our customer expectations. Risk trend: No change Risk owner: Chief Financial Officer and Chief Technology Officer

Geopolitical tensions, evolving alliances, and ongoing conflicts may lead to unexpected political or regulatory and legal interventions that disrupt strategy, impact supply chains, alter competitive conditions, and require our continuous adaptation to avoid financial and operational harm.

Global instability and the resulting volatility in the macro environment increase the extent and likelihood of government intervention. Global conflicts and rapid technological changes further amplify uncertainty, reinforcing our need to anticipate and respond to these evolving external pressures.

A severe contraction in economic activity can lead to lower cash flow generation for the Group and disruption in global financial markets, impacting our ability to refinance debt obligations as they fall due in a cost-effective manner.

This is an externally driven risk, and the threat environment is continually changing. External factors, such as the conflict in the Middle East, the ongoing war in Ukraine, and the uncertainty around global trade and tariff policies, could impact the future path of monetary and fiscal policies, likely affecting economic activity across our global footprint. Additionally, financial markets are experiencing high levels of volatility, with sovereign debt at record levels. These factors could lead to a significant change in the availability and cost of capital. Key risk drivers vary by market and economic conditions, reflecting an increasingly dynamic competitive environment. These include evolving pricing strategies, changes in customer switching behaviour and price sensitivity, and the growing adoption of data‑driven, AI‑enabled and software‑led connectivity models, including OTT services. Increased investment by satellite providers and hyperscalers is also reshaping the connectivity ecosystem. Collectively, these factors may adversely impact revenue growth and profitability if not effectively managed.

The shift toward software‑driven connectivity and the increasing influence of ‘Big Tech’ heighten the risk of new digital‑first entrants reshaping market dynamics and reducing our relevance. Coupled with aggressive competitor pricing and slower‑than‑expected adoption of 5G and Fibre to the Home (‘FTTH’), this could accelerate customer churn and materially erode revenue across both mobile and fixed services.

Cyber threat actors have targeted Vodafone and our customers in the past and this will continue. This may involve malware, vulnerability exploitation, or various other methods to compromise customer and company data as well as to limit access to our services. This could potentially impact our reputation and lead to service disruption, regulatory sanctions as well as revenue loss. We model various scenarios within our framework to identify the areas of greatest risk for prioritisation. Failure to manage the privacy of our stakeholders’ data effectively and compliantly could result in regulatory fines, paying significant reparation of damages to impacted individuals, and reputational damage that could result in higher churn rates.

Cyber risk constantly evolves and is influenced by economic, technological, and geopolitical developments. We anticipate threats will continue to be volatile, amplified by new technology, such as satellite, Artificial Intelligence (‘AI’), and the future use of quantum computing.

With increasing regulatory expectations and the growing use of artificial intelligence, strong data governance and privacy controls remain essential. Geo-politicisation of data will continue to negatively impact cross-border data transfers. New European data regulations, such as the EU AI Act or the Cybersecurity Act, will introduce significant new legal requirements around data management of our business activities.