v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management and Strategy
 
As part of our overall risk management system, we have developed processes for assessing, identifying and managing material risks from cybersecurity threats. Our cybersecurity risk management processes include development, implementation and improvement of policies and procedures that seek to safeguard information and ensure availability of critical data and systems. Our internal cybersecurity risk professionals consult with company subject matter experts to gather information necessary to identify cybersecurity risks, and evaluate their nature and severity, as well as identify potential mitigants and assess the impact of those mitigations on residual risk. We seek to adopt a continuous improvement model in our cybersecurity risk management in order incorporate result of testing or any incidents in our processes. We also use external cybersecurity risk professionals for specific projects.
 
We understand the importance of preserving trust and protecting personal information. To assist us, we have cybersecurity governance and data privacy frameworks in place, which are designed to protect information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
 
Our cybersecurity risk management processes include the following:
 
Cybersecurity governance and data privacy frameworks that include risk assessment and mitigation through a threat intelligence-driven approach, application controls and enhanced security with ransomware defense. Our frameworks leverage International Organization for Standardizations (ISO) 27001/27002 standards for general information technology controls and International Society of Automation (ISA) / International Electrotechnical Commission (IEC) standards for industrial automation. We also consider the National Institute of Standards and Technology (NIST) Cyber Security Framework in measuring overall readiness to respond to cyber threats.
Policies, software, training programs and hardware solutions are utilized to protect and monitor our environment, including multifactor authentication, firewalls, intrusion detection and prevention systems, vulnerability and penetration testing and identity management systems. We also seek to continually improve our cybersecurity practices through annual reviews.
Mandatory security awareness education and training for all employees and additional specialist training for IT employees, internal “phishing” testing and training for “clickers,” mandatory security training for all new hires and the publication of periodic cybersecurity newsletters and employee awareness campaigns to highlight security threats.
We are in the process of updating our cybersecurity incident response plan and processes to respond to and recover from cybersecurity incidents in accordance with international standards.
Participation with telecom industry associations in Latin America to share threat intelligence and collaboration with organizations across different industries to share best practices.
 
Additionally, in connection with our cybersecurity risk management processes, we engage:
 
Independent third-parties to assess and report on our internal incident response preparedness and help identify areas for continued focus and improvement, test for cyber vulnerabilities, perform penetration tests at least once a year and execute regular information technology reviews based on the NIST Cybersecurity Framework.
Outside counsel to advise about best practices for cybersecurity oversight, and the evolution of that oversight over time.
 
Our cybersecurity risk management processes include the oversight and identification of threats associated with our use of third-party service providers. We review the privacy protection and cybersecurity practices of vendors that may handle personal data, and we seek to contractually obligate such vendors to operate their environments in accordance with cybersecurity standards.

Our business strategy, results of operations and financial condition have not been materially affected by cybersecurity threats or cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by any future material incidents. As of the date of this annual report, we have not experienced any material information security breach incidences. See “Risk Factors” in Part III of this annual report for more information on our cybersecurity related risks.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
As part of our overall risk management system, we have developed processes for assessing, identifying and managing material risks from cybersecurity threats. Our cybersecurity risk management processes include development, implementation and improvement of policies and procedures that seek to safeguard information and ensure availability of critical data and systems. Our internal cybersecurity risk professionals consult with company subject matter experts to gather information necessary to identify cybersecurity risks, and evaluate their nature and severity, as well as identify potential mitigants and assess the impact of those mitigations on residual risk. We seek to adopt a continuous improvement model in our cybersecurity risk management in order incorporate result of testing or any incidents in our processes. We also use external cybersecurity risk professionals for specific projects.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] As of the date of this annual report, we have not experienced any material information security breach incidences. See “Risk Factors” in Part III of this annual report for more information on our cybersecurity related risks.
Cybersecurity Risk Board of Directors Oversight [Text Block]
Governance
 
MANAGEMENT
 
The cybersecurity risk management processes described above are managed by our CISO. Our CISO joined Telmex in 1996. Previously, our CISO was a member of the board of directors of SCITUM Group and HITSS Group, both of which are dedicated to the development and integration of software solutions and IT services. Our Corporate Information Security Committee supervises the implementation of América Móvil’s Information Security Strategy. Additionally, each subsidiary has its own local Information Security Committee. The committees’ functions include identifying main operational risks for the business, developing and managing security strategies by creating and monitoring “Strategic Information Security Plans,” which are updated annually or semi-annually, managing and allocating corporate and local budgets for information security and determining priority actions in the face of current or future threats.
 
Our CISO reports to our board of directors’ Audit and Corporate Practices Committee, and holds extraordinary meetings as needed.
 
BOARD OF DIRECTORS
 
Our Board of Directors, through its Audit and Corporate Practices Committee oversees data privacy and cybersecurity risks. Our CISO provides periodic updates to our Audit and Corporate Practices Committee on our cybersecurity risks and actions taken to mitigate that risk, which information is then reported to our full Board to the extent deemed to be material. The CISO reports on compliance and regulatory issues, evolving threats and mitigating actions. In overseeing cybersecurity risks, the Audit and Corporate Practices Committee focuses on thematic issues within an aggregated strategic lens and uses a risk-based approach.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit and Corporate Practices Committee oversees data privacy and cybersecurity risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our CISO provides periodic updates to our Audit and Corporate Practices Committee on our cybersecurity risks and actions taken to mitigate that risk, which information is then reported to our full Board to the extent deemed to be material.
Cybersecurity Risk Role of Management [Text Block]
MANAGEMENT
 
The cybersecurity risk management processes described above are managed by our CISO. Our CISO joined Telmex in 1996. Previously, our CISO was a member of the board of directors of SCITUM Group and HITSS Group, both of which are dedicated to the development and integration of software solutions and IT services. Our Corporate Information Security Committee supervises the implementation of América Móvil’s Information Security Strategy. Additionally, each subsidiary has its own local Information Security Committee. The committees’ functions include identifying main operational risks for the business, developing and managing security strategies by creating and monitoring “Strategic Information Security Plans,” which are updated annually or semi-annually, managing and allocating corporate and local budgets for information security and determining priority actions in the face of current or future threats.
 
Our CISO reports to our board of directors’ Audit and Corporate Practices Committee, and holds extraordinary meetings as needed.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The CISO reports on compliance and regulatory issues, evolving threats and mitigating actions. In overseeing cybersecurity risks, the Audit and Corporate Practices Committee focuses on thematic issues within an aggregated strategic lens and uses a risk-based approach.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our CISO provides periodic updates to our Audit and Corporate Practices Committee on our cybersecurity risks and actions taken to mitigate that risk, which information is then reported to our full Board to the extent deemed to be material.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true