Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Dec. 31, 2025 | ||||||||||||||||
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | ||||||||||||||||
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Cybersecurity Risk Management and Strategy: The Company implements a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of its Information Systems as well as its critical data, including customers’ data. TotalEnergies designs and evaluates its program based on the National Institute of Standards and Technology (NIST CSF), the ISO 27001 standard for information security management systems (ISMS), and communicates with the French information security agency (ANSSI) for certain scopes of action. The Company’s cybersecurity risk management program is integrated into TotalEnergies’ overall risk management program and rely on common methods, reporting channels, and governance processes that apply to other risk areas such as legal, compliance, strategic, operational, and financial risk. The key elements of the cybersecurity risk management program include, but are not limited to:
In addition to these key elements, the Company develops and relays rules to be followed everywhere regarding cybersecurity. It raises awareness and trains its employees on cybersecurity through various initiatives, such as mandatory training, courses tailored to different profiles, and guidelines for managers. Regular events like phishing awareness campaigns or Cybersecurity Month organized by the Company in October allow all employees to review best practices and identify cyber correspondents. |
|||||||||||||||
| Cybersecurity Risk Management Processes Integrated [Flag] | true | |||||||||||||||
| Cybersecurity Risk Management Processes Integrated [Text Block] | TotalEnergies designs and evaluates its program based on the National Institute of Standards and Technology (NIST CSF), the ISO 27001 standard for information security management systems (ISMS), and communicates with the French information security agency (ANSSI) for certain scopes of action. The Company’s cybersecurity risk management program is integrated into TotalEnergies’ overall risk management program and rely on common methods, reporting channels, and governance processes that apply to other risk areas such as legal, compliance, strategic, operational, and financial risk. The key elements of the cybersecurity risk management program include, but are not limited to:
|
|||||||||||||||
| Cybersecurity Risk Management Third Party Engaged [Flag] | true | |||||||||||||||
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true | |||||||||||||||
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | true | |||||||||||||||
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. (See section 3.1.3 of Chapter 3 of the 2025 Universal Registration Document, starting on page 135.) |
|||||||||||||||
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Cybersecurity Governance: The Board of Directors considers cyber risk to fall within its risk oversight function and has delegated the oversight of cybersecurity risks as well as other IT-related risks to the Audit Committee (the Committee). The mitigation of cybersecurity risks and risks related to external threats is a high priority for the Company and is reflected in a structured governance framework. The Committee oversees the implementation of the cybersecurity risk management program. The Committee reviews the cybersecurity risk control system and the deployment of the multi-year program that covers the Company's information systems. The Committee is informed of the results of audit missions conducted, self-assessments, and, if necessary, any significant cybersecurity incidents. The Committee periodically reports on its activities, including those related to cybersecurity, to the Board of Directors. Finally, the Information Systems Department, overseen by the Finance President, annually submits the cybersecurity strategy for the Company’s Enterprise and Industrial Information Systems to the Executive Committee (Comex) for approval. On an operational level, the management team which includes the Chief Security Officer (CSO), the Chief Information Officer (CIO), the Company Chief Security Officer (C-CISO), and the Branch Chief Information Security Officers (B-CISOs), is responsible for the assessment and management of material risks from cybersecurity threats. This team is in charge of the overall cybersecurity risk management program and oversees both internal staff and external consultants working on cybersecurity. The relevant experience of our management team includes the following:
Our management team is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public, or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the IT environment. |
|||||||||||||||
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Audit Committee (the Committee) | |||||||||||||||
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board of Directors considers cyber risk to fall within its risk oversight function and has delegated the oversight of cybersecurity risks as well as other IT-related risks to the Audit Committee (the Committee). The mitigation of cybersecurity risks and risks related to external threats is a high priority for the Company and is reflected in a structured governance framework. The Committee oversees the implementation of the cybersecurity risk management program. The Committee reviews the cybersecurity risk control system and the deployment of the multi-year program that covers the Company's information systems. The Committee is informed of the results of audit missions conducted, self-assessments, and, if necessary, any significant cybersecurity incidents. The Committee periodically reports on its activities, including those related to cybersecurity, to the Board of Directors. |
|||||||||||||||
| Cybersecurity Risk Role of Management [Text Block] | On an operational level, the management team which includes the Chief Security Officer (CSO), the Chief Information Officer (CIO), the Company Chief Security Officer (C-CISO), and the Branch Chief Information Security Officers (B-CISOs), is responsible for the assessment and management of material risks from cybersecurity threats. This team is in charge of the overall cybersecurity risk management program and oversees both internal staff and external consultants working on cybersecurity. The relevant experience of our management team includes the following:
Our management team is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public, or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the IT environment. |
|||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true | |||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | On an operational level, the management team which includes the Chief Security Officer (CSO), the Chief Information Officer (CIO), the Company Chief Security Officer (C-CISO), and the Branch Chief Information Security Officers (B-CISOs), is responsible for the assessment and management of material risks from cybersecurity threats. This team is in charge of the overall cybersecurity risk management program and oversees both internal staff and external consultants working on cybersecurity. The relevant experience of our management team includes the following: |
|||||||||||||||
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] |
|
|||||||||||||||
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our management team is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public, or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the IT environment. |
|||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |