Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	We are dependent on the use of modern technology and systems to run our business and operations and as such, are committed to safeguarding our information technology and cybersecurity systems as well as the development and execution of our cybersecurity policy. Our cybersecurity processes and practices are modelled based on industry best practices, including ISO 27001 (Information Security Management System) certification which was completed in 2022 and re-certified in each of 2023, 2024 and 2025. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of information that the Company collects and stores by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. Risk Management and Strategy Our cybersecurity risk management strategy consists of: 1.investment in IT security, telecommunication security and cybersecurity infrastructure; 2.detailed cybersecurity policies, procedures, and awareness trainings for our personnel; 3.an overall strategy to develop, improve and monitor our cybersecurity systems, processes, policies, and governance frameworks that have been embedded into our overall risk management framework; 4.integrated third-party cybersecurity technologies and tools; and 5.governance through the Kyivstar Group Board, the Audit and Risk Committee and management oversight. We log and monitor our network and systems and keep our employees’ security awareness through regular training and operate structured vulnerability scanning process within our security operations center. Further, penetration tests and so-called "ethical hacking exercise" tests are being conducted regularly across our operating companies to assess the current cybersecurity levels and proactively detect possible weaknesses in different systems. This allows us to act on potential cybersecurity problems before they materialize. We have deployed AI-powered cybersecurity solutions to assist with real time threat and anomaly detection, automatic compliance tracking, data analysis and tracking, automated response to common threats, 24/7 monitoring and reduction of human error. We have established and continue to improve the experience exchange mechanism to share best practices in cybersecurity as well as to report and track operational alarms, ongoing attacks and more across operating companies to enable us to respond to cyber threats. Finally, we regularly commission independent third parties to undertake cyber security assessments of our cybersecurity systems and frameworks to identify gaps and vulnerabilities and assist with the development, implementation, and testing cybersecurity controls to mitigate against any identified risks and vulnerabilities. To effectively manage risks from cybersecurity threats associated with the use of third-party providers, we include a mandatory cybersecurity annex to any agreements to be entered into with vendors. This process was established to effectively manage cybersecurity risks of supplier relationships and service delivery within the JSC Kyivstar environment. The vendor management process established at JSC Kyivstar also includes a compliance check at the stage of vendor onboarding and regular vendors’ compliance monitoring. The war in Ukraine exposes us to increased risk of cyberattacks or cybersecurity incidents that could either directly or indirectly impact our operations. Since the onset of the war, there has been an increasing number of cyberattacks on our information systems and critical infrastructure, which has caused service disruptions in certain instances. For example, on December 12, 2023, we announced that JSC Kyivstar’s network had been the target of a widespread external cyberattack causing a technical failure. This resulted in a temporary disruption of JSC Kyivstar's network and services, interrupting the provision of voice and data connectivity on mobile and fixed networks, international roaming, and SMS services, among others, for JSC Kyivstar customers in Ukraine and abroad. In total, the cyberattack and dedicated customer retention program resulted in a loss of UAH 0.8 billion (US$23 million) of revenue for the year ended December 31, 2023. In response to the attack, JSC Kyivstar conducted a thorough investigation, together with outside cybersecurity firms, to determine the full nature, extent, and impact of the incident and to implement additional security measures to protect against any recurrence. This included a high-level risk assessment of our IT infrastructure and identified the following risks associated with our operations: data leakage, compromised user accounts (including due to credential theft and password reuse), unauthorized access to systems and data (through compromised user accounts or vulnerabilities exploitation), data leakage, damage or destruction of systems and/or data (including ransomware attacks on our various servers and files) and malware attacks. All investigations were concluded in 2024, and have resulted in an in-depth analysis into details of how the attack was executed and how this can be prevented in the future. JSC Kyivstar has remediation and mitigation actions in place to address current risks and establish a robust framework to manage evolving cyber threats, protect business continuity and maintain customer trust by investing in immediate response actions, enhanced security infrastructure, proactive threat management, compliance with cybersecurity regulations and standards, employee awareness, and long-term adaptive measures. Further, JSC Kyivstar has executed an assessment of cybersecurity maturity in alignment with the U.S. National Institute of Standards and Technology Cybersecurity Framework 2.0 (NIST2). While we have worked to remediate vulnerabilities that led to the 2023 cyberattack, we may find other vulnerabilities and we expect to remain subject to continued cyberattacks in the future. A number of cyber security attacks have been successfully mitigated, however any further attempts by cyberattackers to disrupt our services or system, if successful, could harm our business, result in the misappropriation of funds, be costly to remedy or damage our reputation or brands.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Our cybersecurity processes and practices are modelled based on industry best practices, including ISO 27001 (Information Security Management System) certification which was completed in 2022 and re-certified in each of 2023, 2024 and 2025. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of information that the Company collects and stores by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]	The war in Ukraine exposes us to increased risk of cyberattacks or cybersecurity incidents that could either directly or indirectly impact our operations. Since the onset of the war, there has been an increasing number of cyberattacks on our information systems and critical infrastructure, which has caused service disruptions in certain instances. For example, on December 12, 2023, we announced that JSC Kyivstar’s network had been the target of a widespread external cyberattack causing a technical failure. This resulted in a temporary disruption of JSC Kyivstar's network and services, interrupting the provision of voice and data connectivity on mobile and fixed networks, international roaming, and SMS services, among others, for JSC Kyivstar customers in Ukraine and abroad. In total, the cyberattack and dedicated customer retention program resulted in a loss of UAH 0.8 billion (US$23 million) of revenue for the year ended December 31, 2023. Although we continuously invest in our cybersecurity assurance across technology, design, operations, and governance, we cannot guarantee that these efforts will successfully prevent and protect against future cyberattacks and other cybersecurity threats. Cyberattack in December 2023 On December 12, 2023, we announced that our network had been the target of a widespread external cyberattack causing a technical failure. This resulted in a temporary disruption of our network and services, interrupting the provision of voice and data connectivity on mobile and fixed networks, international roaming, and SMS services, among others, for our customers in Ukraine and abroad. Our technical teams, working in collaboration with Ukrainian law enforcement and government agencies and the SSU, restored services in multiple stages, starting with voice and data connectivity. On December 19, 2023, we announced that we had restored services in all categories of our communication services, and that mobile voice and internet, fixed connectivity and SMS services as well as the MyKyivstar self-care application were active and available. After stabilizing the network, although there was no legal obligation to do so, we immediately launched offers to thank our customers for their loyalty, initiating a "customer appreciation" program offering a discount for one month of services on certain types of contracts. Despite the limited period during which the critical services were down, we experienced service disruptions and costs associated with additional IT capabilities required for restoring services, replacing lost equipment or compensating external consultants and partners for the year ended December 31, 2023. The incident had a significant impact on our consolidated revenue for the years ended December 31, 2023 and 2024, primarily due to the costs related to the implementation of our "customer appreciation" program. We estimate that the impact of these offers on operating revenue for the years ended December 31, 2024 and 2023 was approximately US$46 million and US$23 million, respectively. We conducted a thorough investigation, together with outside cybersecurity firms, to determine the full nature, extent and impact of the incident and to implement additional security measures to protect against any recurrence and all internal investigations were concluded in 2024. The Ukrainian government also conducted an investigation to support the recovery efforts. A criminal proceeding by the SSU, in which we have been identified as the victim of the cyberattack, remains open as of December 31, 2025. We have initiated remediation and mitigation actions to reduce current risks and establish a robust framework to manage evolving cyber threats, protect business continuity and maintain customer trust by investing in immediate response actions, enhanced security infrastructure, proactive threat management, compliance with cybersecurity regulations and standards, employee awareness, and long-term adaptive measures. See "Item 3 .D . Risk Factors — Risks Related to our Operations — We have experienced and are continually exposed to cyber attacks, both to our own operations or those of our third-party providers."
Cybersecurity Risk Board of Directors Oversight [Text Block]	Governance Cybersecurity and compliance with data protection regulations remain key priorities. The Audit and Risk Committee provides oversight of management’s responsibility to regularly assess the Company’s key risks including cybersecurity and data privacy. As part of this oversight, the Audit and Risk Committee receives regular reports from management, including from the Chief Information Security Officers ("CISO"), relating to the cybersecurity and data protection activities. Any significant cybersecurity developments or incidents are reported to the Audit and Risk Committee and to the Board of Directors if and when they arise. We employ a decentralized cybersecurity governance framework with full-time cybersecurity personnel with relevant cyber security expertise at the JSC Kyivstar level as well as at the operating company level. The CISO is responsible for developing, implementing, and maintaining a robust cybersecurity framework across the Company that aligns with the corporate strategy and strategic goals that drives technological innovation to enhance our business operations. The JSC Kyivstar CISO, as well as the chief information security officers of each of our operating companies, have distinguished professional certifications within cyber security relevant domains, accompanied by experience gained in the respective industries over the course of several years. Within each organization the relevant information officers are usually positioned with a direct reporting function to the chief executive or technology officers so as to retain required empowerment to serve in the best way to defend cyber security interests of the operating companies. Although we continuously invest in our cybersecurity assurance across technology, design, operations, and governance, we cannot guarantee that these efforts will successfully prevent and protect against future cyberattacks and other cybersecurity threats.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Audit and Risk Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	the Audit and Risk Committee receives regular reports from management, including from the Chief Information Security Officers ("CISO"), relating to the cybersecurity and data protection activities. Any significant cybersecurity developments or incidents are reported to the Audit and Risk Committee and to the Board of Directors if and when they arise.
Cybersecurity Risk Role of Management [Text Block]	As part of this oversight, the Audit and Risk Committee receives regular reports from management, including from the Chief Information Security Officers ("CISO"), relating to the cybersecurity and data protection activities. Any significant cybersecurity developments or incidents are reported to the Audit and Risk Committee and to the Board of Directors if and when they arise. We employ a decentralized cybersecurity governance framework with full-time cybersecurity personnel with relevant cyber security expertise at the JSC Kyivstar level as well as at the operating company level. The CISO is responsible for developing, implementing, and maintaining a robust cybersecurity framework across the Company that aligns with the corporate strategy and strategic goals that drives technological innovation to enhance our business operations. The JSC Kyivstar CISO, as well as the chief information security officers of each of our operating companies, have distinguished professional certifications within cyber security relevant domains, accompanied by experience gained in the respective industries over the course of several years. Within each organization the relevant information officers are usually positioned with a direct reporting function to the chief executive or technology officers so as to retain required empowerment to serve in the best way to defend cyber security interests of the operating companies.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	As part of this oversight, the Audit and Risk Committee receives regular reports from management, including from the Chief Information Security Officers ("CISO"), relating to the cybersecurity and data protection activities. Any significant cybersecurity developments or incidents are reported to the Audit and Risk Committee and to the Board of Directors if and when they arise. We employ a decentralized cybersecurity governance framework with full-time cybersecurity personnel with relevant cyber security expertise at the JSC Kyivstar level as well as at the operating company level. The CISO is responsible for developing, implementing, and maintaining a robust cybersecurity framework across the Company that aligns with the corporate strategy and strategic goals that drives technological innovation to enhance our business operations. The JSC Kyivstar CISO, as well as the chief information security officers of each of our operating companies, have distinguished professional certifications within cyber security relevant domains, accompanied by experience gained in the respective industries over the course of several years. Within each organization the relevant information officers are usually positioned with a direct reporting function to the chief executive or technology officers so as to retain required empowerment to serve in the best way to defend cyber security interests of the operating companies.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The JSC Kyivstar CISO, as well as the chief information security officers of each of our operating companies, have distinguished professional certifications within cyber security relevant domains, accompanied by experience gained in the respective industries over the course of several years.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Within each organization the relevant information officers are usually positioned with a direct reporting function to the chief executive or technology officers so as to retain required empowerment to serve in the best way to defend cyber security interests of the operating companies.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We are dependent on the use of modern technology and systems to run our business and operations and as such, are committed to safeguarding our information technology and cybersecurity systems as well as the development and execution of our cybersecurity policy.

Our cybersecurity processes and practices are modelled based on industry best practices, including ISO 27001 (Information Security Management System) certification which was completed in 2022 and re-certified in each of 2023, 2024 and 2025. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of information that the Company collects and stores by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.

Risk Management and Strategy

Our cybersecurity risk management strategy consists of:

1.investment in IT security, telecommunication security and cybersecurity infrastructure;

2.detailed cybersecurity policies, procedures, and awareness trainings for our personnel;

3.an overall strategy to develop, improve and monitor our cybersecurity systems, processes, policies, and governance frameworks that have been embedded into our overall risk management framework;

4.integrated third-party cybersecurity technologies and tools; and

5.governance through the Kyivstar Group Board, the Audit and Risk Committee and management oversight.

We log and monitor our network and systems and keep our employees’ security awareness through regular training and operate structured vulnerability scanning process within our security operations center. Further, penetration tests and so-called "ethical hacking exercise" tests are being conducted regularly across our operating companies to assess the current cybersecurity levels and proactively detect possible weaknesses in different systems. This allows us to act on potential cybersecurity problems before they materialize. We have deployed AI-powered cybersecurity solutions to assist with real time threat and anomaly detection, automatic compliance tracking, data analysis and tracking, automated response to common threats, 24/7 monitoring and reduction of human error.

We have established and continue to improve the experience exchange mechanism to share best practices in cybersecurity as well as to report and track operational alarms, ongoing attacks and more across operating companies to enable us to respond to cyber threats. Finally, we regularly commission independent third parties to undertake cyber security assessments of our cybersecurity systems and frameworks to identify gaps and vulnerabilities and assist with the development, implementation, and testing cybersecurity controls to mitigate against any identified risks and vulnerabilities.

To effectively manage risks from cybersecurity threats associated with the use of third-party providers, we include a mandatory cybersecurity annex to any agreements to be entered into with vendors. This process was established to effectively manage cybersecurity risks of supplier relationships and service delivery within the JSC Kyivstar environment. The vendor management process established at JSC Kyivstar also includes a compliance check at the stage of vendor onboarding and regular vendors’ compliance monitoring.

The war in Ukraine exposes us to increased risk of cyberattacks or cybersecurity incidents that could either directly or indirectly impact our operations. Since the onset of the war, there has been an increasing number of cyberattacks on our information systems and critical infrastructure, which has caused service disruptions in certain instances. For example, on December 12, 2023, we announced that JSC Kyivstar’s network had been the target of a widespread external cyberattack causing a technical failure. This resulted in a temporary disruption of JSC Kyivstar's network and services, interrupting the provision of voice and data connectivity on mobile and fixed networks, international roaming, and SMS services, among others, for JSC Kyivstar customers in Ukraine and abroad. In total, the cyberattack and dedicated customer retention program resulted in a loss of UAH 0.8 billion (US$23 million) of revenue for the year ended December 31, 2023.

In response to the attack, JSC Kyivstar conducted a thorough investigation, together with outside cybersecurity firms, to determine the full nature, extent, and impact of the incident and to implement additional security measures to protect against any recurrence. This included a high-level risk assessment of our IT infrastructure and identified the following risks associated with our operations: data leakage, compromised user accounts (including due to credential theft and password reuse), unauthorized access to systems and data (through compromised user accounts or vulnerabilities exploitation), data leakage, damage or destruction of systems and/or data (including ransomware attacks on our various servers and files) and malware attacks. All investigations were concluded in 2024, and have resulted in an in-depth analysis into details of how the attack was executed and how this can be prevented in the future. JSC Kyivstar has remediation and mitigation actions in place to address current risks and establish a robust framework to manage evolving cyber threats, protect business continuity and maintain customer trust by investing in immediate response actions, enhanced security infrastructure, proactive threat management, compliance with cybersecurity regulations and standards, employee awareness, and long-term adaptive measures. Further, JSC Kyivstar has executed an assessment of cybersecurity maturity in alignment with the U.S. National Institute of Standards and Technology Cybersecurity Framework 2.0 (NIST2).

While we have worked to remediate vulnerabilities that led to the 2023 cyberattack, we may find other vulnerabilities and we expect to remain subject to continued cyberattacks in the future. A number of cyber security attacks have been successfully mitigated, however any further attempts by cyberattackers to disrupt our services or system, if successful, could harm our business, result in the misappropriation of funds, be costly to remedy or damage our reputation or brands.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Although we continuously invest in our cybersecurity assurance across technology, design, operations, and governance, we cannot guarantee that these efforts will successfully prevent and protect against future cyberattacks and other cybersecurity threats.

Cyberattack in December 2023

On December 12, 2023, we announced that our network had been the target of a widespread external cyberattack causing a technical failure. This resulted in a temporary disruption of our network and services, interrupting the provision of voice and data connectivity on mobile and fixed networks, international roaming, and SMS services, among others, for our customers in Ukraine and abroad. Our technical teams, working in collaboration with Ukrainian law enforcement and government agencies and the SSU, restored services in multiple stages, starting with voice and data connectivity. On December 19, 2023, we announced that we had restored services in all categories of our communication services, and that mobile voice and internet, fixed connectivity and SMS services as well as the MyKyivstar self-care application were active and available.

After stabilizing the network, although there was no legal obligation to do so, we immediately launched offers to thank our customers for their loyalty, initiating a "customer appreciation" program offering a discount for one month of services on certain types of contracts.

Despite the limited period during which the critical services were down, we experienced service disruptions and costs associated with additional IT capabilities required for restoring services, replacing lost equipment or compensating external consultants and partners for the year ended December 31, 2023. The incident had a significant impact on our consolidated revenue for the years ended December 31, 2023 and 2024, primarily due to the costs related to the implementation of our "customer appreciation" program. We estimate that the impact of these offers on operating revenue for the years ended December 31, 2024 and 2023 was approximately US$46 million and US$23 million, respectively.

We conducted a thorough investigation, together with outside cybersecurity firms, to determine the full nature, extent and impact of the incident and to implement additional security measures to protect against any recurrence and all internal investigations were concluded in 2024. The Ukrainian government also conducted an investigation to support the recovery efforts. A criminal proceeding by the SSU, in which we have been identified as the victim of the cyberattack, remains open as of December 31, 2025.

We have initiated remediation and mitigation actions to reduce current risks and establish a robust framework to manage evolving cyber threats, protect business continuity and maintain customer trust by investing in immediate response actions, enhanced security infrastructure, proactive threat management, compliance with cybersecurity regulations and standards, employee awareness, and long-term adaptive measures. See "Item 3 .D . Risk Factors — Risks Related to our Operations — We have experienced and are continually exposed to cyber attacks, both to our own operations or those of our third-party providers."

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Cybersecurity and compliance with data protection regulations remain key priorities. The Audit and Risk Committee provides oversight of management’s responsibility to regularly assess the Company’s key risks including cybersecurity and data privacy. As part of this oversight, the Audit and Risk Committee receives regular reports from management, including from the Chief Information Security Officers ("CISO"), relating to the cybersecurity and data protection activities. Any significant cybersecurity developments or incidents are reported to the Audit and Risk Committee and to the Board of

Directors if and when they arise. We employ a decentralized cybersecurity governance framework with full-time cybersecurity personnel with relevant cyber security expertise at the JSC Kyivstar level as well as at the operating company level. The CISO is responsible for developing, implementing, and maintaining a robust cybersecurity framework across the Company that aligns with the corporate strategy and strategic goals that drives technological innovation to enhance our business operations.

The JSC Kyivstar CISO, as well as the chief information security officers of each of our operating companies, have distinguished professional certifications within cyber security relevant domains, accompanied by experience gained in the respective industries over the course of several years. Within each organization the relevant information officers are usually positioned with a direct reporting function to the chief executive or technology officers so as to retain required empowerment to serve in the best way to defend cyber security interests of the operating companies.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Audit and Risk Committee

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

the Audit and Risk Committee receives regular reports from management, including from the Chief Information Security Officers ("CISO"), relating to the cybersecurity and data protection activities. Any significant cybersecurity developments or incidents are reported to the Audit and Risk Committee and to the Board of Directors if and when they arise.

Cybersecurity Risk Role of Management [Text Block]

As part of this oversight, the Audit and Risk Committee receives regular reports from management, including from the Chief Information Security Officers ("CISO"), relating to the cybersecurity and data protection activities. Any significant cybersecurity developments or incidents are reported to the Audit and Risk Committee and to the Board of

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Within each organization the relevant information officers are usually positioned with a direct reporting function to the chief executive or technology officers so as to retain required empowerment to serve in the best way to defend cyber security interests of the operating companies.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true