Share price

24 July 2025

Q1 FY26 update

11 Nov 2025

H1 FY26 Trading Update

2.25c to be paid August 01, 2025

Final Dividend FY25
Vodafone Business
Vodafone Foundation
Our sites

Vodafone websites

Are you looking for information about offers, devices or your account?
Please choose your local Vodafone website.

Africa

Asia Pacific

Europe

Close
Vodafone – link to home page Vodafone – link to home page
On this page:
Empowering People
Empowering People

Empowering People

We want everyone to fully benefit from the digital society, regardless of who they are or where they live.

Closing the digital divide

We are implementing new technology to roll out our network to rural locations and increase access to smartphones in our markets.

Supporting communities

We provide relevant products and services to address societal challenges such as gender equality, financial inclusion and digital skills, increasing productivity and enabling small businesses to thrive.

Supporting vulnerable communities

We provide connectivity and services to refugees, those experiencing abuse or poverty, and after natural disasters.

Protecting our Planet

We help to protect our planet by reducing our environmental impact and helping society decarbonise.

Net zero

We are working to reach net zero emissions across our full value chain by 2040.

Enablement

We aim to enable our customers to reduce their own carbon emissions by 350 million tonnes between 2020 and 2030.

E-waste

We are driving action to ensure our network and device waste is reduced, resold or recycled.

Protecting our Planet
Protecting our Planet

Maintaining Trust

Maintaining trust with our customers, employees, suppliers and the societies we serve is at the heart of everything we do.

  • Customers trust us with their data and maintaining this trust is critical.
  • We create a safe and inclusive environment for our colleagues.
  • We are committed to ensuring that our business operates ethically, lawfully and with integrity.
  • We collaborate with our suppliers to promote sustainable and responsible business practices, throughout our entire value chain.

ESG reports and resource

We are dedicated to ensuring that Vodafone operates responsibly and ethically. To do this, we have committed to an extensive corporate disclosure programme, providing transparency to investors and stakeholders while ensuring corporate accountability.

ESG disclosures

Download

ESG addendum

XLSX, 308KB

Click to find out more

ESG methodology

Click to find out more

TCFD disclosure

Click to find out more

SASB report

ESG Ratings

Vodafone's ESG profile, performance and transparency is assessed by a number of independent agencies. The chart below shows that Vodafone is consistently ranked highly compared to other telcos and our closest peers.

ESG Ratings

Data correct as of 24th February 2025. Peer group includes BT Group, Deutsche Telekom, Liberty Global, MTN, Orange, Royal KPN, Telecom Italia, Telefonica, and Telefonica Deutschland.

ESG ratings agencies

ESG Ratings Agencies provide an opinion on a company’s ESG profile. Many agencies only focus on the financially material impact of ESG risks and opportunities on company performance, whereas others may also consider a company’s impact on stakeholders and broader society. The agencies typically summarise their analysis and conclusions with a proprietary scoring or rating system and then rank the assessed company against a peer group.

There is no widely agreed definition of ‘ESG’ amongst market participants and the purpose or objectives of ESG ratings can be very different. Ratings often differ amongst providers because of three factors: (i) Scope (i.e. what they assess); (ii) Measurement (i.e. how they assess); and (iii) Weight (i.e. the relative importance of assessed topics).

To access additional context and commentary on Vodafone Group's latest ESG ratings as determined by a number of popular ESG Ratings Agencies, please click on each agency in the red banner immediately below.

MSCI logo

 

Graph

 

ESG ratings

In 2024, Vodafone received a rating of AA (on a scale of AAA-CCC) in the MSCI ESG Ratings assessment. The change in score was driven by changes in MSCI methodology.

Description of MSCI ESG Ratings assessment

MSCI ESG Research provides MSCI ESG Ratings on global public and a few private companies on a scale of AAA (leader) to CCC (laggard), according to exposure to industry-specific ESG risks and the ability to manage those risks relative to peers. Learn more about MSCI ESG ratings here.

MSCI's ESG Ratings are based on exposure and management scores, with data from a wide variety of sources (not just voluntary company reporting). Exposure scores are driven by business operations, geography and company-specific factors. Management scores are informed by a company's practices, targets and public disclosures and are a measure of how well that company manages the risks identified by MSCI. Per MSCI, approximately 45% of an ESG Rating is currently based on company-reported ESG information, of which most is voluntary. The rest of the rating is informed by other third-party sources.

MSCI's independent assessment of a company’s risk exposures can have a significant impact on the overall ESG Rating but is often not within that company’s control. The impact becomes clearer when comparing Vodafone Group's weighted average key issue score (WAKI) – which is used to determine Vodafone's final industry adjusted score and rating (AA) – to the same scores for Vodafone's African subsidiary, Vodacom Group (AAA). We have found that approximately 75% of the difference between the WAKIs for Vodafone and Vodacom can be explained by a single theme within MSCI's ESG Rating, 'Labour Management', and specifically MSCI's independent assessment of risk exposures (i.e. outside Vodafone’s control).

As Vodacom Group is part of the Vodafone Group, policies, programmes and practices related to labour management are almost like-for-like and this is reflected in MSCI's assessment; the management ‘practices’ scores for labour management are identical across both companies. However, Vodafone Group's exposure score for labour management risks is significantly higher than the same exposure score for the Vodacom Group. MSCI attribute this to the fact that the Vodafone Group has operations in Europe where there is a "high likelihood of labour unrest (based on historic precedent)". As the labour management theme contributes almost 25% to the Vodafone’s MSCI ESG Rating, MSCI's view that the risk exposure is higher in Europe compared to Africa has a significant negative impact on Vodafone's MSCI ESG Rating.

Following their 2022 consultation, in  2023 MSCI changed their methodology to raise the requirements for a fund to be assessed as "AA" or "AAA" rated to improve the stability and add transparency. According to MSCI, this means the distribution of the ratings will shift, with a significant amount of one-time downgrades. Changes to underlying methodologies can have an impact on ESG ratings and reduce comparability over time.

Users should also note that Vodafone's weighted average key issue score (WAKI) can change throughout the year but the ultimate ‘industry adjusted score’ (IAS) - which is used to determine the final rating - is only updated and recalibrated once a year.

Sustainalytics


Sustainalytics graph

In October 2023, Vodafone received an ESG Risk Rating of 16.2 and was assessed by Sustainalytics to be at low risk of experiencing material financial impacts from ESG factors. As a result currently has the 15th lowest ESG Risk Rating in the global telecommunications industry.

Description of Sustainalytics ESG Risk Rating

Sustainalytics’ ESG Risk Ratings measure a company’s exposure to industry specific material ESG risks and how well a company is managing those risks. This multi-dimensional way of measuring ESG risk combines the concepts of management and exposure to arrive at an assessment of ESG risk, i.e. a total unmanaged ESG risk score or the ESG Risk Rating, that is comparable across all industries. Sustainalytics’ ESG Risk Ratings provide a quantitative measure of unmanaged ESG risk and distinguish between five levels of risk: negligible, low, medium, high and severe. Learn more about the ESG Risk Ratings here.

We highlight that Sustainalytics' ESG Risk Ratings are based on Sustainalytics' own assessment of our risk exposure (uncontrollable) and risk management (controllable). Approximately one quarter of our latest ESG Risk Rating is outside our control ('unmanageable risk exposure'), with the remainder heavily influenced by Sustainalytics' own assessment of the risk exposures that are manageable.

Sustainalytics' ESG Risk Rating also reflects events that, in their view, may negatively impact our stakeholders or operations. We estimate that approximately one quarter of our latest ESG Risk Rating is driven by the ‘controversies’ identified by Sustainalytics. We have provided feedback to Sustainalytics that many of these events are: (i) based on unsubstantiated allegations where no competent authority has found wrongdoing; (ii) immaterial (one example relates to a US$1,000 fine in a joint ventures); and (iii) are a number of years old but continue to be considered if referenced in more recent news reports.

Users should be aware that Sustainalytics' ESG Risk Rating report does not provide the detail supporting each controversy and only presents the headlines in the core report. We would recommend users of Sustainalytics' analysis review the separate Controversy Report in detail and reach their own conclusions as to the relevance, accuracy and financial materiality of the events identified by Sustainalytics.

ISS ESG


Graph

In September 2023, Vodafone received an ISS ESG Corporate Rating of B (on a 12-point scale of A+ to D-). We have also been awarded 'Prime status' as our ESG performance is above the sector-specific threshold defined by ISS. Our Prime status shows that we fulfil ambitious absolute sustainability performance requirements. The underlying score supporting the B rating places Vodafone in the top decile in the global telecommunications industry, as defined by ISS.

Our rating improved by one notch in 2022 due to improvements in our ESG KPIs, increased transparency and engagement with ISS.

Description of ISS ESG Corporate Rating

ISS ESG's Corporate Rating provides investors with relevant, material and forward-looking ESG data and performance assessments. A company’s management of ESG issues is analysed on the basis of up to 100 rating criteria, many of which are sector-specific. The rating not only evaluates company policies and declarations of intent, it also assesses the sustainability performance of products and production processes. Learn more about ISS ESG Corporate Ratings here.

ISS defines ‘key issues’ for every industry, reflecting the industry’s most challenging social and environmental issues. Indicators assessing our performance in the key issues identified by ISS account for 67% of the overall rating. A number of the indicators used to assess these key issues have a high weighting. For example, only 15 indicators account for 50% of our overall ISS ESG Corporate Rating.

Furthermore, the ISS ESG Corporate Rating also includes an assessment of the impact of a company’s product and service portfolio on social and environmental sustainability objectives, based on the UN Sustainable Development Goals ('SDGs'). The overall grade is determined by the estimated share of net sales generated with relevant products or services contributing to or obstructing the achievement of the most material objectives for a company's business model. These indicators (percentage of revenue) are similar to those required under various 'taxonomies' that are being introduced around the world. Taxonomies are classification systems which help companies identify and report on the share of revenue earned from defined sustainable economic activities. The key challenge is that many companies, including Vodafone, do not currently report financial performance on an activity-by-activity basis or in the manner sought by ISS. The grading is therefore affected by limited public disclosure.

Whilst the ISS ESG Corporate Rating us updated annually; we are only invited to engage in the formal feedback process every 2-3 years. We engaged with ISS for the first time in 2022. We are able to share updates at any time but this is after the normal annual update process.

Refinitiv


Refinitiv graph


MSCI ESG Ratings

In September 2023, Vodafone received a Refinitiv ESG score of 86 out of 100. This score places Vodafone in the number two position within the global telecommunications sector.

The small decrease of 2 percentage point in our ESG score was driven by a lower score in the 'community' category, specifically as a result of lower Corporate Responsibility awards.

Users of Refinitiv ESG scores may also see the percentage score translated into letter grades on a 12-point scale (A+ to D-). On this basis, Vodafone's ESG score is equivalent to an A rating, which indicates excellent relative ESG performance and a high degree of transparency in reporting material ESG data publicly.

Description of Refinitiv ESG score

ESG scores from Refinitiv are designed to transparently and objectively measure a company's relative ESG performance, commitment and effectiveness across the three E, S and G pillars and 10 main themes based on publicly reporting information. More information on Refinitiv's ESG score is available here.

Refinitiv's ESG scores are primarily focused on a company's operations, rather than the impact of its products or services throughout the company's value chain. This is because Refinitiv recognises that it is much harder for companies to report on the social or environmental impact of their products and services in an objective and measurable way as reporting standards are still evolving.

Refintiv's ESG scores are relative and based on a percentile rank scoring methodology to calculate the 10 category scores. This methodology considers three key factors: (i) How many companies are worse than the current one?; (ii) How many companies have the same value?; and (iii) How many companies have a value at all?.

Refinitiv's database is updated on a continuous basis and data is refreshed every week, including the recalculation of the ESG scores. Updates could include a brand-new company being added to the database (and hence impacting the relative scoring for a company in the same industry), the latest fiscal year update or the inclusion of new controversy events. In most cases, reported ESG data is updated once a year in line with companies’ own ESG disclosure.

Whilst Refinitiv's ESG scores are primarily based on company-disclosed data, Refinitiv also provides 'controversy' scores based on impact and conduct reported by global media sources. We are not provided the ability to review or share feedback on the accuracy or relevance of controversies identified by Refinitiv. If the controversy score is less than the ESG score, Refinitiv produces an "ESG Combined Score" which is based on a simple average of the controversy score and the ESG score. This Combined Score is not freely available but we would advise users that because it is based on a simple average, the weightings assigned to the material indicators reflected in the ESG score are effectively halved, no matter the number or materiality of the controversies identified by Refinitiv.

CDP logo

There are also a number of specialist ratings that focus on particular topics that fall under the ESG acronym. Instead of providing a view on a company's overall ESG profile (which as noted above, requires assumptions about relative importance of individual topics), these specialist ratings focus on particular elements within the ESG acronym, such as 'E', 'S' or 'G', or indeed particular topics, such as climate change or workforce matters. The two disclosure initiatives below have significant investor support and we actively engage and respond to their questionnaires each year.

We have been measuring and reporting on energy and carbon emissions since 2001 and have been responding to the climate change questionnaire issued by CDP, a global environmental non-profit organisation, since 2010. CDP runs the global disclosure system for investors, companies, cities, states and regions to manage their environmental impacts.

At the start of 2024, we were recognised by CDP for our actions and transparency with respect to our environmental impact and retained an A rating (2023: A). This places us in the leadership band, which is higher than the average rating of B in Europe and in the top third of companies in our sector.

Vodafone was also one of the founding members of the CDP Supply Chain. In 2022, Vodafone was recognised as a Supplier Engagement Leader by CDP, based on our 2022 CDP disclosure. This recognises our actions to engage our suppliers to manage climate risk and reduce carbon emissions in our supply chain.

A detailed and independent methodology is used by CDP to assess companies, with CDP allocating a score of A to D- on an eight-point scale based on the comprehensiveness of disclosure, awareness and management of environmental risks and demonstration of best practices associated with environmental leadership, such as setting ambitious and meaningful targets. CDP is constantly evolving their disclosure and scoring system in response to market needs and more information can be found here.

WDI logo

There are also a number of specialist ratings that focus on particular topics that fall under the ESG acronym. Instead of providing a view on a company's overall ESG profile (which as noted above, requires assumptions about relative importance of individual topics), these specialist ratings focus on particular elements within the ESG acronym, such as 'E', 'S' or 'G', or indeed particular topics, such as climate change or workforce matters. The two disclosure initiatives below have significant investor support and we actively engage and respond to their questionnaires each year.

The Workforce Disclosure Initiative ('WDI') aims to improve corporate transparency and accountability on workforce issues, provide companies and investors with comprehensive and comparable data, and help increase the provision of good jobs worldwide. Around 170 global companies took part in the Initiative, demonstrating their commitment to transparency.

We responded to the survey for the first time in 2020 as we understood that investors and other stakeholders were seeking increased transparency and comparable workforce data. Whilst our responses are made available to the WDI investor coalition, we also choose to make our full response public via the WDI's website here.

Following our latest response in 2023, we were delighted to receive a disclosure score that was above average across all responders, as well as those in the communications sector.

SASB

The Sustainability Accounting Standards Board (‘SASB’) is an independent organisation that provides voluntary industry-specific standards (‘SASB Standards’) for companies to disclose information on environmental, social and governance (‘ESG’) topics.

On this page, we have included disclosures in line with the Telecommunication Services industry-specific criteria. Where appropriate, we have also provided additional context, which can be viewed by clicking the expand button under each response. Where available, we have also provided references to supporting disclosures available elsewhere on our website.

Under the SASB’s assessment of materiality, the majority of industries in the Technology & Communications sector are asked to report on ‘employee engagement, diversity and inclusion’, however the SASB has not included the topic within the specific Standards applicable to the telecommunications industry. We have voluntarily responded to this additional topic as we operate in adjacent businesses and we are committed to developing a diverse and inclusive global workforce that reflects the customers and societies we serve.

Unless otherwise stated, the disclosures have been made with respect to all controlled operations within the Vodafone Group and reflect performance during the financial year ended 31 March 2023.

Sustainability Disclosure Topics and Accounting Metrics

Topic Code Accounting Metric Supporting Disclosures
Activity metrics TC-TL-000.A
TC-TL-000.B
TC-TL-000.C		 Number of wireless subscribers
Number of wireline subscribers
Number of broadband subscribers		 2023 Web Spreadsheet

Vodafone is the largest pan-European and African telecoms company,  a leading global IoT connectivity provider and operates the largest financial technology platform in Africa. We provide mobile and fixed services in 19 countries1 and partner with mobile networks in 46 more.

On 31 March 2023, we had:

  • 323 million1 mobile customers [TC-TL-000.A] across 19 markets (FY22: 323 million across 21 markets); and
  • 28 million1 broadband customers [TC-TL-000.C] across 15 markets (FY22: 28 million across 17 markets).

We no longer report fixed line voice customers [TC-TL-000.B] as society and our customer base increasingly use other communication channels that rely on internet connectivity, such as VoIP or video conferencing.

1Includes VodafoneZiggo and Safaricom.
Activity metrics TC-TL-000.D Network traffic 2023 Web Spreadsheet

In the year ending 31 March 2023, data traffic volumes across our mobile and fixed network totalled 108,414 petabytes [TC-TL-000.D] (+13% YoY vs. FY22: 96,0163 petabytes).

During FY23, 45% of data traffic across our network was driven by the major web platforms such as Google, Facebook, Netflix and Amazon. A further 24% of data traffic on our network was attributed to Content Delivery Networks, which typically host content for other digital content providers such as Disney+, Tik-Tok, Zoom, HBO and DAZN.

Network volume graph

3To ensure a like-for-like basis of comparison with the prior year, FY22 values have been restated using the same scope as reported in FY23. Further details on the markets within scope is included in the ‘Additional information’ section below.

Additional information

We monitor and report on data traffic volumes carried on our mobile and fixed network across all markets where such services are provided. Data traffic volume is reported in petabytes according to industry standard definitions using decimal values and conversion factors. Data usage represents the sum of downlink traffic and uplink traffic, including all traffic types (i.e. streaming, browsing, gaming, Peer-2-Peer, etc.).

The total data traffic volumes reported above includes Germany, UK, Italy, Spain, Portugal, Ireland, Greece, Czech Republic, Romania, Albania, Turkey, Egypt, South Africa, DRC, Tanzania, Mozambique, and Lesotho. The scope excludes Associates, Joint Ventures and Investments.

Topic Code Accounting Metric Supporting Disclosures
Environmental footprint of operations TC-TL-130a.1 (1) Total energy consumed, (2) percentage grid electricity, (3) percentage renewable 2023 Annual Report, Planet (pages 35-38) and 2023 ESG Addendum

Energy consumption
Our total global energy consumption was 6,274 GWh during FY23 (FY22: 6,125 GWh), equivalent to 23 million Gj [TC-TL-130a.1(1)] (FY22: 22 million Gj). Our base stations and technology centres accounted for 93% of energy consumed (FY22: 93%), with the balance attributable to retail stores and offices.

Energy sources
During the year, 92% of total energy consumed was provided via the grid [TC-TL-130a.1(2)] (FY22: 92%).

In July 2021, we reached a key milestone in our journey to net zero by 2040, achieving our goal to purchase 100% renewable electricity in all of our European markets. We are working to achieve the same in our African markets by 2025.

As a result of our progress in Europe, 81% of total energy consumed across the Group was from renewable sources during the year [TC-TL-130a.1(3)] (FY22: 77%).

Note: Changes to previously reported data relates to the correction or inclusion of data points in line with our reporting methodology. For more information, please refer to our ESG Addendum.
Additional information

Optimising energy usage

The expansion of our networks and the significant increase in data traffic volumes means we carried six times more mobile data in FY23 than we did in FY18, yet our total energy consumption has remained roughly consistent over the same period.

Our strategy to optimise energy usage and improve energy efficiency involves the latest technologies; high performance equipment for servers, storage and our network; highly efficient passive infrastructure for power conversion and cooling; and smart metering and controls using IoT technology and artificial intelligence (‘AI’).

When selecting and procuring equipment, we consider factors such as environmental footprint and availability of features which can modulate consumption. During the product lifecycle, we avoid overcapacity and resource surplus and also efficiently manage power and cooling. As an example, we use sophisticated AI-based algorithms to optimise cooling in more than 70 technology centres across Europe and Africa. We also use big data analytics to benchmark energy consumption against traffic and monitor any inefficiencies or opportunities to reduce energy consumption by putting mobile radio capacity layers into low power modes during low traffic periods. During FY23, we extended this functionality so that it operates 24 hours a day, 7 days a week where feasible.

In order to provide fast, reliable and secure connectivity services, we need to continue to invest in our network to increase capacity and deploy 5G, ultimately enabling an inclusive and sustainable digital society. As a result of the major trends shaping our industry, there will be an increase in energy consumption, however, we are committed to upgrading our networks in a way that maximises energy efficiency.

Many operators, including Vodafone, use Massive MIMO (‘M-MIMO’) antennas when deploying 5G on the 3.5 GHz band. M-MIMO provides very high traffic capacity but has high energy consumption needs. We are working closely with our network vendors to improve both hardware efficiency and software features that will enhance the energy efficiency of 5G M-MIMO antennas. We estimate that more efficient hardware will reduce energy consumption by 10%, while software features will enable a further reduction of 15%.

We also continue to upgrade our network and use more energy efficient hardware. We are deploying multi-band radio units that achieve greater energy efficiency by including multiple frequency bands in a single product (legacy radio units only supported one frequency band). On frequency bands that are upgraded, we estimate that energy consumption will be reduced by 30%.

Finally, we are making more capacity available for 4G and 5G by shutting down our 3G networks, and as of March 2023,  we have shut down 3G in four markets. 3G networks make less efficient use of our spectrum, and by shifting to the more spectrally efficient 4G and 5G technologies, our networks can better support large volumes of data. In turn, that translates into higher energy efficiency. 5G Massive MIMO is around 15x more energy efficient than 3G and 3x more efficient than 4G to deliver the same quantity of data.

Overall, by driving these efficiencies, we can significantly expand the amount of data managed by our networks, while ensuring only a relatively small increase in energy consumption.

Power usage effectiveness (‘PUE’) for data centres

The data centre industry uses the measurement PUE to measure efficiency. A PUE of 2.0 means that for every watt of IT power, an additional watt is consumed to cool and distribute power to the IT equipment. A PUE closer to 1.0 means nearly all of the energy is used for computing.

The trailing-twelve-month (‘TTM’) energy-weighted average PUE for all our owned and operated data centres is 1.58 in (FY22: 1.59).

Topic Code Accounting Metric Supporting Disclosures
Data privacy TC-TL-220a.1 Description of policies and practices relating to behavioural advertising and customer privacy 2023 Annual Report, Data privacy (pages 40-42)

We believe that everyone has a right to privacy wherever they live in the world, and our commitment to our customers’ privacy goes beyond legal compliance. As a result, our privacy programme applies globally, irrespective of whether there are local data protection or privacy laws.

Our privacy management policy is based on the European Union General Data Protection Regulation (‘GDPR’) and this is applied across Vodafone markets both inside and outside the European Economic Area. Our privacy management policy establishes a framework within which local data protection and privacy laws are respected and sets a baseline for those markets where there are no equivalent legal requirements.

We always seek to respect and protect the right to privacy, including our customers’ lawful rights to hold and express opinions and share information and ideas without interference. At the same time, as a licensed national operator, we are obliged to comply with lawful orders from national authorities and the judiciary, including law enforcement.
Additional information

Our privacy programme governs how we collect, use and manage our customers’ personal data to ensure we respect the confidentiality of their communications and any choices that they have made regarding the use of their data. Our privacy programme is based on the following principles:

  • Accountability: We are accountable for living up to our commitments throughout Vodafone and with our partners and suppliers.
  • Fairness and lawfulness: We comply with privacy laws and act with integrity and fairness when we obtain and handle customer data, including asking for the consent of the data subject where necessary. We also actively engage with stakeholders, including civil society, academic institutions, industry and government, in order to share our expertise, learn from others, and shape better, more meaningful privacy laws and standards.
  • Choice and access: We give people the ability to make simple and meaningful choices about their privacy and allow individuals, where appropriate, to access, update or delete their personal data.
  • Security safeguards: We implement appropriate technical and organisational measures to protect personal data against unauthorised access, use, modification or loss.
  • Privacy by design: Respect for privacy is a key component in the design, development and delivery of our products and services.
  • Openness and honesty: We communicate clearly about the data we collect, as well as our actions that may impact privacy. We ensure our actions reflect our words and we are open to feedback.
  • Balance: When we are required to balance the right to privacy against other obligations necessary for a free and secure society, we work to minimise privacy impacts.

Responsible data management

We apply appropriate data management practices to govern the processing of personal data. We carefully select external partners and we limit disclosure of personal data to what is described in our privacy notices or to what has been authorised by our customers.

Some of our services require that we share customer data by their very nature. For example, when our customers are roaming abroad, we need to share communications metadata with other operators to ensure customers are billed the correct amount.

We also ensure personal data is not stored for longer than necessary or as is required by applicable laws and to maintain accuracy of data. Our European customer data is stored on servers in Europe and any transfers of personal data across national borders are subject to robust data transfers compliance procedures, including use of additional safeguards, such as encryption, anonymisation or pseudonymisation. These processes apply to both internal data transfers (such as with our shared service centres), as well as with suppliers and partners.

 

Topic Code Accounting Metric Supporting Disclosures
Data privacy TC-TL-220a.2 Number of customers whose information is used for secondary purposes 2023 Annual Report, Data privacy (pages 40-42)

We want to enable our customers to get the most out of our products and services. To provide these services, we need to use our customers’ personal information. We aim to protect our customers’ data, use it for a stated and specific purpose, and we are always open about what customer data we collect, and why we collect it.

Each local market publishes a Privacy Statement to provide clear, transparent and relevant information on how we collect and use personal data, what choices are available regarding its use and how customers can exercise their rights. Our product-specific privacy notices include details relating to a particular product. These statements and notices are available to customers online, in the MyVodafone app and in our retail stores.

Under the SASB Standards, the definition of ‘secondary purposes’ includes using customer data to improve our products and services. As we monitor the quality, security and use of our connectivity so that we can continually improve and optimise our services, this accounting metric is not meaningful [TC-TL-220a.2].
Additional information

Key uses of customer data are outlined below.

  • Provision of services: We process customer personal data to provide our customers with the products and services they have requested, to fulfil our contractual and legal obligations, and to provide customer care. To provide our services and to charge our customers the correct amount, we must process communications metadata regarding calls, texts and data usage. 
  • Quality, development and security of services: We monitor the quality and use of our connectivity and other services so that we can continually improve and optimise them. We also use customer data to help detect and prevent fraud, as well as keep our networks and services secure. 
  • Marketing and online advertising: Our customers may voluntarily consent to receive relevant offers and/or targeted advertising through various channels (website, MyVodafone app, email, messaging or post). Where permitted,  we will use customer data to market our products and services and provide more accurate and tailored recommendations. This means we can present our customers with offers when they need them most; for example, when they are about to run out of data. Customers may control their marketing permissions in a granular manner at any time, including opting-out from receiving targeted marketing. Third-party marketing is based on separate permissions. Use of cookies on our websites is based on end-user permissions for both first and third-party cookies, and we clearly indicate if a cookie belongs to first or third parties. We do not sell data tied to specific individuals to third parties. 
  • Sharing of data: Where we rely on external suppliers and service providers to process data on our behalf, they are subject to security and privacy due diligence processes, and appropriate data processing agreements govern their activities. Ultimately, all third parties that we share customer data with are required to comply with our own Privacy Policies. New suppliers are subject to onboarding supplier security and privacy verification procedures to ensure our standards are met. We do not share customers’ personal data otherwise, unless required by law or with the consent of the customer.

We may also derive insights with algorithmic systems based on customers’ information. In that context, we have developed a comprehensive end-to-end framework of controls to ensure that customers’ personal information is only processed for purposes which have been agreed with our customers. We apply rigorous methods of anonymisation and de-identification to process the data in the least identifiable manner necessary for a given purpose. Use cases need to be approved from a security, privacy and, where relevant, AI governance perspective, with sensitive/high risk use cases also needing approval from a human rights perspective.

Permissions management platform

We provide our customers with access to their data through online and physical channels. These channels can be used also to request deletion of data that is no longer necessary, or for correction of outdated or incorrect data, or for data portability. Our customer privacy statements and other customer facing documents provide comprehensive information on how these rights can be exercised and how to raise complaints or contact the relevant data protection authority. Our frontline retail and customer support staff are trained to respond to customers’ requests.

Our state-of-art, multi-channel permission management approach, deployed across our channels (MyVodafone app, website, call centres and retail stores), allows our customers to control how we use their data for marketing and other purposes at any time. Permissions are synchronised across our channels. For example, customers can:

  • Opt-in for processing of special categories of data;
  • Choose what data we collect through the MyVodafone app and how it is used;
  • Opt-out from marketing across different channels (call, SMS, notifications), or opt-in to the use of their communications metadata for marketing purposes or for receiving third-party marketing messages; and
  • Opt-out from the use of anonymised network and location data (‘Vodafone Analytics’). More information on Vodafone Analytics can be found here: vodafone.co.uk/privacy/vodafone-analytics.

 

Topic Code Accounting Metric Supporting Disclosures
Data privacy TC-TL-220a.3 Total amount of monetary losses as a result of legal proceedings associated with customer privacy (including a description of nature, context and any corrective actions taken) 2023 Annual Report, Data privacy (pages 40-42)

We have a strong culture of data privacy and our assurance and monitoring activities are designed to identify potential issues before they materialise. However, during the financial year, Vodafone was fined €1 million (FY22: €2 million) for separate data privacy issues, primarily relating to fraudulent SIM swaps, telesales and marketing without consent, human and system errors in data processing, and delayed execution of data subject rights. In response, we have introduced new standards and increased monitoring.

 

Topic Code Accounting Metric Supporting Disclosures
Data privacy TC-TL-220a.4 (1) Number of law enforcement requests for customer information, (2) number of customers whose information was requested, (3) percentage resulting in disclosure Law Enforcement Disclosures

As a global telecommunications provider, our most significant human rights risks relate to our customers’ rights to privacy and freedom of expression. We acknowledge that we can be faced with challenges in this area and we collaborate with our stakeholders. We are a member of initiatives such as the United Nations B-Tech Project which convenes business, civil society and government to advance implementation of the UN Guiding Principles in the technology sector.

Law enforcement and national security legislation often includes stringent restrictions preventing operators from disclosing any information relating to agency and authority demands received, including the disclosure of aggregated statistics. As a result, we are unable to publish the requested aggregated statistics with respect to the Vodafone Group as a whole [TC-TL-220a.4].

In 2014, Vodafone was one of the first global telecommunications operators to provide country-by-country insight into the nature of the local legal regimes governing law enforcement assistance and the volume of each country’s agency and authority demands (wherever that information is available and publication is not prohibited). We publish information regarding Law Enforcement Assistance on our website: Vodafone.com/handling-law-enforcement-demands.
Additional information

Vodafone’s global business consists largely of a group of separate subsidiary companies, each operating under a local licence (or other authorisation) issued by the government of the country in which the subsidiary is located. Each of these subsidiary companies is therefore subject to the domestic laws of the relevant country.

As a licensed national communications services provider, Vodafone must address the balance between our customers’ right to privacy and freedom of expression and the statutory requirements to provide law enforcement assistance to government agencies and authorities.

Law enforcement and national security legislation often includes stringent restrictions preventing operators from disclosing any information relating to agency and authority demands received, including the disclosure of aggregated statistics.

In a number of countries, the law governing disclosure remains unclear; it can also be difficult to engage with the relevant authorities to discuss these issues. Where we are unable to obtain any clarity regarding the legality of disclosure, we have refrained from publishing any statistics.

Vodafone first published statistics on the number of law enforcement demands in 2014 and our core principles and practices are unchanged. For those markets where disclosure is possible, we provide a breakdown of the number of demands received on a country-by-country basis. This covers the number of demands received to conduct lawful interception, or to disclose customer communications data.

Despite our transparency in this area, there remains no established reporting model to follow when compiling the information requested, nor a standardised method for categorising the type and volume of agency and authority demands. In addition, different governments, parliaments, regulators, agencies and authorities apply a variety of definitions when authorising or recording the types of demands made, as do operators themselves when receiving and recording those demands.

We continue to advocate that it would be much more effective if governments provided consistent and comprehensive metrics spanning the industry as a whole, as this would provide the public with a better understanding of the law enforcement activity being undertaken in their country.

Law Enforcement Assistance policy

Vodafone has a clear set of principles that are used to determine when communications data (which could include metadata such as names, addresses and services subscribed) should be disclosed:

We do not:

  • Allow any form of access to any customer data by any agency or authority unless we are legally obliged to do so;
  • Go beyond what is required under legal due process when responding to demands for access to customer data other than in specific safety or life emergencies (such as assisting the police with an active kidnapping event) or where refusal to comply would put our employees at risk; or
  • Accept any instructions from any agency or authority acting beyond its jurisdiction or legal mandate.

We do:

  • Require all agencies and authorities to comply with legal due process;
  • Scrutinise and, where appropriate challenge the legal powers used by agencies and authorities in order to minimise the impact of those powers on our customers’ right to privacy and freedom of expression;
  • Honour international human rights standards to the fullest extent possible whenever domestic laws conflict with those standards;
  • Communicate publicly any threats or risks to our employees arising as a consequence or our commitments to these principles, except where doing so would increase those risks; and
  • Seek to explain publicly the scope and intent of the legal powers available to agencies and authorities in all countries where it is lawful to do so.

In each of our operating companies, a small group of employees are tasked with liaising with agencies and authorities in order to process demands received.

Those employees are usually security cleared and are bound by strict national laws to maintain confidentiality regarding both the content of those demands and the methods used to meet them.

Conditions for disclosing customer data

We will provide assistance in response to a demand issued by an agency or authority with the appropriate lawful mandate and where the form and scope of the demand is compliant with the law. Each of our local operating businesses is advised by senior legal counsel with the appropriate experience to ensure compliance with both the law and with our own principles.

Notifying customers

Local laws will dictate whether operators are able to notify a customer in the event of being in receipt of a lawful demand to disclosure their data.
Law enforcement demands are sensitive in nature and we believe it is for governments to provide clear guidelines to operators on any risks associated with notifying a customer.

Country-by-country disclosure

We publish information regarding Law Enforcement Assistance on our website: vodafone.com/handling-law-enforcement-demands.
It is important to emphasise that attempts to compare one country’s metrics with those of another are essentially meaningless given there are no consistent points of common reference and there are very wide variations between legal frameworks, record keeping requirements, and reporting regimes. Similarly, it can be difficult to draw accurate conclusions from year-on-year changes in reported metrics within a country, as these can be influenced by a range of factors. These could include amendments to legislation or new laws; developments in agency or authority or accepted industry practices; or changes to the approaches used to log, aggregate and disclose lawful demands.

We have robust processes in place to manage and track each demand and the information collated and published on our website (wherever available and wherever publication is not prohibited) has been overseen by the relevant Disclosure Officer in each market.

Governance

The overall law enforcement assistance programme is overseen by the Chief External and Corporate Affairs Officer, a member of the Group Executive Committee.

Although the details of individual demands remain highly confidential and cannot be communicated, Vodafone’s security and audit teams conduct regular reviews of the overarching processes and policies that are in place to ensure the integrity of our law enforcement disclosure systems.

Topic Code Accounting Metric Supporting Disclosures
Data security TC-TL-230a.1 (1) Number of data breaches,
(2) percentage involving personally identifiable information (PII),
(3) number of customers affected (including a description of any corrective actions taken)		 2023 Annual Report, Cyber security (pages 42-43)

As a global connectivity provider, we are subject to a range of cyber threats. We use our layers of controls to identify, block and mitigate threats and reduce any business or customer impact. Where a security incident occurs, we have a consistent incident management framework and an experienced team to manage our response. The focus of our incident responders is always fast risk mitigation and customer security.

Vodafone classifies security incidents on a scale (S0-S4) according to severity, measured by business and customer impact. We attribute root causes to incidents and use the information to improve our control effectiveness. The highest severity category (S0) corresponds to a significant data breach or loss of service caused by the incident. There have been no cyber incidents classified at this level in the past financial year [TC-TL-230a.1]. Even with an increased threat landscape, we have seen a gradual decline in the numbers of more severe incidents.

In the event of a cyber breach, disclosure is made in line with local regulations and laws, and based on a risk assessment considering customers, law enforcement and relevant authorities. The European Union’s GDPR provides a framework for notifying customers in the event there is a loss of customer data because of a data breach, and this framework is a baseline across all our markets.
Additional information

In February 2022, Vodafone Portugal experienced a network outage that was caused by a deliberate cyber attack that was intended to cause disruption. No malware or malicious software was installed, and the attack method would be described as a ‘living off the land’ attack because it did not use any specialist tools. The attack relied on sophisticated social engineering, and a deep understanding of IT systems and networks. Investigations revealed that no customer data was accessed or compromised. No other Vodafone markets experienced any disruption from this incident.

The outage affected the data network in Portugal. The impact was loss of some voice and data services, some TV services and enterprise and business applications across the country, as well as international connections. Home broadband and linear TV were unaffected by the attack. On detecting the incident, we utilised our global incident management framework and immediately took action to identify, contain further risk and restore services quickly. Mobile data services and interconnections with other operators were resumed within eight hours of the attack, with other services being recovered during the next 48 hours. The Vodafone Portugal CEO immediately and proactively communicated with customers, and the team used widespread online, social media and press information and articles to keep customers aware of our recovery progress. Our cyber security team is continuing the investigation of this incident and working with local law enforcement and security agencies.

During the incident, 4.7 million mobile and one million fixed line customers were impacted, with some customers having both services. While the network outage was significant, it was only classified as a severe network incident for 48 hours. The direct costs of the incident are estimated in the range of €5 million and are financially immaterial in the context of Vodafone Portugal’s operations and the wider Vodafone Group.

 

Topic Code Accounting Metric Supporting Disclosures
Data security TC-TL-230a.2 Description of approach to identifying and addressing data security risks, including use of third-party cybersecurity standards 2023 Annual Report, Cyber security (pages 42-43) and Risk management (pages 51-59)

Our role is to enable connectivity in society. As a provider of critical national infrastructure and connectivity that is relied upon by millions of customers, we prioritise cyber and information security across everything we do. Our customers use Vodafone products and services because of our next-generation connectivity, but also because they trust that their information is secure.

Cyber security is one of Vodafone’s principal risks. We understand that if not managed effectively, there could be major customer, financial, reputation, stakeholder or regulatory impacts. Risk and threat management are fundamental to maintaining the security of our services across every aspect of our business.

To help us identify and manage emerging and evolving risks, we constantly evaluate and challenge our business strategy, new technologies, government policies and regulation, and cyber threats. We conduct regular reviews of the most significant security risks affecting our business and develop strategies and policies to detect, prevent and respond to them. Our cyber security strategy focuses on minimising the risk of cyber incidents that affect our networks and services. When incidents do occur, we identify the root causes and use them to improve our controls.
Additional information

Controls can prevent, detect or respond to risks. Most risks and threats are prevented from occurring and most will be detected before they cause harm and need a response. A small minority will need recovery actions.

We use a common global framework called the Cyber Security Baseline and it is mandatory across the entire Group. The baseline is based on an international standard and includes key security controls which significantly reduce cyber security risk, by preventing, detecting or responding to events and attacks. We have effectiveness targets for the key controls that are monitored and reported to senior management for each market every month. The framework is regularly reviewed and new controls or new targets identified each year.

As well as monitoring control effectiveness within Vodafone, we oversee the cyber security of our suppliers and third parties with a dedicated team. At supplier onboarding, security requirements are written into contracts, and we determine the inherent risk of the supplier based on the service they are providing. We then assess their controls to understand the residual risk, which informs the frequency of review. We follow up on open actions and ensure security incidents are tracked and managed.

A dedicated assurance team reviews and validates the effectiveness of our security controls, and our control environment is subject to regular internal audit. The security of our global networks is also independently tested and benchmarked versus other telecommunications operators every year to assure we are maintaining the highest standards and our controls are operating effectively. We maintain independently audited information security certifications, including ISO 27001, which cover our global technology function and 15 local markets. In addition, our markets comply with national information security requirements where applicable.

Topic Code Accounting Metric Supporting Disclosures
Product end-of-life management TC-TL-440a.1 (1) Materials recovered through take back programs, percentage of recovered materials that were (2) reused, (3) recycled, and (4) landfilled 2023 Annual Report, Planet (pages 35-38), 2023 ESG Addendum and EcoRating press release

Aside from carbon emissions, electronic waste is the largest material environmental issue for our business. We seek to manage our own impact in a responsible manner and also support our customers with their efforts, often in conjunction with our partners and other operators.

We no longer report the weight of products collected via product take-back schemes as we have retired the metric in place of our newly formed partnership with WWF.

WWF partnership

In November 2022, we launched our ‘1 million phones for the planet’ campaign with WWF. The aim is to raise consumer awareness of e-waste and incentivise our customers to bring back their used devices for trade-in, donation or recycling. WWF’s ability to deliver impactful environment projects, combined with Vodafone’s digital technology capabilities and our reach across a global consumer audience, will enable us to show how technology can help overcome sustainability and conservation challenges.
Additional information

Partnerships: Improving consumer awareness of product sustainability

In May 2021, we launched a new Eco Rating labelling scheme jointly with other major European operators. Eco Rating is a pan-industry initiative to help consumers identify and compare the most sustainable mobile phones on the market, whilst also encouraging suppliers to reduce the environmental impact of devices. Eco Rating evaluates the environmental impact of the entire production process, transportation, use and disposal of a handset, resulting in an overall score. 

In November 2022, Eco Rating expanded to reach 35 countries, supported by 22 manufacturers and eight telecommunications operators. Since its introduction, the rating has contributed to improving the environmental performance of mobile phones on the market, illustrated by the increase of the average Eco Rating score from 74 to 76 out of a maximum 100 since it was launched 18 months ago. We now operate this initiative in 12 markets with over 200 handsets assessed and available to our customers.

Customers can learn more about the initiative and see how the rating is calculated by visiting a new website at: ecoratingdevices.com

Partnerships: Extending the lifetime of devices

In partnership with Recommerce, our ‘Trade in’ campaign encourages customers to extend the lifetime of their device by trading it in to be refurbished and resold. Our digital trade-in platform, now live in four European markets, offers customers a guaranteed price to make the trade-in customer journey convenient, cost-effective and attractive.

We are also encouraging our customers to consider purchasing second-life devices. Purchasing a refurbished smartphone saves around 50kg of CO2e – making its contribution to climate change 87% lower than that of the equivalent, newly manufactured smartphone – and removes the need to extract 76.9 kg of raw materials.We offer customers high quality and competitively priced refurbished smartphone ranges in the UK, Turkey, and Vodacom.

Topic Code Accounting Metric Supporting Disclosures
Competitive behaviour & open internet TC-TL-520a.1 Total amount of monetary losses as a result of legal proceedings associated with anticompetitive behaviour regulations (including a description of nature, context and any corrective actions taken) 2023 Annual Report, Responsible business (page 40-49)

Vodafone has zero tolerance for activities that breach laws concerning competitive behaviour. We understand that a lack of competition adversely affects customers and the potential for investigations, fines, reputational damage and subsequent damages claims is high and potentially financially material.

There were no fines imposed by competition authorities against Vodafone in FY23 [TC-TL-520a.1]. This followed FY22, where there were no cases where Vodafone was found to have been involved in anti-competitive conduct and Vodafone was also successful in several appeals, including the appeal against an Italian Competition Authority (‘ICA’) infringement decision and fine against Vodafone Italy with respect to the billing cycles case (further information is included in the ‘Additional information’ section below).
 
In Germany, a complaint has been lodged against Vodafone Germany by a mobile network operator, 1&1, in relation to Vantage Towers and an alleged obstruction of 1&1’s 5G rollout process. The investigation is at a very early stage and further information is included in the ‘Additional information’ section below.
Additional information

The telecommunications sector is characterised by a high level of competitive intensity, with many alternative providers giving customers a wide choice of suppliers. In each of the countries in which we operate, there are typically three or four mobile network operators (‘MNOs’), such as Vodafone, which own their own network infrastructure, as well as several resellers that procure network services from MNOs on a wholesale basis.

Operators face significant investment cycles in the context of ever-increasing levels of demand for network capacity and deflationary prices. Where industry costs are expected to increase, it is part of the competitive process that operators individually start to consider their options. Operators, including Vodafone, need to ensure they are able to keep up with the increasing need for further investment in network infrastructure to enable societies to remain connected, as well as the increasing prices being passed on from their vendors and suppliers (e.g. energy providers, network equipment manufacturers) in the current inflationary environment. The options available to operators include cost saving initiatives, such as entering into active and/or passive network sharing arrangements, acquisitions of attractive businesses belonging to other operators and adjustments to commercial practices, including pricing.

Fixed telecoms markets in most countries are still dominated by the historic incumbent operator (typically the former state-owned operator), in particular at the wholesale level. Access to many wholesale services from the incumbent, such as fixed access and leased lines, is still regulated in most countries.

Despite the inherently complex nature of the telecommunications sector and the rapidly changing market dynamics, there have been relatively few examples of anti-competitive behaviour or accusations made against Vodafone in recent years.

Historically, in cases where Vodafone was found to have engaged in anti-competitive conduct, penalties were relatively low.

Whilst there were no fines imposed by competition authorities against Vodafone in FY23, a complaint was lodged with the German Federal Cartel Office by 1&1 against Vodafone Germany. 1&1 is an MNO in Germany and a relatively new entrant. It entered into an agreement with Vantage Towers in December 2021 for Vantage Towers to supply a certain number of towers, including an initial target by end of 2022. For a variety of reasons, the initial target has had to be delayed to the end of 2023 and 1&1 has submitted a complaint to the German competition authority (Bundeskartellamt). 1&1 is arguing, in particular, that Vodafone Germany has leveraged its relationships with Vantage Towers to prevent Vantage Towers from delivering under its contract with 1&1 with the goal of frustrating 1&1’s rollout to gain a competitive advantage. The investigation is still at a very early stage.

During FY23, there were also a number of developments with regard to competition law matters (investigations and/or litigation) that had originated in previous years.

Portugal

Online search advertising (Google Adwords): In July 2020, the Portuguese Competition Authority (‘PCA’) issued a Statement of Objections to Vodafone and other Portuguese telecommunications operators. The PCA alleged that the operators had entered into an anti-competitive agreement to limit competition in advertising on the Google search engine which, in turn, restricted competition in various retail telecommunications markets. Vodafone Portugal is vigorously defending itself and submitted a written defence and evidence in support of its case to the PCA in October 2020. The investigation is ongoing and the PCA has recently notified Vodafone Portugal of its decision to extend the deadline for concluding its investigation until the end of 2023.

Pay TV advertising (TV adverts): In August 2020, the PCA initiated an investigation on the basis of news in the media regarding the joint commercialisation and implementation of a 30-second advertising spot before Pay TV content by Pay TV operators MEO, NOS, Vodafone Portugal and Accenture. Prior to launching the service, the parties had joint meetings with the PCA to present the project and to address possible competition issues. In December 2021, the PCA issued a Statement of Objections accusing the Pay TV operators of anticompetitive conduct. Vodafone Portugal is vigorously defending itself and submitted a written defence and evidence in support of its case to the PCA in March 2022. The investigation is ongoing.

UK

Phones 4U litigation: In December 2018, the administrators of former UK indirect seller, Phones 4U, sued the three main UK mobile network operators (‘MNOs’), including Vodafone UK, and their parent companies. The administrators allege a conspiracy between the MNOs to pull their business from Phones 4U thereby causing its collapse. The first trial on liability took place in May-July 2022. Vodafone vigorously defended the claim, and is waiting to receive the judgement, which is expected to be issued in 2023. Further information about this case is provided in the Group’s Annual Report for the financial year ended 31 March 2023 on page 199.

 

We consider all content carried on our Mobile and Fixed networks as non-associated content under the definition within the SASB Standards.

We provide our customers with Mobile and Fixed connectivity products and services and operate across multiple countries and continents. Given the distinct differences between technologies and regions, we have provided average sustained download speeds across multiple categories below.

Topic Code Accounting Metric Supporting Disclosures
Competitive behaviour & open internet TC-TL-520a.2 Average actual sustained download speed of (1) owned and commercially associated content and (2) non-associated content  

We consider all content carried on our Mobile and Fixed networks as non-associated content under the definition within the SASB Standards.

We provide our customers with Mobile and Fixed connectivity products and services and operate across multiple countries and continents. Given the distinct differences between technologies and regions, we have provided average sustained download speeds across multiple categories below.

Region Average sustained download speed Mbps
5G-preferred mode 4G-preferred mode
Europe

142Mbps (FY221: 126Mbps)

43Mbps (FY221: 42Mbps)
Africa

172Mbps (FY221: 65)

n/a

Fixed networks (Europe) [TC-TL-520a.2]

Access Technology Typical speed tier/proposition range Average sustained download speed Mbps
FTTH/Hybrid Fibre Coaxial

100 – 500 Mbps

297Mbps (FY221: 287Mbps)
xDSL

38 – 100 Mbps

64Mbps (FY221: 60Mbps)

1To ensure a like-for-like basis of comparison with the prior year, FY22 values have been restated using the same scope as reported in FY23. Further details on the markets within scope is included in the ‘Additional information’ section below.

Additional information

We use various tools and techniques to measure our customers’ user experience on our mobile and fixed access networks. Part of our approach involves the use of independent third-party benchmark providers who conduct regular active field-testing on our behalf in the markets where we operate.

Mobile networks

Vodafone uses the industry-recognised benchmark provider to perform annual testing of all our mobile networks in the markets where we operate. The testing tool is equipped with 5G-capable devices to measure the 5G network performance where available. In locations where 5G coverage is not deployed, the tests are executed using the 4G networks. The testing configuration is defined to represent the achievable customer experience.

The regional averages presented above are calculated by combining the results of the Vodafone markets in scope using the size of the customer base in each market as a weighting factor. The weighted average sustained download speeds for Europe include all our markets in Europe, as well as VodafoneZiggo and Turkey. The average sustained download speeds for Africa reflect data from Vodacom (South Africa).

Fixed networks

Similar to the Mobile measurement methodology, Vodafone engages with independent third-party benchmark companies to regularly test typical customer experience on our Fixed networks.

Active probes connected to Vodafone customers’ routers and internet switches perform regular speed tests to ensure a statistically valid sample across the most penetrated speed tiers/propositions in each market. Network performance is measured to the closest content delivery network for each customer.

Download speeds, defined as data throughput in Mbps, are observed over a 24-hour period and reported as an average according to the underlying access technology, either xDSL or FTTH/Hybrid Fibre Coaxial technologies.

The regional averages presented above are calculated by combining the results of the Vodafone markets in scope using the size of the customer base in each market as a weighting factor. The weighted average sustained download speeds for Europe reflect data for Italy, UK, Spain, Portugal, Greece and Romania only.

 

Topic Code Accounting Metric Supporting Disclosures
Competitive behaviour & open internet TC-TL-520a.3 Description of risks and opportunities associated with net neutrality, paid peering, zero rating, and related practices  

The principle of net neutrality centres on safeguarding the rights of the end-user on the internet, with end-user in this context meaning both the providers making content available over the internet, and those accessing it. Under the concept of net neutrality, internet service providers should not unjustifiably discriminate against or prioritise certain traffic, and should ensure internet access remains ‘open’ to end-users, hence it also being known as the open internet principle. Vodafone agrees with and supports these principles.

The way in which these principles are applied in practice differs across the markets in which we operate owing to the differing legal requirements and may be impacted by a number of factors. The application and interpretation of these rules is also subject to change over time. An example in the different approaches can be seen in relation to the concept of zero-rating (described in more detail in the ‘Additional information’ section below).

Vodafone always ensures that our services and commercial practices comply with the core principles of net neutrality, and in compliance with the prevailing rules and guidance in the markets in which we operate.

At the same time, we are committed to expanding and future-proofing our network infrastructure and developing and supporting innovative services for the benefit of all our customers. The pandemic underscored the importance society places on fast, low latency, reliable and secure connectivity and the services delivered over this, and how this can help overcome the deep digital divides – between people, businesses, and communities – that the pandemic has shone a light on. The development of such a supportive digital ecosystem requires both public and private investment in digital, along with policy reforms that are pro-investment, pro-innovation and supportive of returns.

Vodafone is concerned that the fragmented approach to net neutrality globally, and the evolutionary way in which it is applied, gives rise to a degree of regulatory uncertainty, which can in turn act as a brake on the innovation needed. We will therefore continue to work with policy makers and regulators to ensure that the policy environment remains supportive of network deployment, investment and digital connectivity and services, whilst at the same time preserving the essence of net neutrality principles.
Additional information

Zero-Rating

The practice of zero-rating is where an internet service provider does not ‘charge’ an end-user for access to specified content, applications or websites over the internet. In other words, where an end-user accesses zero-rated content, applications or websites, it does not count towards their data allowance.

Given the benefits it can bring to end-users, Vodafone does zero-rate certain content and services, but only if the zero-rating complies with the prevailing guidance, regulations and laws in the country it is offered. Vodafone offers zero-rating in two common use cases:

Zero-Rated Tariffs

In some markets, where many consumers are increasingly choosing unlimited tariffs, the use of zero-rating is becoming less common. However, for those customers choosing tariffs with finite data allowances, zero-rating offers on specific categories of application or use-case can provide more certainty, as they can use the covered applications without worrying about their data allowance.

Vodafone has therefore offered tariffs that include zero-rating since 2015. These offers were always designed with the prevailing net neutrality rules and guidance in mind. For example, to ensure we adhered to the principles of transparency and openness, any partner that met defined objective and transparent criteria was able to have their content zero-rated as part of our offer. Additionally, to ensure we did not restrict the ‘openness’ of the internet, end-users were only able to access the zero-rated traffic to extent they had a remaining data allowance, meaning they were never in a position where they could only access the ‘zero-rated’ traffic (i.e. there was never a ‘walled garden’ internet experience).

These offers were reviewed by multiple national regulatory authorities since their launch and, whilst certain adjustments were made over time to ensure compliance with the prevailing guidance, they were deemed compliant under the Net Neutrality framework in the EU.

However, in September 2021, the Court of Justice of the European Union (‘CJEU’) issued three judgements that stated that any price-differentiation practice, including zero-rating, that was not application-agnostic was not considered compliant with the EU’s Net Neutrality Regulation. Whilst the detail on how these judgements shall be applied in practice is still under review by the European Body of Regulators (‘BEREC’), it is accepted that, in the EU, all operators, including Vodafone, will ultimately be required to phase out zero-rated commercial offers in the EU.

The CJEU’s judgements and any associated guidance issued by BEREC are not directly applicable outside of the EU. For example, the UK regulator has indicated that Vodafone may continue to offer its zero-rating tariff in the UK on the basis that it was designed to comply with the key principles of net neutrality.

Public Good Zero-Rating

Zero-rating can also be a means to support social good, for example by allowing unrestricted access to content and applications that subscribers rely on. In this sense, zero-rating can be used to enhance data democratisation.

For example, DreamLab is an application that has been developed by the Vodafone Foundation and Imperial College London. The app helps support cancer and coronavirus research by using the processing power of smartphones to help analyse complex data while the device is charging but going unused (typically overnight). In recognition of the societal benefits that this sort of ‘crowd-sourced’ scientific research brings, this application was zero-rated by Vodafone.

In addition, Vodafone zero-rated a number of websites, applications and services for the public good during the COVID-19 pandemic – for example, in Ireland we zero-rated certain government-identified health and education resources, in Greece we zero-rated various education websites to facilitate the government’s online-learning policy during the pandemic, and in the UK we zero-rated access to health resources. In the Czech Republic, a public good zero-rated pass was introduced, called “Pass for Good”, which gave access to health resources, amongst other applications. In Turkey, we also zero-rated remote education and health applications and platforms, on request from public authorities. Post-pandemic, a number of these practices have –– been phased out following discussion with the relevant authorities, but a limited number of practices remain in place.

In some of our markets, the practice of zero-rating such public good services is something that is even becoming mandatory, where the authorities have determined that the zero-rating of essential state and emergency sites provides social benefits. For example, in South Africa, the assignment of high demand spectrum to Vodacom SA in 2021 came with social obligations, including zero-rating mobile content provided by designated Public Benefit Organisations, including gov.za websites. This obligation will apply from as and when the digital migration process in South Africa is completed and operators are able to access the acquired spectrum.

In light of the recent CJEU judgements on zero-rating, telecommunications operators are now waiting for further guidance on whether this will impact public good zero-rating withing the EU. We are actively engaging with our stakeholders and regulators (including BEREC) to emphasise that zero-rating for social benefits is a positive practice.

Content Blocking

As noted above, one of the key principles of net neutrality is that internet service providers should not unjustifiably discriminate against certain traffic, which would include blocking content.

However, operators are permitted to block content under certain circumstances, for example where required under law. This has been of particular relevance to operators in relation to the recent orders issued by the European Union to block content associated with specified Russian media operators. It was confirmed by BEREC that action to block such websites would not be in conflict with the net neutrality principles, and Vodafone has therefore taken action to block the content of these media operators, subject to safeguards required by our internal policies to ensure legality and proportionality of the requirement.

Innovation under Net Neutrality

We are committed to ensuring an internet that is open to all, and where end-users control their experience on the internet.

At the same time, we are seeing substantial changes across the internet value chain, and there is now a significant diversity in terms of the networks, devices, content and types of user. As a result, we are increasingly seeing demand:

  • From consumers for different tariff options and packages that best suit their needs;
  • From business customers in relation to specific business services, which require guaranteed speeds and quality;
  • From content providers, who require their content (such as metaverse or connected mobility applications) to be delivered with a guaranteed quality; and
  • From connected devices, which also rely on specific quality parameters.

This demand for differentiation will continue to increase, as end-users seek to make use of the opportunities presented by edge computing and 5G network slicing, which allow for differentiation within networks. Therefore, the ability to provide such differentiated services and commercial propositions will encourage operators to invest in their networks and offer innovative services to businesses and customers, which will in turn help bridge the digital divide.

Vodafone strives to ensure that new and existing services and propositions that take advantage of the latest technologies comply with the prevailing rules and guidance on net neutrality. However, whilst existing guidance, for example from BEREC, has indicated that use cases based on 5G and edge computing can comply with the net neutrality regulation, there remains a degree of uncertainty as the regulations were designed before these technologies were in active use. We continue to work with regulators and policymakers to ensure a clear, unambiguous and innovation and investment-friendly interpretation and application of net neutrality principles is applied across our markets.

Topic Code Accounting Metric Supporting Disclosures
Managing systemic risks from technology disruptions TC-TL-550a.1 (1) System average interruption frequency and

(2) customer average interruption duration (including a description of each significant issue and corrective actions)		  

In line with industry best practice, Vodafone classifies and prioritises the resolution of each service disruption or incident according to the severity of its customer and business impact. Severity is based on the number of customers affected and whether the number is significant in the context of the overall size of the particular market.

The figures presented below reflect 28 (FY22: 381) high-impact and critical incidents identified and resolved during FY23, representing a 26% year-on-year reduction. Vodafone drives a culture of continuous improvement and seeks to identify lessons learned from all service interruptions reported.

In FY23 the number of markets included in our analysis was decreased following the sale of Vodafone  Hungary in January 2023. To ensure a like-for-like basis of comparison with the prior year, FY22 values have been restated using the same scope as reported in FY23. Further details on the markets within scope is included in the ‘Additional information’ section below.

(1) System average interruption frequency [TC-TL-550a.1(1)]
Mobile: 0.01 interruptions per customer (FY22: 0.071). In other words, 1% of our in-scope mobile customer base experienced a disruption that was classified as high-impact and critical at some point during the year.

Fixed: 0.03 interruptions per customer (FY22: 0.071). In other words, 3% of our in-scope fixed customer base experienced a disruption that was classified as high-impact and critical at some point during the year.
The statistics set out above do not provide any information with respect to the typical duration of each disruption or whether the same customer experienced a disruption more than once during the period.

(2) Customer average interruption duration [TC-TL-550a.1(2)]
The SASB Standards define this metric as the aggregated downtime divided by the total number of customers affected by the interruptions. Given interruptions typically only last for a short period (minutes and hours) and we have such a large customer base, this metric is not meaningful and would be measured in milliseconds.

We have therefore calculated an alternative and more meaningful metric based on a weighted average of the disruption time and number of affected customers for each major incident.

Mobile: Average disruption duration for affected customers of 2 hours and 53 minutes (FY22: 5 hours and 46 minutes1), representing a 50% year-on-year improvement.

Fixed: Average disruption duration for affected customers of 6 hours and 50 minutes (FY22: 5 hours and 5 minutes1), representing a 34% year-on-year increase.

The metric set out above reflects the average disruption duration for affected customers and, as noted in the first part of this question, only part of our customer base experiences disruption in any given year. By multiplying the previous metrics by the percentage of our base that experienced a disruption during the year, we can estimate the average disruption duration for all of our in-scope customers.

Mobile:Average disruption duration for entire customer base of 2 minutes throughout the year (FY22: 24 minutes1), representing a 92% year-on-year reduction.

Fixed: Average disruption duration for entire customer base of 12 minutes throughout the year (FY22: 21 minutes1), representing a 43% year-on-year reduction.

1To ensure a like-for-like basis of comparison with the prior year, FY22 values have been restated using the same scope as reported in FY23. Further details on the markets within scope is included in the ‘Additional information’ section below.
Additional information

The averages presented above are calculated by combining the results for the following Vodafone markets: Germany, Italy, UK, Spain, Portugal, Ireland, Czech Republic, Romania, Albania and Greece.

The number of customer interruptions was calculated by aggregating the number of customers impacted by an interruption to one or more service (Mobile: Voice [2G], Data [3G, 4G] or Fixed: Data and Voice) and for the 28 high-impact and critical incidents within scope. If any customers experienced more than one interruption to one or more services during the year, each individual interruption is reflected in the calculations.

System average interruption frequency

We calculate the system average interruption frequency by aggregating all the customer interruptions within the reported incidents and dividing this by the number of unique customer accounts with active service during the period.

Customer average interruption duration

The Standards suggest that the average interruption duration should be calculated by aggregating the total downtime (in hours) and dividing this by the number of customer accounts affected during the period.

As explained above, we do not consider this metric to be meaningful and we have therefore calculated and presented two alternative metrics which we believe provide a more meaningful view of typical disruption duration for affected customers and our entire customer base.

  1. Weighted average disruption duration for affected customers; and
  2. Weighted average disruption duration for entire customer base.
Topic Code Accounting Metric Supporting Disclosures
Managing systemic risks from technology disruptions TC-TL-550a.2 Discussion of systems to provide unimpeded service during service interruptions 2023 Annual Report, Risk management (pages 51-59)

We define technology failure as network, IT or platform outages resulting from internal or external events leading to reduced customer satisfaction, reputational damage and/or regulatory penalties. Technology failure could arise as a result of technical failures, cyber-attacks, or weather events.

In our FY23 TCFD Report, we identify a number of long-term climate-related physical risks to our business. An increase in temperature and frequency of extreme weather events could result in damage to our technology equipment and an increase in the likelihood or frequency of technology failure. Damage to our infrastructure as a result of sea-level rise, flooding and fire is therefore considered one of the top physical risks impacting our operations.

Technology failure is one of our principal risks and is therefore subject to oversight from the Group’s Risk and Compliance Committee (‘RCC’) and the Audit and Risk Committee (‘ARC’). The Chief Technology Officer is the assigned executive-level risk owner and is accountable for confirming adequate controls are in place and that the necessary treatment plans are implemented to bring the risk profile within an acceptable tolerance. The recovery of key services and platforms must be fast and robust if we are to maintain customer trust.
Additional information

Our approach to managing the risk of technology failure is to ensure that we reduce the impact of disruptions within our risk appetite. This is achieved by categorising our operations and services according to business criticality and customer impact. Business continuity and disaster recovery plans are then created for critical operations and datacentres. These plans are reviewed at least annually and regularly tested.

Our Business Continuity program and related polices are aligned with the ISO 22301 international standard. In addition, seven markets and our shared services entities also hold equivalent local certifications. We also partner with the Business Continuity Institute (‘BCI’), ensuring that our Business Continuity professionals are aware of BCI’s Good Practice Guidelines and have access to specific training available through our global learning platform.

Our data centres are situated across multiple sites and our network infrastructure is designed to ensure that we can quickly and easily recover from any hardware faults. Data is replicated in real-time, backed-up and secured. Should a major technology failure occur, we are able to automatically transition to another datacentre to maintain service availability for our customers. We have a continuous process to learn from events and to apply necessary improvements across our footprint.

In the event of a major incident, we follow the Group’s global business continuity and disaster recovery plans, as well as our established emergency and crisis management plans and incident management processes. Communications processes are designed to escalate major incidents/disasters to key employees, as well as establish critical communications teams to manage the disaster. We strongly believe in the importance of prevention; however, we also believe that incidents should be treated as an opportunity for learning.

Our technology resilience policy is applied across all markets and business areas that operate technology. The technology resilience policy includes a number of key controls, such as:

  • Physical site risk assessments: All our sites and business operations are regularly reviewed for environmental (e.g. flooding/climate change), physical security, infrastructure and technology risks. Mitigation plans such as flood defences, fire suppression systems or perimeter fencing, are then applied to ensure risks are appropriately managed.
  • Service level targets: Critical business operations are identified and evaluated regularly to ensure they are recoverable within a specified timeframe (for example, requiring that 95% of services are recoverable within 4 hours). Service level targets apply to individual mobile sites, IT applications, data centres, and services such as video and payment services.
  • Continuity testing: All our sites are required to complete simulated site-loss tests on an annual basis. This must include a live-traffic component and teams are required to produce detailed reports and reflect on lessons learned. Local markets are also required to test individual components, applications and services regularly.
  • Outsourced Activity Control: Where critical assets in scope of the policy (sites, infrastructure, service or applications) are outsourced, our third-party providers are required to apply our policy requirements and controls.

To address new emerging technology failure scenarios, in FY23 the scope of our technology resilience policy was expanded to international and subsea networks, virtual infrastructure vulnerabilities and GPS resilience. Mitigation plans have been approved and are currently undergoing deployment.

Additionally, Vodafone Group holds insurance policies that cover the costs of damage to infrastructure and resulting network interruption, in whole or in part. Vodafone’s cyber liability insurance covers the costs for of technology failure through cyber attacks, viruses, or programming errors and any resulting data loss.

Topic Code Accounting Metric Supporting Disclosures
Employee engagement, diversity & inclusion: Global headcount TC-SI-330a.1 Percentage of employees that are (1) foreign nationals and (2) located offshore (including a description of potential risks of recruiting foreign nationals and/or offshore employees, and management’s approach to addressing these risks) 2023 ESG Addendum, 10 Headcount tab

Vodafone is registered and headquartered in the United Kingdom. We operate mobile and fixed networks in 17 countries throughout Europe and Africa, have stakes in a further five countries through our joint ventures and associates  and partner with mobile networks in 46 other countries outside our footprint. We also have employees based in a further 19 countries, primarily supporting our Vodafone Business customers.

Our UK operating company provides connectivity products and services to consumers, businesses and the public sector. We also have a number of Group support functions based in the UK. Overall, 10% of our global workforce, comprising employees from 108 nationalities, is based in the UK (14% of employees in our UK operations are foreign nationals). As a global business with employees from 146 nationalities, we do not consider non-UK based employees to be ‘offshore’ – in most cases, they are closer to our customers and ensure that their local communities keep connected.

We have a fair, open and transparent resourcing process that is equitable for all. Any recruitment of foreign nationals is subject to considerations around local legislation, tax compliance, right to work in the country of employment, and cost of moving talent.
Topic Code Accounting Metric Supporting Disclosures
Employee engagement, diversity & inclusion: Global headcount TC-SI-330a.2 Employee engagement as a percentage 2023 Annual Report, People strategy (pages 13-15) and Employee experience (page 33)

Our employee engagement indexwas 76 out of a maximum score of 100 in 2023 [TC-TL-550a.1(1)] (FY22: 73). The overall response rate was 83% (FY22: 80%).
Additional information

Our culture – the ‘Spirit of Vodafone’ – outlines the beliefs we stand for and the behaviours that enable our strategy and purpose. We foster our culture by developing individual habits that reinforce our Spirit, invest in leadership development to role model our beliefs, and ensure systems, processes and milestone activities are aligned with the Spirit of Vodafone. We measure our progress and identify where to take action via a bi-annual employee survey called ‘Spirit Beat’.

1The employee engagement index is based on a weighted average index of responses to three questions: satisfaction working at Vodafone, experiencing positive emotions at work, and recommending us as an employer.

Topic Code Accounting Metric Supporting Disclosures
Employee engagement, diversity & inclusion: Global headcount TC-SI-330a.3 Percentage of gender and racial/ethnic group representation for
(1) management,
(2) technical staff, and
(3) all other employees (including a description of policies and programs for fostering equitable employee representation across its global operations)		 2023 Annual Report, Workplace equality (pages 33-34) and Fair pay at Vodafone (page 100)

We are developing a diverse and inclusive global workforce that reflects the customers and societies we serve.

Gender diversity
We aim to have 40% women in management and senior leadership roles by 2030. We have reached 34%, and continue to drive progress through our programmes, policies and leadership incentives.

Gender Diversity (FY23)

Female

Male

Board

54%

46%

Executive Committee

33%

67%

Senior leadership roles

33%

67%

Management and senior leadership roles

34%

66%

External hires

40%

60%

Graduates

44%

56%

Overall workforce

40%

60%
Additional information

Our commitment to diversity and inclusion is reflected across our global policies and principles, such as our Code of Conduct and our Fair Pay principles. Our second Fair Pay principle – ‘free from discrimination’ – requires that our pay should not be affected by gender, age, disability, gender identity and expression, sexual orientation, race, ethnicity, cultural heritage or belief. We annually compare the average position of our men and women against their market benchmark, grade and function to identify and understand any differences and take action if necessary.

To improve gender diversity within our organisation, we have introduced a number of policies and programmes to ensure we are creating an inclusive culture. These include global parental leave policy, which supports families to share caring responsibilities in the home, flexible and hybrid working policies, our Domestic Violence and Abuse policy, and our ReConnect returner programme. Targets regarding women in management have also been embedded as part of broader Environmental, Social, and Governance (‘ESG’) measures in our Long-Term Incentive Plans for our Executive Committee and Senior Leadership Team. All of these initiatives aim to support the retention of women in our business as well as enable progression into more senior roles.

Race, ethnicity, and cultural heritage (‘REACH’)

To better understand representation across the organisation and inform our diversity and inclusion programmes, in November 2020 we launched the ‘#CountMeIn’ initiative which encourages employees to voluntarily self-declare their diversity demographics. These include race, ethnicity, disability, sexual orientation, gender identity and caring responsibilities, in line with local privacy and legal requirements. On this basis we were able to set ethnic diversity targets, which are summarised below.

  • Group: By 2030, 25% of our global senior leadership team (encompassing 163 of our most senior leaders in Europe & Africa) will come from ethnically diverse backgrounds. This compares to 18% in March 2023 (FY22: 18%).
  • UK: By 2025, 20% of UK-based senior leadership and management will come from Black, Asian, or other diverse ethnicities, with 4% to be Black. This compares to 16% and 2% respectively in March 2023 (FY22: 15% and 1% respectively).
  • South Africa: By 2030, 75% of South African-based senior leadership and management will come from ethnically diverse backgrounds. This compares to 67% in March 2023 (FY22: 64%).

In addition to the above, 18% of senior leadership positions are from ethnically diverse backgrounds.

Downloads

Download

SASB FY22 Disclosure

PDF, 477KB

Download

SASB FY21 Disclosure

PDF, 471KB

Codes and compliance

Vodafone must ensure that various regulations and codes are adhered to and actions disclosed.

Click below to see Vodafone’s compliance with these codes and regulations as well as other Governance processes and protocols that the Company has put in place.

The Company's ordinary shares are listed in the United Kingdom on the London Stock Exchange. As such, the Company is required to make a disclosure statement concerning its application of the principles of and compliance with the provisions of the UK Corporate Governance Code (the ‘Code’). For the year ended 31 March 2025, the Company complied in full with the requirements of the Code as detailed on page 67 of the Annual Report 2025.

Details of the UK Corporate Governance Code can be found on the FRC website.

By virtue of the information included in the “Governance” section, together with information contained in the “Shareholder information” section of our 2025 Annual Report, we comply with the corporate governance statement requirements pursuant to the FCA’s Disclosure Guidance and Transparency Rules.

Details of the Disclosure Guidance and Transparency Rules can be found on the FRC website.

Differences from NASDAQ corporate governance practices

Vodafone is exempt from many of NASDAQ’s corporate governance practices other than the requirements regarding the disclosure of a going concern audit opinion, submission of a listing agreement, notification of material non-compliance with NASDAQ corporate governance practices and the establishment and composition of an audit committee and a formal written audit committee charter. The practises that Vodafone follow in lieu of NASDAQ’s corporate governance rules are as follows:

Independence

The NASDAQ rules require that a majority of the Board must be comprised of independent directors and the rules include detailed definitions that US companies must use for determining independence. The UK Corporate Governance Code ('the Code') requires a company's board of directors to assess and make a determination as to the independence of its directors. While the Board does not explicitly take into consideration NASDAQ's detailed definitions, it has carried out an assessment based on the requirements of the Code and has determined in its judgment that all of the non-executive directors, except for Hatem Dowidar, are independent within those requirements. As at the date of the 2025 Annual Report, the Board comprised of the Chair, two executive directors and 10 non-executive directors.

Committees

Under NASDAQ rules, US companies are required to have a nominations committee, an audit committee and a compensation committee, each composed entirely of independent directors, with the nominations committee and audit committee required to have a written charter that addresses the committee’s purpose and responsibilities, and the compensation committee having sole authority and adequate funding to engage compensation consultants, independent legal counsel and other compensation advisers. The Company's Nominations and Governance Committee and Remuneration Committee have terms of reference and compositions that comply with the Code's requirements. The Nominations and Governance Committee is chaired by the ‘Chair of the Board, and its other members are non-executive directors of the Company, whom the Board has determined to be independent, with the exception of Hatem Dowidar, based on the requirements of the Code. The Remuneration Committee is composed entirely of non-executive directors whom the Board has determined to be independent based on the requirements of the Code. The Company's Audit and Risk Committee is composed entirely of non-executive directors whom the Board has determined to be independent and who meet the requirements of Rule 10A-3 of the Securities Exchange Act of 1934. The Company considers that the terms of reference of these committees, which are available on its website, are generally responsive to the relevant NASDAQ rules but may not address all aspects of these rules.

Code of Ethics and Code of Conduct

Under NASDAQ rules, US companies must adopt a code of conduct applicable to all directors, officers and employees that complies with the definition of a “Code of Ethics” set out in Section 406 of the Sarbanes-Oxley Act. The Company has adopted a Code of Conduct, which applies to all employees. In addition, a Code of Ethics has been adopted in compliance with Section 406 of the Sarbanes-Oxley Act, which is applicable to the senior financial and principal executive officers. Further details can be found below in the ‘Code of Ethics’ section.

Quorum

Under NASDAQ rules, companies are required to have a minimum quorum of 33.33% of the outstanding shares of a company's common voting stock for shareholder meetings. However, the Company’s articles of association provide for a quorum for general shareholder meetings of two shareholders, regardless of the level of their aggregate share ownership.

Related Party Transactions

NASDAQ rules require companies to conduct appropriate reviews of related party transactions and potential conflicts of interest via the company’s audit committee or other independent body of the board of directors. The Company is subject to extensive provisions, under the Listing Rules issued by the Financial Conduct Authority in the UK (the ‘Listing Rules’), governing transactions with related parties, as defined therein, and the Companies Act 2006 also restricts the extent to which companies incorporated in England and Wales may enter into related party transactions. The Company’s articles of association contain provisions regarding disclosure of interests by the directors and restrictions on their votes in circumstances involving conflicts of interest. In lieu of obtaining an independent review of related party transactions for conflicts of interests, but in accordance with the Listing Rules, the Companies Act 2006 and the Company’s articles of association, the Company seeks shareholder approval for related party transactions that meet certain financial thresholds or where transactions have unusual features. The concept of a related party for the purposes of NASDAQ’s rules differs in certain respects from the definition of a transaction with a related party under the Listing Rules.

Shareholder Approval

NASDAQ requires shareholder approval for certain transactions involving the sale or issuance by a listed company of common stock. Under the NASDAQ rules, whether shareholder approval is required for such transactions depends, among other things, on the number of shares to be issued or sold in connection with a transaction, while the Company is bound by the provisions of the Listing Rules in the UK, which state that shareholder approval is required, among other things, when the size of a transaction exceeds a certain percentage of the size of the listed company undertaking the transaction. In accordance with the articles of association, the Company also seeks shareholder approval annually for issuing shares and to dis-apply the pre-emption rights that apply under law in line with limit guidelines issued by investor bodies.

Section 406 of the US Sarbanes-Oxley Act of 2002 (‘Sarbanes-Oxley’), and the rules issued by the US Securities and Exchange Commission (‘SEC’) thereunder, require an SEC reporting company to disclose whether or not it has adopted a written code of ethics applicable to the company's senior financial officers, including the company's principal executive officer. This Code of Ethics (the ‘Code’) has been adopted by Vodafone (‘the Company’) in accordance with these provisions. Furthermore, the Company is required to disclose whether, during the financial year being reported, it has amended the Code or granted a waiver from any provision of the Code. It is not the Company's intention to grant or permit waivers from the requirements of this Code.

The SEC encourages companies to apply the Code of Ethics to as broad a spectrum of personnel and affiliates as practicable and accordingly the Code affects a wider group of employees than specified by Sarbanes-Oxley. The Code is separate from the Company's Code of Conduct, which is applicable to all employees. Those to whom the Code applies are required to adhere to its provisions completely and to address any perceived conflict with the Company's Code of Conduct with the Group General Counsel and Company Secretary. Please follow the below link to view an Explanatory Note on Vodafone’s Code of Ethics.

View Vodafone’s Explanatory Note on the Company’s Code of Ethics

The Company has a Disclosure Committee reporting to the Chief Executive and Chief Financial Officer. The Committee has responsibility for reviewing and approving controls and procedures over the public disclosure of financial and related information.

Download the Disclosure Committee Charter

The Company has established a Protocol governing the obligations of our directors in respect of conflicts of interest and the procedures for identifying and managing conflicts of interest. A rigorous process has been established for declarations to be made by directors upon joining the Board and twice a year thereafter. The Protocol is reviewed by the Board each year.

View the Directors’ Conflicts of Interest Protocol

The following statements are presented in respect of Vodafone Group Services Limited (reg’d no. 3802001) and Vodafone Sales & Services Limited (reg’d no. 6844137):

Section 172(1) statement

In accordance with section 172 of the Companies Act 2006, each of the Directors acts in the way that he or she considers, in good faith, would most likely promote the success of the Company for the benefit of its members as a whole. All board-meeting papers are required to address each of the matters noted below, if relevant, and adequate time is provided in board meetings for the Directors to discuss these matters and request clarification or further information from management.

  • The probable consequences of any decisions in the long-term
  • The interests of the workforce
  • The need to foster the company’s business relationships with suppliers, customers and other key stakeholders
  • The potential impact of the company’s operations on communities and the environment
  • The need to protect Vodafone’s reputation for high standards of business conduct

Stakeholder engagement

Decisions made by the Company can impact one or more of our key stakeholder groups in quite different ways. This requires a considered and balanced approach to decision-making, ensuring high-quality information is provided to the Directors in a timely manner, and diversity of thought and open discussion amongst Directors is encouraged by during meetings. Principal decisions are assessed as material to the Vodafone Group’s strategy. Our key stakeholder groups are identified as most likely to be affected by the principal decisions of the Company and include our customers, our people, our suppliers, our local communities and non-governmental organisations, regulators and governments and our investors. Further details of the Company’s interaction with stakeholders is provided in the Vodafone Annual Report 2025 on pages 11, 12 and 13 (available to view at vodafone.com/ar2025). All board meeting papers relating to a principal decision are required to state whether, and to what extent, any key stakeholder group has an interest in the matter. Adequate time is provided in board meetings for the Directors to consider and discuss the interests of stakeholders and request clarification or further information from management.

Governance

Governance

We firmly believe that strong corporate governance plays a crucial role in delivering long-term, sustainable value for shareholders and the world.

Governance

Discover more

Sustainable business

Sustainable business

Our purpose is to connect everyone through technology, aiming to build a trusted, inclusive, and sustainable digital society. We focus on empowering individuals, protecting the planet, and maintaining trust in everything we do. These goals align with our culture, guide our strategy, and are driven by our team's passion and commitment.

Sustainability approach

Code of conduct

Our Code of Conduct sets out what we expect from every single person working for and with Vodafone. It also underlines our responsibilities to our people, partners and shareholders. The Code of Conduct helps us all make informed decisions and tells us where to go for more information.