PT Telekomunikasi Indonesia Tbk (TLK) Risk Analysis

Since 1999, Indonesia has undergone significant reforms in fiscal decentralization, devolution of power to local governments, and regional autonomy. As at the date hereof, there is uncertainty in respect of the responsibilities and the balance of power between the local and central governments regarding several subject matters. Those include procedures for renewing licenses, approvals, and levies imposed by local governments on our telecommunications towers. For example, in 2023, local governments, including the government of Surabaya City, introduced regulations for calculating lease fees for land used for telecommunications infrastructure, whether on state-owned or public land. This model has been adopted by 59 other regencies/cities, such as Sidoarjo Regency, leading to increased levies on our digital infrastructure. The potential for more local governments to enact similar regulations raises concerns about regulatory inconsistencies and compliance difficulties. In addition, local governments have from time to time sought to levy additional taxes or obtain new contributions, including for the utilization of certain parcels of land they owned and that are needed for to construct certain of our towers. This ongoing uncertainty could complicate our compliance efforts and raise questions about the legality of new taxes or the authority of local governments to enact further regulations impacting our business. These factors may adversely affect our business operations, financial health, and future growth prospects.

There have been a number of terrorist incidents in Indonesia in the past two decades, which resulted in deaths and injuries, including a bombing at a Catholic church in Makassar on March 28, 2021 that injured more than 20 people and a bombing in Bandung, West Java on December 7, 2022, that killed one person and injured seven people. Although the Government has successfully countered some terrorist activities in recent years and arrested several of those suspected of being involved in these incidents, terrorist incidents may continue and, if serious or widespread, might have a material adverse effect on investment and confidence in, and the performance of, the Indonesian economy and may also have a material adverse effect on our business, financial condition, results of operations and prospects and the market price of our securities.

Since the enactment of Law No. 36 of 1999 on Telecommunications, as later amended by the Job Creation Law 2023 (the "Telecommunications Law") Indonesia's telecommunications industry has seen significant liberalization, further amplified by Presidential Regulation No. 49 of 2021, which eliminated foreign ownership limitations on various telecommunications business activities, such as fixed and mobile telecommunications networks. Given such changes, foreign investors may increase their ownership of telecommunications companies in excess of 67% or engage in various telecommunications activities independently, without having to establish joint ventures with local partners. This may attract new foreign investors or lead to increased foreign ownership of competitors in Indonesia or new market entrants with potentially larger resources competing for market share. As foreign investors explore opportunities in the Indonesian telecommunications sector, the industry may experience increased competition, placing pressure on profit margins and operating revenues for existing players. The asymmetric reduction in costs incurred by our competitors, coupled with the potential influx of new, well-resourced entrants, may require us to further enhance our operational efficiency, differentiate our service offering, and explore collaborative ventures, which may lead to additional costs and necessitate the implementation of new strategies in response to increased competition. The introduction of new or modified regulations to keep pace with technological advancements adds a layer of regulatory complexity and uncertainty, which may impact our financial and operational performance. Notable regulatory changes include the MoCI Regulation No. 5/2021 mandating that all interconnection services must be migrated from TDM-based to IP-based platforms by December 31, 2024, posing challenges and potential revenue impacts for incumbents like us. For example, in order to comply with MoCI Regulation No. 5/2021, we had to significantly change our existing infrastructure (which our competitors rely on in providing conventional interconnection services and for which they pay tariffs to us) to adopt the new technologies. Consequently, our revenue from interconnection services has increased, but we will need to expend further capital resources to change our infrastructure. MoCI regulation No. 5/2021 also provides that during the transition period, the interconnection costs charged by us must remain the same as those agreed in the existing Interconnection Offering Document (Dokumen Penawaran Interkoneksi) and Interconnection Agreement limiting our ability to pass on the additional costs to those to whom we provide interconnection services. Additionally, the enactment of the General Data Protection Regulation ("GDPR") in the EU and Indonesia's own Law No. 27 of 2022 on Personal Data Protection (the "PDP Law"), as well as recent amendments to Law No. 11 of 2008 on Electronic Information and Transactions Law as last amended by Law No. 1 of 2024 (the "EIT Law") and the recent MoCI Circular Letter No. 9 of 2023 on AI Ethical Guidelines ("MoCI AI Circular Letter"), underscores the increasing regulatory scrutiny around data protection and ethical AI use, necessitating significant compliance efforts. Alongside Indonesian regulations, our business operations and services are subject to international laws where we operate or serve customers. Notably, global jurisdictions are intensifying their examination of how businesses handle personal data. This rigorous oversight could lead to new legal obligations, impacting our operations. One prominent example is the EU's GDPR, effective May 25, 2018, which governs the handling of personal data within EU member states, introducing strict compliance requirements and significant penalties for non-compliance. In Indonesia, the primary regulatory framework for personal data protection is the PDP Law addressing both digital and physical personal data management, with detailed implementing regulations yet to be issued. The PDP Law envisages the establishment of a Personal Data Protection Agency and introduces penalties for data protection breaches, including fines up to Rp60,000,000,000, and administrative sanctions for non-compliance, including fines up to 2% of annual revenue or an amount determined by violation variables. including fines up to 2% of annual revenue or an amount determined by violation variables. Additionally, the law stipulates various criminal offenses punishable by fines, with a maximum amount of Rp6,000,000,000, and/or additional sentences (e.g., confiscation of profits and/or assets obtained or proceeds from crimes). As of the date hereof, the MoCI is in the process of drafting detailed implementing regulations, which are expected to clarify the PDP Law's prescriptions regarding data processing and to become effective in the third quarter of 2024. These implementing regulations are expected to outline obligations for data controllers and processors, including mandatory record-keeping of data processing activities, such as recording the sources, purposes, data types, security protocols, data transfers, and security measures. We have been implementing measures to adapt to the expected new requirements, but full compliance with new requirements and standards may necessitate further investments or delays of specific projects, which could impact our results of operations. Furthermore, the MoCI AI Circular Letter and the amendments to the EIT Law intend to promote ethical AI utilization and child protection in digital platforms. These regulations requireelectronic system operators ("ESOs") such as ourselves to incorporate preventive measures against risks to children posed by electronic systems and grant the Government substantial oversight capabilities over electronic systems in Indonesia. For instance, the MoCI AI Circular Letter outlines key responsibilities for businesses involved in AI-based programming and all ESO using AI in both the public and private sectors, such as ensuring that any decisions that may impact human beings will not be left to AI alone and be subject to human oversight and validation. The recent amendments to the EIT Law significantly increase the responsibilities of ESOs, with a particular focus on child protection online. The amendments address the digital landscape's changing dynamics and aim to protect children from potential harm. To be fully implemented, these amendments will be supported by forthcoming Government, presidential, and ministerial decrees. A critical amendment to the EIT Law, Article 16A, directly targets the safety of children in the digital sphere by mandating ESOs to implement robust child protection mechanisms from the development to the operational stages of their systems. This includes setting age restrictions, verifying user identities, and establishing reporting channels to defend children's rights online. Instances of non-compliance with these requirements could lead to severe administrative penalties, including the possibility of system suspension or shutdown. Furthermore, the amendments emphasize the Government's broader regulatory authority within Indonesia's digital environment and grants the Government the power to compel ESOs to modify their operations, with penalties for non-compliance. While intended to promote a safe, fair, and innovative digital space, the broad scope of these powers has generated concerns over potential Government overreach and its implications for innovation and business growth within the sector. The degree of Governmental oversight and the details of the Government's new requirements and standards are uncertain, presenting obstacles to our strategic and financial planning efforts. This evolving regulatory landscape may result in an increase in operational costs and the need for strategic adjustments to comply with stricter legal and regulatory standards, which may in turn have a material adverse effect on our financial condition, results of operations and growth prospects. Moreover, licenses obtained by us under applicable Indonesian laws and regulations may be subject to conditions, compliance with which may be expensive, difficult or, depending on future regulatory, practically impossible. It is possible that Governmental authorities could take enforcement actions against us for our failure to comply with such regulations, including the aforementioned conditions. These enforcement actions could result, among other things, in the imposition of fines or the revocation of our licenses. Compliance with such regulations could require us to make substantial capital expenditures and consequently divert funds from our planned construction projects. We could also experience delays in our business schedules as a result of such compliance efforts. Each of the above could materially and adversely affect our business, prospects, financial condition, and results of operations.

We depend to a significant degree on the uninterrupted operation of our network infrastructure, systems, and connections to other networks to provide our services. For example, we depend on access to our fixed wireline network for the operation of our fixed line network and the termination and origination of cellular telephone calls to and from fixed line telephones, as a significant portion of our cellular and international long distance call traffic is routed through the PSTN. We also depend on access to an internet and broadband network and a cellular network, as our integrated network infrastructure includes a copper access network, fiber optic access network, BTSs, switching equipment, optical and radio transmission equipment, an IP Core network, satellites, and application servers. In addition, we also rely on interconnection to the networks of other telecommunications operators to carry calls and data from our subscribers to the subscribers of operators both within Indonesia and overseas. We also depend on certain technologically sophisticated management information systems and other systems, such as our customer billing system, to enable us to conduct our operations. Our network infrastructure and connected systems, including our information systems, IT and infrastructure and the networks of other operators with whom our subscribers are interconnected, are vulnerable to damage or interruptions in operation due to a variety of causes such as earthquake, fire, flood, power loss, equipment failure, network software flaws, transmission cable disruption or similar events. Past incidents have demonstrated our susceptibility to such damage or interruptions in operation. In 2021, a flood in the Kalimantan Selatan area and Seroja and a cyclone in Nusa Tenggara Timor area damaged certain of our network infrastructure and some submarine cables were cut, including the Sorong-Jayapura, IGG and Batam-Pontianak cables. In 2022, we faced interruptions to some submarine cable communication systems as a result of damage from flood, earthquakes, a ship's anchor and fishing equipment, among other things. As a result, services in east Indonesia were disrupted as we had to redirect affected traffic through satellites until the submarine cables could be restored. More extensive infrastructure damage could severely hamper service provision across our operations, and our business continuity plan and disaster recovery plan may not fully protect us from damage or interruptions to our operations. Any failure that results in an interruption of our operations or of the provision of any service, whether from operational disruption, natural disaster or otherwise, could adversely and materially affect our business, financial condition, results of operations and prospects.

We regularly review our infrastructure network's capabilities, advantages, and available capacity, and continue to make substantial investments in the development of our infrastructure network, including our 4G/LTE and 5G infrastructure, to carry increasing volumes of data traffic. The COVID-19 pandemic had an impact on consumption habits with more people working and studying from home, which positively impacted data traffic and shifted traffic from business districts to residential areas. We expect a continued and substantial increase in data traffic not only as a result of changes in consumption habits and consumers' behavior but also as a result of our efforts to make our data services affordable at a time where purchasing power and disposable income have been negatively affected. Since we launched our 4G/LTE services in 2014, the substantial increase in data traffic resulting from the growth of our wireless data traffic business, our 4G/LTE business and the proliferation of smartphones had significantly strained the existing capacity of our telecommunications network infrastructure. As a result, based on our anticipation of further significant growth in data traffic, we have made and will continue to make substantial investments in the construction of our infrastructure network, including our 4G/LTE infrastructure as well as 5G infrastructure, to carry the increasing data traffic. However, our ability to improve or expand our infrastructure network is subject to various factors, a number of which are not within our control, such as regulations and changes in regulations, changes to the competitive environment or technological developments that could materially and adversely affect our ability to improve or expand our infrastructure network as expected or desired and achieve anticipated returns on our investments.

We derived 61.0%, 58.0% and 76.0% of our revenue in 2021, 2022 and 2023, respectively, from our mobile business through our 69.9% majority-owned subsidiary, Telkomsel. The remaining 30.1% interest in Telkomsel is held by Singapore Telecom Mobile Pte. Ltd. ("Singtel"). In addition, in line with our FMC initiative, we entered into an agreement with Telkomsel to combine our fixed broadband and mobile broadband services into a single business entity, by transferring a portion of our assets and liabilities allocated to the IndiHome business segment to Telkomsel (the "IndiHome Integration"). After the IndiHome Integration, we expect an increase in the contribution from Telkomsel to our consolidated revenue. Singtel, a telecommunications company based in Singapore, may seek to influence the management, operation, and performance of Telkomsel. In the event that there are differences between us and Singtel regarding the business, strategy, and operations of Telkomsel, these issues may take time to resolve, or may not result in a positive outcome for our Group. These factors could materially and adversely affect our business, financial condition, revenue and operating results.

The Indonesian cellular service business is highly competitive. Competitors are increasingly making long-term investments to improve network quality and coverage, expand services and enhance customer experience. In recent years, competitors have offered promotions such as bonus data packages, which has generally made the pricing environment in Indonesia less profitable. However, in 2023, the cellular industry saw a trend of gradually raising prices after a period of declines during the COVID-19 pandemic. It is uncertain whether this trend of increasing prices will continue, however, as companies balance long-term profitability with competitive pricing pressures. Further, our ability to compete on price may be limited for certain services. The Job Creation Law 2023 allows the Government to determine upper and lower price limits based on public interest and fair business competition principles, and MoCI Regulation No. 5 of 2021 on Telecommunications Operation ("MoCI Regulation No. 5/2021") also stipulates that implementation of the upper and/or lower limit tariff must be preceded by evaluation by MoCI of factors such as market conditions, cost analysis, public interest, financial performance of The Company, and the continuity of such services. Upper limits may be determined in areas where only one telecommunications operator operates, and lower limits may be determined based on the Government's assessment of prevailing market conditions. Competition is particularly increasing from OTT providers, as customers accelerate their adoption of data services over legacy communications. Many markets in major cities are saturated, leading cellular companies to expand network coverage and product offerings outside Java in 2022, requiring Telkomsel to defend its market share in such areas. We are also facing increased competition by non-market leader competitors who are targeting specific customer segments. In addition, Starlink, a satellite-based broadband service from SpaceX ("Starlink"), is expected to offer access to broadband internet from satellite constellations to customers in Indonesia through a B2C model upon or anytime after the conclusion of its partnership with Telkomsat in October 2027. Based on media reports and MoCI announcements, Starlink may also provide its services directly to the Indonesian public as any other Indonesian internet operator, subject to adherence with applicable regulations and any requirements the relevant regulators may have. Assuming this is the case and Starlink decides to offer its services independently, the potential coverage of Starlink's services could be extensive and competition in the Indonesian internet market may increase. As Indonesia's first 5G operator, Telkomsel expects 5G competition to increase, including bidding for spectrum allocation and funding 5G infrastructure deployment. Our 5G strategy increasingly involves IoT (which is mostly enabled by 5G technologies), but customer adoption may not match expectations. Further, insufficient or unavailable spectrum at suitable prices would negatively impact our 5G deployment strategy and prospects, which could have a material and adverse effect on our business, results of operations and financial condition. Consolidation in our industry could negatively impact our competitive position and business. Competitors with wider spectrum access and integrated networks may expand coverage. For instance, in January 2022, CK Hutchison and Qatar's Ooredoo merged their respective telecommunications businesses in Indonesia, PT Hutchison 3 Indonesia and PT Indosat Tbk. ("Indosat"), forming Indosat Ooredoo Hutchison ("IOH"). In addition, the Government has tended to encourage consolidation, including through the enactment of the Job Creation Law 2023, which regulates telecommunications clusters, among other matters, in an effort to promote healthier competition among fewer industry players with a better cost-efficiency profile and wider spectrum allocations. Further consolidation among cellular providers may occur, driven by competitive factors as well as efforts to reduce operating costs and obtain wider spectrum allocation to expand their integrated network coverage. Spectrum refarming has provided wider allocations, enabling competitors such as Indosat to improve service quality and network capacity. Additional competitor consolidation may adversely affect our competitive position in the market and our business, results of operations, financial condition, and prospects. Furthermore, Government regulations have required cellular providers to share infrastructure and capacity with competitors. According to the Job Creation Law 2020, as fully retained in the Job Creation Law 2023 and implemented by MoCI Regulation No. 5/2021, telecommunications operators are required to grant access for the utilization of passive infrastructure for telecommunications purposes to other telecommunications providers on a B2B basis. MoCI Regulation No. 5/2021 prohibits owners of passive infrastructure from restricting access to its utilization (for example, by reserving the passive infrastructure for services of greater public interest). Additionally, MoCI Regulation No. 5/2021 establishes conditions for the imposition of tariffs for the utilization of passive infrastructure by owners of such infrastructure, and grants MoCI the authority to determine such tariffs if owners of passive infrastructure fail to meet the conditions for tariff imposition. See "- Risk Factors - Risks Related to Our Business - Operational Risks - Indonesian regulations require telecommunications service providers such as ourselves to share our network infrastructure and capacity with our competitors, and the enforcement of these regulations remain uncertain." As the operator with the most extensive infrastructure in Indonesia, mandated sharing not on commercial terms could allow competitors to take advantage of our existing infrastructure without significant capital expenditure, which would have a significant impact on our competitive position. Any of these developments may present challenges for Telkomsel in maintaining its market position and could materially and adversely affect our results of operations, financial condition and prospects.