TRANSFORMING TRANSFORMING TRANSFORMING SUSTAINABILITY REPORT FY 2023 COMMUNITIES THE PLANET THE WORKPLACE Data Privacy and Cybersecurity The treatment of complaints within Vedanta thorough investigations, to providing A cybersecurity breach or data privacy In the era of digital advancements, Limited follows a systematic approach; from periodic reports to the relevant authorities incident can have severe financial and cybersecurity is imperative, given the addressing complaints and conducting and management by the following process: reputational consequences for Vedanta. interconnected nature of our global The costs associated with investigating society. The exponential growth of the Review and Investigation Cooperation and Input Reporting and remediating a breach, potential legal internet and smart devices has liabilities, regulatory fines, and the loss of heightened the vulnerability of • The Head of Management • The individuals named • The Head of Management customer trust and confidence can businesses to cyberattacks. It is no Assurance reviews the in the complaint are Assurance submits a report to the significantly impact the Company's longer a question of "if" a business will complaint and may expected to cooperate Audit Committee and any other bottom line and brand reputation. Data face such threats, but rather a matter conduct the investigation with the investigator designated members of company privacy and cybersecurity are crucial to of "when." Safeguarding information personally or assign it to • They have the right to management protect sensitive information, comply systems and data has thus become a another employee, provide their inputs • The report is submitted at least once with regulations, mitigate cyber threats, paramount concern for Vedanta. committee, outside and present their side every six months, or whenever counsel, advisor, expert, or of the story during the deemed necessary maintain stakeholder trust, and prevent third-party service investigation financial and reputational damage. By The Company deeply understands the provider • The report summarizes each prioritising these areas, Vedanta can significance of cybersecurity and have • The assigned investigator complaint made within the last 12 ensure the confidentiality, integrity, and identified it as a primary risk within its may work under the months and includes the following availability of its data and systems, comprehensive enterprise risk direction of the Head of • Identification of the complainant enabling sustainable business operations management framework. Vedanta Management Assurance (unless anonymous, which will be in an increasingly digital world. acknowledges that the potential or in conjunction with indicated) impact of cyber threats extends far other attorneys during the • Description of the complaint's beyond the organisation; it can affect investigation substance individuals, the environment, • Status of the investigation communities, and even its operational • Conclusions reached by the performance. Through robust investigator measures and continuous efforts, the • Findings and recommendations Company strives to ensure the resulting from the investigation resilience and integrity of its information systems, minimising the Reporting on Breaches risks posed by cyber threats. Vedanta’s robust information security Corruption or Bribery Conflicts of Interest framework includes policies, standard 14 4 operating procedures (SOP), technology standards and an effective security assessments and audit Discrimination or Harassment Money Laundering or Insider trading process to prevent cyberattacks. In FY 7 0 2022-23, Vedanta experienced zero cybersecurity breaches. Customer Privacy Data 0 Breaches in FY 2022-23 100